php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #27469 zend_variables.c problem
Submitted: 2004-03-02 18:00 UTC Modified: 2004-09-25 00:08 UTC
Votes:1
Avg. Score:1.0 ± 0.0
Reproduced:0 of 1 (0.0%)
From: friosa at pnpitalia dot it Assigned: andi (profile)
Status: Closed Package: Scripting Engine problem
PHP Version: 4.3.9, 5.0.1 OS: *
Private report: No CVE-ID: None
 [2004-03-02 18:00 UTC] friosa at pnpitalia dot it
Description:
------------
I continue to get a core dump using imp with imap from the horde project.
The crash is reproducible but the gdb backtrace has changed after i've inserted the debug code.

Also I think it's important to mention that if u substitute the "var_dump()" code below with "print_r()" the crash disappear !!!
so we can switch this three cases:
case "code without debug": crash();
case "code with vardump($mime_part)": crash();
case "code with print_r($mime_part)": --> continue (but I can't still see the page)

If I can help with something else please contact me, I' will keep a copy of the code, also I can send U a tar.gz of all this stuff (may be not usefull with my conf.)

follow:
PHP compiling flags
APACHE
PRINT_R
VARDUMP



*********************************************
* PHP compiling flags
*********************************************

CFLAGS = CPPFLAGS = -march=k6 -O0 -pipe -fomit-frame-pointer -I[...]

./configure \
--prefix=/TEST/php \
--with-apxs2=/TEST/apache/bin/apxs \
--with-config-file-path=/TEST/php/lib/php.ini \
--with-informix=/opt/informix \
--with-mysql=/pnp/mysql \
--with-mysql-sock=/tmp/mysql.sock \
--enable-libgcc \
--with-curl=/pnp \
--disable-ipv6 \
--enable-ftp \
--with-openssl=/pnp \
--with-gd \
--enable-gd-native-ttf \
--with-zlib-dir=/usr \
--with-jpeg-dir=/usr \
--enable-exif \
--with-tiff-lib=/usr \
--with-png-dir=/usr \
--with-freetype-dir=/usr \
--with-pdflib=/TEST \
--enable-bcmath \
--enable-shmop \
--enable-sysvmsg \
--enable-sysvsem \
--enable-sysvshm \
--enable-mime-magic \
--with-qtdom \
--enable-pcntl \
--enable-sockets \
--x-includes=/usr/X11/include/X11 \
--x-libraries=/usr/X11/lib \
--with-readline \
--with-gnu-ld \
--enable-static \
--with-gettext \
--with-libxml-dir=/TEST \
--with-xml=/TEST \
--with-dom=/TEST \
--with-xsl=/TEST \
--with-dom-xslt=/TEST \
--with-dom-exslt=/TEST \
--with-mcrypt=/pnp \
--with-imap \
--enable-debug \
&& make && make install



*********************************************
* APACHE
*********************************************



./httpd -V
Server version: Apache/2.1.0-dev
Server built:   Jan 26 2004 12:02:10
Server's Module Magic Number: 20030821:3
Architecture:   32-bit
Server MPM:     Prefork
  threaded:     no
    forked:     yes (variable process count)
Server compiled with....
 -D APR_HAS_SENDFILE
 -D APR_HAS_MMAP
 -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
 -D APR_USE_SYSVSEM_SERIALIZE
 -D APR_USE_PTHREAD_SERIALIZE
 -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
 -D APR_HAS_OTHER_CHILD
 -D AP_HAVE_RELIABLE_PIPED_LOGS
 -D HTTPD_ROOT="/TEST/apache"
 -D SUEXEC_BIN="/TEST/apache/bin/suexec"
 -D DEFAULT_PIDLOG="logs/httpd.pid"
 -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
 -D DEFAULT_LOCKFILE="logs/accept.lock"
 -D DEFAULT_ERRORLOG="logs/error_log"
 -D AP_TYPES_CONFIG_FILE="conf/mime.types"
 -D SERVER_CONFIG_FILE="conf/httpd.conf"


*********************************************
* PRINT_R
*********************************************

MIME_Message Object
(
    [_build] => 1
    [_defaultServer] => www2.pnp
    [_type] => text
    [_subtype] => Array
        (
            [download] => download_attach
            [view] => view_attach
        )

    [_contents] => 
    [_transferEncoding] => 7bit
    [_encode7bit] => 1
    [_description] => 
    [_disposition] => inline
    [_dispositionParameters] => Array
        (
        )

    [_contentTypeParameters] => 0
    
*********************************************
* VARDUMP
*********************************************

object(MIME_Message)#19 (19) {
  ["_build"]=>
  bool(true)
  ["_defaultServer"]=>
  string(8) "www2.pnp"
  ["_type"]=>
  string(4) "text"
  ["_subtype"]=>
  array(2) {
    ["download"]=>
    string(15) "download_attach"
    ["view"]=>
    string(11) "view_attach"
  }
  ["_contents"]=>
  string(0) ""
  ["_transferEncoding"]=>
  string(4) "7bit"
  ["_encode7bit"]=>
  bool(true)
  ["_description"]=>
  string(0) ""
  ["_disposition"]=>
  string(6) "inline"
  ["_dispositionParameters"]=>
  array(0) {
  }
  ["_contentTypeParameters"]=>
  &UNKNOWN:0
  ["_parts"]=>
  array(0) {
  }
  ["_information"]=>
  UNKNOWN:0
  ["_bytes"]=>
  object(MIME_Message)#19 (19) {
    ["_build"]=>
    bool(true)
    ["_defaultServer"]=>
    string(8) "www2.pnp"
    ["_type"]=>
    string(4) "text"
    ["_subtype"]=>
    array(2) {
      ["download"]=>
      string(15) "download_attach"
      ["view"]=>
      string(11) "view_attach"
    }
    ["_contents"]=>
    string(0) ""
    ["_transferEncoding"]=>
    string(4) "7bit"
    ["_encode7bit"]=>
    bool(true)
    ["_description"]=>
    string(0) ""
    ["_disposition"]=>
    string(6) "inline"
    ["_dispositionParameters"]=>
    array(0) {
    }
    ["_contentTypeParameters"]=>
    &UNKNOWN:0
    ["_parts"]=>
    array(0) {
    }
    ["_information"]=>
    UNKNOWN:0
    ["_bytes"]=>
    *RECURSION*
    ["_cids"]=>
    array(0) {
    }
    ["_mimeid"]=>
    UNKNOWN:0
    ["_eol"]=>
    string(1) "
"
    ["_flags"]=>
    UNKNOWN:0
    ["_idmap"]=>
    array(0) {
    }
  }
  ["_cids"]=>
  array(0) {
  }
  ["_mimeid"]=>
  UNKNOWN:0
  ["_eol"]=>
  string(1) "
"
  ["_flags"]=>
  UNKNOWN:0
  ["_idmap"]=>
  array(0) {
  }
}



Reproduce code:
---------------
class MIME_Contents {
[...]
    function buildMessagePart(&$mime_part)
    {
        $msg = '';
        if (!$this->canDisplayInline($mime_part) &&
            ($mime_part->getMIMEId() != 0)) {
            if (($this->_displayType == 'list') ||
                ($this->_displayType == 'both')) {
                $this->setSummary($mime_part, 'attachment');
            }
            if (($this->_displayType == 'inline') ||
                ($this->_displayType == 'both')) {
                $this->setSummary($mime_part, 'part');
            }
        } else {
// poor man debug code ...
echo "<pre>";
var_dump($mime_part);
echo "pippo".$i++; str_pad(" ", 300); ob_flush();flush();
echo "</pre>";

// ... poor man debug code
/////  CRASH HERE, FIRST LINE OF  "$this->renderMIMEPart($mime_part);"  WILL NEVER EXECUTED
            $msg = $this->renderMIMEPart($mime_part);
            [...]


Actual result:
--------------
gdb ./httpd
GNU gdb 5.1.1
[...]
(gdb) run -X -f /TEST/apache/conf/httpd.conf
Starting program: /TEST/apache/bin/./httpd -X -f /TEST/apache/conf/httpd.conf
[New Thread 1024 (LWP 30012)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1024 (LWP 30012)]
0x4066c571 in _zval_dtor (zvalue=0x4127d6a0, __zend_filename=0x406ed780 "/TEST/php-5.0.0b4/Zend/zend_execute_API.c", __zend_lineno=359)
    at /TEST/php-5.0.0b4/Zend/zend_variables.c:44
44                              CHECK_ZVAL_STRING_REL(zvalue);
(gdb) bt
#0  0x4066c571 in _zval_dtor (zvalue=0x4127d6a0, __zend_filename=0x406ed780 "/TEST/php-5.0.0b4/Zend/zend_execute_API.c", __zend_lineno=359)
    at /TEST/php-5.0.0b4/Zend/zend_variables.c:44
#1  0x412b11cc in ?? ()
#2  0x406972f7 in zend_do_fcall_common_helper (execute_data=0x40cf4b64, opline=0x406f2a20, op_array=0x74) at /TEST/php-5.0.0b4/Zend/zend_execute.c:2671
#3  0x406972f7 in zend_do_fcall_common_helper (execute_data=0x40cf4b64, opline=0x406f2a20, op_array=0x74) at /TEST/php-5.0.0b4/Zend/zend_execute.c:2671
#4  0x406972f7 in zend_do_fcall_common_helper (execute_data=0x40cf4b64, opline=0x406f2a20, op_array=0x74) at /TEST/php-5.0.0b4/Zend/zend_execute.c:2671
#5  0x406972f7 in zend_do_fcall_common_helper (execute_data=0x40cf4b64, opline=0x406f2a20, op_array=0x74) at /TEST/php-5.0.0b4/Zend/zend_execute.c:2671
#6  0x4066eaf7 in zend_execute_scripts (type=0, retval=0x0, file_count=4) at /TEST/php-5.0.0b4/Zend/zend.c:1052
(gdb)


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-03-02 18:20 UTC] derick@php.net
Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves. 

A proper reproducing script starts with <?php and ends with ?>,
is max. 10-20 lines long and does not require any external 
resources such as databases, etc.

If possible, make the script source available online and provide
an URL to it here. Try avoid embedding huge scripts into the report.
 [2004-03-02 18:33 UTC] friosa at pnpitalia dot it
Not so easy bring out 20 lines of code from a project like horde + imp + other (Megs of code). It was hard for me find the right point to look for.
I will try but I think that it will be impossible for me.
Also the fact that var_dump and print_r change the flow of the script make me think that there is something in the object variable that make the difference.

P.S.
I've tryed the latest cvs snapshot with this results (!= the previous):

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1024 (LWP 26281)]
0x4067659b in _zend_is_inconsistent (ht=0x100, file=0x406f1520 "/TEST/php5-200403022230/Zend/zend_hash.c", line=504)
    at /TEST/php5-200403022230/Zend/zend_hash.c:53
53              if (ht->inconsistent==HT_OK) {
(gdb) bt
#0  0x4067659b in _zend_is_inconsistent (ht=0x100, file=0x406f1520 "/TEST/php5-200403022230/Zend/zend_hash.c", line=504)
    at /TEST/php5-200403022230/Zend/zend_hash.c:53
#1  0x00000010 in ?? ()
#2  0x40698d73 in zend_do_fcall_common_helper (execute_data=0x100, opline=0x40730980, op_array=0x4074eb40)
    at /TEST/php5-200403022230/Zend/zend_execute.c:2677
#3  0x40698d73 in zend_do_fcall_common_helper (execute_data=0x100, opline=0x40730980, op_array=0x4074eb40)
    at /TEST/php5-200403022230/Zend/zend_execute.c:2677
#4  0x40698d73 in zend_do_fcall_common_helper (execute_data=0x100, opline=0x40730980, op_array=0x4074eb40)
    at /TEST/php5-200403022230/Zend/zend_execute.c:2677
#5  0x40698d73 in zend_do_fcall_common_helper (execute_data=0x100, opline=0x40730980, op_array=0x4074eb40)
    at /TEST/php5-200403022230/Zend/zend_execute.c:2677
#6  0x40698d73 in zend_do_fcall_common_helper (execute_data=0x100, opline=0x40730980, op_array=0x4074eb40)
    at /TEST/php5-200403022230/Zend/zend_execute.c:2677
#7  0x40698d73 in zend_do_fcall_common_helper (execute_data=0x100, opline=0x40730980, op_array=0x4074eb40)
    at /TEST/php5-200403022230/Zend/zend_execute.c:2677
#8  0x406703b9 in zend_execute_scripts (type=256, retval=0x4127cb4c, file_count=1) at /TEST/php5-200403022230/Zend/zend.c:1041
(gdb)
 [2004-09-25 00:08 UTC] helly@php.net
Fixed in 4.3.9 & 5.0.1
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Mar 19 02:01:28 2024 UTC