Package: php5-gd
Version: 5.3.0-2
Severity: normal
Hi,
$ echo '<?php phpinfo() ?>' | php > /tmp/out
Segmentation fault
Stack trace:
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff59a8210 in strlen () from /lib/libc.so.6
(gdb) bt
#0 0x00007ffff59a8210 in strlen () from /lib/libc.so.6
#1 0x00000000006d9a88 in format_converter (odp=0x7fffffffb500,
fmt=0x7ffff4827470 "s", ap=0x7fffffffb460)
at /tmp/buildd/php5-5.3.0/main/snprintf.c:964
#2 0x00000000006da66c in strx_printv (ccp=0x7fffffffb51c, buf=0x7ffff7fdb6a0
"\270\26\254\364\377\177", len=4294948152,
format=0x7ffff482746f "%s", ap=0x0) at
/tmp/buildd/php5-5.3.0/main/snprintf.c:1211
#3 0x00000000006da814 in ap_php_snprintf (buf=0x7fffffffb5eb "",
len=4160599712, format=0x0) at /tmp/buildd/php5-5.3.0/main/snprintf.c:1256
#4 0x00007ffff4823ae4 in zm_info_gd (zend_module=0x108e7c0) at
/tmp/buildd/php5-5.3.0/ext/gd/gd.c:1296
#5 0x00000000006799c0 in _display_module_info_func (module=0xf4828818) at
/tmp/buildd/php5-5.3.0/ext/standard/info.c:123
#6 0x00000000007359a5 in zend_hash_apply (ht=0x7fffffffb830,
apply_func=0x6799b0 <_display_module_info_func>)
at /tmp/buildd/php5-5.3.0/Zend/zend_hash.c:673
#7 0x000000000067ad3a in php_print_info (flag=32767) at
/tmp/buildd/php5-5.3.0/ext/standard/info.c:903
#8 0x000000000067b141 in zif_phpinfo (ht=-192772072, return_value=0x1064bd8,
return_value_ptr=0x7fffffffb538, this_ptr=0x0,
return_value_used=-16843009) at
/tmp/buildd/php5-5.3.0/ext/standard/info.c:1217
#9 0x000000000077b12b in zend_do_fcall_common_helper_SPEC
(execute_data=0xe34360) at /tmp/buildd/php5-5.3.0/Zend/zend_vm_execute.h:313
#10 0x0000000000754569 in execute (op_array=0x1063688) at
/tmp/buildd/php5-5.3.0/Zend/zend_vm_execute.h:104
#11 0x0000000000729391 in zend_execute_scripts (type=0, retval=0x7fffffffba80,
file_count=3) at /tmp/buildd/php5-5.3.0/Zend/zend.c:1188
#12 0x00000000006d5ac5 in php_execute_script (primary_file=0xe3f800) at
/tmp/buildd/php5-5.3.0/main/main.c:2196
#13 0x00000000007b6b77 in main (argc=-7672, argv=0x7fffffffde10) at
/tmp/buildd/php5-5.3.0/sapi/cli/php_cli.c:1188
(gdb)
Notice that zm_info_gd() seems to call ap_php_snprintf() with completely
bogus arguments.
For reference, the contents of /tmp/out from the first command above:
phpinfo()
PHP Version => 5.3.0-2
System => Linux boogie 2.6.30.5 #14 SMP PREEMPT Sun Aug 23 21:03:26 CEST 2009
x86_64
Build Date => Jul 1 2009 07:29:44
Server API => Command Line Interface
Virtual Directory Support => disabled
Configuration File (php.ini) Path => /etc/php5/cli
Loaded Configuration File => /etc/php5/cli/php.ini
Scan this dir for additional .ini files => /etc/php5/cli/conf.d
Additional .ini files parsed => /etc/php5/cli/conf.d/gd.ini,
/etc/php5/cli/conf.d/mysql.ini,
/etc/php5/cli/conf.d/mysqli.ini,
/etc/php5/cli/conf.d/pdo.ini,
/etc/php5/cli/conf.d/pdo_mysql.ini,
/etc/php5/cli/conf.d/pdo_pgsql.ini,
/etc/php5/cli/conf.d/pgsql.ini
PHP API => 20090626
PHP Extension => 20090626
Zend Extension => 220090626
Zend Extension Build => API220090626,NTS
PHP Extension Build => API20090626,NTS
Debug Build => no
Thread Safety => disabled
Zend Memory Manager => enabled
Zend Multibyte Support => disabled
IPv6 Support => enabled
Registered PHP Streams => https, ftps, compress.zlib, compress.bzip2, php,
file, glob, data, http, ftp, phar, zip
Registered Stream Socket Transports => tcp, udp, unix, udg, ssl, sslv3, sslv2,
tls
Registered Stream Filters => zlib.*, bzip2.*, convert.iconv.*, string.rot13,
string.toupper, string.tolower, string.strip_tags, convert.*, consumed, dechunk
This program makes use of the Zend Scripting Language Engine:
Zend Engine v2.3.0, Copyright (c) 1998-2009 Zend Technologies
_______________________________________________________________________
Configuration
bcmath
BCMath support => enabled
Directive => Local Value => Master Value
bcmath.scale => 0 => 0
bz2
BZip2 Support => Enabled
Stream Wrapper support => compress.bz2://
Stream Filter support => bzip2.decompress, bzip2.compress
BZip2 Version => 1.0.5, 10-Dec-2007
calendar
Calendar support => enabled
Core
PHP Version => 5.3.0-2
Directive => Local Value => Master Value
allow_call_time_pass_reference => Off => Off
allow_url_fopen => On => On
allow_url_include => Off => Off
always_populate_raw_post_data => Off => Off
arg_separator.input => & => &
arg_separator.output => & => &
asp_tags => Off => Off
auto_append_file => no value => no value
auto_globals_jit => On => On
auto_prepend_file => no value => no value
browscap => no value => no value
default_charset => no value => no value
default_mimetype => text/html => text/html
define_syslog_variables => Off => Off
disable_classes => no value => no value
disable_functions => no value => no value
display_errors => Off => Off
display_startup_errors => Off => Off
doc_root => no value => no value
docref_ext => no value => no value
docref_root => no value => no value
enable_dl => Off => Off
error_append_string => no value => no value
error_log => no value => no value
error_prepend_string => no value => no value
error_reporting => 22527 => 22527
exit_on_timeout => Off => Off
expose_php => On => On
extension_dir => /usr/lib/php5/20090626 => /usr/lib/php5/20090626
file_uploads => On => On
highlight.bg => <font style="color: #FFFFFF">#FFFFFF</font> => <font
style="color: #FFFFFF">#FFFFFF</font>
highlight.comment => <font style="color: #FF8000">#FF8000</font> => <font
style="color: #FF8000">#FF8000</font>
highlight.default => <font style="color: #0000BB">#0000BB</font> => <font
style="color: #0000BB">#0000BB</font>
highlight.html => <font style="color: #000000">#000000</font> => <font
style="color: #000000">#000000</font>
highlight.keyword => <font style="color: #007700">#007700</font> => <font
style="color: #007700">#007700</font>
highlight.string => <font style="color: #DD0000">#DD0000</font> => <font
style="color: #DD0000">#DD0000</font>
html_errors => Off => Off
ignore_repeated_errors => Off => Off
ignore_repeated_source => Off => Off
ignore_user_abort => Off => Off
implicit_flush => On => On
include_path => .:/usr/share/php:/usr/share/pear =>
.:/usr/share/php:/usr/share/pear
log_errors => On => On
log_errors_max_len => 1024 => 1024
magic_quotes_gpc => Off => Off
magic_quotes_runtime => Off => Off
magic_quotes_sybase => Off => Off
mail.add_x_header => On => On
mail.force_extra_parameters =>
Gabor
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'stable'), (110, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.30.5 (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages php5-gd depends on:
ii libapache2-mod-php5 [p 5.3.0-2 server-side, HTML-embedded scripti
ii libc6 2.9-25 GNU C Library: Shared libraries
ii libfreetype6 2.3.9-5 FreeType 2 font engine, shared lib
ii libgd2-xpm 2.0.36~rc1~dfsg-3 GD Graphics Library version 2
ii libjpeg62 6b-15 The Independent JPEG Group's JPEG
ii libpng12-0 1.2.39-1 PNG library - runtime
ii libt1-5 5.1.2-3 Type 1 font rasterizer library - r
ii libx11-6 2:1.2.2-1 X11 client-side library
ii libxpm4 1:3.5.7-2 X11 pixmap library
ii php5 5.3.0-2 server-side, HTML-embedded scripti
ii php5-cli [phpapi-20090 5.3.0-2 command-line interpreter for the p
ii php5-common 5.3.0-2 Common files for packages built fr
ii zlib1g 1:1.2.3.3.dfsg-15 compression library - runtime
php5-gd recommends no packages.
php5-gd suggests no packages.
-- no debconf information
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
