PHP :: Bug #21037 :: setcookie() with an expire argument causes a bus error

Bug #21037

setcookie() with an expire argument causes a bus error

Submitted:

2002-12-15 23:34 UTC

Modified:

2002-12-31 01:00 UTC

Votes:	2
Avg. Score:	4.0 ± 1.0
Reproduced:	2 of 2 (100.0%)
Same Version:	2 (100.0%)
Same OS:	1 (50.0%)

From:

jcs at rt dot fm

Assigned:

Status:

No Feedback

Package:

Reproducible crash

PHP Version:

4.2.3

OS:

OpenBSD 3.2 (sparc64)

Private report:

CVE-ID:

None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	jcs at rt dot fm
New email:
PHP Version:		OS:

New Comment:

[2002-12-15 23:34 UTC] jcs at rt dot fm

Installed PHP 4.2.3 as a DSO with the mysql extension enabled.  Everything works fine until doing a setcookie() with any argument for the expiration, which results in:

[Sun Dec 15 22:35:57 2002] [notice] child pid 3155 exit signal Bus error (10)

The bug in its most basic form using the PHP CLI (no working gdb available, using pmdb):

$> pmdb ./php -r 'setcookie("test", "test", 1, "/");'
pmdb: Loading symbols from ./php at 0x0
pmdb> run
pmdb: process started with PID 6187
PMDB stopping child. signal: BUS
pmdb: Loading symbols from /usr/local/lib/libintl.so.1.1 at 0x40408000
pmdb: Loading symbols from /usr/local/lib/libiconv.so.3.0 at 0x40510000
pmdb: Loading symbols from /usr/lib/libz.so.2.0 at 0x40718000
pmdb: Loading symbols from /usr/lib/libssl.so.7.0 at 0x40828000
pmdb: Loading symbols from /usr/lib/libcrypto.so.9.0 at 0x4096a000
pmdb: Loading symbols from /usr/lib/libm.so.1.0 at 0x40baa000
pmdb: Loading symbols from /usr/lib/libc.so.29.0 at 0x40ce8000
pmdb: Loading symbols from /usr/libexec/ld.so at 0x40300000
pmdb: Loading symbols from /usr/local/lib/php/modules/mysql.so at 0x40ed8000
pmdb: Loading symbols from /usr/local/lib/libmysqlclient.so.10.0 at 0x40fe8000
pmdb> trace
zend_parse_arg_impl(0x1, 0x0, 0x0, 0x0, 0x0, 0x0)+0x47c
zend_parse_arg_impl(0x104b50, 0x47c, 0x28, 0x400, 0xffffffffffffcb48, 0x0)+0x8
zend_parse_arg(0x464c28, 0xffffffffffffcc08, 0xffffffffffffcbd8, 0x112d2f, 0x112d45, 0x110990)+0x50
zend_parse_va_args(0x3, 0x464c28, 0xffffffffffffcc08, 0xffffffffffffcbd8, 0x0, 0x40306188)+0x410
zend_parse_parameters(0x4, 0x282808, 0xffffffffffffcc08, 0x0, 0x0, 0x40306188)+0x40
zif_setcookie(0x4, 0x282808, 0xffffffffffffcd38, 0xffffffffffffcd14, 0xffffffffffffcd30, 0xffffffffffffcd10)+0x94
execute(0x4, 0x45ac58, 0x0, 0x0, 0x1e3054, 0x0)+0x4130
zend_eval_string(0x462118, 0x3da5f0, 0x246c44, 0x0, 0x0, 0x0)+0x1dc
main(0xffffffffffffd9c1, 0x0, 0x26bc20, 0x26b000, 0x4, 0x4)+0xfb4
___start(0x3, 0xffffffffffffd4d8, 0xffffffffffffd4f8, 0x3d4000, 0x0, 0x40305960)+0x80
_dl_start(0xffffffffffffd9b8, 0x3c34f8, 0x40306008, 0xffffffffffffd450, 0x40305968, 0x40300000)+0x40
pmdb> 

Using nothing for the expiration works without crashing:

$> pmdb ./php -r 'setcookie("test", "test", "", "/");'
pmdb: Loading symbols from ./php at 0x0
pmdb> run
pmdb: process started with PID 24403
PHP Warning:  setcookie() expects parameter 3 to be long, string given in Command line code on line 1
process exited with status 0
pmdb>

I cannot reproduce this on i386, so I'm assuming it's a 64-bit issue.  I cannot reproduce the crash on sparc64 with any other functions I've tried, other than setcookie.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2002-12-16 00:35 UTC] derick@php.net

It would help if you could try the latest RC, available through http://qa.php.net . THere is a big change this is fixed.

Derick

[2002-12-16 19:08 UTC] jcs at rt dot fm

RC3 doesn't even start...

$> pmdb ./php
pmdb: Loading symbols from ./php at 0x0
pmdb> run
pmdb: process started with PID 12195
PMDB stopping child. signal: BUS
pmdb: Loading symbols from /usr/local/lib/libintl.so.1.1 at 0x40408000
pmdb: Loading symbols from /usr/local/lib/libiconv.so.3.0 at 0x40510000
pmdb: Loading symbols from /usr/lib/libz.so.2.0 at 0x40718000
pmdb: Loading symbols from /usr/lib/libssl.so.7.0 at 0x40828000
pmdb: Loading symbols from /usr/lib/libcrypto.so.9.0 at 0x4096a000
pmdb: Loading symbols from /usr/lib/libm.so.1.0 at 0x40baa000
pmdb: Loading symbols from /usr/lib/libc.so.29.0 at 0x40ce8000
pmdb: Loading symbols from /usr/libexec/ld.so at 0x40300000
pmdb> trace
OnUpdateInt(0x1, 0x0, 0x0, 0x0, 0x0, 0x0)+0x10
OnUpdateInt(0x104b50, 0x10, 0x28, 0x400, 0xffffffffffffcc68, 0x0)+0x8
OnUpdate_zlib_output_compression_level(0x40a480, 0x21c2e0, 0x2, 0x8c, 0x36c438, 0x0)+0x20
zend_register_ini_entries(0x40a480, 0x21c2e0, 0x2, 0x8c, 0x36c438, 0x0)+0x104
zm_startup_zlib(0x346d40, 0x14, 0x78, 0x3, 0x14, 0x0)+0x7c
zend_startup_module(0x0, 0x14, 0x126534, 0x6, 0x0, 0x40306188)+0x30
php_startup_extensions(0x346c60, 0x0, 0x23, 0x6, 0x0, 0x40306188)+0x24
php_startup_internal_extensions(0x3591b0, 0x3591b0, 0x7ac0, 0x1, 0x0, 0x0)+0x1c
php_module_startup(0x0, 0x5c00, 0x231118, 0x2, 0x3, 0x0)+0x5b4
main(0x359038, 0x0, 0x0, 0x359100, 0x373cc8, 0x0)+0x120
___start(0x1, 0xffffffffffffd6a8, 0xffffffffffffd6b8, 0x36c000, 0x0, 0x40305960)+0x80
_dl_start(0xffffffffffffdb80, 0x36b0f8, 0x40306008, 0xffffffffffffd620, 0x40305968, 0x40300000)+0x40
pmdb> quit

[2002-12-31 01:00 UTC] php-bugs at lists dot php dot net

No feedback was provided for this bug for over 2 weeks, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Sun Jan 05 00:01:29 2025 UTC