php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #10495 Crash with ob_start();
Submitted: 2001-04-25 14:10 UTC Modified: 2001-10-19 10:58 UTC
From: vvtk at stealthcomp dot com Assigned:
Status: Closed Package: Output Control
PHP Version: 4.0 Latest CVS (25/04/2001) OS: RedHat 6.2
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: vvtk at stealthcomp dot com
New email:
PHP Version: OS:

 

 [2001-04-25 14:10 UTC] vvtk at stealthcomp dot com
Segmentation fault with next script

<?
function my_h($str){
 global $HTTP_ACCEPT_ENCODING,$NO_COMPRESS;
 
 $size = strlen($contents);
 $crc32 = crc32($contents);
 Header("Etag: VT".$crc32);
    $size = strlen($contents);
 $crc32 = crc32($contents);
    // compressed output: set header
 $ENCODING = "gzip";
    header("Content-Encoding: $ENCODING");
    $ret =  "\x1f\x8b\x08\x00\x00\x00\x00\x00";
    $ret .= substr($gzcontent, 0, strlen($gzcontent) - 4);
    $ret .= pack('V',$crc32);
    $ret .= pack('V',$size);
 return $ret;
 if ($NO_COMPRESS) {return $str;}
 return $str.$HTTP_ACCEPT_ENCODING;
} 
 
function TO_LOGIN(){
 echo "Login";
 exit;
}
 
 
ob_start("my_h");
 
phpinfo(); 
TO_LOGIN("rr");
?>

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2001-04-29 11:25 UTC] andi@php.net
Can you please supply the smallest possible reproducing script and post it. Also please try today's CVS updating the PHP, TSRM and Zend CVS trees. Please compile with --enable-debug.
 [2001-04-29 16:03 UTC] vvtk at stealthcomp dot com
php4-200104290845

It is minimal script with segfault (after 3-5 times refresh in browser)

<?

function my_gzhandler($contents){
        $headers = getallheaders();

        global $TIME_EXECUTION,$USERS_ONLINE;
        $contents=str_replace("<!-- TIMEEXECUTION -->",$TIME_EXECUTION,$contents);
        $contents=str_replace("<!-- USERS_ONLINE -->",$USERS_ONLINE,$contents);

        $gzcontent = gzcompress($contents, 3);

        $ENCODING = "gzip";            
        $size = strlen($contents);     
        $crc32 = crc32($contents);     
                                       
        header("Content-Encoding: $ENCODING");
        $ret =  "\x1f\x8b\x08\x00\x00\x00\x00\x00";
        $ret .= substr($gzcontent, 0, strlen($gzcontent) - 4);
        $ret .= pack('V',$crc32);
        $ret .= pack('V',$size);
        return $ret;
}


ob_start("my_gzhandler");

phpinfo();

?>


bt:

Program received signal SIGSEGV, Segmentation fault.
0x40104493 in memcpy (dstpp=0xbffff86c, srcpp=0x2164eaf1, len=4) at ../sysdeps/generic/memcpy.c:61

#0  0x40104493 in memcpy (dstpp=0xbffff86c, srcpp=0x2164eaf1, len=4) at ../sysdeps/generic/memcpy.c:61
#1  0x4024e567 in _mem_block_check (ptr=0x810caac, silent=0, __zend_filename=0x40369062 "output.c", 
    __zend_lineno=229, __zend_orig_filename=0x0, __zend_orig_lineno=0) at zend_alloc.c:614
#2  0x4024e52b in _mem_block_check (ptr=0x810caac, silent=1, __zend_filename=0x40369062 "output.c", 
    __zend_lineno=229, __zend_orig_filename=0x0, __zend_orig_lineno=0) at zend_alloc.c:606
#3  0x4024d3f9 in _efree (ptr=0x810caac, __zend_filename=0x40369062 "output.c", __zend_lineno=229, 
    __zend_orig_filename=0x0, __zend_orig_lineno=0) at zend_alloc.c:210
#4  0x40314c93 in php_end_ob_buffer (send_buffer=1 '\001', just_flush=0 '\000') at output.c:229
#5  0x40314d5c in php_end_ob_buffers (send_buffer=1 '\001') at output.c:250
#6  0x4027fc08 in apache_php_module_main (r=0x80e353c, display_source_mode=0) at sapi_apache.c:95
#7  0x40280807 in send_php (r=0x80e353c, display_source_mode=0, filename=0x80e4f44 "/home/httpd/html/3.php")
    at mod_php4.c:521
#8  0x40280845 in send_parsed_php (r=0x80e353c) at mod_php4.c:532
#9  0x805345e in ap_invoke_handler () from /lib/libnsl.so.1
#10 0x80618fb in ap_some_auth_required () from /lib/libnsl.so.1
#11 0x8061958 in ap_process_request () from /lib/libnsl.so.1
#12 0x805b940 in ap_child_terminate () from /lib/libnsl.so.1
#13 0x805baa7 in ap_child_terminate () from /lib/libnsl.so.1
#14 0x805bba8 in ap_child_terminate () from /lib/libnsl.so.1
#15 0x805c058 in ap_child_terminate () from /lib/libnsl.so.1
#16 0x805c65f in main () from /lib/libnsl.so.1
#17 0x400bc9cb in __libc_start_main (main=0x805c3e0 <main>, argc=2, argv=0xbffffb74, init=0x804f014 <_init>, 
    fini=0x807b99c <_fini>, rtld_fini=0x4000aea0 <_dl_fini>, stack_end=0xbffffb6c)
    at ../sysdeps/generic/libc-start.c:92

 [2001-10-19 10:58 UTC] sander@php.net
Please upgrade to the latest version. Reopen if the problem still occurs.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Dec 21 17:01:58 2024 UTC