php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #38961 Metaphone results in segmentation fault
Submitted: 2006-09-26 14:01 UTC Modified: 2006-09-27 08:32 UTC
Votes:3
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: nikolas dot hagelstein at gmail dot com Assigned:
Status: Closed Package: Reproducible crash
PHP Version: 5.1.6 OS: Netbsd 3.0.1 AMD64
Private report: No CVE-ID: None
 [2006-09-26 14:01 UTC] nikolas dot hagelstein at gmail dot com
Description:
------------
Passing utf8 data to metaphone results in a segmentation fault.

Reproduce code:
---------------
<?PHP
//replace xxx with native utf8 chars e.g. copy and paste from 
a russian website. The document itself needs to be of ut8 too
echo "crash:".metaphone('xxx');
?>


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-09-26 14:09 UTC] tony2001@php.net
Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves. 

A proper reproducing script starts with <?php and ends with ?>,
is max. 10-20 lines long and does not require any external 
resources such as databases, etc. If the script requires a 
database to demonstrate the issue, please make sure it creates 
all necessary tables, stored procedures etc.

Please avoid embedding huge scripts into the report.


 [2006-09-26 15:06 UTC] nikolas dot hagelstein at gmail dot com
Starting program: /usr/pkg/bin/php test.php
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
Program received signal SIGSEGV, Segmentation fault.
0x000000000050c86b in zif_metaphone ()
(gdb) bt
#0  0x000000000050c86b in zif_metaphone ()
#1  0x000000000050c761 in zif_metaphone ()
#2  0x000000000059f489 in execute ()
#3  0x000000000059ed20 in execute ()
#4  0x0000000000585a06 in zend_execute_scripts ()
#5  0x000000000054c169 in php_execute_script ()
#6  0x00000000005eac84 in main ()
#7  0x00000000004407a8 in ___start ()
(gdb)
 [2006-09-26 15:09 UTC] tony2001@php.net
./sapi/cli/php -r 'var_dump(metaphone("&#1088;&#1091;&#1089;&#1089;&#1082;&#1080;&#1081; &#1103;&#1079;&#1099;&#1082; UTF8"));'
string(3) "UTF"

 [2006-09-26 15:16 UTC] nikolas dot hagelstein at gmail dot com
I can not try that since i am not able to submit real utf8 chars  through my shell.

test.php
<?php
echo "crash:".metaphone('?');
?>
php test.php

results in a segmentation fault test.php needs to be an UTF8 file.

file -i test.php
test.php: text/plain; charset=utf-8
 [2006-09-26 15:32 UTC] tony2001@php.net
Works perfectly fine: string(0) ""

 [2006-09-26 15:35 UTC] nikolas dot hagelstein at gmail dot com
So it is eigther a system specific issue (i was able to reproduce it on 2 maschines) or you did not used an utf8 file ;)
 [2006-09-26 15:41 UTC] iliaa@php.net
Can you please try the latest CVS, it has a 64bit fix that may 
fix the crash you are experiencing.
 [2006-09-26 15:56 UTC] nikolas dot hagelstein at gmail dot com
I checked out 5.2 from cvs but i am not able to build it on my maschine.
"Syntax error: Unterminated quoted string"

Any other way to check if the the 64bit fix works?
 [2006-09-26 16:04 UTC] tony2001@php.net
>"Syntax error: Unterminated quoted string"
Please elaborate.
 [2006-09-26 16:23 UTC] nikolas dot hagelstein at gmail dot com
Ok, i just copied the cvs metaphone.c to my 5.1.6 source tree and did a rebuild. Still segfault, same backtrace :

Program received signal SIGSEGV, Segmentation fault.
0x000000000050c86c in zif_metaphone ()
(gdb) bt
#0  0x000000000050c86c in zif_metaphone ()
#1  0x000000000050c762 in zif_metaphone ()
#2  0x000000000059f309 in execute ()
#3  0x000000000059eba0 in execute ()
#4  0x0000000000585886 in zend_execute_scripts ()
#5  0x000000000054bfe9 in php_execute_script ()
#6  0x00000000005eab04 in main ()
#7  0x00000000004407a8 in ___start ()
 [2006-09-26 16:27 UTC] tony2001@php.net
With --enable-debug we would get a lot more useful information.
 [2006-09-26 16:38 UTC] nikolas dot hagelstein at gmail dot com
recompiled using --enabled-debug -> same output
 [2006-09-26 16:48 UTC] tony2001@php.net
--enabled-debug != --enable-debug
 [2006-09-26 16:53 UTC] nikolas dot hagelstein at gmail dot com
Just a typo withhin my comment debug is enabled see beyond

PHP 5.1.6 (cli) (built: Sep 26 2006 18:33:22) (DEBUG)
 [2006-09-26 16:57 UTC] tony2001@php.net
And the backtrace is EXACTLY the same?
Just #0  0x000000000050c86c in zif_metaphone () ?
 [2006-09-26 17:00 UTC] nikolas dot hagelstein at gmail dot com
yes ...it is:
Starting program: /usr/pkg/bin/php /var/www/www.chaosbutze.de/htdocs/test.php
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...
Program received signal SIGSEGV, Segmentation fault.
0x000000000051bb0f in zif_metaphone ()
(gdb) bt
#0  0x000000000051bb0f in zif_metaphone ()
#1  0x000000000051b9e2 in zif_metaphone ()
#2  0x00000000005bfa95 in execute ()
#3  0x00000000005bf21c in execute ()
#4  0x00000000005a2ef6 in zend_execute_scripts ()
#5  0x0000000000562c09 in php_execute_script ()
#6  0x00000000006133e9 in main ()
#7  0x0000000000440aa8 in ___start ()

i even tried -e but without any success...
 [2006-09-26 17:02 UTC] tony2001@php.net
Well, your PHP is built without --enable-debug, that's the fact.
 [2006-09-26 17:06 UTC] tony2001@php.net
..or your PHP binary is stripped.
Just get the sources, compile them with ./configure --enable-debug --disable-all and use the sapi/cli/php binary.
 [2006-09-26 17:07 UTC] nikolas dot hagelstein at gmail dot com
it is php -v returns (DEBUG) which indicates that it has been build with enable-debug:
PHP 5.1.6 (cli) (built: Sep 26 2006 18:33:22) (DEBUG)
 [2006-09-26 17:28 UTC] bjori@php.net
Please do the following:
#1 fetch http://snaps.php.net/php5.2-200609261630.tar.bz2
#2 extract it
#3 cd into the directory
#4 ./configure --disable-all --enable-debug
#5 make
#6 sapi/cli/php your_test_file.php
 [2006-09-26 18:04 UTC] nikolas dot hagelstein at gmail dot com
sorry folks you have been right it seems as if the pkgsrc process somehow stripes debug informations :|. Anyway here is what i got using a native build process and the native sources (without the latest cvs patch provided by iliaa)
Program received signal SIGSEGV, Segmentation fault.
0x00000000004a00ff in metaphone (word=0x8127c0 "ö", word_len=2,
    max_phonemes=0, phoned_word=0x7f7fffffcc70, traditional=1)
    at /usr/local/src/php-5.1.6/ext/standard/metaphone.c:195
195             for (; !isalpha(Curr_Letter); w_idx++) {
(gdb) bt
#0  0x00000000004a00ff in metaphone (word=0x8127c0 "ö", word_len=2,
    max_phonemes=0, phoned_word=0x7f7fffffcc70, traditional=1)
    at /usr/local/src/php-5.1.6/ext/standard/metaphone.c:195
#1  0x000000000049ff40 in zif_metaphone (ht=1, return_value=0x812840,
    return_value_ptr=0x0, this_ptr=0x0, return_value_used=1)
    at /usr/local/src/php-5.1.6/ext/standard/metaphone.c:46
#2  0x0000000000561366 in zend_do_fcall_common_helper_SPEC (
    execute_data=0x7f7fffffce20) at zend_vm_execute.h:200
#3  0x000000000056493d in ZEND_DO_FCALL_SPEC_CONST_HANDLER (
    execute_data=0x7f7fffffce20) at zend_vm_execute.h:1640
#4  0x0000000000560e6a in execute (op_array=0x783c40) at zend_vm_execute.h:92
#5  0x000000000053ddf6 in zend_execute_scripts (type=8, retval=0x0,
    file_count=3) at /usr/local/src/php-5.1.6/Zend/zend.c:1109
#6  0x00000000004eed77 in php_execute_script (primary_file=0x7f7fffffe7c0)
    at /usr/local/src/php-5.1.6/main/main.c:1737
#7  0x00000000005b1cd7 in main (argc=2, argv=0x7f7fffffe8c0)
    at /usr/local/src/php-5.1.6/sapi/cgi/cgi_main.c:1612
 [2006-09-26 18:17 UTC] nikolas dot hagelstein at gmail dot com
segfault on 5.1.6 and php5.2-200609261630 same backtrace
 [2006-09-26 18:18 UTC] tony2001@php.net
Looks like your libc is broken. 
Please type this in gdb after "bt":
f 0
p word[w_idx]
p toupper(word[w_idx])
p isalpha(toupper(word[w_idx]))

and paste the output here
 [2006-09-26 18:26 UTC] nikolas dot hagelstein at gmail dot com
(gdb) p word[w_idx]
No symbol table is loaded.  Use the "file" command.

seems as if i have to load a symbol table or something, any hints?
 [2006-09-26 18:33 UTC] tony2001@php.net
# gdb sapi/cli/php
(gdb) r /path/to/test/script.php
<here will be segfault>
(gdb) f 0
(gdb) p word[w_idx]
(gdb) p toupper(word[w_idx])
(gdb) p isalpha(toupper(word[w_idx]))
 [2006-09-26 18:34 UTC] nikolas dot hagelstein at gmail dot com
ah got it i had to run php -e 
(gdb) p word[w_idx]
$1 = -61 '?'
(gdb) p toupper(word[w_idx])
$2 = 28518
(gdb) p isalpha(toupper(word[w_idx]))

Program received signal SIGSEGV, Segmentation fault.
0x0000000200e4eced in isalpha () from /usr/lib/libc.so.12
 [2006-09-26 20:19 UTC] tony2001@php.net
I've reported it to NetBSD people, lets see what they say about it.
 [2006-09-26 20:30 UTC] nikolas dot hagelstein at gmail dot com
(gdb) p word[w_idx]
$1 = -61 '?'

in my native mind this should not result in a negative number. This seems to be related to wider datatypes on 64 bit maschines possible a compiler flag issue ...
 [2006-09-26 22:11 UTC] tony2001@php.net
Please apply this to the snapshot:
http://tony2001.phpclub.net/dev/tmp/bug38961.diff
Does this patch fix it for you? 
 [2006-09-27 08:17 UTC] nikolas dot hagelstein at gmail dot com
seems to work at least on my 64bit maschine tested against 5.1.6 and latest snapshot. Maybe someone can verify for 32bit maschines.
 [2006-09-27 08:32 UTC] tony2001@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Mon Dec 30 14:01:28 2024 UTC