ID: 43121 Updated by: [EMAIL PROTECTED] Reported By: carlosp at ravenna dot com -Status: Assigned +Status: Closed Bug Type: GD related Operating System: FreeBSD 6.2 PHP Version: 5.2.5RC1 Assigned To: mattias New Comment:
This bug has been fixed in CVS. Snapshots of the sources are packaged every three hours; this change will be in the next snapshot. You can grab the snapshot at http://snaps.php.net/. Thank you for the report, and for helping us make PHP better. Previous Comments: ------------------------------------------------------------------------ [2007-10-29 02:13:32] carlosp at ravenna dot com For what it's worth, I first experienced a similar segfault on my Mac OS X version (5.2.4 Liyanage/Entropy package). I moved my script to my FreeBSD box running older 5.1.4 and the problem went away. I was ready to dismiss it until it manifested itself on another server with the fresh 5.2.4 install. Further troubleshooting revealed it was still failing on 5.2.5RC1 but not 5.2.3. If necessary, I'll figure out how to test a CVS version, let me know. ------------------------------------------------------------------------ [2007-10-28 22:57:11] [EMAIL PROTECTED] [Switching to Thread -1208927680 (LWP 19371)] 0x0814d151 in php_gd__gdImageFillTiled (im=0xa3efeec, x=0, y=16843101, nc=2) at /usr/local/src/php5.2-200710150630/ext/gd/libgd/gd.c:2083 2083 for (x=x1; x>=0 && (!pts[y + x*wx2] && gdImageGetPixel(im,x,y)==oc); x--) { (gdb) bt full #0 0x0814d151 in php_gd__gdImageFillTiled (im=0xa3efeec, x=0, y=16843101, nc=2) at /usr/local/src/php5.2-200710150630/ext/gd/libgd/gd.c:2083 l = 102 x1 = 0 x2 = 99 dy = 1 oc = 0 tiled = 1 wx2 = 200 wy2 = 100 stack = (struct seg *) 0xa4080d4 sp = (struct seg *) 0xa408294 pts = 0xa403284 '\001' <repeats 13 times> #1 0x0814ca2e in php_gd_gdImageFill (im=0xa3efeec, x=0, y=0, nc=-5) at /usr/local/src/php5.2-200710150630/ext/gd/libgd/gd.c:1972 l = 0 x1 = 84 x2 = 84 dy = 20 oc = 171900652 wx2 = -1076818088 wy2 = 9 alphablending_bak = 0 stack = (struct seg *) 0x0 sp = (struct seg *) 0x4 #2 0x08141f69 in zif_imagefill (ht=4, return_value=0xa3fd9d0, return_value_ptr=0x0, this_ptr=0x0, return_value_used=0, tsrm_ls=0xa254050) at /usr/local/src/php5.2-200710150630/ext/gd/gd.c:3612 IM = (zval **) 0xa3e2ea8 x = (zval **) 0xa3e2eac y = (zval **) 0xa3e2eb0 col = (zval **) 0xa3e2eb4 im = (gdImagePtr) 0xa3efeec >From a build last week that I had, I can't reproduce on 2.1.0 here. ------------------------------------------------------------------------ [2007-10-28 22:34:00] [EMAIL PROTECTED] Assign to Mattias, he will take a look at what I broke since 5.2.3 :) ------------------------------------------------------------------------ [2007-10-28 22:08:55] [EMAIL PROTECTED] It is weird, nothing in the imagefill code changed between 5.2.4 and 5.2.5RC. Can you provide a backtrace please? ------------------------------------------------------------------------ [2007-10-28 20:42:10] carlosp at ravenna dot com Description: ------------ Filling an image with a pattern causes httpd segmentation fault. It is reproducible, but it does depend on the image dimensions. Version 5.2.3 works fine, so something changed as of 5.2.4, and still fails in 5.2.5RC1. Reproduce code: --------------- $im = ImageCreate( 200, 100 ); $black = ImageColorAllocate( $im, 0, 0, 0 ); $im_tile = ImageCreateFromGif( "transback.gif" ); ImageSetTile( $im, $im_tile ); ImageFill( $im, 0, 0, IMG_COLOR_TILED ); header( "Content-type: image/gif" ); ImageGif( $im ); ImageDestroy( $im ); Expected result: ---------------- A 200x100 image filled with the specified pattern. BTW, the pattern itself is unremarkable, it fails with several different files I've tried. transback.gif above is a 64x64 from http://www.blueknot.com/CSS/TRANSBACK.gif If you change the image dimensions to 100x100, it will work. 101x100 does not! I've also made it fail using gdImageFilledRectangle and particular rectangle dimensions to fill, but was unable to find a correlation. So the code above is the simplest example of the failure. Actual result: -------------- Safari reports the server suddenly dropped connection. Running httpd -X yields "Segmentation fault" when I execute the above script. Even though I followed the instructions to the letter and tried both httpd -X and through gdb, I am unable to produce a core dump or backtrace...sorry. (The gdb method fails immediately upon startup with "gdb in realloc(): error: pointer to wrong page" but I believe that is unrelated because 5.2.3 also gives me that error when I attempt to run it through gdb), My server is a practically fresh FreeBSD 6.2 install, and I'm using the bundled GD library. This is my configuration command: ./configure --with-mysql --with-mysqli --with- apxs=/usr/local/apache/bin/apxs --with-gd --with-zlib --with-png- dir=/usr/local --with-jpeg-dir=/usr/local --enable-debug ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=43121&edit=1
