PHP :: Bug #69177 :: imagefilltoborder segfault

Bug #69177	imagefilltoborder segfault
Submitted:	2015-03-03 19:13 UTC	Modified:	2016-06-07 10:32 UTC
From:	polyanin at gmail dot com	Assigned:	cmb (profile)
Status:	Closed	Package:	GD related
PHP Version:	5.6.6	OS:	debian 8
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

[2015-03-03 19:13 UTC] polyanin at gmail dot com

Description:
------------
kernel: [733793.955529] php5-fpm[7936]: segfault at 7fff43558ff8 ip 00007fd254b9f389 sp 00007fff43559000 error 6 in libgd.so.3.0.0[7fd254b8f000+43000]

Test script:
---------------
<?php
// create a 200*200 image
$img = imagecreatetruecolor(200, 200);
// allocate some colors
$red   = imagecolorallocate($img, 255,   0,   0);
imagefilltoborder($img, 200, 200, $red, $red);
// output image in the browser
header("Content-type: image/png");
imagepng($img);
// free memory
imagedestroy($img);

Actual result:
--------------
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff33b9382 in gdImageSetPixel () from /usr/lib/x86_64-linux-gnu/libgd.so.3
(gdb) bt
#0  0x00007ffff33b9382 in gdImageSetPixel () from /usr/lib/x86_64-linux-gnu/libgd.so.3
#1  0x00007ffff33baed3 in gdImageFillToBorder () from /usr/lib/x86_64-linux-gnu/libgd.so.3
#2  0x00007ffff33bb064 in gdImageFillToBorder () from /usr/lib/x86_64-linux-gnu/libgd.so.3
#3  0x00007ffff33bb086 in gdImageFillToBorder () from /usr/lib/x86_64-linux-gnu/libgd.so.3
#4  0x00007ffff33bb064 in gdImageFillToBorder () from /usr/lib/x86_64-linux-gnu/libgd.so.3
#5  0x00007ffff33bb086 in gdImageFillToBorder () from /usr/lib/x86_64-linux-gnu/libgd.so.3
#6  0x00007ffff33bb064 in gdImageFillToBorder () from /usr/lib/x86_64-linux-gnu/libgd.so.3
#7  0x00007ffff33bb086 in gdImageFillToBorder () from /usr/lib/x86_64-linux-gnu/libgd.so.3
#8  0x00007ffff33bb064 in gdImageFillToBorder () from /usr/lib/x86_64-linux-gnu/libgd.so.3
#9  0x00007ffff33bb086 in gdImageFillToBorder () from /usr/lib/x86_64-linux-gnu/libgd.so.3
#10 0x00007ffff33bb064 in gdImageFillToBorder () from /usr/lib/x86_64-linux-gnu/libgd.so.3
#11 0x00007ffff33bb086 in gdImageFillToBorder () from /usr/lib/x86_64-linux-gnu/libgd.so.3
#12 0x00007ffff33bb064 in gdImageFillToBorder () from /usr/lib/x86_64-linux-gnu/libgd.so.3
#13 0x00007ffff33bb086 in gdImageFillToBorder () from /usr/lib/x86_64-linux-gnu/libgd.so.3
#14 0x00007ffff33bb064 in gdImageFillToBorder () from /usr/lib/x86_64-linux-gnu/libgd.so.3

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2015-07-12 17:35 UTC] cmb@php.net

-Status: Open +Status: Feedback

[2015-07-12 17:35 UTC] cmb@php.net

I can't reproduce the segfault with the official Windows build of
PHP 5.6.6. Which libgd version do you use (see gd_info)?

[2015-07-12 18:12 UTC] polyanin at gmail dot com

I do not use windows, try it in Linux (I use Debian 8.1)

PHP 5.6.9-0+deb8u1

php -r 'print_r(gd_info());'
Array
(
    [GD Version] => 2.1.1-dev
    [FreeType Support] => 1
    [FreeType Linkage] => with freetype
    [T1Lib Support] =>
    [GIF Read Support] => 1
    [GIF Create Support] => 1
    [JPEG Support] => 1
    [PNG Support] => 1
    [WBMP Support] => 1
    [XPM Support] => 1
    [XBM Support] => 1
    [JIS-mapped Japanese Font Support] =>
)

Package: php5-gd
Version: 5.6.7+dfsg-1
Maintainer: Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>
Architecture: amd64

[2015-07-12 20:01 UTC] cmb@php.net

-Status: Feedback +Status: Open

[2015-07-12 22:08 UTC] cmb@php.net

I can reproduce the issue on Debian 8.1 with php5/php5-gd
5.6.9+dfsg-0+deb8u1 and libgd 2.1.1-dev. However, 5.6GIT with the
bundled libgd doesn't segfault. I guess there's an issue with the
libgd 2.1.1-dev version. FWIW, libgd 2.1.1 (GA) has been released
half a year ago.

[2016-06-07 10:32 UTC] cmb@php.net

-Status: Open +Status: Closed -Assigned To: +Assigned To: cmb

[2016-06-07 10:32 UTC] cmb@php.net

As the bundled GD doesn't have this issue, I'm closing this
ticket. It's likely to be a duplicate of bug #66387 anyway.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Tue Apr 16 07:01:29 2024 UTC