|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #66625 imagescale() segmentation fault on 64bits environment
Submitted: 2014-02-02 03:50 UTC Modified: 2017-01-18 18:58 UTC
Avg. Score:4.6 ± 0.7
Reproduced:8 of 8 (100.0%)
Same Version:3 (37.5%)
Same OS:4 (50.0%)
From: yoya at awm dot jp Assigned: cmb (profile)
Status: Duplicate Package: GD related
PHP Version: 5.5.8 OS: Any
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Bug Type:
From: yoya at awm dot jp
New email:
PHP Version: OS:


 [2014-02-02 03:50 UTC] yoya at awm dot jp
* ext/gd.c
        zval *IM;
        gdImagePtr im;
        gdImagePtr im_scaled;
        int new_width, new_height = -1;
        gdInterpolationMethod method = GD_BILINEAR_FIXED;

        if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "rl|ll", &IM, &new_width, &new_height, &method) == FAILURE)  {

On 64 bits environment ,'l'(long) have 64 bits width, int and gdInterpolationMethod type have 32 bits, so IM pointer be destroyed by value of other variables.

This problem related to id:65171, I guess.

Test script:

$data = file_get_contents($argv[1]);
$im = ImageCreateFromString($data);
$im2 = imagescale($im, 256, 192, IMG_NEAREST_NEIGHBOUR);
imagepng($im2, 'output.png');

Actual result:
Segmentation fault


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2014-03-24 22:47 UTC] mwanat at forall dot pl
Confirmed on 64Bit CentOS & PHP 5.5.10
 [2016-06-07 04:03 UTC]
They are different issues. #72337 is about new width or height being zero.

This one is wrong type used for the new_width and height, as described precisely here.

Patches coming, running further tests.
 [2017-01-18 18:58 UTC]
-Status: Open +Status: Duplicate -Assigned To: +Assigned To: cmb
 [2017-01-18 18:58 UTC]
This has already been fixed as resolution of bug #66890, so I'm
marking this ticket as duplicate.
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri Mar 01 16:01:31 2024 UTC