ID: 42416
User updated by: baco at infomaniak dot ch
Reported By: baco at infomaniak dot ch
Status: Open
Bug Type: GD related
Operating System: Linux
PHP Version: 4.4.7
New Comment:
see diff in gdImageCreate()
--- php-4.4.7/ext/gd/libgd/gd.c 2007-08-24 19:39:33.999613335
+0200
+++ php-5.2.3/ext/gd/libgd/gd.c 2007-08-24 19:39:53.052804086
+0200
@@ -5,8 +5,8 @@
im = (gdImage *) gdMalloc(sizeof(gdImage));
memset(im, 0, sizeof(gdImage));
/* Row-major ever since gd 1.3 */
- im->pixels = (unsigned char **) safe_emalloc(sizeof(unsigned
char *), sy, 0);
- im->AA_opacity = (unsigned char **) safe_emalloc(sizeof(unsigned
char *), sy, 0);
+ im->pixels = (unsigned char **) gdMalloc(sizeof(unsigned char *)
* sy);
+ im->AA_opacity = (unsigned char **) gdMalloc(sizeof(unsigned
char *) * sy);
im->polyInts = 0;
im->polyAllocated = 0;
im->brush = 0;
Previous Comments:
------------------------------------------------------------------------
[2007-08-24 16:17:42] baco at infomaniak dot ch
Description:
------------
Reproductible with PHP 4.4.7
or with the last Snap 4.4-dev
on Apache2 using MPM worker.
Apache2 process get locked when calling
imagettftext() after calling imagecreate()
every call of such code result of another
dead locked Apache2 processes.
Workarounds :
- Use imagecreatetruecolor() instead of imagecreate()
- Don't use bundled gdlib compile PHP with external gdlib
- Upgrade 5.2.3 who don't have this issue
Reproductible with
configure \
--with-gd \
--with-png-dir=/usr \
--with-freetype-dir=/usr \
--with-ttf \
--enable-gd-native-ttf \
...
Unreproductible with external gd
configure \
--with-gd=/opt/misc/gd \
--with-png-dir=/usr \
--with-jpeg-dir=/usr \
--with-freetype-dir=/usr \
--with-ttf \
--enable-gd-native-ttf \
...
Reproduce code:
---------------
$crash = 1;
$text = 'Bug';
$font = $_SERVER['DOCUMENT_ROOT'] . '/fonts' .'/'. 'arial.ttf';
if ($crash == 1) {
$image = imagecreate(64, 32);
} else {
$image = imagecreatetruecolor(64, 32);
}
$white = imagecolorallocate($image, 255, 255, 255);
/* LOCK APACHE2 PROCESS AFTER THIS POINT IF crash == 1
* => if imagecreate() used but not if imagecreatetruecolor()
*/
imagettftext($image, 20, 0, 8, 24, $white, $font, $text);
header('Content-type: image/png');
imagepng($image);
imagedestroy($image);
Expected result:
----------------
Display "Bug" white text on black background
Actual result:
--------------
Apache2 process get locked and browser wait for the
image forever.
After it is a matter of time for Apache2 to have
all processes locked depending on your ServerLimit
and ThreadsPerChild values.
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=42416&edit=1
