php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #73566 Crash Null Deref
Submitted: 2016-11-19 20:15 UTC Modified: -
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: honor dot ston3 at gmail dot com Assigned:
Status: Open Package: gmagick (PECL)
PHP Version: 7.0.13 OS: *nix
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2016-11-19 20:15 UTC] honor dot ston3 at gmail dot com
Description:
------------
The following commands lead to crash.

php test.php test.png

Test script:
---------------
<?php
  $image = new Gmagick();
  $image->readImage($argv[1]);
  $image->rotateImage('red', null);
  $image->resizeimage(200,200,0xfffffff,0);
  $image->writeImage('new.png');
  $image->destroy();
?>


Expected result:
----------------
php: magick/resize.c:1312: ResizeImage: Assertion `((int) filter >= 0) && ((int) filter <= SincFilter)' failed.
Magick: abort due to signal 6 (SIGABRT) "Abort"...
Aborted (core dumped)

Actual result:
--------------
(gdb) bt
#0  0xb7fdac31 in __kernel_vsyscall ()
#1  0xb7900e89 in __GI_raise (sig=6) at ../sysdeps/unix/sysv/linux/raise.c:54
#2  0xb79023e7 in __GI_abort () at abort.c:89
#3  0xb78f9d07 in __assert_fail_base (fmt=0xb7a34258 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", 
    assertion=0xb55e9750 "((int) filter >= 0) && ((int) filter <= SincFilter)", 
    file=0xb55e9675 "magick/resize.c", line=1312, function=0xb55e9a78 "ResizeImage") at assert.c:92
#4  0xb78f9d8b in __GI___assert_fail (
    assertion=0xb55e9750 "((int) filter >= 0) && ((int) filter <= SincFilter)", 
    file=0xb55e9675 "magick/resize.c", line=1312, function=0xb55e9a78 "ResizeImage") at assert.c:101
#5  0xb54a9a36 in ResizeImage () from /usr/lib/libGraphicsMagick-Q16.so.3
#6  0xb5763221 in MagickResizeImage () from /usr/lib/libGraphicsMagickWand-Q16.so.2
#7  0xb578ef70 in zim_gmagick_resizeimage () from /usr/lib/php/20151012/gmagick.so
#8  0x80289662 in execute_internal ()
#9  0x801e2dce in dtrace_execute_internal ()
#10 0x8027af65 in ?? ()
#11 0x802336da in execute_ex ()
#12 0x801e2c35 in dtrace_execute_ex ()
#13 0x8028b1b6 in zend_execute ()
#14 0x801f310d in zend_execute_scripts ()
#15 0x80192054 in php_execute_script ()
#16 0x8028d01f in ?? ()
#17 0x8006c64f in main ()

(gdb) info reg
eax            0x0	0
ecx            0x63db	25563
edx            0x6	6
ebx            0x63db	25563
esp            0xbfffb648	0xbfffb648
ebp            0x805167b0	0x805167b0
esi            0xb5c22000	-1245569024
edi            0xbfffb704	-1073760508
eip            0xb7fdac31	0xb7fdac31 <__kernel_vsyscall+9>
eflags         0x200206	[ PF IF ID ]
cs             0x73	115
ss             0x7b	123
ds             0x7b	123
es             0x7b	123
fs             0x0	0
gs             0x33	51

Patches

Add a Patch

Pull Requests

Add a Pull Request

 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri Mar 29 08:01:27 2024 UTC