|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
[2002-11-05 01:52 UTC] woonuk at xenoinfo dot com
imap_header() quietly crashes. This sample message have bad Reply-To header. machine A) php : 4.2.3 c-client : imap-2001a apache : 1.3.26 machine B) php : 4.2.3 c-client : imap-2002.RC10 apache : 2.0.42 above two machine got same result. -- Return-Path: <root@home.xenoinfo.com> Delivered-To: home.xenoinfo.com-woonuk@home.xenoinfo.com Received: (qmail 2862 invoked by uid 0); 5 Nov 2002 16:36:11 +0900 Date: 5 Nov 2002 16:36:11 +0900 Message-ID: <20021105073611.2861.qmail@home.xenoinfo.com> From: root@home.xenoinfo.com To: woonuk@home.xenoinfo.com Reply-To: <> Subject: This is Subject This is body. -- PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
|
|||||||||||||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Fri Oct 24 01:00:02 2025 UTC |
Here gdb backtrace. (gdb) run -X Starting program: /usr/local/apache2/bin/httpd -X [New Thread 1024 (LWP 21817)] Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 1024 (LWP 21817)] 0x402df6dc in chunk_free () from /lib/libc.so.6 (gdb) bt #0 0x402df6dc in chunk_free () from /lib/libc.so.6 #1 0x402df548 in free () from /lib/libc.so.6 #2 0x404583a7 in _php_make_header_object (myzvalue=0x823b188, en=0x82444a8, tsrm_ls=0x8186838) at php_imap.c:3724 #3 0x4044d232 in zif_imap_headerinfo (ht=2, return_value=0x823b188, this_ptr=0x0, return_value_used=1, tsrm_ls=0x8186838) at php_imap.c:1631 #4 0x403fd5f0 in execute (op_array=0x81e1d08, tsrm_ls=0x8186838) at ./zend_execute.c:1598 #5 0x404100ed in zend_execute_scripts (type=8, tsrm_ls=0x8186838, retval=0x0, file_count=3) at zend.c:812 #6 0x404236fd in php_execute_script (primary_file=0xbffff730, tsrm_ls=0x8186838) at main.c:1383 #7 0x4041e959 in php_output_filter (f=0x81d9980, bb=0x81d9ef0) at sapi_apache2.c:409 #8 0x080ac5a7 in ap_pass_brigade (next=0x81d9980, bb=0x81d9ab0) at util_filter.c:540 #9 0x080b2868 in default_handler (r=0x81ce7b0) at core.c:3317 #10 0x080a1bd6 in ap_run_handler (r=0x81ce7b0) at config.c:194 #11 0x080a20f1 in ap_invoke_handler (r=0x81ce7b0) at config.c:401 #12 0x08084e93 in ap_process_request (r=0x81ce7b0) at http_request.c:288 #13 0x080810b8 in ap_process_http_connection (c=0x81ca3b0) at http_core.c:293 #14 0x080aa6b6 in ap_run_process_connection (c=0x81ca3b0) at connection.c:85 #15 0x080a0889 in child_main (child_num_arg=0) at prefork.c:696 #16 0x080a093c in make_child (s=0x812b950, slot=0) at prefork.c:736 #17 0x080a0a26 in startup_children (number_to_start=5) at prefork.c:808 #18 0x080a0d28 in ap_mpm_run (_pconf=0x80e8690, plog=0x8126788, s=0x812b950) at prefork.c:1024 #19 0x080a5dab in main (argc=2, argv=0xbffffa44) at main.c:643 #20 0x402821c4 in __libc_start_main () from /lib/libc.so.6 (gdb)I tried above cvs version. It worked but apache logs said, [Wed Nov 06 00:44:50 2002] [notice] child pid 15305 exit signal Segmentation fault (11) [Wed Nov 06 00:44:55 2002] [notice] child pid 15371 exit signal Segmentation fault (11) [Wed Nov 06 00:44:58 2002] [notice] child pid 15401 exit signal Segmentation fault (11) and the back-trace here. (gdb) bt #0 0x402debd3 in chunk_alloc () from /lib/libc.so.6 #1 0x402de9d0 in malloc () from /lib/libc.so.6 #2 0x4052b06f in _emalloc (size=256, __zend_filename=0x405e8740 "/usr/local/src/php4-200211030600/Zend/zend_stack.c", __zend_lineno=27, __zend_orig_filename=0x0, __zend_orig_lineno=0) at /usr/local/src/php4-200211030600/Zend/zend_alloc.c:154 #3 0x4053d0de in zend_stack_init (stack=0x40654380) at /usr/local/src/php4-200211030600/Zend/zend_stack.c:27 #4 0x4052c3d6 in zend_init_compiler_data_structures () at /usr/local/src/php4-200211030600/Zend/zend_compile.c:73 #5 0x4052c4f0 in init_compiler () at /usr/local/src/php4-200211030600/Zend/zend_compile.c:100 #6 0x4053e998 in zend_activate () at /usr/local/src/php4-200211030600/Zend/zend.c:594 #7 0x40506bba in php_request_startup () at /usr/local/src/php4-200211030600/main/main.c:833 #8 0x40556c1a in php_apache_request_ctor (f=0x81dcb68, ctx=0x81df000) at /usr/local/src/php4-200211030600/sapi/apache2filter/sapi_apache2.c:375 #9 0x40556e67 in php_output_filter (f=0x81dcb68, bb=0x81dce60) at /usr/local/src/php4-200211030600/sapi/apache2filter/sapi_apache2.c:449 #10 0x080ac5a7 in ap_pass_brigade (next=0x81dcb68, bb=0x81dcc98) at util_filter.c:540 #11 0x080b2868 in default_handler (r=0x81dd9c8) at core.c:3317 #12 0x080a1bd6 in ap_run_handler (r=0x81dd9c8) at config.c:194 #13 0x080a20f1 in ap_invoke_handler (r=0x81dd9c8) at config.c:401 #14 0x08084e93 in ap_process_request (r=0x81dd9c8) at http_request.c:288 #15 0x080810b8 in ap_process_http_connection (c=0x81d3578) at http_core.c:293 #16 0x080aa6b6 in ap_run_process_connection (c=0x81d3578) at connection.c:85 #17 0x080a0889 in child_main (child_num_arg=0) at prefork.c:696 #18 0x080a093c in make_child (s=0x812b950, slot=0) at prefork.c:736 #19 0x080a0a26 in startup_children (number_to_start=5) at prefork.c:808 #20 0x080a0d28 in ap_mpm_run (_pconf=0x80e8690, plog=0x8126788, s=0x812b950) at prefork.c:1024 #21 0x080a5dab in main (argc=2, argv=0xbffffa44) at main.c:643 #22 0x402821c4 in __libc_start_main () from /lib/libc.so.6I deleted many html tags and php code. Ctrl+F5(reload) gives good result or crash. $ cat test.php <?php $mailbox = imap_open("{localhost:143}"."INBOX.test", "woonuk@home.xenoinfo.com", "******"); $object = imap_fetchstructure($mailbox, 1); $header = imap_header($mailbox, 1); $from = $header->from[0]->personal; if(!$from) $from = $header->$from[0]->mailbox; $subject = htmlspecialchars(chop($header->Subject)); if(!$subject) $subject = "Null !!"; $to = $header->to[0]->personal; if(!$to) $to = $header->to[0]->mailbox; echo("Subject: $subject<br>"); echo("Date : " . $header->Date . "<br>"); echo("From : $from<br>"); echo("To : $to<br>"); imap_close($mailbox); ?>I'm in another situation. I configured php with uw-imap c-client, but courier-imap server is running. Stopping courier-imap server and, Test with uw-iamp server, there was no crash. Test with courier-imap server again, here backtrace report. (gdb) bt #0 0x403b480e in _zval_ptr_dtor (zval_ptr=0x0, __zend_filename=0x4046de00 "/usr/local/src/php4-200211030600/Zend/zend_variables.c", __zend_lineno=167) at /usr/local/src/php4-200211030600/Zend/zend_execute_API.c:291 #1 0x403be4d2 in _zval_ptr_dtor_wrapper (zval_ptr=0x0) at /usr/local/src/php4-200211030600/Zend/zend_variables.c:167 #2 0x403c5a01 in zend_hash_destroy (ht=0x812eacc) at /usr/local/src/php4-200211030600/Zend/zend_hash.c:543 #3 0x403be19a in _zval_dtor (zvalue=0x812ea8c, __zend_filename=0x4046d6a0 "/usr/local/src/php4-200211030600/Zend/zend_execute_API.c", __zend_lineno=293) at /usr/local/src/php4-200211030600/Zend/zend_variables.c:60 #4 0x403b4839 in _zval_ptr_dtor (zval_ptr=0x811c820, __zend_filename=0x4046de00 "/usr/local/src/php4-200211030600/Zend/zend_variables.c", __zend_lineno=167) at /usr/local/src/php4-200211030600/Zend/zend_execute_API.c:293 #5 0x403be4d2 in _zval_ptr_dtor_wrapper (zval_ptr=0x811c820) at /usr/local/src/php4-200211030600/Zend/zend_variables.c:167 #6 0x403c5a01 in zend_hash_destroy (ht=0x404da80c) at /usr/local/src/php4-200211030600/Zend/zend_hash.c:543 #7 0x403b433e in shutdown_executor () at /usr/local/src/php4-200211030600/Zend/zend_execute_API.c:186 #8 0x403bf70f in zend_deactivate () at /usr/local/src/php4-200211030600/Zend/zend.c:625 #9 0x40387bd3 in php_request_shutdown (dummy=0x0) at /usr/local/src/php4-200211030600/main/main.c:913 #10 0x403d6dfa in apache_php_module_main (r=0x8114ad4, display_source_mode=0) at /usr/local/src/php4-200211030600/sapi/apache/sapi_apache.c:61 #11 0x403d7c48 in send_php (r=0x8114ad4, display_source_mode=0, filename=0x8116614 "/home/www/test.php") at /usr/local/src/php4-200211030600/sapi/apache/mod_php4.c:556 #12 0x403d7cb5 in send_parsed_php (r=0x8114ad4) at /usr/local/src/php4-200211030600/sapi/apache/mod_php4.c:571 #13 0x08054823 in ap_invoke_handler () #14 0x08069ca7 in process_request_internal () #15 0x08069d08 in ap_process_request () #16 0x08060a79 in child_main () #17 0x08060c48 in make_child () #18 0x08060dbc in startup_children () #19 0x08061434 in standalone_main () #20 0x08061cb3 in main () #21 0x400ad1c4 in __libc_start_main () from /lib/libc.so.6 (gdb)hello. similar problem, imap_header() crash, but with other condition - long To: header php 4.2.3 as CLI,libc-client: 4.7-c2 bug can be reproduced with message containing following header: To: Someone <email@somehost.com>, Someone2 <email2@somehost.com>, ... Someone144 <email144@somehost> I didn't test actual threshold, it could be smaller then 144. test script: $imap=imap_open("{localhost:143}INBOX","user","pass"); if (!$imap) echo "connect failed\n"; $header=imap_header($imap,1); backtrace: Program received signal SIGSEGV, Segmentation fault. 0x3d0f86 in malloc () from /lib/libc.so.6 (gdb) bt #0 0x3d0f86 in malloc () from /lib/libc.so.6 #1 0x3d0ca4 in malloc () from /lib/libc.so.6 #2 0x80c723c in _emalloc (size=12) at zend_alloc.c:165 #3 0x53e39e in _php_imap_parse_address (addresslist=0x817bfe0, fulladdress=0xbd870ec8, paddress=0x818476c) at php_imap.c:3632 #4 0x53e62e in _php_make_header_object (myzvalue=0x8178c3c, en=0x817ce58) at php_imap.c:3666 #5 0x536dbd in zif_imap_headerinfo (ht=2, return_value=0x8178c3c, this_ptr=0x0, return_value_used=1) at php_imap.c:1631 #6 0x497d99 in zend_assign_to_variable_reference () from /usr/local/Zend/lib/ZendOptimizer.so #7 0x4a1144 in zend_oe () from /usr/local/Zend/lib/ZendOptimizer.so #8 0x80d3fb8 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at zend.c:812 #9 0x805f81d in php_execute_script (primary_file=0xbd873388) at main.c:1383 #10 0x805d6e3 in main (argc=2, argv=0xbd873404) at cgi_main.c:778 #11 0x37c0bf in __libc_start_main () from /lib/libc.so.6