On Mon, 18 Nov 2002 13:31:58 +0100, Marcus Börger wrote: >At 13:07 18.11.2002, Derick Rethans wrote: >>On Mon, 18 Nov 2002, Brian Havard wrote: >> >> > Derick Rethans wrote: >> > > On Sun, 17 Nov 2002, Derick Rethans wrote: >> > > >> > > >> > >>On Sun, 17 Nov 2002, Brian Havard wrote: >> > >> >> > >> >> > >>>When trying out the RC1 code I found that my GD test segfaults every >> time. I >> > >>>traced the problem to the fact that efree is used on memory that was >> > >>>allocated with strdup. See the fontlist variable in >> > >>>ext\gd\libgd\gdft.c:fontFetch() >> > >>> >> > >>>This started happening when gdhelpers.c was changed to use emalloc >> etc in r1.3. >> > >> >> > >>Thanks, I'll check the whole source for strdup now. >> > > >> > > >> > > Okay, I committed this, but I found that some of the functions use >> > > malloc, others emalloc and more others use gdMalloc (which is a wrapper >> > > for emalloc). I don't think this is what we want, but I'm also afraid >> > > that changing everything to the gd* functions is a bad thing, as some of >> > > the structures should be persistent. >> > >> > Ok, that's better but there's still a problem when running as an Apache >> > module. It crashes on the 2nd image request & changing gdhelpers.c back to >> > using malloc/free/strdup cures it. I haven't traced it but my money's >> on the >> > font cache which is meant to be persistent between images (see "static >> > gdCache_head_t *fontCache" at gdft.c:721) but is allocated with >> gdMalloc() & >> > therefore emalloc() in gdCacheCreate(). >> >>yeah, I'm going to revert back to the original memory management >>functions, it needs some thourough checking before we can swap again. >> >>Derick > > >Brian could you create a short test for the segfault? It would help us >finding out the problems.
It should be easy to reproduce. Any script that uses ImageTTFText() requested more than once from a persistent SAPI seems to do it. If you read the source at the points I've mentioned above it becomes pretty obvious that it will try to access freed memory pointed to by fontCache. -- ______________________________________________________________________________ | Brian Havard | "He is not the messiah! | | [EMAIL PROTECTED] | He's a very naughty boy!" - Life of Brian | ------------------------------------------------------------------------------ -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php
