ID: 34042 User updated by: php at fiddaman dot net Reported By: php at fiddaman dot net -Status: Feedback +Status: Closed Bug Type: GD related Operating System: Solaris 9 PHP Version: 5.0.4 New Comment:
That snapshot works fine, thanks. Previous Comments: ------------------------------------------------------------------------ [2005-08-08 22:43:04] [EMAIL PROTECTED] Please try using this CVS snapshot: http://snaps.php.net/php5-latest.tar.gz For Windows: http://snaps.php.net/win32/php5-win32-latest.zip ------------------------------------------------------------------------ [2005-08-08 21:20:50] php at fiddaman dot net That doesn't make sense as my newly compiled 5.0.4 was crashing at the same place, and modifying gd.c fixed it. The back-trace I've posted below is from the 5.0.4 binary and the code in ext/gd/gd.c as distributed definitely defines col, x, y as int instead of long. I'm using a 64-bit architecture so sizeof(int) != sizeof(long).. ------------------------------------------------------------------------ [2005-08-08 20:56:52] [EMAIL PROTECTED] It was fixed in 5.x even before 4.x. ------------------------------------------------------------------------ [2005-08-08 20:49:31] php at fiddaman dot net Description: ------------ Same problem as bug #32893 (which was for PHP4). zend_parse_va_args is called with a template of "l" but a pointer to int which isn't large enough to hold the result. A patch which fixes this. --- ext/gd/gd.c~ 2005-05-01 11:36:21.134419000 +0000 +++ ext/gd/gd.c 2005-05-01 11:42:37.369849000 +0000 @@ -3017,7 +3017,8 @@ { zval *IM, *EXT = NULL; gdImagePtr im=NULL; - int col = -1, x = -1, y = -1, str_len, fontname_len, i, brect[8]; + long col = -1, x = -1, y = -1; + int str_len, fontname_len, i, brect[8]; double ptsize, angle; unsigned char *str = NULL, *fontname = NULL; char *error = NULL; Reproduce code: --------------- <?php $img = imagecreate(400, 70); imagettftext($img, 11/81*64, 0, 0, 27, 0, "/dev/null", "test"); ?> Actual result: -------------- 251 *p = Z_LVAL_PP(arg); (gdb) where #0 0x0000000100229e54 in zend_parse_va_args (num_args=4, type_spec=0x1002e4db3 "lllss|a", va=0xffffffff7fffea18, flags=0) at /spool/src/build/php-5.0.4/Zend/zend_API.c:251 #1 0x000000010022ac28 in zend_parse_parameters (num_args=8, type_spec=0x1002e4db0 "rddlllss|a") at /spool/src/build/php-5.0.4/Zend/zend_API.c:571 #2 0x000000010008f730 in php_imagettftext_common (ht=8, return_value=0x100796328, this_ptr=0x0, return_value_used=0, mode=0, extended=0) at /spool/src/build/php-5.0.4/ext/gd/gd.c:3134 #3 0x0000000100260468 in zend_do_fcall_common_helper ( execute_data=0xffffffff7fffef80, opline=0x10079d5a8, op_array=0x100798c08) at /spool/src/build/php-5.0.4/Zend/zend_execute.c:2727 #4 0x00000001002608d8 in zend_do_fcall_handler ( execute_data=0xffffffff7fffef80, opline=0x10079d5a8, op_array=0x100798c08) at /spool/src/build/php-5.0.4/Zend/zend_execute.c:2859 #5 0x000000010024ddec in execute (op_array=0x100798c08) at /spool/src/build/php-5.0.4/Zend/zend_execute.c:1406 #6 0x00000001002291f0 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /spool/src/build/php-5.0.4/Zend/zend.c:1069 #7 0x00000001001e8f90 in php_execute_script (primary_file=0xffffffff7ffffa80) at /spool/src/build/php-5.0.4/main/main.c:1632 #8 0x000000010026adb8 in main (argc=1, argv=0xffffffff7ffffb88) at /spool/src/build/php-5.0.4/sapi/cli/php_cli.c:946 ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=34042&edit=1
