|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2002-06-16 08:22 UTC] sander@php.net
|
|||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Thu Dec 25 19:00:01 2025 UTC |
With the following mime headers posted from the Silkymail compose screen: Content-type: multipart/form-data; boundary=---------------------------21140735331682 Content-Length: 714 -----------------------------21140735331682 Content-Disposition: form-data; name="actionID" -----------------------------21140735331682 Content-Disposition: form-data; name="copyto" -----------------------------21140735331682 Content-Disposition: form-data; name="to" -----------------------------21140735331682 Content-Disposition: form-data; name="cc" -----------------------------21140735331682 Content-Disposition: form-data; name="bcc" -----------------------------21140735331682 Content-Disposition: form-data; name="subject" -----------------------------21140735331682 Content-Disposition: form-data; name="message" -----------------------------21140735331682-- apache gets a segmentation violation. Here is a library call trace: -> libc:strncmp(0x13e0a3, 0xefffe354, 0x28, 0x2d) <- libc:strncmp() = -6 -> libc:memchr(0x13e0a4, 0x2d, 0x25e, 0x35393632) <- libc:memchr() = 0x13e0a4 -> libc:strncmp(0x13e0a4, 0xefffe354, 0x28, 0x2d) <- libc:strncmp() = -6 -> libc:memchr(0x13e0a5, 0x2d, 0x25d, 0x0) <- libc:memchr() = 0x13e0a5 -> libc:strncmp(0x13e0a5, 0xefffe354, 0x28, 0x2d) <- libc:strncmp() = 0 -> libc:strlen(0x0, 0xefffe37c, 0xffffffff, 0x31343034) Incurred fault #6, FLTBOUNDS %pc = 0xEF6329EC siginfo: SIGSEGV SEGV_MAPERR addr=0x00000000 Received signal #11, SIGSEGV [default] siginfo: SIGSEGV SEGV_MAPERR addr=0x00000000 *** process killed *** This is because `sbuf' is NULL. The following patchs fixes it, although I don't know that the logic is correct: *** mime.Oc Sat Sep 9 16:05:45 2000 --- mime.c Thu Nov 9 20:49:12 2000 *************** *** 184,190 **** *(loc - 4) = '\0'; /* Check to make sure we are not overwriting special file upload variables */ ! if(memcmp(namebuf,sbuf,strlen(sbuf))) { _php3_parse_gpc_data(ptr,namebuf,http_post_vars); } --- 184,190 ---- *(loc - 4) = '\0'; /* Check to make sure we are not overwriting special file upload variables */ ! if(sbuf && memcmp(namebuf,sbuf,strlen(sbuf))) { _php3_parse_gpc_data(ptr,namebuf,http_post_vars); } php is built this way: env CC=cc \ ./configure \ --with-db2=/usr/local/src/db/db-2.4.14/Unix \ --with-apxs=/usr/local/apache/sbin/apxs \ --with-ldap=/usr/local/src/ldap/openldap-1.2.11 \ --with-imap=/usr/local/src/c-client/imap-2000 \ --with-imsp=/usr/local/src/c-client/libimsp \ --with-mysql=/usr/local/src/mysql/mysql-3.22.32