|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
[2017-03-17 20:27 UTC] lindsay at notion dot ai
Description:
------------
The scenario to recreate the segfault:
- use stream_filter_append to convert data on fwrite
- try to write data which fails the convert process
- blindly catch and ignore the failed fwrites
- segfault happens on fclose
Tested on 7.1.3, 7.0.13 and 5.6.28
Test script:
---------------
$fh = fopen('/tmp/segfault.txt', 'w');
stream_filter_append( $fh, 'convert.quoted-printable-decode', STREAM_FILTER_WRITE, array( 'line-break-chars' => "\r\n" ));
$lines = [
"\r\n",
" -=()\r\n",
" -=\r\n",
"\r\n"
];
foreach ($lines as $line)
{
try
{
fwrite($fh, $line);
}
catch (\Exception $e) { }
}
fclose($fh);
PatchesPull Requests
Pull requests:
HistoryAllCommentsChangesGit/SVN commits
|
|||||||||||||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Sat Feb 22 17:01:28 2025 UTC |
Filter gives 3 "invalid byte sequence" warnings during the fwrites. With PHP 7.1.2: (gdb) bt #0 0x00000000007c1d56 in php_conv_qprint_decode_convert (inst=0x7fccb3658480, in_pp=0x0, in_left_p=0x0, out_pp=0x7ffff9fbeea8, out_left_p=0x7ffff9fbeeb8) at /root/php/php-src/ext/standard/filters.c:1028 #1 0x00000000007c3227 in strfilter_convert_append_bucket (inst=0x7fccb3675000, stream=0x7fccb365fa00, filter=0x7fccb3676000, buckets_out=0x7ffff9fbf000, ps=0x0, buf_len=0, consumed=0x7ffff9fbef68, persistent=0) at /root/php/php-src/ext/standard/filters.c:1577 #2 0x00000000007c3752 in strfilter_convert_filter (stream=0x7fccb365fa00, thisfilter=0x7fccb3676000, buckets_in=0x7ffff9fbeff0, buckets_out=0x7ffff9fbf000, bytes_consumed=0x7ffff9fbefc0, flags=2) at /root/php/php-src/ext/standard/filters.c:1693 #3 0x0000000000803ec2 in _php_stream_write_filtered (stream=0x7fccb365fa00, buf=0x0, count=0, flags=2) at /root/php/php-src/main/streams/streams.c:1159 #4 0x0000000000803fcd in _php_stream_flush (stream=0x7fccb365fa00, closing=1) at /root/php/php-src/main/streams/streams.c:1208 #5 0x00000000008024aa in _php_stream_free (stream=0x7fccb365fa00, close_options=67) at /root/php/php-src/main/streams/streams.c:440 #6 0x000000000075a014 in zif_fclose (execute_data=0x7fccb3614130, return_value=0x7ffff9fbf150) at /root/php/php-src/ext/standard/file.c:898 #7 ... (gdb) frame 0 #0 0x00000000007c1d56 in php_conv_qprint_decode_convert (inst=0x7fccb3658480, in_pp=0x0, in_left_p=0x0, out_pp=0x7ffff9fbeea8, out_left_p=0x7ffff9fbeeb8) at /root/php/php-src/ext/standard/filters.c:1028 1028 ps = (unsigned char *)(*in_pp); (gdb) p *inst $3 = {_super = {convert_op = 0x7c1ce6 <php_conv_qprint_decode_convert>, dtor = 0x7c1c56 <php_conv_qprint_decode_dtor>}, lbchars = 0x7fccb3672050 "\r\n", lbchars_len = 2, scan_stat = 5, next_char = 0, lbchars_dup = 1, persistent = 0, lb_ptr = 0, lb_cnt = 1}