From: the...@php.net Operating system: Linux PHP version: 5.5.0RC3 Package: GD related Bug Type: Bug Bug description:imagecreatefrom... crashes with user streams
Description: ------------ When loading images via any of the imagecreatefrom...() functions and the argument given to them resolves to a userstream, a segmentation fault occurs on Linux systems (Travis CI's Linux image, 3.2.9-gentoo). With PHP 5.4, the same code works as expected. On Windows, the same code works as expected. See https://github.com/xp-framework/xp-framework/issues/310 Test script: --------------- <?php class userstream { public static $bytes= array(); public function stream_open($path, $mode, $options, $opened_path) { sscanf($path, 'iostrr://%s', $file); if (!isset(self::$bytes[$file])) return false; $this->buffer= self::$bytes[$file]; $this->avail= strlen($this->buffer); $this->length= strlen($this->buffer); return true; } public function stream_read($count) { $chunk= substr($this->buffer, 0, min($this->avail, $count)); $this->buffer= substr($this->buffer, strlen($chunk)); $this->avail-= strlen($chunk); return $chunk; } public function stream_stat() { return array('size' => $this->length); } public function stream_eof() { return $this->avail <= 0; } public function stream_close() { $this->avail= -1; } } userstream::$bytes['test.gif']= base64_decode('R0lGODdhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs='); stream_wrapper_register('iostrr', 'userstream'); var_dump(imagecreatefromgif('iostrr://test.gif')); Expected result: ---------------- resource(6) of type (gd) Actual result: -------------- Segmentation fault Program received signal SIGSEGV, Segmentation fault. 0x00005555558b2d77 in _php_stream_seek (stream=0x7fffefc6d6b0, offset=-1, whence=1) at /home/friebe/php/php-src/main/streams/streams.c:1273 1273 fflush(stream->stdiocast); (gdb) bt #0 0x00005555558b2d77 in _php_stream_seek (stream=0x7fffefc6d6b0, offset=-1, whence=1) at /home/friebe/php/php-src/main/streams/streams.c:1273 #1 0x00005555558b4fa0 in stream_cookie_seeker (cookie=<optimized out>, position=0x7fffff7ff458, whence=<optimized out>) at /home/friebe/php/php-src/main/streams/cast.c:117 #2 0x00007ffff6571fb6 in ?? () from /lib64/libc.so.6 #3 0x00007ffff657d1e5 in _IO_file_sync () from /lib64/libc.so.6 #4 0x00007ffff65718e1 in fflush () from /lib64/libc.so.6 -- Edit bug report at https://bugs.php.net/bug.php?id=65060&edit=1 -- Try a snapshot (PHP 5.4): https://bugs.php.net/fix.php?id=65060&r=trysnapshot54 Try a snapshot (PHP 5.3): https://bugs.php.net/fix.php?id=65060&r=trysnapshot53 Try a snapshot (trunk): https://bugs.php.net/fix.php?id=65060&r=trysnapshottrunk Fixed in SVN: https://bugs.php.net/fix.php?id=65060&r=fixed Fixed in release: https://bugs.php.net/fix.php?id=65060&r=alreadyfixed Need backtrace: https://bugs.php.net/fix.php?id=65060&r=needtrace Need Reproduce Script: https://bugs.php.net/fix.php?id=65060&r=needscript Try newer version: https://bugs.php.net/fix.php?id=65060&r=oldversion Not developer issue: https://bugs.php.net/fix.php?id=65060&r=support Expected behavior: https://bugs.php.net/fix.php?id=65060&r=notwrong Not enough info: https://bugs.php.net/fix.php?id=65060&r=notenoughinfo Submitted twice: https://bugs.php.net/fix.php?id=65060&r=submittedtwice register_globals: https://bugs.php.net/fix.php?id=65060&r=globals PHP 4 support discontinued: https://bugs.php.net/fix.php?id=65060&r=php4 Daylight Savings: https://bugs.php.net/fix.php?id=65060&r=dst IIS Stability: https://bugs.php.net/fix.php?id=65060&r=isapi Install GNU Sed: https://bugs.php.net/fix.php?id=65060&r=gnused Floating point limitations: https://bugs.php.net/fix.php?id=65060&r=float No Zend Extensions: https://bugs.php.net/fix.php?id=65060&r=nozend MySQL Configuration Error: https://bugs.php.net/fix.php?id=65060&r=mysqlcfg
