From: russell dot seymour at turtlesystems dot co dot uk
Operating system: Gentoo Linux
PHP version: 4.3.6
PHP Bug Type: Reproducible crash
Bug description: imagecreatefromstring causes Apache2 Segfault
Description:
------------
I have some photos in a MySQL database stored as BLOBS.
I have some php code that pulls these blobs from the database and creates
thumbnails on the fly.
I am using imagecreatefromstring to do this.
The strange thing is that I have 7 images and the third one works - none
of the others do. However if I move the code and the database to another
Apache/PHP system (this time using Solaris 9) everything works without
modification.
I have tried the fix in "Bug #24174: Seg. fault when calling
imagecreatefromstring" but this has not worked.
My PHP configure line is:
./configure' '--prefix=/usr' '--host=i586-pc-linux-gnu'
'--mandir=/usr/share/man' '--infodir=/usr/share/info'
'--datadir=/usr/share' '--sysconfdir=/etc' '--localstatedir=/var/lib'
'--with-apxs2=/usr/sbin/apxs2' '--with-ndbm=/usr' '--with-db4=/usr'
'--with-mcrypt=/usr' '--with-mhash=/usr' '--without-interbase'
'--without-ming' '--without-swf' '--without-sybase' '--with-gdbm=/usr'
'--without-fdftk' '--with-java=/opt/blackdown-jdk-1.4.1' '--without-mcal'
'--without-unixODBC' '--without-pgsql' '--without-snmp'
'--with-xpm-dir=/usr/X11R6' '--without-gmp' '--without-mssql'
'--without-pdflib' '--with-gd=/usr' '--enable-gd-native-ttf'
'--with-png=/usr' '--with-png-dir=/usr' '--with-jpeg=/usr'
'--with-jpeg-dir=/usr' '--enable-exif' '--without-tiff'
'--with-mysql=/usr' '--with-mysql-sock=/var/run/mysqld/mysqld.sock'
'--with-freetype-dir=/usr' '--with-ttf=/usr' '--with-t1lib=/usr'
'--with-gettext' '--with-qtdom=/usr/qt/3' '--with-pspell=/usr'
'--with-openssl=/usr' '--with-imap=/usr' '--with-ldap=/usr'
'--with-dom=/usr' '--with-dom-xslt=/usr' '--with-dom-exslt=/usr'
'--with-kerberos=/usr' '--with-pam' '--disable-memory-limit'
'--disable-ipv6' '--without-yaz' '--without-curl' '--enable-dbx'
'--with-imap-ssl' '--with-zlib=/usr' '--with-zlib-dir=/usr'
'--with-sablot=/usr' '--enable-xslt' '--with-xslt-sablot' '--with-xmlrpc'
'--enable-wddx' '--with-xml' '--enable-mbstring=all' '--enable-mbregex'
'--with-bz2=/usr' '--with-crack=/usr' '--with-cdb' '--enable-pcntl'
'--enable-bcmath' '--enable-calendar' '--enable-dbase' '--enable-filepro'
'--enable-ftp' '--with-mime-magic=/usr/share/misc/file/magic.mime'
'--enable-sockets' '--enable-sysvsem' '--enable-sysvshm'
'--enable-sysvipc' '--with-iconv' '--enable-shmop' '--enable-dio'
'--enable-yp' '--without-ncurses' '--without-readline'
'--enable-inline-optimization' '--enable-track-vars' '--enable-trans-sid'
'--enable-versioning' '--with-config-file-path=/etc/php/apache2-php4'
Reproduce code:
---------------
// build up sql to get data from database
$s_SQL = "SELECT file_type, image, category FROM t_images WHERE id =
${i_Img_ID}";
// Execute the query on the database
$o_Img = $o_DB -> query ($s_SQL);
if (DB::isError($o_Img)) {
print $o_Img -> getMessage();
exit;
}
// proceed if no errors
if ($o_Img) {
$a_Size = array();
// get information from the query
list ($type_Tmp, $bin_Tmp, $i_Cat_ID) = $o_Img -> fetchrow();
$a_Size["bin"] = imagecreatefromstring ($bin_Tmp);
$a_Size["file_type"] = $type_Tmp;
}
Expected result:
----------------
The above (cut code) should result in 7 images having been resampled with
a height of 135px and a width dependant on the orginal aspect ratio.
Actual result:
--------------
Program received signal SIGSEGV, Segmentation fault.
0x403ce9b7 in pthread_mutex_lock () from /lib/libpthread.so.0
(gdb) bt
#0 0x403ce9b7 in pthread_mutex_lock () from /lib/libpthread.so.0
#1 0x404772e3 in free () from /lib/libc.so.6
#2 0x4136f1f8 in ?? ()
#3 0x08403a44 in ?? ()
#4 0x083eb65c in ?? ()
#5 0x083eb5ac in ?? ()
#6 0x4136f1e6 in ?? ()
#7 0x0840d25c in ?? ()
#8 0x0840d18c in ?? ()
#9 0x41391854 in ?? ()
#10 0x41363619 in ?? ()
#11 0x08403a44 in ?? ()
#12 0x08403a44 in ?? ()
#13 0x00000001 in ?? ()
#14 0x413635d2 in ?? ()
#15 0x083eb500 in ?? ()
#16 0x083eb528 in ?? ()
#17 0x40ae772c in ?? ()
#18 0x406eaaaa in ?? ()
#19 0x083eb500 in ?? ()
#20 0x08403a44 in ?? ()
#21 0xbfffb390 in ?? ()
#22 0x406eaa26 in ?? ()
#23 0xbfffb358 in ?? ()
#24 0x40a5266f in ?? ()
#25 0x00000003 in ?? ()
#26 0x406ea8b5 in ?? ()
#27 0x083eb500 in ?? ()
#28 0x0840fa58 in ?? ()
#29 0x40ae772c in ?? ()
#30 0x406eabfc in ?? ()
#31 0x08347f60 in ?? ()
#32 0x40901902 in ?? ()
#33 0x4136478e in ?? ()
#34 0x406eaac8 in ?? ()
#35 0x083eab14 in ?? ()
#36 0xbfffb72c in ?? ()
#37 0xe0ffd8ff in ?? ()
#38 0x464a1000 in ?? ()
#39 0x083eab14 in ?? ()
#40 0x00000003 in ?? ()
#41 0x00000010 in ?? ()
#42 0x08347f60 in ?? ()
#43 0x40ae772c in ?? ()
#44 0x40ae772c in ?? ()
#45 0xbfffb390 in ?? ()
#46 0x408763da in ?? ()
#47 0x00000001 in ?? ()
--
Edit bug report at http://bugs.php.net/?id=28971&edit=1
--
Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=28971&r=trysnapshot4
Try a CVS snapshot (php5): http://bugs.php.net/fix.php?id=28971&r=trysnapshot5
Fixed in CVS: http://bugs.php.net/fix.php?id=28971&r=fixedcvs
Fixed in release: http://bugs.php.net/fix.php?id=28971&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=28971&r=needtrace
Need Reproduce Script: http://bugs.php.net/fix.php?id=28971&r=needscript
Try newer version: http://bugs.php.net/fix.php?id=28971&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=28971&r=support
Expected behavior: http://bugs.php.net/fix.php?id=28971&r=notwrong
Not enough info: http://bugs.php.net/fix.php?id=28971&r=notenoughinfo
Submitted twice: http://bugs.php.net/fix.php?id=28971&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=28971&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=28971&r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=28971&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=28971&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=28971&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=28971&r=float
