ID: 29349
Comment by: adconrad at debian dot org
Reported By: k at ailis dot de
Status: Open
Bug Type: GD related
Operating System: Linux
PHP Version: 4CVS-2004-07-23 (stable)
New Comment:
As of the next upload to the Debian archive, we will be using the
following patch, which seems to clear up every php4-gd segfault bug
we've had reported:
--- php4-4.3.8/ext/gd/gd.c.orig 2004-07-24 06:00:25.000000000 -0600
+++ php4-4.3.8/ext/gd/gd.c 2004-07-24 06:10:38.000000000 -0600
@@ -1242,7 +1242,7 @@
#ifdef HAVE_GD_WBMP
else {
gdIOCtx *io_ctx;
- io_ctx = gdNewDynamicCtx (8, data);
+ io_ctx = gdNewDynamicCtxEx (8, data, 0);
if (io_ctx) {
if (getmbi((int(*)(void*))gdGetC, io_ctx) == 0
&& skipheader((int(*)(void*))gdGetC, io_ctx) == 0 ) {
#if HAVE_LIBGD204
@@ -1274,7 +1274,7 @@
gdImagePtr im;
gdIOCtx *io_ctx;
- io_ctx = gdNewDynamicCtx (Z_STRLEN_PP(data),
Z_STRVAL_PP(data));
+ io_ctx = gdNewDynamicCtxEx (Z_STRLEN_PP(data),
Z_STRVAL_PP(data), 0);
if (!io_ctx) {
return NULL;
@@ -1428,7 +1428,7 @@
goto out_err;
}
- io_ctx = gdNewDynamicCtx(buff_size, buff);
+ io_ctx = gdNewDynamicCtxEx(buff_size, buff, 0);
if(!io_ctx) {
php_error_docref(NULL TSRMLS_CC,
E_WARNING,"Cannot allocate GD IO context");
goto out_err;
Previous Comments:
------------------------------------------------------------------------
[2004-07-24 14:08:46] adconrad at debian dot org
Also note that gdNewDynamicCtx is used 3 times in gd.c, not just once
as the patch would lead one to believe.
------------------------------------------------------------------------
[2004-07-24 14:05:05] adconrad at debian dot org
Note that gdNewDynamicCtxEx was added in 2.0.21, so if this is used
unconditionally, PHP will need to depend on that version of libgd2.
(Also, this does appear to fix the segfaults being reported all over
the place for imagecreatefromstring with the external libgd2)
------------------------------------------------------------------------
[2004-07-23 14:09:13] k at ailis dot de
I have searched the closed bug reports and it looks like
you will find the whole problem in #24174 (including a
backtrace). Your solution was to modify the bundled GD
library. In my opinion this is a very bad solution because
this does not fix the problem if you use the external GD
library. And it seems NOT to be a bug in GD! It's seems
more like a misuse of a GD-function. The external GD
library AND the bundled one can be used if you try my fix
and check if it does not break something else. It looks to
me that Boutell has created this *CtxEx function exactly
for people who want to control the memory-freeing
behaviour of the function so it might be the correct
solution.
------------------------------------------------------------------------
[2004-07-23 13:50:20] [EMAIL PROTECTED]
Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read
http://bugs.php.net/bugs-generating-backtrace.php
Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.
Please, provide a gdb backtrace.
------------------------------------------------------------------------
[2004-07-23 12:01:03] k at ailis dot de
Description:
------------
imagecreatefromstring segfaults when using the external GD library. The
bundled one works. As far as I understood this problem the
imagecreatefromstring function calls gdNewDynamicCTX and this function
frees some memory which don't have to be freed. Maybe this function was
changed in the bundled GD library. But this is not needed. Instead of
gdNewDynamicCtx the function gdNewDynamicCtxEx can be used. The
additional third parameter must be 0 so the function doesn't free the
memory. Doing in in that way imagecreatefromstring works again in the
external GD library and also in the bundled one. Here is a small patch,
but please take it with care. I don't really know what you are doing
there with all these memory freeing hacks. Maybe my patch creates a
memory leak. Don't know.
--- gd.c.orig 2004-07-23 11:24:51.000000000 +0200
+++ gd.c 2004-07-23 11:31:10.000000000 +0200
@@ -1274,7 +1274,7 @@
gdImagePtr im;
gdIOCtx *io_ctx;
- io_ctx = gdNewDynamicCtx (Z_STRLEN_PP(data), Z_STRVAL_PP(data));
+ io_ctx = gdNewDynamicCtxEx (Z_STRLEN_PP(data), Z_STRVAL_PP(data),
0);
if (!io_ctx) {
return NULL;
Reproduce code:
---------------
Can't provide one. The bug seems to be very system dependend. It works
on some machines. On others it don't. It works for some image files.
With others it don't.
Expected result:
----------------
No segfault.
Actual result:
--------------
segfault ;-)
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=29349&edit=1
