php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #35669 imap_mail_compose() crashes with multipart-multiboundary-email
Submitted: 2005-12-14 17:58 UTC Modified: 2006-01-05 01:51 UTC
From: hans at lintoo dot dk Assigned: iliaa (profile)
Status: Closed Package: IMAP related
PHP Version: 5CVS-2005-12-14 (cvs) OS: *
Private report: No CVE-ID: None
 [2005-12-14 17:58 UTC] hans at lintoo dot dk
Description:
------------
While logicaliy problematic, trying to create a multipart-multiboundary-email, will result in a signal-11 (segmentation violation).

I feel that any signal 11 should be a bug, so could you please in a future release throw an exception, or add to your documentation that this is a known bug.

See the code:
http://lintoo.dk/public/crashme.phps

if you add two multiparts to a body array, and then run imap_mail_compose it will crash horribly.

This should be very easy to reproduce, so I did not reconfigure PHP to run with debug. Hopefully you will run it yourself, or don't need a backtrace

This bug is similar to earlier bugs, but to the best of my knowledge it is different, and at least not fixed in PHP 5.1.1

Reproduce code:
---------------
http://lintoo.dk/public/crashme.phps

Expected result:
----------------
An email or exception

Actual result:
--------------
Signal 11 - segmentation violation

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-12-14 18:03 UTC] sniper@php.net
0xb7eb8344 in rfc822_encode_body_7bit () from /usr/lib/libc-client.so.0
(gdb) bt
#0  0xb7eb8344 in rfc822_encode_body_7bit () from /usr/lib/libc-client.so.0
#1  0xb7eb8344 in rfc822_encode_body_7bit () from /usr/lib/libc-client.so.0
#2  0x08183592 in zif_imap_mail_compose (ht=2, return_value=0xa482b64, return_value_ptr=0x0, 
    this_ptr=0x0, return_value_used=1) at /usr/src/php/php_5_1/ext/imap/php_imap.c:3144
#3  0x08333a8b in zend_do_fcall_common_helper_SPEC (execute_data=0xbfa4dd20) at zend_vm_execute.h:192
#4  0x08338262 in ZEND_DO_FCALL_SPEC_CONST_HANDLER (execute_data=0xbfa4dd20) at zend_vm_execute.h:1587
#5  0x0833373a in execute (op_array=0xa4820a4) at zend_vm_execute.h:92
#6  0x08316b8a in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at /usr/src/php/php_5_1/Zend/zend.c:1101
#7  0x082d4fcc in php_execute_script (primary_file=0xbfa50160) at /usr/src/php/php_5_1/main/main.c:1720
#8  0x083838bc in main (argc=2, argv=0xbfa50234) at /usr/src/php/php_5_1/sapi/cli/php_cli.c:1077

 [2006-01-05 01:51 UTC] iliaa@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Nov 21 08:01:29 2024 UTC