PHP :: Bug #46738 :: mb_detect_encoding, segmentation fault (PHP_5

Bug #46738	mb_detect_encoding, segmentation fault (PHP_5_3 only!)
Submitted:	2008-12-03 11:48 UTC	Modified:	2008-12-11 02:57 UTC
From:	thomas at koch dot ro	Assigned:
Status:	Closed	Package:	mbstring related
PHP Version:	5.3CVS-2008-12-03 (CVS)	OS:	*
Private report:	No	CVE-ID:	None

View Developer Edit

[2008-12-03 11:48 UTC] thomas at koch dot ro

Description:
------------
the code gives a segmentation fault

Reproduce code:
---------------
$html = chr( 250 ).chr( 10 );
mb_detect_encoding( $html, NULL, TRUE );


Expected result:
----------------
-- no output, no error --

Actual result:
--------------
segmentation fault

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2008-12-04 03:11 UTC] masugata@php.net

Hello. :-)

Please backtrace and php.ini setting(mbstring section).
http://bugs.php.net/bugs-generating-backtrace.php

I'm tested in Debian Etch.
But, not Segmentation Fault.

[2008-12-04 08:15 UTC] thomas at koch dot ro

backtrace:

#0  0x00007fdfa0947050 in strlen () from /lib/libc.so.6
#1  0x00000000006d26e5 in zif_mb_detect_encoding (ht=3, return_value=0x1b340d0, 
    return_value_ptr=0x0, this_ptr=0x0, return_value_used=0, tsrm_ls=0x188f0c0)
    at /var/checkouts/php5_3/ext/mbstring/mbstring.c:3233
#2  0x0000000000d9ddde in zend_do_fcall_common_helper_SPEC (
    execute_data=0x7fdf9e3fe098, tsrm_ls=0x188f0c0)
    at /var/checkouts/php5_3/Zend/zend_vm_execute.h:313
#3  0x0000000000da9900 in ZEND_DO_FCALL_SPEC_CONST_HANDLER (
    execute_data=0x7fdf9e3fe098, tsrm_ls=0x188f0c0)
    at /var/checkouts/php5_3/Zend/zend_vm_execute.h:1564
#4  0x0000000000d9bc5d in execute (op_array=0x1b33318, tsrm_ls=0x188f0c0)
    at /var/checkouts/php5_3/Zend/zend_vm_execute.h:104
#5  0x0000000000d339b4 in zend_execute_scripts (type=8, tsrm_ls=0x188f0c0, 
    retval=0x0, file_count=3) at /var/checkouts/php5_3/Zend/zend.c:1197
#6  0x0000000000bfb0e8 in php_execute_script (primary_file=0x7fffab7dfb70, 
    tsrm_ls=0x188f0c0) at /var/checkouts/php5_3/main/main.c:2080
#7  0x0000000000e94735 in main (argc=2, argv=0x7fffab7dfdf8)
    at /var/checkouts/php5_3/sapi/cli/php_cli.c:1126

php --info
<snip>
mbstring

Multibyte Support => enabled
Multibyte string engine => libmbfl
HTTP input encoding translation => disabled

mbstring extension makes use of "streamable kanji code filter and converter", which is distributed under the GNU Lesser General Public License version 2.1.

Multibyte (japanese) regex support => enabled
Multibyte regex (oniguruma) backtrack check => On
Multibyte regex (oniguruma) version => 4.7.1

Directive => Local Value => Master Value
mbstring.detect_order => no value => no value
mbstring.encoding_translation => Off => Off
mbstring.func_overload => 0 => 0
mbstring.http_input => pass => pass
mbstring.http_output => pass => pass
mbstring.http_output_conv_mimetypes => ^(text/|application/xhtml\+xml) => ^(text/|application/xhtml\+xml)
mbstring.internal_encoding => no value => no value
mbstring.language => neutral => neutral
mbstring.strict_detection => Off => Off
mbstring.substitute_character => no value => no value

[2008-12-08 12:14 UTC] jani@php.net

Crashes only with PHP_5_3. HEAD and PHP_5_2 work just fine..

[2008-12-11 02:57 UTC] scottmac@php.net

This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Sat Feb 22 16:01:29 2025 UTC