php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #46194 SIGSEGV when requested file is not found
Submitted: 2008-09-29 03:13 UTC Modified: 2008-09-30 02:42 UTC
From: xuefer at gmail dot com Assigned: cellog (profile)
Status: Closed Package: PHAR related
PHP Version: 5.3CVS-2008-09-29 (CVS) OS: linux
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: xuefer at gmail dot com
New email:
PHP Version: OS:

 

 [2008-09-29 03:13 UTC] xuefer at gmail dot com
Description:
------------
i have setup lighttpd + fastcgi + php, it used to work with old php but not with 5.3 (not sure about 5.2)

  "localhost:1026" => (
    "host" => "127.0.0.1", "port" => 2048,
    "check-local" => "disable", "disable-time" => 1,
    "broken-scriptfilename" => "enable",
    ),
be aware that it is check-local => disable, which mean lighttpd won't check if the file is exists but will forward the request to php anyway
when i try to request a non existing file, php SIGSEGV

Program received signal SIGSEGV, Segmentation fault.
0x4b319f51 in strstr () from /lib/libc.so.6
(gdb) bt
#0  0x4b319f51 in strstr () from /lib/libc.so.6
#1  0x082292c1 in phar_compile_file (file_handle=0xbfec434c, type=8) at /home/xuefer/src/php/php5/ext/phar/phar.c:3294
#2  0x0849d9b2 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /home/xuefer/src/php/php5/Zend/zend.c:1189
#3  0x08433dbb in php_execute_script (primary_file=0xbfec434c) at /home/xuefer/src/php/php5/main/main.c:2080
#4  0x0852e362 in main (argc=3, argv=0xbfec44b4) at /home/xuefer/src/php/php5/sapi/cgi/cgi_main.c:1980
(gdb) up
#1  0x082292c1 in phar_compile_file (file_handle=0xbfec434c, type=8) at /home/xuefer/src/php/php5/ext/phar/phar.c:3294
3294        if (strstr(file_handle->filename, ".phar") && !strstr(file_handle->filename, "://")) {
(gdb) p file_handle[0]
$2 = {type = ZEND_HANDLE_FILENAME, filename = 0x0, opened_path = 0x0, handle = {fd = 0, fp = 0x0, stream = {handle = 0x0, isatty = 0,
      mmap = {len = 0, pos = 1, map = 0x83f, buf = 0xb7f14878 "j?\t\b\020ii\r", old_handle = 0xb7f15000, old_closer = 0x807ba17},
      reader = 0x4b2b9840, fsizer = 0x805f4a4, closer = 0x1}}, free_filename = 0 '\0'}



Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2008-09-29 11:13 UTC] jani@php.net
Seems to be PHAR related issue (once again) so the quick fix: disable phar. This is quite critical bug..
 [2008-09-29 13:02 UTC] cellog@php.net
Please try this simple patch found at http://pear.php.net/~greg/fixbug46194.patch.txt

Index: ext/phar/phar.c
===================================================================
RCS file: /repository/php-src/ext/phar/phar.c,v
retrieving revision 1.370.2.45
diff -u -r1.370.2.45 phar.c
--- ext/phar/phar.c     13 Sep 2008 22:30:55 -0000      1.370.2.45
+++ ext/phar/phar.c     29 Sep 2008 13:00:22 -0000
@@ -3286,6 +3286,9 @@
        int failed;
        phar_archive_data *phar;

+       if (!file_handle || !file_handle->filename) {
+               return phar_orig_compile_file(file_handle, type TSRMLS_CC);
+       }
        if (strstr(file_handle->filename, ".phar") && !strstr(file_handle->filename, "://")) {
                if (SUCCESS == phar_open_from_filename(file_handle->filename, strlen(file_handle->filename), NULL, 0, 0, &phar, NULL TSRMLS_CC)) {
                        if (phar->is_zip || phar->is_tar) {

 [2008-09-30 02:10 UTC] xuefer at gmail dot com
ok, it seems fixed with your patch, but i don't think it right. why filename can be NULL before it is past to compile file?
with php5.2-CVS cgi-fcgi:
No input file specified.
with php5.3-CVS and phar patch (or disable phar)
Fatal error: Unknown: Failed opening required '' (include_path='.:') in Unknown on line 0

something changed in cgi, many zend extensions might be affected

$ diff ~/src/php/php5.2/sapi/cgi/cgi_main.c  ~/src/php/php5/sapi/cgi/cgi_main.c
yeah... there are big changes
$ diff -u ~/src/php/php5.2/sapi/cgi/cgi_main.c  ~/src/php/php5/sapi/cgi/cgi_main.c |grep 'No input file specified' -C 5
+                       SG(sapi_headers).http_response_code = 403;
+                       PUTS("Access denied.\n");
                    } else {
-                       len += strlen(argv[i]);
+                       SG(sapi_headers).http_response_code = 404;
+                       PUTS("No input file specified.\n");
+                   }
+                   /* we want to serve more requests if this is fastcgi
+                      so cleanup and continue, request shutdown is
+                      handled later */
+                   if (fastcgi) {
--
-           if (errno == EACCES) {
-               SG(sapi_headers).http_response_code = 403;
-               PUTS("Access denied.\n");
-           } else {
-               SG(sapi_headers).http_response_code = 404;
-               PUTS("No input file specified.\n");
-           }
-#if PHP_FASTCGI
-           /* we want to serve more requests if this is fastcgi
-              so cleanup and continue, request shutdown is
-              handled later */


i'm not sure when will 5.3 cgi-fcgi prints out "No input file specified" which used to be print by 5.2, are you?

summary:
1. "Fatal error" just does not make sense here. it should be legal to pass any request including which might cause "404 File not found", from the webserver to php cgi-fcgi backend, and php should issue 404 error like 5.2 does

otherwise i have to set up
a. webserver(frontend) on server1 -> webserver + mod_php(backend) on server2, or
b. webserver(frontend, check-local=disabled) on server 1 -> webserver(backend, check-local=enabled to produce 404) -> php cgi-fcgi (backend)

2. passing file_handle == NULL || file_handle->filename == NULL does not make sense, it breaks zend extensions that hook zend_compile_file, like phar, apc, ZendOptimizer, XCache, Xdebug, eaccelerator, blahblah...

as you assigned it to phar category, i ask your advise
 [2008-09-30 02:42 UTC] cellog@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

I'm marking this bug closed, as phar now handles stupid input correctly.  Please open another bug in CGI/CLI related category for the other problem.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Dec 21 15:01:29 2024 UTC