PHP :: Bug #16905 :: mkdir crashes

Bug #16905

mkdir crashes

Submitted:

2002-04-29 10:55 UTC

Modified:

2002-05-06 13:35 UTC

Votes:	7
Avg. Score:	4.7 ± 0.5
Reproduced:	6 of 6 (100.0%)
Same Version:	5 (83.3%)
Same OS:	5 (83.3%)

From:

mav at alkar dot net

Assigned:

Status:

Closed

Package:

Scripting Engine problem

PHP Version:

4.2.0

OS:

FreeBSD 4.5

Private report:

CVE-ID:

None

View Developer Edit

[2002-04-29 10:55 UTC] mav at alkar dot net

Simple test like this makes segmentation fault:
<?

  mkdir('1/fv',0777);

  echo('!!!!!!!!!!!!!!\n\n');

?>
This error occurs in both Apache DSO module and console version.
PHP configures as:
./configure  --with-apxs=/usr/local/apache/bin/apxs --with-config-file-path=/usr/local/apache/conf --with-mysql=
/usr/local/mysql --with-gd=/usr/local --enable-trans-sid --enable-versioning --enable-inline-optimization --enabl
e-ftp --enable-dbase --enable-gd-native-ttf --with-ttf --with-freetype-dir=/usr/local

Here is back trace by gdb from core file:
# gdb php /www/www/clients/alkar/hotline/hotline.alkar.net/php.core 
GNU gdb 4.18
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-unknown-freebsd"...
Core was generated by `php'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /usr/lib/libpam.so.1...done.
Reading symbols from /usr/local/mysql/lib/mysql/libmysqlclient.so.10...done.
Reading symbols from /usr/lib/libz.so.2...done.
Reading symbols from /usr/lib/libcrypt.so.2...done.
Reading symbols from /usr/local/lib/libgd.so.2...done.
Reading symbols from /usr/local/lib/libfreetype.so.9...done.
Reading symbols from /usr/lib/libm.so.2...done.
Reading symbols from /usr/lib/libc.so.4...done.
Reading symbols from /usr/local/lib/libpng.so.5...done.
Reading symbols from /usr/local/lib/libjpeg.so.9...done.
Reading symbols from /usr/libexec/ld-elf.so.1...done.
#0  0x80fed24 in execute (op_array=0x0) at ./zend_execute.c:1602
1602                                                    EX(Ts)[EX(opline)->result.u.var].var.ptr->is_ref = 0;
(gdb) bt
#0  0x80fed24 in execute (op_array=0x0) at ./zend_execute.c:1602
(gdb)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2002-04-29 16:16 UTC] sniper@php.net

I can not reproduce this with PHP 4.3.0.
Please try latest CVS snapshot from http://snaps.php.net/

[2002-05-02 04:54 UTC] jason at jase dot org

I've just tried a 4.3.0 snapshot using the same test file as mav@alkar.net posted above.

Operating system is FreeBSD 4.5.

-----------------------------------------------------

php4-200205020000# ./php ~/test.php
X-Powered-By: PHP/4.3.0-dev
Content-type: text/html

<br />
<b>Warning</b>:  mkdir() failed (No such file or directory) in <b>/disk1/home/jase/bigmailbox/test.php</b> on line <b>3</b><br />
Segmentation fault (core dumped)

[2002-05-02 06:04 UTC] jason at jase dot org

Just to further confuse the issue.  If I build the 4.3.0-DEV snaphost (php4-200205020000) with --enable-debug then it behaves normally.

Jason

[2002-05-06 11:37 UTC] kalowsky@php.net

Happens in 4.2.1RC1 as well.  When compiled with --enable-debug, works fine.  When compiled with --disable-debug, it doesn't work

[2002-05-06 13:35 UTC] jimw@php.net

This bug has been fixed in CVS. You can grab a snapshot of the
CVS version at http://snaps.php.net/

fix was merged into 4.2 branch, so it should be included in 4.2.1. (we were passing a pointer to a mode_t, which is a short on freebsd, and it was being treated elsewhere as a pointer to a long. this is the fun sort of bug that usually only shows up on non-debug builds.)

[2002-05-07 08:23 UTC] jason at jase dot org

Hi,

I've submitted a pr to the FreeBSD php port maintainer, including a patch.  

The patch can be downloaded from: 

http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/37825

Jason

[2002-05-29 18:18 UTC] pav at oook dot cz

I have very similar thing happening. Script is reading directory with a lot of image files, printing them in colors. The script crash as both mod_php4 in apache and command-line. It crash every time at same position, however it crash in different positions when called thru apache and when run from command line. Relevant part of script:

$handle = opendir("/home/pav/images/fit"); 
while ($fajl = readdir($handle)) {
	if ($fajl == "." || $fajl == "..") continue;
	echo '<a href="wow.php3?showme='.$fajl.'" target="_blank" style="color: '; 
	if ($rates[$fajl]) echo calclinkcolor($ratingy[$fajl]); 
	else echo calclinkcolor(-1);
	echo '">'.$fajl."</a>\n";
}
closedir($handle);

backtrace
#0  0x2836aaed in readdir_r () from /usr/lib/libc.so.4
(gdb) bt
#0  0x2836aaed in readdir_r () from /usr/lib/libc.so.4
#1  0x8091935 in php_if_readdir ()
#2  0x80ed79c in execute ()
#3  0x80d9171 in zend_execute_scripts ()
#4  0x8062406 in php_execute_script ()
#5  0x8060288 in main ()
#6  0x805f629 in _start ()

PHP 4.2.1, Apache 1.3.24, FreeBSD 4.5-STABLE

[2002-05-29 18:20 UTC] pav at oook dot cz

Yeah sorry! Commented bad bug. Sorry. This apply to bug #15665. Sorry again.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Fri May 09 12:01:28 2025 UTC