php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #16176 the metaphone() function causes php to segfault under rare circumstances.
Submitted: 2002-03-19 19:32 UTC Modified: 2002-03-20 03:44 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: sah at audiogalaxy dot com Assigned:
Status: Closed Package: Reproducible crash
PHP Version: 4.1.1 OS: linux
Private report: No CVE-ID: None
View Developer Edit
 [2002-03-19 19:32 UTC] sah at audiogalaxy dot com 
I've isolated a case where metaphone() causes a memory-management-related segfault in php versions 4.0.5-dev and 4.1.1 on Linux.  

uname -srvmp says:

Linux 2.4.19-pre2 #1 SMP Sun Mar 10 15:02:27 CST 2002 i686 unknown
and
Linux 2.4.17 #1 SMP Sun Dec 23 03:18:05 CST 2001 i686 unknown

Here's a short script that causes the segfault for me:

#!/usr/local/bin/php -q
<script language=php>

$word_one = "ln";
$word_two = "xvxvccv";
$foo = metaphone($word_one);
$bar = metaphone($word_two);
echo "$foo\n";
echo "$bar\n";

</script>

Here's a gdb backtrace:

#0  0x40149cce in chunk_free (ar_ptr=0x401fc4c0, p=0x81b2d90) at malloc.c:3228
3228    malloc.c: No such file or directory.
(gdb) bt
#0  0x40149cce in chunk_free (ar_ptr=0x401fc4c0, p=0x81b2d90) at malloc.c:3228
#1  0x40149a50 in __libc_free (mem=0x81b36a0) at malloc.c:3154
#2  0x80dd485 in shutdown_memory_manager (silent=0, clean_cache=0)
    at zend_alloc.c:485
#3  0x8062ca3 in php_request_shutdown (dummy=0x0) at main.c:742
#4  0x8061d0f in main (argc=3, argv=0xbffffb34) at cgi_main.c:776
#5  0x400e9386 in __libc_start_main (main=0x8061468 <main>, argc=3, 
    ubp_av=0xbffffb34, init=0x805ff6c <_init>, fini=0x8115f40 <_fini>, 
    rtld_fini=0x4000d318 <_dl_fini>, stack_end=0xbffffb2c)
    at ../sysdeps/generic/libc-start.c:129

email me if you need a binary and core, or anything else.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-03-20 02:25 UTC] sah at audiogalaxy dot org 
Oops.  My real email address is: sah@audiogalaxy.com
 [2002-03-20 02:28 UTC] sah at audiogalaxy dot com 
I've isolated a case where metaphone() causes a
memory-management-related segfault in php versions 4.0.5-dev and 4.1.1
on Linux.  

uname -srvmp says:

Linux 2.4.19-pre2 #1 SMP Sun Mar 10 15:02:27 CST 2002 i686 unknown
and
Linux 2.4.17 #1 SMP Sun Dec 23 03:18:05 CST 2001 i686 unknown

Here's a short script that causes the segfault for me:

#!/usr/local/bin/php -q
<script language=php>

$word_one = "ln";
$word_two = "xvxvccv";
$foo = metaphone($word_one);
$bar = metaphone($word_two);
echo "$foo\n";
echo "$bar\n";

</script>

Here's a gdb backtrace:

#0  0x40149cce in chunk_free (ar_ptr=0x401fc4c0, p=0x81b2d90) at
malloc.c:3228
3228    malloc.c: No such file or directory.
(gdb) bt
#0  0x40149cce in chunk_free (ar_ptr=0x401fc4c0, p=0x81b2d90) at
malloc.c:3228
#1  0x40149a50 in __libc_free (mem=0x81b36a0) at malloc.c:3154
#2  0x80dd485 in shutdown_memory_manager (silent=0, clean_cache=0)
    at zend_alloc.c:485
#3  0x8062ca3 in php_request_shutdown (dummy=0x0) at main.c:742
#4  0x8061d0f in main (argc=3, argv=0xbffffb34) at cgi_main.c:776
#5  0x400e9386 in __libc_start_main (main=0x8061468 <main>, argc=3, 
    ubp_av=0xbffffb34, init=0x805ff6c <_init>, fini=0x8115f40 <_fini>, 
    rtld_fini=0x4000d318 <_dl_fini>, stack_end=0xbffffb2c)
    at ../sysdeps/generic/libc-start.c:129

email me if you need a binary and core, or anything else.
 [2002-03-20 03:17 UTC] mfischer@php.net 
This bug has been fixed in CVS.
 [2002-03-20 03:44 UTC] mfischer@php.net 
It also made it into 4.2.0 (whose RC1 will be released today).
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Sun Jul 27 23:00:03 2025 UTC