ID: 29349 Comment by: adconrad at debian dot org Reported By: k at ailis dot de Status: Open Bug Type: GD related Operating System: Linux PHP Version: 4CVS-2004-07-23 (stable) New Comment:
As of the next upload to the Debian archive, we will be using the following patch, which seems to clear up every php4-gd segfault bug we've had reported: --- php4-4.3.8/ext/gd/gd.c.orig 2004-07-24 06:00:25.000000000 -0600 +++ php4-4.3.8/ext/gd/gd.c 2004-07-24 06:10:38.000000000 -0600 @@ -1242,7 +1242,7 @@ #ifdef HAVE_GD_WBMP else { gdIOCtx *io_ctx; - io_ctx = gdNewDynamicCtx (8, data); + io_ctx = gdNewDynamicCtxEx (8, data, 0); if (io_ctx) { if (getmbi((int(*)(void*))gdGetC, io_ctx) == 0 && skipheader((int(*)(void*))gdGetC, io_ctx) == 0 ) { #if HAVE_LIBGD204 @@ -1274,7 +1274,7 @@ gdImagePtr im; gdIOCtx *io_ctx; - io_ctx = gdNewDynamicCtx (Z_STRLEN_PP(data), Z_STRVAL_PP(data)); + io_ctx = gdNewDynamicCtxEx (Z_STRLEN_PP(data), Z_STRVAL_PP(data), 0); if (!io_ctx) { return NULL; @@ -1428,7 +1428,7 @@ goto out_err; } - io_ctx = gdNewDynamicCtx(buff_size, buff); + io_ctx = gdNewDynamicCtxEx(buff_size, buff, 0); if(!io_ctx) { php_error_docref(NULL TSRMLS_CC, E_WARNING,"Cannot allocate GD IO context"); goto out_err; Previous Comments: ------------------------------------------------------------------------ [2004-07-24 14:08:46] adconrad at debian dot org Also note that gdNewDynamicCtx is used 3 times in gd.c, not just once as the patch would lead one to believe. ------------------------------------------------------------------------ [2004-07-24 14:05:05] adconrad at debian dot org Note that gdNewDynamicCtxEx was added in 2.0.21, so if this is used unconditionally, PHP will need to depend on that version of libgd2. (Also, this does appear to fix the segfaults being reported all over the place for imagecreatefromstring with the external libgd2) ------------------------------------------------------------------------ [2004-07-23 14:09:13] k at ailis dot de I have searched the closed bug reports and it looks like you will find the whole problem in #24174 (including a backtrace). Your solution was to modify the bundled GD library. In my opinion this is a very bad solution because this does not fix the problem if you use the external GD library. And it seems NOT to be a bug in GD! It's seems more like a misuse of a GD-function. The external GD library AND the bundled one can be used if you try my fix and check if it does not break something else. It looks to me that Boutell has created this *CtxEx function exactly for people who want to control the memory-freeing behaviour of the function so it might be the correct solution. ------------------------------------------------------------------------ [2004-07-23 13:50:20] [EMAIL PROTECTED] Thank you for this bug report. To properly diagnose the problem, we need a backtrace to see what is happening behind the scenes. To find out how to generate a backtrace, please read http://bugs.php.net/bugs-generating-backtrace.php Once you have generated a backtrace, please submit it to this bug report and change the status back to "Open". Thank you for helping us make PHP better. Please, provide a gdb backtrace. ------------------------------------------------------------------------ [2004-07-23 12:01:03] k at ailis dot de Description: ------------ imagecreatefromstring segfaults when using the external GD library. The bundled one works. As far as I understood this problem the imagecreatefromstring function calls gdNewDynamicCTX and this function frees some memory which don't have to be freed. Maybe this function was changed in the bundled GD library. But this is not needed. Instead of gdNewDynamicCtx the function gdNewDynamicCtxEx can be used. The additional third parameter must be 0 so the function doesn't free the memory. Doing in in that way imagecreatefromstring works again in the external GD library and also in the bundled one. Here is a small patch, but please take it with care. I don't really know what you are doing there with all these memory freeing hacks. Maybe my patch creates a memory leak. Don't know. --- gd.c.orig 2004-07-23 11:24:51.000000000 +0200 +++ gd.c 2004-07-23 11:31:10.000000000 +0200 @@ -1274,7 +1274,7 @@ gdImagePtr im; gdIOCtx *io_ctx; - io_ctx = gdNewDynamicCtx (Z_STRLEN_PP(data), Z_STRVAL_PP(data)); + io_ctx = gdNewDynamicCtxEx (Z_STRLEN_PP(data), Z_STRVAL_PP(data), 0); if (!io_ctx) { return NULL; Reproduce code: --------------- Can't provide one. The bug seems to be very system dependend. It works on some machines. On others it don't. It works for some image files. With others it don't. Expected result: ---------------- No segfault. Actual result: -------------- segfault ;-) ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=29349&edit=1