From: carlosp at ravenna dot com Operating system: FreeBSD 6.2 PHP version: 5.2.5RC1 PHP Bug Type: GD related Bug description: gdImageFill with IMG_COLOR_TILED crashes httpd
Description: ------------ Filling an image with a pattern causes httpd segmentation fault. It is reproducible, but it does depend on the image dimensions. Version 5.2.3 works fine, so something changed as of 5.2.4, and still fails in 5.2.5RC1. Reproduce code: --------------- $im = ImageCreate( 200, 100 ); $black = ImageColorAllocate( $im, 0, 0, 0 ); $im_tile = ImageCreateFromGif( "transback.gif" ); ImageSetTile( $im, $im_tile ); ImageFill( $im, 0, 0, IMG_COLOR_TILED ); header( "Content-type: image/gif" ); ImageGif( $im ); ImageDestroy( $im ); Expected result: ---------------- A 200x100 image filled with the specified pattern. BTW, the pattern itself is unremarkable, it fails with several different files I've tried. transback.gif above is a 64x64 from http://www.blueknot.com/CSS/TRANSBACK.gif If you change the image dimensions to 100x100, it will work. 101x100 does not! I've also made it fail using gdImageFilledRectangle and particular rectangle dimensions to fill, but was unable to find a correlation. So the code above is the simplest example of the failure. Actual result: -------------- Safari reports the server suddenly dropped connection. Running httpd -X yields "Segmentation fault" when I execute the above script. Even though I followed the instructions to the letter and tried both httpd -X and through gdb, I am unable to produce a core dump or backtrace...sorry. (The gdb method fails immediately upon startup with "gdb in realloc(): error: pointer to wrong page" but I believe that is unrelated because 5.2.3 also gives me that error when I attempt to run it through gdb), My server is a practically fresh FreeBSD 6.2 install, and I'm using the bundled GD library. This is my configuration command: ./configure --with-mysql --with-mysqli --with- apxs=/usr/local/apache/bin/apxs --with-gd --with-zlib --with-png- dir=/usr/local --with-jpeg-dir=/usr/local --enable-debug -- Edit bug report at http://bugs.php.net/?id=43121&edit=1 -- Try a CVS snapshot (PHP 4.4): http://bugs.php.net/fix.php?id=43121&r=trysnapshot44 Try a CVS snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=43121&r=trysnapshot52 Try a CVS snapshot (PHP 5.3): http://bugs.php.net/fix.php?id=43121&r=trysnapshot53 Try a CVS snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=43121&r=trysnapshot60 Fixed in CVS: http://bugs.php.net/fix.php?id=43121&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=43121&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=43121&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=43121&r=needscript Try newer version: http://bugs.php.net/fix.php?id=43121&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=43121&r=support Expected behavior: http://bugs.php.net/fix.php?id=43121&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=43121&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=43121&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=43121&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=43121&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=43121&r=dst IIS Stability: http://bugs.php.net/fix.php?id=43121&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=43121&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=43121&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=43121&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=43121&r=mysqlcfg
