php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #21344 References to object members seem to be backwards
Submitted: 2003-01-02 13:27 UTC Modified: 2003-01-17 22:15 UTC
From: mattb at columbia dot edu Assigned:
Status: No Feedback Package: Reproducible crash
PHP Version: 4.3.0 OS: GNU/Linux 2.4.18-17.7.x (RedHat)
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: mattb at columbia dot edu
New email:
PHP Version: OS:

 

 [2003-01-02 13:27 UTC] mattb at columbia dot edu
ereg(..., null) is causing a crash in Apache, but not in command line mode. I'm using the following file in /path/to/htdocs/test.php:

    <?php
    define_syslog_variables();
    openlog('ereg() test', LOG_CONS | LOG_PERROR, LOG_USER);

    header("Content-Type: text/plain\r\n");
    syslog(LOG_ERR, "one\n");
    echo "one\n";
    ereg('wsdl', $unsetVariable);
    syslog(LOG_ERR, "two\n");
    echo "two\n";
    ?>

Nothing fancy, just trying to call ereg() with an unset variable as a second argument (the nusoap package at http://dietrich.ganx4.com/nusoap/ does this all over the place). This used to work just fine with 4.2.3.

If I run it from the 4.3.0 command line, it works as well:

    $ php test.php
    ereg() test: one
    X-Powered-By: PHP/4.1.2
    Content-Type: text/plain

    one
    ereg() test: two
    two

However, if I go to that page in a web browser, I get nothing back and this in the logs:

    ereg() test: one
    FATAL:  emalloc():  Unable to allocate 1449143544 bytes
    ereg() test: one
    FATAL:  emalloc():  Unable to allocate 1449143544 bytes
    ereg() test: one
    FATAL:  emalloc():  Unable to allocate 1449143544 bytes
    ereg() test: one
    FATAL:  emalloc():  Unable to allocate 1449143544 bytes
    ereg() test: one
    FATAL:  emalloc():  Unable to allocate 1449143544 bytes
    ereg() test: one
    FATAL:  emalloc():  Unable to allocate 1449143544 bytes
    ereg() test: one
    FATAL:  emalloc():  Unable to allocate 1449143544 bytes
    ereg() test: one
    FATAL:  emalloc():  Unable to allocate 1449143544 bytes
    ereg() test: one
    FATAL:  emalloc():  Unable to allocate 1449143544 bytes
    ereg() test: one
    FATAL:  emalloc():  Unable to allocate 1449143544 bytes

The weird thing is that if I call ereg('', ''); once in the program before all other ereg() calls, everything works as before (shared state initialization? are these thread safe?).

I'm using apache_1.3.27, curl-7.10.2, libxml2-2.4.30, libxslt-1.0.23, mod_ssl-2.8.11-1.3.27, openssl-engine-0.9.6g, and php-4.3.0 (everything else comes from the most up-to-date RedHat 7.3 distro).

Here is my Apache 1.3.27 build configuration (pretty simple). I'm using 

EAPI_MM=SYSTEM SSL_BASE="${ARENA_HOME}" ./configure \
    --disable-module=userdir \
    --enable-module=ssl \
    --enable-shared=ssl \
    --enable-shared=max \
    "--prefix=${ARENA_HOME}" \
    --with-layout=GNU

Here is my PHP 4.3.0 build configuration:

    EXTRA_LDFLAGS="-L/usr/X11R6/lib -lpthread" ./configure \
    --disable-short-tags \
    --disable-rpath \
    --disable-url-fopen-wrapper \
    --enable-bcmath \
    --enable-calendar \
    --enable-debugger \
    --enable-dio \
    --enable-discard-path \
    --enable-embed=shared \
    --enable-exif \
    --enable-force-cgi-redirect \
    --enable-ftp \
    --enable-inline-optimization \
    --enable-gd-native-ttf \
    --enable-magic-quotes \
    --enable-mailparse \
    --enable-memory-limit \
    --enable-mime-magic \
    --enable-safe-mode \
    --enable-shmop \
    --enable-sockets \
    --enable-sysvsem \
    --enable-sysvshm \
    --enable-track-vars \
    --enable-trans-sid \
    --enable-wddx \
    "--prefix=${ARENA_HOME}" \
    "--with-apxs=${ARENA_HOME}/sbin/apxs" \
    --with-bz2=shared \
    "--with-config-file-path=${ARENA_HOME}/etc" \
    --with-db3 \
    "--with-curl=shared,${ARENA_HOME}" \
    "--with-dom=${ARENA_HOME}" \
    "--with-dom-exslt=${ARENA_HOME}" \
    "--with-dom-xslt=${ARENA_HOME}" \
    --with-expat-dir=/usr \
    --with-freetype-dir=/usr \
    --with-gd=shared \
    --with-gettext=shared \
    --with-gmp \
    --with-iconv=shared \
    --with-imap=shared \
    "--with-imap-ssl=${ARENA_HOME}" \
    --with-jpeg-dir=/usr \
    --with-kerberos \
    --with-layout=GNU \
    --with-mysql=shared,/usr \
    --with-ncurses=shared \
    "--with-openssl=shared,${ARENA_HOME}" \
    --with-pgsql=shared \
    --with-pic \
    --with-png-dir=/usr \
    --with-pspell=shared \
    --with-readline \
    --with-regex=system \
    --with-ttf=shared \
    --with-xmlrpc=shared \
    --with-xpm-dir=/usr/X11R6 \
    --with-zlib \
    --x-includes=/usr/X11R6/include/X11 \
    --x-libraries=/usr/X11R6/lib

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-01-02 14:04 UTC] iliaa@php.net
Does the crash occur if you stop linking PHP against -lpthread?
 [2003-01-17 22:15 UTC] sniper@php.net
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Open". Thank you.


 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved.
Last updated: Sun Jan 05 00:01:29 2025 UTC