php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #39737 stristri segmentation fault
Submitted: 2006-12-05 00:06 UTC Modified: 2006-12-13 01:00 UTC
Votes:4
Avg. Score:4.0 ± 1.0
Reproduced:4 of 4 (100.0%)
Same Version:2 (50.0%)
Same OS:1 (25.0%)
From: cody at codymays dot net Assigned:
Status: No Feedback Package: Reproducible crash
PHP Version: 5.2.0 OS: OSX
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2006-12-05 00:06 UTC] cody at codymays dot net
Description:
------------
It seems that whenever I run stristr in certain situations on this system (Macbook Pro Core 2 Duo with apache 2.0.59 and php 5.2.0) php's stristr crashes.

I've tested this on phpSysInfo-2.5.2_rc3 (http://sourceforge.net/projects/phpsysinfo) and on the demos on the stristr docs page. This is where stuff gets interesting. The demos on the docs page works, while the following line in phpsysinfo causes the crash:

if( ! $XPath->match( "/phpsysinfo/FileSystem/Mount[" . $i . "]/Options" ) || ! stristr( $XPath->getData( "/phpsysinfo/FileSystem/Mount[" . $i . "]/Options" ), "bind" ) )

An even more interesting observation is that the following code does not segfault:

if( ! $XPath->match( "/phpsysinfo/FileSystem/Mount[" . $i . "]/Options" ) || ! stristr( strtolower($XPath->getData( "/phpsysinfo/FileSystem/Mount[" . $i . "]/Options") ), "bind" ) )



Expected result:
----------------
To not crash. :)

Actual result:
--------------
Backtrace:

klashnikov:~/public_html/phpsysinfo cody$ gdb --args php index.php
GNU gdb 6.3.50-20050815 (Apple version gdb-563) (Wed Jul 19 05:10:58 GMT 2006)
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-apple-darwin"...Reading symbols for shared libraries .......... done

(gdb) start
Breakpoint 1 at 0x316085: file /Users/cody/Desktop/php-5.2.0/sapi/cli/php_cli.c, line 564.
Starting program: /usr/local/bin/php index.php
Reading symbols for shared libraries ..+ done

Breakpoint 1, main (argc=2, argv=0xbffff96c) at /Users/cody/Desktop/php-5.2.0/sapi/cli/php_cli.c:564
564             int orig_optind=php_optind;
(gdb) bt
#0  main (argc=2, argv=0xbffff96c) at /Users/cody/Desktop/php-5.2.0/sapi/cli/php_cli.c:564
(gdb) c
Continuing.
Reading symbols for shared libraries . done
Reading symbols for shared libraries . done
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<!--
        Created By: phpSysInfo - 2.5.2_rc3
        http://phpsysinfo.sourceforge.net/
-->
<head>
        <title>System Information -- klashnikov --</title>
        <link rel="stylesheet" type="text/css" href="templates/classic/classic.css">
</head>
<body>

Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_PROTECTION_FAILURE at address: 0x00000000
0x90021dcc in memchr ()
(gdb) bt
#0  0x90021dcc in memchr ()
#1  0x00202256 in php_stristr (s=0x0, t=0x1564aa8 "bind", s_len=0, t_len=4) at /Users/cody/Desktop/php-5.2.0/Zend/zend_operators.h:156
#2  0x0020254d in zif_stristr (ht=2, return_value=0x15669a0, return_value_ptr=0x0, this_ptr=0x0, return_value_used=1) at /Users/cody/Desktop/php-5.2.0/ext/standard/string.c:1538
#3  0x002a668f in zend_do_fcall_common_helper_SPEC (execute_data=0xbfffefa0) at /Users/cody/Desktop/php-5.2.0/Zend/zend_vm_execute.h:200
#4  0x002a422f in execute (op_array=0x13e3330) at /Users/cody/Desktop/php-5.2.0/Zend/zend_vm_execute.h:92
#5  0x002a5ece in zend_do_fcall_common_helper_SPEC (execute_data=0xbffff0e0) at /Users/cody/Desktop/php-5.2.0/Zend/zend_vm_execute.h:234
#6  0x002a422f in execute (op_array=0x10c2534) at /Users/cody/Desktop/php-5.2.0/Zend/zend_vm_execute.h:92
#7  0x00289639 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /Users/cody/Desktop/php-5.2.0/Zend/zend.c:1097
#8  0x00247fcf in php_execute_script (primary_file=0xbffff8b8) at /Users/cody/Desktop/php-5.2.0/main/main.c:1758
#9  0x0031756a in main (argc=2, argv=0xbffff96c) at /Users/cody/Desktop/php-5.2.0/sapi/cli/php_cli.c:1108
(gdb) stack

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-12-05 01:42 UTC] iliaa@php.net
What is the actual value of the 1st parameter being passed to 
stristr() function?
 [2006-12-05 01:55 UTC] cody at codymays dot net
According to a:
var_dump($XPath->getData( "/phpsysinfo/FileSystem/Mount[" . $i . "]/Options"));
The result is:
string(0) ""
 [2006-12-05 09:57 UTC] tony2001@php.net
Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves. 

A proper reproducing script starts with <?php and ends with ?>,
is max. 10-20 lines long and does not require any external 
resources such as databases, etc. If the script requires a 
database to demonstrate the issue, please make sure it creates 
all necessary tables, stored procedures etc.

Please avoid embedding huge scripts into the report.


 [2006-12-05 21:16 UTC] cody at codymays dot net
Sorry that took so long, it took me a while to get it narrowed down, but I can do it in one line now.

The following line segfaults php ever time:
  if(!stristr(implode(',',array(NULL)), 'earth'))
 [2006-12-05 21:20 UTC] tony2001@php.net
Please try using this CVS snapshot:

  http://snaps.php.net/php5.2-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5.2-win32-latest.zip

That should be fixed already, see bug #39350.
 [2006-12-13 01:00 UTC] php-bugs at lists dot php dot net
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri Mar 29 00:01:28 2024 UTC