From: Operating system: Mac OS X 10.7.2 PHP version: 5.4.0RC3 Package: Reproducible crash Bug Type: Bug Bug description:using bad GD color in __destruct crashes
Description: ------------ Allocating a color with imagecolorallocate using null for the image, and calling die() causes a repeatable crash if the destructor attempts to use the bad color to render an image. './configure' '--prefix=/usr' '--mandir=/usr/share/man' '-- infodir=/usr/share/info' '--sysconfdir=/private/etc' '--with- apxs2=/usr/sbin/apxs' '--enable-cli' '--with-config-file-path=/etc' '--with- libxml-dir=/usr' '--with-openssl=/usr' '--with-kerberos=/usr' '--with-zlib=/usr' '--enable-bcmath' '--with-bz2=/usr' '--enable-calendar' '--with-curl=/usr' '-- enable-exif' '--enable-ftp' '--with-gd' '--with-jpeg-dir=/usr/local' '--with- png-dir=/usr/local' '--enable-gd-native-ttf' '--with-ldap=/usr' '--with-ldap- sasl=/usr' '--enable-mbstring' '--enable-mbregex' '--with-mysql=mysqlnd' '-- with-mysqli=mysqlnd' '--with-pdo-mysql=mysqlnd' '--with-mysql- sock=/tmp/mysql.sock' '--with-iodbc=/usr' '--enable-shmop' '--with-snmp=/usr' '- -enable-soap' '--enable-sockets' '--enable-sysvmsg' '--enable-sysvsem' '-- enable-sysvshm' '--with-xmlrpc' '--with-iconv-dir=/usr' '--with-xsl=/usr' '-- enable-zip' '--with-pcre-regex' '--disable-cgi' '--enable-debug' '--with- freetype-dir=/usr/local' '--with-mcrypt' '--with-libedit' $ diff php.ini.default php.ini 440c440 < max_execution_time = 30 --- > max_execution_time = 420 450c450 < max_input_time = 60 --- > max_input_time = 120 458c458 < memory_limit = 128M --- > memory_limit = 1024M 531c531 < display_errors = Off --- > display_errors = On 542c542 < display_startup_errors = Off --- > display_startup_errors = On 604c604 < html_errors = Off --- > html_errors = On 728c728 < post_max_size = 8M --- > post_max_size = 20M 784c784 < ;include_path = ".:/php/includes" --- > include_path = ".:/usr/lib/php" 879c879 < upload_max_filesize = 2M --- > upload_max_filesize = 20M 977,978c977,978 < ; The MIBS data available in the PHP distribution must be installed. < ; See http://www.php.net/manual/en/snmp.installation.php --- > ; The MIBS data available in the PHP distribution must be installed. > ; See http://www.php.net/manual/en/snmp.installation.php 998c998 < ;date.timezone = --- > date.timezone = "America/Chicago" 1596c1596 < session.entropy_length = 0 --- > session.entropy_length = 20 1601c1601 < ; On windows, setting the entropy_length setting will activate the --- > ; On windows, setting the entropy_length setting will activate the 1603c1603 < ;session.entropy_file = /dev/urandom --- > session.entropy_file = /dev/random 1634c1634 < session.hash_function = 0 --- > session.hash_function = 1 1901,1902c1901,1904 < ;xdebug.idekey="macgdbp" < ;xdebug.remote_enable=1 --- > zend_extension=/usr/lib/php/extensions/no-debug-non-zts-20090626/xdebug.so > xdebug.idekey="macgdbp" > xdebug.remote_enable=On > xdebug.default_enable=On Test script: --------------- <?php class Foo { protected $background; public function __construct() { $this->background = imagecolorallocate(null, 255, 255, 255); } public function __destruct() { $img = imagecreatetruecolor(50, 50); imagefill($img, 0, 0, $this->background); header('Content-type: image/png'); imagepng($img); } } new Foo(); ?> Expected result: ---------------- Expected an error message, warning, magical success, or some other non-crashing result Actual result: -------------- Program received signal SIGABRT, Aborted. 0x00007fff900fe82a in __kill () (gdb) bt #0 0x00007fff900fe82a in __kill () #1 0x00007fff8bc7aa9c in abort () #2 0x00007fff8bcd984c in free () #3 0x000000010172853f in php_request_shutdown (dummy=0x0) at main.c:1776 #4 0x00000001019bb67e in php_apache_request_dtor (r=0x100994aa0) at sapi_apache2.c:507 #5 0x00000001019bbf6f in php_handler (r=0x100994aa0) at sapi_apache2.c:679 #6 0x0000000100002551 in ap_run_handler () #7 0x00000001000030f6 in ap_invoke_handler () #8 0x000000010003daad in ap_process_request () #9 0x0000000100039723 in ap_process_http_connection () #10 0x0000000100019aa1 in ap_run_process_connection () #11 0x000000010001a081 in ap_process_connection () #12 0x0000000100046f53 in child_main () #13 0x0000000100047076 in make_child () #14 0x00000001000478b6 in ap_mpm_run () #15 0x000000010000d58d in main () Some relevant values from main.c around line 1776: last_error_lineno = 0 last_error_message = -1031267392 = /Volumes/Users/Users/bion/Sites/test/index2.php last_error_file = 6 -- Edit bug report at https://bugs.php.net/bug.php?id=60546&edit=1 -- Try a snapshot (PHP 5.4): https://bugs.php.net/fix.php?id=60546&r=trysnapshot54 Try a snapshot (PHP 5.3): https://bugs.php.net/fix.php?id=60546&r=trysnapshot53 Try a snapshot (trunk): https://bugs.php.net/fix.php?id=60546&r=trysnapshottrunk Fixed in SVN: https://bugs.php.net/fix.php?id=60546&r=fixed Fixed in SVN and need be documented: https://bugs.php.net/fix.php?id=60546&r=needdocs Fixed in release: https://bugs.php.net/fix.php?id=60546&r=alreadyfixed Need backtrace: https://bugs.php.net/fix.php?id=60546&r=needtrace Need Reproduce Script: https://bugs.php.net/fix.php?id=60546&r=needscript Try newer version: https://bugs.php.net/fix.php?id=60546&r=oldversion Not developer issue: https://bugs.php.net/fix.php?id=60546&r=support Expected behavior: https://bugs.php.net/fix.php?id=60546&r=notwrong Not enough info: https://bugs.php.net/fix.php?id=60546&r=notenoughinfo Submitted twice: https://bugs.php.net/fix.php?id=60546&r=submittedtwice register_globals: https://bugs.php.net/fix.php?id=60546&r=globals PHP 4 support discontinued: https://bugs.php.net/fix.php?id=60546&r=php4 Daylight Savings: https://bugs.php.net/fix.php?id=60546&r=dst IIS Stability: https://bugs.php.net/fix.php?id=60546&r=isapi Install GNU Sed: https://bugs.php.net/fix.php?id=60546&r=gnused Floating point limitations: https://bugs.php.net/fix.php?id=60546&r=float No Zend Extensions: https://bugs.php.net/fix.php?id=60546&r=nozend MySQL Configuration Error: https://bugs.php.net/fix.php?id=60546&r=mysqlcfg
