#29349 [NEW]: imagecreatefromstring segfaults (fix included)

[k at ailis dot de]

From:             k at ailis dot de
Operating system: Linux
PHP version:      4CVS-2004-07-23 (stable)
PHP Bug Type:     GD related
Bug description:  imagecreatefromstring segfaults (fix included)

Description:
------------
imagecreatefromstring segfaults when using the external GD library. The
bundled one works. As far as I understood this problem the
imagecreatefromstring function calls gdNewDynamicCTX and this function
frees some memory which don't have to be freed. Maybe this function was
changed in the bundled GD library. But this is not needed. Instead of
gdNewDynamicCtx the function gdNewDynamicCtxEx can be used. The additional
third parameter must be 0 so the function doesn't free the memory. Doing in
in that way imagecreatefromstring works again in the external GD library
and also in the bundled one. Here is a small patch, but please take it
with care. I don't really know what you are doing there with all these
memory freeing hacks. Maybe my patch creates a memory leak. Don't know.


--- gd.c.orig   2004-07-23 11:24:51.000000000 +0200
+++ gd.c    2004-07-23 11:31:10.000000000 +0200
@@ -1274,7 +1274,7 @@
    gdImagePtr im;
    gdIOCtx *io_ctx;

-   io_ctx = gdNewDynamicCtx (Z_STRLEN_PP(data), Z_STRVAL_PP(data));
+   io_ctx = gdNewDynamicCtxEx (Z_STRLEN_PP(data), Z_STRVAL_PP(data), 0);

    if (!io_ctx) {
        return NULL;


Reproduce code:
---------------
Can't provide one. The bug seems to be very system dependend. It works on
some machines. On others it don't. It works for some image files. With
others it don't.

Expected result:
----------------
No segfault.

Actual result:
--------------
segfault ;-)

-- 
Edit bug report at http://bugs.php.net/?id=29349&edit=1
-- 
Try a CVS snapshot (php4):  http://bugs.php.net/fix.php?id=29349&r=trysnapshot4
Try a CVS snapshot (php5):  http://bugs.php.net/fix.php?id=29349&r=trysnapshot5
Fixed in CVS:               http://bugs.php.net/fix.php?id=29349&r=fixedcvs
Fixed in release:           http://bugs.php.net/fix.php?id=29349&r=alreadyfixed
Need backtrace:             http://bugs.php.net/fix.php?id=29349&r=needtrace
Need Reproduce Script:      http://bugs.php.net/fix.php?id=29349&r=needscript
Try newer version:          http://bugs.php.net/fix.php?id=29349&r=oldversion
Not developer issue:        http://bugs.php.net/fix.php?id=29349&r=support
Expected behavior:          http://bugs.php.net/fix.php?id=29349&r=notwrong
Not enough info:            http://bugs.php.net/fix.php?id=29349&r=notenoughinfo
Submitted twice:            http://bugs.php.net/fix.php?id=29349&r=submittedtwice
register_globals:           http://bugs.php.net/fix.php?id=29349&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=29349&r=php3
Daylight Savings:           http://bugs.php.net/fix.php?id=29349&r=dst
IIS Stability:              http://bugs.php.net/fix.php?id=29349&r=isapi
Install GNU Sed:            http://bugs.php.net/fix.php?id=29349&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=29349&r=float