php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #20654 imap_headerinfo() segfaults
Submitted: 2002-11-26 11:12 UTC Modified: 2002-11-26 11:16 UTC
From: lenar at city dot ee Assigned:
Status: Closed Package: IMAP related
PHP Version: 4.2.3 OS: Debian Linux unstable
Private report: No CVE-ID: None
View Add Comment Developer Edit
 [2002-11-26 11:12 UTC] lenar at city dot ee 
When the number of e-mail addresses in message's "To:"   
header (propably cc, from and 'friends' too) exceeds 128   
elements imap_headerinfo() may segfault. 
 
More addresses -> more propable to crash. Up to 128 
addresses per header -> no crashes. 
 
Little non-debug-mode backtrace: 
   
#0  0x4013a7e8 in free () from /lib/libc.so.6 
#1  0x4013a4ca in malloc () from /lib/libc.so.6 
#2  0x40139ca4 in malloc () from /lib/libc.so.6 
#3  0x4025aab5 in _emalloc () from 
/usr/lib/apache/1.3/libphp4.so 
#4  0x4027685f in zend_hash_add_or_update () from 
/usr/lib/apache/1.3/libphp4.so 
#5  0x4027555c in add_property_string_ex () from 
/usr/lib/apache/1.3/libphp4.so 
#6  0x447dbb71 in zif_imap_mime_header_decode () from 
/usr/lib/php4/20020429/imap.so 
#7  0x447dbdce in zif_imap_mime_header_decode () from 
/usr/lib/php4/20020429/imap.so 
#8  0x447d455d in zif_imap_headerinfo () from 
/usr/lib/php4/20020429/imap.so 
#9  0x40265517 in execute () from 
/usr/lib/apache/1.3/libphp4.so 
#10 0x4053e6a3 in file_is_shm_ignored () from 
/etc/php4/apache/php_accelerator_1.3.3.so 
#11 0x40280b06 in php_execute_script () from 
/usr/lib/apache/1.3/libphp4.so 
#12 0x4027c61e in apache_php_module_main () from 
/usr/lib/apache/1.3/libphp4.so 
#13 0x4027d11e in php_restore_umask () from 
/usr/lib/apache/1.3/libphp4.so 
#14 0x4027d185 in php_restore_umask () from 
/usr/lib/apache/1.3/libphp4.so 
#15 0x08053a84 in ap_invoke_handler () 
#16 0x0806338c in ap_some_auth_required () 
#17 0x08063671 in ap_internal_redirect () 
#18 0x40016d23 in _init () from 
/usr/lib/apache/1.3/mod_dir.so 
#19 0x08053a84 in ap_invoke_handler () 
#20 0x0806338c in ap_some_auth_required () 
#21 0x080633e8 in ap_process_request () 
#22 0x0805cbcb in ap_child_terminate () 
#23 0x0805cd5c in ap_child_terminate () 
#24 0x0805ce79 in ap_child_terminate () 
#25 0x0805d355 in ap_child_terminate () 
#26 0x0805da5d in main () 
#27 0x400e50bf in __libc_start_main () from /lib/libc.so.6

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-11-26 11:16 UTC] iliaa@php.net 
This bug has been fixed in CVS.

In case this was a PHP problem, snapshots of the sources are packaged
every three hours; this change will be in the next snapshot. You can
grab the snapshot at http://snaps.php.net/.
 
In case this was a documentation problem, the fix will show up soon at
http://www.php.net/manual/.

In case this was a PHP.net website problem, the change will show
up on the PHP.net site and on the mirror sites in short time.
 
Thank you for the report, and for helping us make PHP better.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Apr 25 23:01:29 2024 UTC