php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #69024 imagescale segfault with palette based image
Submitted: 2015-02-11 01:33 UTC Modified: 2015-07-13 14:05 UTC
From: gmblar+php at gmail dot com Assigned: cmb
Status: Closed Package: GD related
PHP Version: 5.6.5 OS: MacOSX 10.10.2
Private report: No CVE-ID:
 [2015-02-11 01:33 UTC] gmblar+php at gmail dot com
Description:
------------
imagescale segfault with palette based image.


Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_INVALID_ADDRESS at address: 0x0000000000000000
0x0000000100f7843f in gdImageScaleTwoPass ()
(gdb) bt
#0  0x0000000100f7843f in gdImageScaleTwoPass ()
#1  0x0000000100f5e3ba in zif_imagescale ()
#2  0x0000000100ac4bb0 in xdebug_execute_internal ()
#3  0x000000010023fe24 in zend_do_fcall_common_helper_SPEC ()
#4  0x00000001001fd5f6 in execute_ex ()
#5  0x0000000100ac48b9 in xdebug_execute_ex ()
#6  0x00000001001d64b2 in zend_execute_scripts ()
#7  0x000000010017ec27 in php_execute_script ()
#8  0x000000010025f6be in do_cli ()
#9  0x000000010025e354 in main ()

Test script:
---------------
<?php

$image = imagecreate(256, 256);
imagescale($image, 32, 32, IMG_BICUBIC);

Expected result:
----------------
Nothing

Actual result:
--------------
Segmentation fault: 11

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-02-11 01:35 UTC] gmblar+php at gmail dot com
Same with PHP 5.6.5-1~dotdeb.1 on debian 7.6


Program received signal SIGSEGV, Segmentation fault.
0x00007ffff3f41bf1 in ?? () from /usr/lib/php5/20131226/gd.so
(gdb) bt
#0  0x00007ffff3f41bf1 in ?? () from /usr/lib/php5/20131226/gd.so
#1  0x00007ffff3f18f1e in ?? () from /usr/lib/php5/20131226/gd.so
#2  0x00000000006c9919 in dtrace_execute_internal ()
#3  0x000000000077d1e1 in ?? ()
#4  0x0000000000743a88 in execute_ex ()
#5  0x00000000006c97ed in dtrace_execute_ex ()
#6  0x00000000006dc028 in zend_execute_scripts ()
#7  0x000000000067796c in php_execute_script ()
#8  0x0000000000780783 in ?? ()
#9  0x0000000000433b7f in ?? ()
#10 0x00007ffff503eeed in __libc_start_main () from /lib/x86_64-linux-gnu/libc.so.6
#11 0x0000000000433c15 in _start ()
 [2015-07-13 11:04 UTC] laruence@php.net
-Assigned To: +Assigned To: cmb
 [2015-07-13 11:04 UTC] laruence@php.net
I confirm this bug also exists in master, @cmb maybe you could have a look into it?
 [2015-07-13 11:22 UTC] cmb@php.net
-Status: Assigned +Status: Verified
 [2015-07-13 11:22 UTC] cmb@php.net
I can confirm the issue with PHP 7.0.0beta1 on Windows, too. I'll
have a closer look.
 [2015-07-13 12:53 UTC] cmb@php.net
-Status: Verified +Status: Analyzed
 [2015-07-13 12:53 UTC] cmb@php.net
Several of the scaling algorithms require true color images. The
external libgd converts if necessary[1], what is not yet
implemented for the bundled libgd. I'm working on patch.

[1] <https://github.com/libgd/libgd/commit/723ea520bed3b5854df87393c687323d3930edf3>
 [2015-07-13 14:05 UTC] cmb@php.net
-Status: Analyzed +Status: Closed
 [2015-07-13 14:05 UTC] cmb@php.net
> Several of the scaling algorithms require true color images.

No, only IMG_BICUBIC has been affected.

The fix for this bug has been committed[1].

Thank you for the report, and for helping us make PHP better.

[1] <http://git.php.net/?p=php-src.git;a=commit;h=fa53d8463f2566f5e4cdedda7a2662f74a7dcd7c>
 [2015-07-14 08:14 UTC] cmb@php.net
Automatic comment on behalf of cmb
Revision: http://git.php.net/?p=php-src.git;a=commit;h=bccbd2df218f5a36650581506c4306a58a157cb2
Log: Fix #69024: imagescale segfault with palette based image
 [2015-07-21 14:20 UTC] ab@php.net
Automatic comment on behalf of cmb
Revision: http://git.php.net/?p=php-src.git;a=commit;h=fa53d8463f2566f5e4cdedda7a2662f74a7dcd7c
Log: Fix #69024: imagescale segfault with palette based image
 [2015-07-21 14:20 UTC] ab@php.net
Automatic comment on behalf of cmb
Revision: http://git.php.net/?p=php-src.git;a=commit;h=bccbd2df218f5a36650581506c4306a58a157cb2
Log: Fix #69024: imagescale segfault with palette based image
 [2016-07-20 11:37 UTC] davey@php.net
Automatic comment on behalf of cmb
Revision: http://git.php.net/?p=php-src.git;a=commit;h=bccbd2df218f5a36650581506c4306a58a157cb2
Log: Fix #69024: imagescale segfault with palette based image
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Fri Jul 21 06:01:37 2017 UTC