Package: php5-gd Version: 5.3.0-2 Severity: normal
Hi, $ echo '<?php phpinfo() ?>' | php > /tmp/out Segmentation fault Stack trace: Program received signal SIGSEGV, Segmentation fault. 0x00007ffff59a8210 in strlen () from /lib/libc.so.6 (gdb) bt #0 0x00007ffff59a8210 in strlen () from /lib/libc.so.6 #1 0x00000000006d9a88 in format_converter (odp=0x7fffffffb500, fmt=0x7ffff4827470 "s", ap=0x7fffffffb460) at /tmp/buildd/php5-5.3.0/main/snprintf.c:964 #2 0x00000000006da66c in strx_printv (ccp=0x7fffffffb51c, buf=0x7ffff7fdb6a0 "\270\26\254\364\377\177", len=4294948152, format=0x7ffff482746f "%s", ap=0x0) at /tmp/buildd/php5-5.3.0/main/snprintf.c:1211 #3 0x00000000006da814 in ap_php_snprintf (buf=0x7fffffffb5eb "", len=4160599712, format=0x0) at /tmp/buildd/php5-5.3.0/main/snprintf.c:1256 #4 0x00007ffff4823ae4 in zm_info_gd (zend_module=0x108e7c0) at /tmp/buildd/php5-5.3.0/ext/gd/gd.c:1296 #5 0x00000000006799c0 in _display_module_info_func (module=0xf4828818) at /tmp/buildd/php5-5.3.0/ext/standard/info.c:123 #6 0x00000000007359a5 in zend_hash_apply (ht=0x7fffffffb830, apply_func=0x6799b0 <_display_module_info_func>) at /tmp/buildd/php5-5.3.0/Zend/zend_hash.c:673 #7 0x000000000067ad3a in php_print_info (flag=32767) at /tmp/buildd/php5-5.3.0/ext/standard/info.c:903 #8 0x000000000067b141 in zif_phpinfo (ht=-192772072, return_value=0x1064bd8, return_value_ptr=0x7fffffffb538, this_ptr=0x0, return_value_used=-16843009) at /tmp/buildd/php5-5.3.0/ext/standard/info.c:1217 #9 0x000000000077b12b in zend_do_fcall_common_helper_SPEC (execute_data=0xe34360) at /tmp/buildd/php5-5.3.0/Zend/zend_vm_execute.h:313 #10 0x0000000000754569 in execute (op_array=0x1063688) at /tmp/buildd/php5-5.3.0/Zend/zend_vm_execute.h:104 #11 0x0000000000729391 in zend_execute_scripts (type=0, retval=0x7fffffffba80, file_count=3) at /tmp/buildd/php5-5.3.0/Zend/zend.c:1188 #12 0x00000000006d5ac5 in php_execute_script (primary_file=0xe3f800) at /tmp/buildd/php5-5.3.0/main/main.c:2196 #13 0x00000000007b6b77 in main (argc=-7672, argv=0x7fffffffde10) at /tmp/buildd/php5-5.3.0/sapi/cli/php_cli.c:1188 (gdb) Notice that zm_info_gd() seems to call ap_php_snprintf() with completely bogus arguments. For reference, the contents of /tmp/out from the first command above: phpinfo() PHP Version => 5.3.0-2 System => Linux boogie 2.6.30.5 #14 SMP PREEMPT Sun Aug 23 21:03:26 CEST 2009 x86_64 Build Date => Jul 1 2009 07:29:44 Server API => Command Line Interface Virtual Directory Support => disabled Configuration File (php.ini) Path => /etc/php5/cli Loaded Configuration File => /etc/php5/cli/php.ini Scan this dir for additional .ini files => /etc/php5/cli/conf.d Additional .ini files parsed => /etc/php5/cli/conf.d/gd.ini, /etc/php5/cli/conf.d/mysql.ini, /etc/php5/cli/conf.d/mysqli.ini, /etc/php5/cli/conf.d/pdo.ini, /etc/php5/cli/conf.d/pdo_mysql.ini, /etc/php5/cli/conf.d/pdo_pgsql.ini, /etc/php5/cli/conf.d/pgsql.ini PHP API => 20090626 PHP Extension => 20090626 Zend Extension => 220090626 Zend Extension Build => API220090626,NTS PHP Extension Build => API20090626,NTS Debug Build => no Thread Safety => disabled Zend Memory Manager => enabled Zend Multibyte Support => disabled IPv6 Support => enabled Registered PHP Streams => https, ftps, compress.zlib, compress.bzip2, php, file, glob, data, http, ftp, phar, zip Registered Stream Socket Transports => tcp, udp, unix, udg, ssl, sslv3, sslv2, tls Registered Stream Filters => zlib.*, bzip2.*, convert.iconv.*, string.rot13, string.toupper, string.tolower, string.strip_tags, convert.*, consumed, dechunk This program makes use of the Zend Scripting Language Engine: Zend Engine v2.3.0, Copyright (c) 1998-2009 Zend Technologies _______________________________________________________________________ Configuration bcmath BCMath support => enabled Directive => Local Value => Master Value bcmath.scale => 0 => 0 bz2 BZip2 Support => Enabled Stream Wrapper support => compress.bz2:// Stream Filter support => bzip2.decompress, bzip2.compress BZip2 Version => 1.0.5, 10-Dec-2007 calendar Calendar support => enabled Core PHP Version => 5.3.0-2 Directive => Local Value => Master Value allow_call_time_pass_reference => Off => Off allow_url_fopen => On => On allow_url_include => Off => Off always_populate_raw_post_data => Off => Off arg_separator.input => & => & arg_separator.output => & => & asp_tags => Off => Off auto_append_file => no value => no value auto_globals_jit => On => On auto_prepend_file => no value => no value browscap => no value => no value default_charset => no value => no value default_mimetype => text/html => text/html define_syslog_variables => Off => Off disable_classes => no value => no value disable_functions => no value => no value display_errors => Off => Off display_startup_errors => Off => Off doc_root => no value => no value docref_ext => no value => no value docref_root => no value => no value enable_dl => Off => Off error_append_string => no value => no value error_log => no value => no value error_prepend_string => no value => no value error_reporting => 22527 => 22527 exit_on_timeout => Off => Off expose_php => On => On extension_dir => /usr/lib/php5/20090626 => /usr/lib/php5/20090626 file_uploads => On => On highlight.bg => <font style="color: #FFFFFF">#FFFFFF</font> => <font style="color: #FFFFFF">#FFFFFF</font> highlight.comment => <font style="color: #FF8000">#FF8000</font> => <font style="color: #FF8000">#FF8000</font> highlight.default => <font style="color: #0000BB">#0000BB</font> => <font style="color: #0000BB">#0000BB</font> highlight.html => <font style="color: #000000">#000000</font> => <font style="color: #000000">#000000</font> highlight.keyword => <font style="color: #007700">#007700</font> => <font style="color: #007700">#007700</font> highlight.string => <font style="color: #DD0000">#DD0000</font> => <font style="color: #DD0000">#DD0000</font> html_errors => Off => Off ignore_repeated_errors => Off => Off ignore_repeated_source => Off => Off ignore_user_abort => Off => Off implicit_flush => On => On include_path => .:/usr/share/php:/usr/share/pear => .:/usr/share/php:/usr/share/pear log_errors => On => On log_errors_max_len => 1024 => 1024 magic_quotes_gpc => Off => Off magic_quotes_runtime => Off => Off magic_quotes_sybase => Off => Off mail.add_x_header => On => On mail.force_extra_parameters => Gabor -- System Information: Debian Release: squeeze/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'stable'), (110, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.30.5 (SMP w/2 CPU cores; PREEMPT) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages php5-gd depends on: ii libapache2-mod-php5 [p 5.3.0-2 server-side, HTML-embedded scripti ii libc6 2.9-25 GNU C Library: Shared libraries ii libfreetype6 2.3.9-5 FreeType 2 font engine, shared lib ii libgd2-xpm 2.0.36~rc1~dfsg-3 GD Graphics Library version 2 ii libjpeg62 6b-15 The Independent JPEG Group's JPEG ii libpng12-0 1.2.39-1 PNG library - runtime ii libt1-5 5.1.2-3 Type 1 font rasterizer library - r ii libx11-6 2:1.2.2-1 X11 client-side library ii libxpm4 1:3.5.7-2 X11 pixmap library ii php5 5.3.0-2 server-side, HTML-embedded scripti ii php5-cli [phpapi-20090 5.3.0-2 command-line interpreter for the p ii php5-common 5.3.0-2 Common files for packages built fr ii zlib1g 1:1.2.3.3.dfsg-15 compression library - runtime php5-gd recommends no packages. php5-gd suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org