php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #61968 Crash in certain script using GD in Moodle
Submitted: 2012-05-07 16:54 UTC Modified: 2016-04-10 17:26 UTC
Votes:8
Avg. Score:3.9 ± 0.9
Reproduced:6 of 6 (100.0%)
Same Version:2 (33.3%)
Same OS:0 (0.0%)
From: k-yamashita at ver2 dot jp Assigned:
Status: Closed Package: Scripting Engine problem
PHP Version: 5.4.2 OS: Windows 7 x86
Private report: No CVE-ID: None
 [2012-05-07 16:54 UTC] k-yamashita at ver2 dot jp
Description:
------------
PHP 5.4.1 and 5.4.2 crashes at a page of learning management system Moodle (http://moodle.org/) drawing a graph using GD.

1. Install Moodle.
2. Log in as admin and create at least one student user.
3. Create a course.
4. Enter edit mode and add a quiz to the course.
5. Log in as a student user, take the quiz just created.
6. Log in as admin, see the quiz report.

Page URL is <moodle>/mod/quiz/report.php?id=<module id>&mode=overview.
Embedded graph image is rendered by <moodle>/mod/quiz/report/overview/overviewgraph.php?id=<quiz id>.
PHP 5.3.8 didn't have this issue.

My environment:
OS: Windows 7 x86 Home Premium
Server package: XAMPP 1.7.7 (Apache 2.2.21, MySQL 5.5.16)
PHP: replaced original 5.3.8 with 5.4.1 and 5.4.2
PHP extensions: php_gd2.dll, php_mysqli.dll
Moodle: any of 1.9.14, 2.0.8, 2.2.2


Test script:
---------------
Tried to reproduce by separating concerning library files only and copied the object properties by var_export but didn't reproduce (graph is displayed without crash).

Actual result:
--------------
php5ts.dll stops with APPCRASH c0000005. Access to both report page and graph only causes crash.

Weirdly if I add "exit();" at the end of the script overviewgraph.php, it doesn't crash.

Callgraph shown when debugging with Visual Studio:
(行=line, バイト=byte)
>	php5ts.dll!zval_mark_grey(_zval_struct * pz, void * * * tsrm_ls)  行 425	C
 	php5ts.dll!gc_mark_roots(void * * * tsrm_ls)  行 501 + 0x7 バイト	C
 	php5ts.dll!gc_collect_cycles(void * * * tsrm_ls)  + 0x15c1a1 バイト	C
 	php5ts.dll!zend_deactivate(void * * * tsrm_ls)  行 944 + 0x6 バイト	C
 	php5ts.dll!php_request_shutdown(void * dummy)  行 1784	C
 	php5apache2_2.dll!php_handler(request_rec * r)  行 680	C
 	libhttpd.dll!6ff02515() 	
 	[下のフレームは間違っているか、または見つかりません。libhttpd.dll に対して読み込まれたシンボルはありません。]	
 	libhttpd.dll!6ff0297c() 	
 	libhttpd.dll!6ff0ff7c() 	
 	libhttpd.dll!6ff0b092() 	
 	libhttpd.dll!6ff05305() 	
 	libhttpd.dll!6ff055d2() 	
 	libhttpd.dll!6ff1ea89() 	
 	msvcr90.dll!6ffb3433() 	
 	msvcr90.dll!6ffb34c7() 	
 	kernel32.dll!7655ed6c() 	
 	ntdll.dll!778f377b() 	
 	ntdll.dll!778f374e() 	


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-06-26 14:31 UTC] mihalych at vsepofigu dot ru
Got the same issue with PHP 5.3.14 on openSUSE Tumbleweed. But it's not GD related.

Backtrace:

#0  zval_mark_grey (pz=<optimized out>) at /usr/src/debug/php-5.3.14/Zend/zend_gc.c:372
#1  0xb67c742d in gc_mark_roots () at /usr/src/debug/php-5.3.14/Zend/zend_gc.c:435
#2  gc_collect_cycles () at /usr/src/debug/php-5.3.14/Zend/zend_gc.c:664
#3  0xb67a63f5 in zend_deactivate () at /usr/src/debug/php-5.3.14/Zend/zend.c:901
#4  0xb6746aa9 in php_request_shutdown (dummy=0x0) at /usr/src/debug/php-5.3.14/main/main.c:1661
#5  0xb683ab44 in php_apache_request_dtor (r=<optimized out>) at /usr/src/debug/php-5.3.14/sapi/apache2handler/sapi_apache2.c:509
#6  php_handler (r=0xb6f05058) at /usr/src/debug/php-5.3.14/sapi/apache2handler/sapi_apache2.c:681

Code which crashes:

<?php
ini_set('display_errors', true);
error_reporting(E_ALL);

class Plugin
{
	private $name;

	public function __construct()
	{
		$GLOBALS['app']->getFoo()->activePlugin = $this->name;
	}
}

class Plugins
{
	private $plugin;

	public function init()
	{
		$this->plugin = new Plugin();
	}

}

class LegacyApplication
{
	private $plugins;

	function init()
	{
		$this->plugins = new Plugins;
		$this->plugins->init();
	}
}

class Foo
{
	public $activePlugin;

	private $bar = array();

	public function init()
	{
		$this->bar []= 'bar';
	}
}

class Application
{
	private $foo;

	public function main()
	{
		$GLOBALS['LegacyObject'] = new LegacyApplication;
		Application::getLegacyApplication()->init();
		$this->foo = new Foo();
		$this->foo->init();
	}

	public static function getLegacyApplication()
	{
		return $GLOBALS['LegacyObject'];
	}

	public function getFoo()
	{
		return $this->foo;
	}
}

$app = new Application();
$app->main();

echo 'OK';
?>
 [2012-09-01 08:23 UTC] mihalych at vsepofigu dot ru
And now the same problem on FreeBSD 7.4-RELEASE-p9, PHP 5.3.16 with Suhosin-Patch
 [2012-09-01 11:25 UTC] pajoye@php.net
-Package: GD related +Package: Scripting Engine problem
 [2012-09-01 11:25 UTC] pajoye@php.net
Don't see how it is related to GD, there is no trace of GD code in the backtrace.
 [2012-09-01 17:50 UTC] k-yamashita at ver2 dot jp
I'm sorry to report late. I tested the same script on PHP 5.4.6 and don't have any problem now.
Thanks.
 [2012-09-26 11:36 UTC] mihalych at vsepofigu dot ru
I've already wrote that it's not GD related.
 [2016-04-10 17:26 UTC] k-yamashita at ver2 dot jp
-Status: Open +Status: Closed
 [2016-04-10 17:26 UTC] k-yamashita at ver2 dot jp
I don't experience this issue any more so I close it now.
Thanks.
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Mon Jan 18 07:01:24 2021 UTC