#24316 [NEW]: imagepng() crashes apache2

Tue, 24 Jun 2003 06:55:59 -0700 

From:             [EMAIL PROTECTED]
Operating system: IRIX64 indigo2 6.5 04091957 IP28
PHP version:      4.3.3RC1
PHP Bug Type:     GD related
Bug description:  imagepng() crashes apache2

Description:
------------
Apache2 produce a core when using the imagepng() function that would
returns the image direcly to the browser.

That wont happend when testing the same script with php cli version.

First i thought that i can avoid this when saving the image to disk but
thats produce only 0 bytes files.

The whole box get a fresh install of everything and a plain php was
built.

'./configure' \
'--with-zlib-dir=/usr/local' \
'--with-zlib' \
'--with-apxs2filter=/usr/local/apache2/bin/apxs' \
'--with-config-file-path=/etc' \
'--with-mysql=/usr/local/mysql' \
'--with-pear' \
'--with-gd' \
'--with-jpeg-dir=/usr/local' \
'--with-png-dir=/usr/local' \
'--with-ttf=/usr/local' \
'--enable-debug' \


ldd /usr/local/apache2/modules/libphp4.so                  
libmysqlclient.so.13  =>        
/usr/local/mysql/lib/mysql/libmysqlclient.so.13
        libttf.so.3  =>  /usr/local/lib/libttf.so.3
        libpng.so.3  =>  /usr/local/lib/libpng.so.3
        libz.so  =>      /usr/local/lib/libz.so
        libjpeg.so  =>   /usr/local/lib/libjpeg.so
        libm.so  =>      /usr/lib32/libm.so
        libc.so.1  =>    /usr/lib32/libc.so.1
        libcrypt.so  =>  /usr/lib32/libcrypt.so
        libgen.so  =>    /usr/lib32/libgen.so
        libnsl.so  =>    /usr/lib32/libnsl.so




Reproduce code:
---------------
<?php
$format = 'png';
$im = ImageCreate (250, 100) or die ("Canot create GD-Stream");
ImageColorAllocate ($im, 120, 255, 255);
header('Content-type: image/'.$format);
ImagePNG ($im);
?>

Expected result:
----------------
Something like

\211PNG^M
^Z
^MIHDR�d^A^C\225N�M^CPLTEx��C�^V�^ZIDATx\234��^A^M �Om^O^G^T�\217^A^L�^Aұ�dIEND�B`\202

Actual result:
--------------
I get
/usr/local/apache2/bin/httpd -X
Trace/BPT/RangeErr/DivZero/Ovflow trap (core dumped)
when run that script.


gdb /usr/local/apache2/bin/httpd core
GNU gdb 5.3
Copyright 2002 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you
are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for
details.
This GDB was configured as "mips-sgi-irix6.5"...
Core was generated by `httpd'.
Program terminated with signal 5, Trace/breakpoint trap.
Reading symbols from /usr/local/lib32/libssl.so.0.9.7...done.
Loaded symbols for /usr/local/lib32/libssl.so.0.9.7
Reading symbols from /usr/local/lib32/libcrypto.so.0.9.7...done.
Loaded symbols for /usr/local/lib32/libcrypto.so.0.9.7
Reading symbols from /usr/local/apache2/lib/libaprutil-0.so.1...done.
Loaded symbols for /usr/local/apache2/lib/libaprutil-0.so.1
Reading symbols from /usr/local/lib32/libexpat.so.1...done.
Loaded symbols for /usr/local/lib32/libexpat.so.1
Reading symbols from /usr/local/lib32/libiconv.so.3...done.
Loaded symbols for /usr/local/lib32/libiconv.so.3
Reading symbols from /usr/local/apache2/lib/libapr-0.so.1...done.
Loaded symbols for /usr/local/apache2/lib/libapr-0.so.1
Reading symbols from /usr/lib32/libm.so...done.
Loaded symbols for /usr/lib32/libm.so
Reading symbols from /usr/lib32/libsocket.so...done.
Loaded symbols for /usr/lib32/libsocket.so
Reading symbols from /usr/lib32/libnsl.so...done.
Loaded symbols for /usr/lib32/libnsl.so
Reading symbols from /usr/lib32/libpthread.so...done.
Loaded symbols for /usr/lib32/libpthread.so
Reading symbols from /usr/lib32/libmp.so...done.
Loaded symbols for /usr/lib32/libmp.so
Reading symbols from /usr/lib32/libc.so.1...done.
Loaded symbols for /usr/lib32/libc.so.1
Reading symbols from /usr/local/lib32/libz.so...done.
Loaded symbols for /usr/local/lib32/libz.so
[skip apache module]
Reading symbols from /usr/local/apache2/modules/libphp4.so...done.
Loaded symbols for /usr/local/apache2/modules/libphp4.so
Reading symbols from
/usr/local/mysql/lib/mysql/libmysqlclient.so.13...done.
Loaded symbols for /usr/local/mysql/lib/mysql/libmysqlclient.so.13
Reading symbols from /usr/local/lib32/libttf.so.3...done.
Loaded symbols for /usr/local/lib32/libttf.so.3
Reading symbols from /usr/local/lib32/libpng.so.3...done.
Loaded symbols for /usr/local/lib32/libpng.so.3
Loaded symbols for /usr/local/lib32/libz.so
Reading symbols from /usr/local/lib32/libjpeg.so...done.
Loaded symbols for /usr/local/lib32/libjpeg.so
Loaded symbols for /usr/local/lib32/libz.so
Reading symbols from /usr/lib32/libcrypt.so...done.
Loaded symbols for /usr/lib32/libcrypt.so
Reading symbols from /usr/lib32/libgen.so...done.
Loaded symbols for /usr/lib32/libgen.so

(gdb) bt
#0  0x047a0b84 in ?? () from /usr/local/lib32/libz.so
#1  0x047ec9b0 in deflateInit2_ () at deflate.c:280
#2  0x047ec9b0 in deflateInit2_ () at deflate.c:280
....

-- 
Edit bug report at http://bugs.php.net/?id=24316&edit=1
-- 
Try a CVS snapshot:         http://bugs.php.net/fix.php?id=24316&r=trysnapshot
Fixed in CVS:               http://bugs.php.net/fix.php?id=24316&r=fixedcvs
Fixed in release:           http://bugs.php.net/fix.php?id=24316&r=alreadyfixed
Need backtrace:             http://bugs.php.net/fix.php?id=24316&r=needtrace
Try newer version:          http://bugs.php.net/fix.php?id=24316&r=oldversion
Not developer issue:        http://bugs.php.net/fix.php?id=24316&r=support
Expected behavior:          http://bugs.php.net/fix.php?id=24316&r=notwrong
Not enough info:            http://bugs.php.net/fix.php?id=24316&r=notenoughinfo
Submitted twice:            http://bugs.php.net/fix.php?id=24316&r=submittedtwice
register_globals:           http://bugs.php.net/fix.php?id=24316&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=24316&r=php3
Daylight Savings:           http://bugs.php.net/fix.php?id=24316&r=dst
IIS Stability:              http://bugs.php.net/fix.php?id=24316&r=isapi
Install GNU Sed:            http://bugs.php.net/fix.php?id=24316&r=gnused

Reply via email to