#24455 [NEW]: imagettfbbox and ImageTTFText cause Apache2 segfault (bug #23122 not solved?)

babansky at mail dot ru Wed, 02 Jul 2003 01:56:02 -0700

From:             babansky at mail dot ru
Operating system: Suse 8.2 with Apache2
PHP version:      4CVS-2003-07-02 (stable)
PHP Bug Type:     Reproducible crash
Bug description:  imagettfbbox and ImageTTFText cause Apache2 segfault (bug #23122 not 
solved?)


Description:
------------
If PHP is configured with an external GD library like:

./configure --prefix=/usr/local/apache/PHP
--with-apxs2=/usr/local/apache/bin/apxs --enable-debug --enable-track-vars
--enable-bcmath --enable-exif --enable-ftp --with-curl=/usr
--with-mysql=/usr --with-zlib=/usr  --with-gd=/usr --with-tiff-dir=/usr
--with-jpeg-dir=/usr  --with-png-dir=/usr
--with-freetype-dir=/usr/inlude/freetype2 --enable-gd-native-ttf
--enable-sysvsem=yes --enable-sysvshm=yes

and you try to generate images (jpg, png, etc and call the script more
than once, it crashes usually on second time.

Note: this problem is related to external GD library (in my case
GD-2.015). I didn't see the problem with PHP bundled GD. Also this problem
is related to imagettfbbox and ImageTTFText functions

Reproduce code:
---------------
<?php
  Header("Content-type: image/png");
  Header(" Content-Disposition: inline");
  $font = "TTF/tt1.ttf";
  if(!isset($s)) $s=26;
  if(!isset($pre)) $pre=0;
  if(!isset($text)) $text="Some text";
  $size = ($s,0,$font,$text);
  $dx = abs($size[2]-$size[0]);
  $dy = abs($size[5]-$size[3]);
  $xpad=16;
  $ypad=16;
  $im = imagecreate($dx+$xpad+$pre,$dy+$ypad);
  $blue = ImageColorAllocate($im, 119,162,193);
  $black = ImageColorAllocate($im, 0,0,0);
  $white = ImageColorAllocate($im, 255,255,255);
  ImageTTFText($im, $s, 0, (int)($xpad/2)+$pre+1, $dy+(int)($ypad/2),
$black, "$font", $text);
  ImageTTFText($im, $s, 0, (int)($xpad/2)+$pre, $dy+(int)($ypad/2)-1,
$white, "$font", $text);
  Imagepng($im);
  ImageDestroy($im);
?> 


Expected result:
----------------
just a single button-like image

Actual result:
--------------
Program received signal SIGSEGV, Segmentation fault.
0xbdca7840 in ?? ()
(gdb) bt
#0  0xbdca7840 in ?? ()
#1  0x40577a49 in gdImageStringFTEx (im=0x0, brect=0xbfffc220, fg=-1,
    fontlist=0x405006a0
"/proba-php/php4-STABLE-200307020730/main/php_variables.c", ptsize=26,
angle=0, x=-1, y=-1,
    string=0x81ac3dc "Some text", strex=0x0) at gdft.c:856
#2  0x405778f4 in gdImageStringFT (im=0x0, brect=0xbfffc220, fg=-1,
fontlist=0x81ac114 "TTF/tt1.ttf", ptsize=26, angle=0,
    x=-1, y=-1, string=0x81ac3dc "Some text") at gdft.c:784
#3  0x403e34f7 in php_imagettftext_common (ht=4, return_value=0x81ac45c,
this_ptr=0x0, return_value_used=1, mode=1,
    extended=0) at /proba-php/php4-STABLE-200307020730/ext/gd/gd.c:3059
#4  0x403e2997 in zif_imagettfbbox (ht=4, return_value=0x81ac45c,
this_ptr=0x0, return_value_used=1)
    at /proba-php/php4-STABLE-200307020730/ext/gd/gd.c:2939
#5  0x404da19a in execute (op_array=0x81ae02c) at
/proba-php/php4-STABLE-200307020730/Zend/zend_execute.c:1616
#6  0x404c8d16 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at /proba-php/php4-STABLE-200307020730/Zend/zend.c:886
#7  0x40492aa6 in php_execute_script (primary_file=0xbffff1f0) at
/proba-php/php4-STABLE-200307020730/main/main.c:1685
#8  0x404e0064 in php_handler (r=0x8210470) at
/proba-php/php4-STABLE-200307020730/sapi/apache2handler/sapi_apache2.c:525
#9  0x08095956 in ap_run_handler (r=0x8210470) at config.c:195
#10 0x08095f38 in ap_invoke_handler (r=0x8210470) at config.c:401
#11 0x0808438d in ap_process_request (r=0x8210470) at http_request.c:288
#12 0x0807ff69 in ap_process_http_connection (c=0x81a0260) at
http_core.c:293
#13 0x0809f9e6 in ap_run_process_connection (c=0x81a0260) at
connection.c:85
#14 0x0809432d in child_main (child_num_arg=-1073757664) at prefork.c:696
#15 0x0809446e in make_child (s=0x80dce50, slot=0) at prefork.c:736
#16 0x0809454f in startup_children (number_to_start=5) at prefork.c:808
#17 0x08094c09 in ap_mpm_run (_pconf=0x8093b00, plog=0x81120b8, s=0x5) at
prefork.c:1024
#18 0x0809a039 in main (argc=2, argv=0xbffff4d4) at main.c:660
#19 0x402708ae in __libc_start_main () from /lib/libc.so.6


-- 
Edit bug report at http://bugs.php.net/?id=24455&edit=1
-- 
Try a CVS snapshot:         http://bugs.php.net/fix.php?id=24455&r=trysnapshot
Fixed in CVS:               http://bugs.php.net/fix.php?id=24455&r=fixedcvs
Fixed in release:           http://bugs.php.net/fix.php?id=24455&r=alreadyfixed
Need backtrace:             http://bugs.php.net/fix.php?id=24455&r=needtrace
Try newer version:          http://bugs.php.net/fix.php?id=24455&r=oldversion
Not developer issue:        http://bugs.php.net/fix.php?id=24455&r=support
Expected behavior:          http://bugs.php.net/fix.php?id=24455&r=notwrong
Not enough info:            http://bugs.php.net/fix.php?id=24455&r=notenoughinfo
Submitted twice:            http://bugs.php.net/fix.php?id=24455&r=submittedtwice
register_globals:           http://bugs.php.net/fix.php?id=24455&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=24455&r=php3
Daylight Savings:           http://bugs.php.net/fix.php?id=24455&r=dst
IIS Stability:              http://bugs.php.net/fix.php?id=24455&r=isapi
Install GNU Sed:            http://bugs.php.net/fix.php?id=24455&r=gnused

#24455 [NEW]: imagettfbbox and ImageTTFText cause Apache2 segfault (bug #23122 not solved?)

Reply via email to