PHP :: Bug #35669 :: imap_mail_compose() crashes with multipart-multiboundary-email

Bug #35669	imap_mail_compose() crashes with multipart-multiboundary-email
Submitted:	2005-12-14 17:58 UTC	Modified:	2006-01-05 01:51 UTC
From:	hans at lintoo dot dk	Assigned:	iliaa (profile)
Status:	Closed	Package:	IMAP related
PHP Version:	5CVS-2005-12-14 (cvs)	OS:	*
Private report:	No	CVE-ID:	None

View Developer Edit

[2005-12-14 17:58 UTC] hans at lintoo dot dk

Description:
------------
While logicaliy problematic, trying to create a multipart-multiboundary-email, will result in a signal-11 (segmentation violation).

I feel that any signal 11 should be a bug, so could you please in a future release throw an exception, or add to your documentation that this is a known bug.

See the code:
http://lintoo.dk/public/crashme.phps

if you add two multiparts to a body array, and then run imap_mail_compose it will crash horribly.

This should be very easy to reproduce, so I did not reconfigure PHP to run with debug. Hopefully you will run it yourself, or don't need a backtrace

This bug is similar to earlier bugs, but to the best of my knowledge it is different, and at least not fixed in PHP 5.1.1

Reproduce code:
---------------
http://lintoo.dk/public/crashme.phps

Expected result:
----------------
An email or exception

Actual result:
--------------
Signal 11 - segmentation violation

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2005-12-14 18:03 UTC] sniper@php.net

0xb7eb8344 in rfc822_encode_body_7bit () from /usr/lib/libc-client.so.0
(gdb) bt
#0  0xb7eb8344 in rfc822_encode_body_7bit () from /usr/lib/libc-client.so.0
#1  0xb7eb8344 in rfc822_encode_body_7bit () from /usr/lib/libc-client.so.0
#2  0x08183592 in zif_imap_mail_compose (ht=2, return_value=0xa482b64, return_value_ptr=0x0, 
    this_ptr=0x0, return_value_used=1) at /usr/src/php/php_5_1/ext/imap/php_imap.c:3144
#3  0x08333a8b in zend_do_fcall_common_helper_SPEC (execute_data=0xbfa4dd20) at zend_vm_execute.h:192
#4  0x08338262 in ZEND_DO_FCALL_SPEC_CONST_HANDLER (execute_data=0xbfa4dd20) at zend_vm_execute.h:1587
#5  0x0833373a in execute (op_array=0xa4820a4) at zend_vm_execute.h:92
#6  0x08316b8a in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at /usr/src/php/php_5_1/Zend/zend.c:1101
#7  0x082d4fcc in php_execute_script (primary_file=0xbfa50160) at /usr/src/php/php_5_1/main/main.c:1720
#8  0x083838bc in main (argc=2, argv=0xbfa50234) at /usr/src/php/php_5_1/sapi/cli/php_cli.c:1077

[2006-01-05 01:51 UTC] iliaa@php.net

This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Sat Feb 22 16:01:29 2025 UTC