PHP :: Bug #9766 :: IRCG trouble

Bug #9766	IRCG trouble
Submitted:	2001-03-15 10:03 UTC	Modified:	2001-03-19 07:40 UTC
From:	adam at indexdata dot dk	Assigned:
Status:	Closed	Package:	Reproducible Crash
PHP Version:	4.0 Latest CVS (15/03/2001)	OS:	Redhat 6.0 / GNU Linux 2.2.5
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

[2001-03-15 10:03 UTC] adam at indexdata dot dk

Crash in either ircg_set_current or ircg_join when
running the IRCG sample scripts as produced by Sasha.

We've installed
  latest php4 CVS (as of 15 march)
  thttpd 2.20b
  st 1.0 and st 1.1
  IRCG 2.1
  hybrid ircd (on localhost port 6667)

The trace below may be misleading because of the threads
involved.

Program received signal SIGSEGV, Segmentation fault.
0x80ef6e5 in irc_cmd_RPL_NAMREPLY (conn=0x8189bb0, msg=0x401f591c)
    at irc_dispatcher.c:181
181	{
(gdb) bt
#0  0x80ef6e5 in irc_cmd_RPL_NAMREPLY (conn=0x8189bb0, msg=0x401f591c)
    at irc_dispatcher.c:181
#1  0x80efde1 in dispatch_message (conn=0x8189bb0, msg=0x401f591c)
    at irc_dispatcher.c:459
#2  0x80f01e3 in irc_dispatcher (dummy=0x8189bb0) at irc_dispatcher.c:587
#3  0x400bdd36 in _st_thread_main () at sched.c:500

The following, perhaps, helps:

(gdb) print *conn
$4 = {username = "ada\000\b?\036@st.document.forms[0].pta", 
  username_len = 3 '\003', c = 0x8186668, hooks = {0x80678b8 <part_handler>, 
    0x8067720 <user_add>, 0x8067924 <user_leave>, 0x8067a3c <user_kick>, 
    0x806785c <new_topic>, 0x8067358 <msg_handler>, 0x8066750 <quit_handler>, 
    0x8067658 <error_handler>, 0, 0x8067420 <nick_handler>, 
    0x806797c <user_quit>, 0x8067478 <whois_user_handler>, 
    0x80674d4 <whois_server_handler>, 0x8067530 <whois_idle_handler>, 
    0x80675e0 <whois_channels_handler>, 0x8067588 <end_of_whois_handler>, 
    0x8067a98 <mode_channel_handler>, 0x80679d4 <idle_recv_queue>}, server = {
    sockaddr_storage_data = "\002\000\032\013??Et, j;\n//\tvar count_user = 0;\n\tfor (i = 0; i < next_channel_id; i++) {\n\t\tbuf += '<b>'+channels[i][0]+'</b><br />';\n\t\tbuf2 += '<option value=\"'+channels[i][0]+'\" '+(last_selected_user == channels"...}, server_len = 16, sockpf = 2, status = 1 '\001', 
  data = 0x8189bb0, dispatcher = 0x401f5eec, channels = {
    slh_first = 0x8183d20}, irc_msgbuf = {slh_first = 0x0}, 
  ident = "0a000037", ident_len = 8 '\b', 
  password = "\000< channels[i].length; j++) {\n\t\t", 
  realname = "Mozilla/5.0 (X11; U; Linux 2.4.0 i686; en-US; 0.8) Gecko/2001021"}(gdb) print *msg
$5 = {cmd = {c = 0x812029f "353", len = 135198428, a = 135398043}, nickname = {
    c = 0x80ef470 "U\211?\203?\030WVS\213u\b\213]\f?E?", len = 135398039, 
    a = 135197952}, para = {{c = 0x8120293 "312", len = 135198024, 
      a = 135398031}, {c = 0x80ef588 "U\211?S\213]\b\213U\f\203?\b\001", 
      len = 135398027, a = 135198376}, {c = 0x8120287 "319", len = 135198148, 
      a = 135398018}, {c = 0x80ef3d8 "U\211?\213E\f\203?\b\001", 
      len = 135398013, a = 135198928}, {c = 0x8120278 "PART", len = 135199232, 
      a = 135398003}, {c = 0x80efa64 "U\211?\203?\fWVS\213}\f?E?", 
      len = 135397998, a = 135199760}, {c = 0x812024e "QUIT", len = 135199060, 
      a = 135397994}, {c = 0x80efc94 "U\211?S\213]\b\213SD\205?t\032??|\001", 
      len = 135397990, a = 135199956}, {c = 0x8120262 "433", len = 135200020, 
      a = 135397982}, {c = 0x80efd6c "U\211?S\213]\b\213SD\205?t\032??|\001", 
      len = 135397977, a = 135199104}, {c = 0x8120253 "TOPIC", 
      len = 135197704, a = 0}, {c = 0x0, len = 2155905024, a = 2155905152}, {
      c = 0x80008080 <Address 0x80008080 out of bounds>, len = 2155872384, 
      a = 2155905152}, {c = 0x80808080 <Address 0x80808080 out of bounds>, 
      len = 2155905152, a = 2155905152}, {
      c = 0x80808000 <Address 0x80808000 out of bounds>, len = 2155905152, 
      a = 2155905152}, {c = 0x8090f080 <Address 0x8090f080 out of bounds>, 
      len = 4042322160, a = 4042322160}, {
      c = 0x8090f0f0 <Address 0x8090f0f0 out of bounds>, len = 2155905152, 
      a = 4042321920}, {c = 0xf0f0f0f0 <Address 0xf0f0f0f0 out of bounds>, 
      len = 4042322160, a = 4042322160}, {
---Type <return> to continue, or q <return> to quit---
      c = 0xf0f0f0f0 <Address 0xf0f0f0f0 out of bounds>, len = 4042322160, 
      a = 3237015792}, {c = 0xf0c0c0c0 <Address 0xf0c0c0c0 out of bounds>, 
      len = 4042322048, a = 4042322160}}, nr_para = -252645136}

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2001-03-15 17:21 UTC] dickmeiss@php.net

Optimization flags:
php4: -O2
thttpd: -O
st-1.0: <none>
IRCG: -O2

Versions and session:

[root@muffin thttpd]# gcc -v
Reading specs from
/usr/lib/gcc-lib/i386-redhat-linux/egcs-2.91.66/specs
gcc version egcs-2.91.66 19990314/Linux (egcs-1.1.2 release)
[root@muffin thttpd]# rpm -qf /lib/libc-2.1.1.so 
glibc-2.1.1-6
[root@muffin thttpd]# export IRCG_OPTIONS=E
[root@muffin thttpd]# /usr/local/sbin/thttpd -D -C config
nick(),cmd(NOTICE),para0(AUTH),para1(*** Looking up your
hostname...)
nick(),cmd(NOTICE),para0(AUTH),para1(*** Found your
hostname, cached)
nick(),cmd(NOTICE),para0(AUTH),para1(*** Checking Ident)
nick(),cmd(001),para0(adam),para1(Welcome to the Internet
Relay Network adam)
nick(),cmd(002),para0(adam),para1(Your host is
muffin.indexdata.dk[muffin.indexdata.dk/6667], running
version 2.8/hybrid-6.0)
nick(),cmd(NOTICE),para0(adam),para1(*** Your host is
muffin.indexdata.dk[muffin.indexdata.dk/6667], running
version 2.8/hybrid-6.0)
nick(),cmd(003),para0(adam),para1(This server was created
Thu Feb 8 2001 at 11:11:29 CET)
nick(),cmd(004),para0(adam),para1(muffin.indexdata.dk),para2(2.8/hybrid-6.0),para3(oiwszcrkfydnxb),para4(biklmnopstved)
nick(),cmd(251),para0(adam),para1(There are 1 users and 0
invisible on 1 servers)
nick(),cmd(255),para0(adam),para1(I have 1 clients and 0
servers)
nick(),cmd(265),para0(adam),para1(Current local  users: 1 
Max: 4)
nick(),cmd(266),para0(adam),para1(Current global users: 1 
Max: 4)
nick(),cmd(250),para0(adam),para1(Highest connection count:
4 (4 clients) (47 since server was (re)started))
nick(),cmd(375),para0(adam),para1(- muffin.indexdata.dk
Message of the Day - )
nick(),cmd(372),para0(adam),para1(- Index Data, Test irc
server!)
nick(),cmd(372),para0(adam),para1(- -Anders Moeller )
nick(),cmd(372),para0(adam),para1(- )
nick(),cmd(372),para0(adam),para1(- Some day I will replace
it with something better.)
nick(),cmd(376),para0(adam),para1(End of /MOTD command.)
nick(adam),cmd(JOIN),para0(#humm)
nick(muffin.indexdata.dk MODE),cmd(MODE),para0(#humm),para1(+nt)
nick(muffin.indexdata.dk
353),cmd(353),para0(adam),para1(=),para2(#humm),para3(@adam )
Segmentation fault

[2001-03-19 07:35 UTC] dickmeiss@php.net

Crash was due to stack overflow. The initial stack size
was set to 4000 bytes in call to st_thread_create in
irc_connect in line 104 of IRCG-2.1/src/irc_connect.c

Increasing the stack size to 8000 solves the problem.

[2001-03-19 07:40 UTC] dickmeiss@php.net

Closed.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Wed Apr 24 02:01:30 2024 UTC