PHP :: Bug #29114 :: Stat() function crashes PHP (signal 10) in a particular case

Bug #29114

Stat() function crashes PHP (signal 10) in a particular case

Submitted:

2004-07-13 03:21 UTC

Modified:

2004-07-16 07:08 UTC

Votes:	1
Avg. Score:	5.0 ± 0.0
Reproduced:	0 of 0 (0.0%)

From:

john dot wellesz at firstream dot net

Assigned:

pollita (profile)

Status:

Closed

Package:

Reproducible crash

PHP Version:

4.3.7

OS:

w2k/FreeBSD

Private report:

CVE-ID:

None

View Developer Edit

[2004-07-13 03:21 UTC] john dot wellesz at firstream dot net

Description:
------------
The bug I'm about to describe exists since at least PHP 4.1.2 and happens on w2k and freeBSD 4.9 STABLE and probably other platforms (I'm currently using PHP 4.3.7 and 4.3.4).

My 2 php (w2k and FreeBSD) runs as CGI, the crashes also happens if I execute my script on command line.

Modules used is probably irrelevant, I use 2 PHP one on FreeBSD and the other on w2k compiled on totally different way with not the same modules... (tell me if you cant reproduce the crash, i'll provide more info)

----------------
BUG REQUIREMENTS:

--> you must be using an error handler
--> Inside your PHP script you must call a stat() function (filemtime, stat() etc...) over a file that DOESN'T EXIST.
--> In your error handling function*(see note 1) you must either:
   - make another stat() over a file that doesn't exist
   - or call the unlink() function on a file that DOES EXIST

(1): inside your error handling function means:
  - direcly in the error handling function 
  - in a function that is called by your error handling function

RESULT:

Once the content of the error handler has been properly executed PHP crashes on SIGNAL 10 (BUS ERROR)

NOTE that calling other specific functions than stat() functions family and unlink() may cause the same issue, I didn't test.



Reproduce code:
---------------
<?php
$dumyfile="foo.txt";
touch($dumyfile);

function userErrorHandler ($errno, $errmsg)
{
    global  $dumyfile;

    unlink($dumyfile); // can be replaced by stat("MUHUHAHAHA"); (same effect)
    
    echo("<br>\n$errmsg<br>\n");
}

$old_error_handler = set_error_handler("userErrorHandler");

echo "<b>test start</b><br>\n";
stat("nonexistentfileHAHAHA");
echo "<br><b>test end</b>\n";
?>


Expected result:
----------------
---->should prints:

---------
test start

stat(): Stat failed for nonexistentfileHAHAHA (errno=2 - No such file or directory)

test end
---------

Actual result:
--------------
---->actually prints

---------
test start

stat(): Stat failed for nonexistentfileHAHAHA (errno=2 - No such file or directory)
---------


Under w2k a litle window appear to say that php.exe has generated errors etc...

Under FreeBSD I can see in server logs:

pid 33566 (php), uid 27173: exited on signal 10

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2004-07-13 17:57 UTC] pollita@php.net

Can you try this on PHP5?  The filestat code got some heavy reorganizing and the bug may be resolved there, but I think I can see what's happening in the PHP4 branch.

[2004-07-14 20:40 UTC] john dot wellesz at firstream dot net

The problem doesn't appear with PHP 5.

Will you fix this bug in PHP 4 or must I switch to PHP 5?

[2004-07-15 00:08 UTC] pollita@php.net

Don't worry, it'll get fixed in PHP4 (in all liklihood will show up in 4.3.9).  I just wanted to be sure it was what I thought it was.  I'll have a fix applied by this weekend time permitting.

[2004-07-16 07:08 UTC] pollita@php.net

This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Tue Dec 03 17:01:29 2024 UTC