php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #69177 imagefilltoborder segfault
Submitted: 2015-03-03 19:13 UTC Modified: 2016-06-07 10:32 UTC
From: polyanin at gmail dot com Assigned: cmb (profile)
Status: Closed Package: GD related
PHP Version: 5.6.6 OS: debian 8
Private report: No CVE-ID: None
View Developer Edit
 [2015-03-03 19:13 UTC] polyanin at gmail dot com 
Description:
------------
kernel: [733793.955529] php5-fpm[7936]: segfault at 7fff43558ff8 ip 00007fd254b9f389 sp 00007fff43559000 error 6 in libgd.so.3.0.0[7fd254b8f000+43000]

Test script:
---------------
<?php
// create a 200*200 image
$img = imagecreatetruecolor(200, 200);
// allocate some colors
$red   = imagecolorallocate($img, 255,   0,   0);
imagefilltoborder($img, 200, 200, $red, $red);
// output image in the browser
header("Content-type: image/png");
imagepng($img);
// free memory
imagedestroy($img);

Actual result:
--------------
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff33b9382 in gdImageSetPixel () from /usr/lib/x86_64-linux-gnu/libgd.so.3
(gdb) bt
#0  0x00007ffff33b9382 in gdImageSetPixel () from /usr/lib/x86_64-linux-gnu/libgd.so.3
#1  0x00007ffff33baed3 in gdImageFillToBorder () from /usr/lib/x86_64-linux-gnu/libgd.so.3
#2  0x00007ffff33bb064 in gdImageFillToBorder () from /usr/lib/x86_64-linux-gnu/libgd.so.3
#3  0x00007ffff33bb086 in gdImageFillToBorder () from /usr/lib/x86_64-linux-gnu/libgd.so.3
#4  0x00007ffff33bb064 in gdImageFillToBorder () from /usr/lib/x86_64-linux-gnu/libgd.so.3
#5  0x00007ffff33bb086 in gdImageFillToBorder () from /usr/lib/x86_64-linux-gnu/libgd.so.3
#6  0x00007ffff33bb064 in gdImageFillToBorder () from /usr/lib/x86_64-linux-gnu/libgd.so.3
#7  0x00007ffff33bb086 in gdImageFillToBorder () from /usr/lib/x86_64-linux-gnu/libgd.so.3
#8  0x00007ffff33bb064 in gdImageFillToBorder () from /usr/lib/x86_64-linux-gnu/libgd.so.3
#9  0x00007ffff33bb086 in gdImageFillToBorder () from /usr/lib/x86_64-linux-gnu/libgd.so.3
#10 0x00007ffff33bb064 in gdImageFillToBorder () from /usr/lib/x86_64-linux-gnu/libgd.so.3
#11 0x00007ffff33bb086 in gdImageFillToBorder () from /usr/lib/x86_64-linux-gnu/libgd.so.3
#12 0x00007ffff33bb064 in gdImageFillToBorder () from /usr/lib/x86_64-linux-gnu/libgd.so.3
#13 0x00007ffff33bb086 in gdImageFillToBorder () from /usr/lib/x86_64-linux-gnu/libgd.so.3
#14 0x00007ffff33bb064 in gdImageFillToBorder () from /usr/lib/x86_64-linux-gnu/libgd.so.3

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-07-12 17:35 UTC] cmb@php.net
-Status: Open +Status: Feedback
 [2015-07-12 17:35 UTC] cmb@php.net 
I can't reproduce the segfault with the official Windows build of
PHP 5.6.6. Which libgd version do you use (see gd_info)?
 [2015-07-12 18:12 UTC] polyanin at gmail dot com 
I do not use windows, try it in Linux (I use Debian 8.1)

PHP 5.6.9-0+deb8u1

php -r 'print_r(gd_info());'
Array
(
    [GD Version] => 2.1.1-dev
    [FreeType Support] => 1
    [FreeType Linkage] => with freetype
    [T1Lib Support] =>
    [GIF Read Support] => 1
    [GIF Create Support] => 1
    [JPEG Support] => 1
    [PNG Support] => 1
    [WBMP Support] => 1
    [XPM Support] => 1
    [XBM Support] => 1
    [JIS-mapped Japanese Font Support] =>
)

Package: php5-gd
Version: 5.6.7+dfsg-1
Maintainer: Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>
Architecture: amd64
 [2015-07-12 20:01 UTC] cmb@php.net
-Status: Feedback +Status: Open
 [2015-07-12 22:08 UTC] cmb@php.net 
I can reproduce the issue on Debian 8.1 with php5/php5-gd
5.6.9+dfsg-0+deb8u1 and libgd 2.1.1-dev. However, 5.6GIT with the
bundled libgd doesn't segfault. I guess there's an issue with the
libgd 2.1.1-dev version. FWIW, libgd 2.1.1 (GA) has been released
half a year ago.
 [2016-06-07 10:32 UTC] cmb@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: cmb
 [2016-06-07 10:32 UTC] cmb@php.net 
As the bundled GD doesn't have this issue, I'm closing this
ticket. It's likely to be a duplicate of bug #66387 anyway.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Fri Oct 24 10:00:01 2025 UTC