[php-maint] Bug#543496: Bug#543496: php5-gd: segmentation fault in phpinfo()

Ondřej Surý ondrej at debian.org
Tue Aug 25 12:27:02 UTC 2009 

Hi Gábor,

can you try this patch?

diff --git a/ext/gd/libgd/gd_compat.c b/ext/gd/libgd/gd_compat.c
index bba6234..473ea20 100644
--- a/ext/gd/libgd/gd_compat.c
+++ b/ext/gd/libgd/gd_compat.c
@@ -14,7 +14,7 @@ int gdJpegGetVersionInt()
 	return JPEG_LIB_VERSION;
 }

-int gdJpegGetVersionString()
+const char * gdJpegGetVersionString()
 {
 	switch(JPEG_LIB_VERSION) {
 		case 62:
diff --git a/ext/gd/libgd/gd_compat.h b/ext/gd/libgd/gd_compat.h
index 022d0a8..c084a00 100644
--- a/ext/gd/libgd/gd_compat.h
+++ b/ext/gd/libgd/gd_compat.h
@@ -8,7 +8,7 @@
 #endif

 const char * gdPngGetVersionString();
-int gdJpegGetVersionString();
+const char * gdJpegGetVersionString();
 int gdJpegGetVersionInt();
 int overflow2(int a, int b);

It's ok, just to copy ext/gd outside php source tree, install
php5-dev, run phpize && configure && make && make install

It's fixed in our git, and I'll report that upstream meanwhile

Ondrej.

2009/8/25 Gábor Gombás <gombasg at sztaki.hu>:
> Package: php5-gd
> Version: 5.3.0-2
> Severity: normal
>
>
> Hi,
>
> $ echo '<?php phpinfo() ?>' | php > /tmp/out
> Segmentation fault
>
> Stack trace:
>
> Program received signal SIGSEGV, Segmentation fault.
> 0x00007ffff59a8210 in strlen () from /lib/libc.so.6
> (gdb) bt
> #0  0x00007ffff59a8210 in strlen () from /lib/libc.so.6
> #1  0x00000000006d9a88 in format_converter (odp=0x7fffffffb500, fmt=0x7ffff4827470 "s", ap=0x7fffffffb460)
>    at /tmp/buildd/php5-5.3.0/main/snprintf.c:964
> #2  0x00000000006da66c in strx_printv (ccp=0x7fffffffb51c, buf=0x7ffff7fdb6a0 "\270\26\254\364\377\177", len=4294948152,
>    format=0x7ffff482746f "%s", ap=0x0) at /tmp/buildd/php5-5.3.0/main/snprintf.c:1211
> #3  0x00000000006da814 in ap_php_snprintf (buf=0x7fffffffb5eb "", len=4160599712, format=0x0) at /tmp/buildd/php5-5.3.0/main/snprintf.c:1256
> #4  0x00007ffff4823ae4 in zm_info_gd (zend_module=0x108e7c0) at /tmp/buildd/php5-5.3.0/ext/gd/gd.c:1296
> #5  0x00000000006799c0 in _display_module_info_func (module=0xf4828818) at /tmp/buildd/php5-5.3.0/ext/standard/info.c:123
> #6  0x00000000007359a5 in zend_hash_apply (ht=0x7fffffffb830, apply_func=0x6799b0 <_display_module_info_func>)
>    at /tmp/buildd/php5-5.3.0/Zend/zend_hash.c:673
> #7  0x000000000067ad3a in php_print_info (flag=32767) at /tmp/buildd/php5-5.3.0/ext/standard/info.c:903
> #8  0x000000000067b141 in zif_phpinfo (ht=-192772072, return_value=0x1064bd8, return_value_ptr=0x7fffffffb538, this_ptr=0x0,
>    return_value_used=-16843009) at /tmp/buildd/php5-5.3.0/ext/standard/info.c:1217
> #9  0x000000000077b12b in zend_do_fcall_common_helper_SPEC (execute_data=0xe34360) at /tmp/buildd/php5-5.3.0/Zend/zend_vm_execute.h:313
> #10 0x0000000000754569 in execute (op_array=0x1063688) at /tmp/buildd/php5-5.3.0/Zend/zend_vm_execute.h:104
> #11 0x0000000000729391 in zend_execute_scripts (type=0, retval=0x7fffffffba80, file_count=3) at /tmp/buildd/php5-5.3.0/Zend/zend.c:1188
> #12 0x00000000006d5ac5 in php_execute_script (primary_file=0xe3f800) at /tmp/buildd/php5-5.3.0/main/main.c:2196
> #13 0x00000000007b6b77 in main (argc=-7672, argv=0x7fffffffde10) at /tmp/buildd/php5-5.3.0/sapi/cli/php_cli.c:1188
> (gdb)
>
> Notice that zm_info_gd() seems to call ap_php_snprintf() with completely
> bogus arguments.
>
> For reference, the contents of /tmp/out from the first command above:
>
> phpinfo()
> PHP Version => 5.3.0-2
>
> System => Linux boogie 2.6.30.5 #14 SMP PREEMPT Sun Aug 23 21:03:26 CEST 2009 x86_64
> Build Date => Jul  1 2009 07:29:44
> Server API => Command Line Interface
> Virtual Directory Support => disabled
> Configuration File (php.ini) Path => /etc/php5/cli
> Loaded Configuration File => /etc/php5/cli/php.ini
> Scan this dir for additional .ini files => /etc/php5/cli/conf.d
> Additional .ini files parsed => /etc/php5/cli/conf.d/gd.ini,
> /etc/php5/cli/conf.d/mysql.ini,
> /etc/php5/cli/conf.d/mysqli.ini,
> /etc/php5/cli/conf.d/pdo.ini,
> /etc/php5/cli/conf.d/pdo_mysql.ini,
> /etc/php5/cli/conf.d/pdo_pgsql.ini,
> /etc/php5/cli/conf.d/pgsql.ini
>
> PHP API => 20090626
> PHP Extension => 20090626
> Zend Extension => 220090626
> Zend Extension Build => API220090626,NTS
> PHP Extension Build => API20090626,NTS
> Debug Build => no
> Thread Safety => disabled
> Zend Memory Manager => enabled
> Zend Multibyte Support => disabled
> IPv6 Support => enabled
> Registered PHP Streams => https, ftps, compress.zlib, compress.bzip2, php, file, glob, data, http, ftp, phar, zip
> Registered Stream Socket Transports => tcp, udp, unix, udg, ssl, sslv3, sslv2, tls
> Registered Stream Filters => zlib.*, bzip2.*, convert.iconv.*, string.rot13, string.toupper, string.tolower, string.strip_tags, convert.*, consumed, dechunk
>
>
> This program makes use of the Zend Scripting Language Engine:
> Zend Engine v2.3.0, Copyright (c) 1998-2009 Zend Technologies
>
>
>  _______________________________________________________________________
>
>
> Configuration
>
> bcmath
>
> BCMath support => enabled
>
> Directive => Local Value => Master Value
> bcmath.scale => 0 => 0
>
> bz2
>
> BZip2 Support => Enabled
> Stream Wrapper support => compress.bz2://
> Stream Filter support => bzip2.decompress, bzip2.compress
> BZip2 Version => 1.0.5, 10-Dec-2007
>
> calendar
>
> Calendar support => enabled
>
> Core
>
> PHP Version => 5.3.0-2
>
> Directive => Local Value => Master Value
> allow_call_time_pass_reference => Off => Off
> allow_url_fopen => On => On
> allow_url_include => Off => Off
> always_populate_raw_post_data => Off => Off
> arg_separator.input => & => &
> arg_separator.output => & => &
> asp_tags => Off => Off
> auto_append_file => no value => no value
> auto_globals_jit => On => On
> auto_prepend_file => no value => no value
> browscap => no value => no value
> default_charset => no value => no value
> default_mimetype => text/html => text/html
> define_syslog_variables => Off => Off
> disable_classes => no value => no value
> disable_functions => no value => no value
> display_errors => Off => Off
> display_startup_errors => Off => Off
> doc_root => no value => no value
> docref_ext => no value => no value
> docref_root => no value => no value
> enable_dl => Off => Off
> error_append_string => no value => no value
> error_log => no value => no value
> error_prepend_string => no value => no value
> error_reporting => 22527 => 22527
> exit_on_timeout => Off => Off
> expose_php => On => On
> extension_dir => /usr/lib/php5/20090626 => /usr/lib/php5/20090626
> file_uploads => On => On
> highlight.bg => <font style="color: #FFFFFF">#FFFFFF</font> => <font style="color: #FFFFFF">#FFFFFF</font>
> highlight.comment => <font style="color: #FF8000">#FF8000</font> => <font style="color: #FF8000">#FF8000</font>
> highlight.default => <font style="color: #0000BB">#0000BB</font> => <font style="color: #0000BB">#0000BB</font>
> highlight.html => <font style="color: #000000">#000000</font> => <font style="color: #000000">#000000</font>
> highlight.keyword => <font style="color: #007700">#007700</font> => <font style="color: #007700">#007700</font>
> highlight.string => <font style="color: #DD0000">#DD0000</font> => <font style="color: #DD0000">#DD0000</font>
> html_errors => Off => Off
> ignore_repeated_errors => Off => Off
> ignore_repeated_source => Off => Off
> ignore_user_abort => Off => Off
> implicit_flush => On => On
> include_path => .:/usr/share/php:/usr/share/pear => .:/usr/share/php:/usr/share/pear
> log_errors => On => On
> log_errors_max_len => 1024 => 1024
> magic_quotes_gpc => Off => Off
> magic_quotes_runtime => Off => Off
> magic_quotes_sybase => Off => Off
> mail.add_x_header => On => On
> mail.force_extra_parameters =>
>
> Gabor
>
> -- System Information:
> Debian Release: squeeze/sid
>  APT prefers unstable
>  APT policy: (500, 'unstable'), (500, 'stable'), (110, 'experimental')
> Architecture: amd64 (x86_64)
>
> Kernel: Linux 2.6.30.5 (SMP w/2 CPU cores; PREEMPT)
> Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/dash
>
> Versions of packages php5-gd depends on:
> ii  libapache2-mod-php5 [p 5.3.0-2           server-side, HTML-embedded scripti
> ii  libc6                  2.9-25            GNU C Library: Shared libraries
> ii  libfreetype6           2.3.9-5           FreeType 2 font engine, shared lib
> ii  libgd2-xpm             2.0.36~rc1~dfsg-3 GD Graphics Library version 2
> ii  libjpeg62              6b-15             The Independent JPEG Group's JPEG
> ii  libpng12-0             1.2.39-1          PNG library - runtime
> ii  libt1-5                5.1.2-3           Type 1 font rasterizer library - r
> ii  libx11-6               2:1.2.2-1         X11 client-side library
> ii  libxpm4                1:3.5.7-2         X11 pixmap library
> ii  php5                   5.3.0-2           server-side, HTML-embedded scripti
> ii  php5-cli [phpapi-20090 5.3.0-2           command-line interpreter for the p
> ii  php5-common            5.3.0-2           Common files for packages built fr
> ii  zlib1g                 1:1.2.3.3.dfsg-15 compression library - runtime
>
> php5-gd recommends no packages.
>
> php5-gd suggests no packages.
>
> -- no debconf information
>
>
>
> _______________________________________________
> pkg-php-maint mailing list
> pkg-php-maint at lists.alioth.debian.org
> http://lists.alioth.debian.org/mailman/listinfo/pkg-php-maint
>



-- 
Ondřej Surý <ondrej at sury.org>
http://blog.rfc1925.org/

More information about the pkg-php-maint mailing list