PHP :: Bug #30513 :: segfault in cli/cgi interactive mode

Bug #30513

segfault in cli/cgi interactive mode

Submitted:

2004-10-21 16:49 UTC

Modified:

2005-03-26 03:46 UTC

Votes:	1
Avg. Score:	5.0 ± 0.0
Reproduced:	1 of 1 (100.0%)
Same Version:	1 (100.0%)
Same OS:	0 (0.0%)

From:

asm at asm dot flynet dot pl

Assigned:

Status:

Closed

Package:

Scripting Engine problem

PHP Version:

5CVS-2005-03-09

OS:

Private report:

CVE-ID:

None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	asm at asm dot flynet dot pl
New email:
PHP Version:		OS:

New Comment:

[2004-10-21 16:49 UTC] asm at asm dot flynet dot pl

Description:
------------
Please forgive, that I haven't attached backtrace, and
whole ./configure options. But I see this behaviour
on diffrent boxes (an old slackware with 2.2 and fedora with 2.4) with diffrent versions
of PHP5's CLI/CGI interactive mode (so it should be easy to recover). It doesn't affect PHP4.


Reproduce code:
---------------
BOX1$ php -v ; php -a
PHP 5.0.0 (cli) (built: Oct 15 2004 17:43:01)
Copyright (c) 1997-2004 The PHP Group
Zend Engine v2.0.0, Copyright (c) 1998-2004 Zend Technologies
Interactive mode enabled

<?

if (preg_match('/.*end$/', 'abcend')) echo 'got it';
?>
got itSegmentation fault


***

BOX2$ php5 -v ; php5 -a
PHP 5.0.2 (cli) (built: Oct 17 2004 00:46:25)
Copyright (c) 1997-2004 The PHP Group
Zend Engine v2.0.2, Copyright (c) 1998-2004 Zend Technologies
Interactive mode enabled

<?

if (preg_match('/.*end$/', 'abcend')) echo 'got it';
?>
got itSegmentation fault


Expected result:
----------------
got it

Actual result:
--------------
expected + segfault

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2004-10-23 18:28 UTC] tony2001@php.net

Actually it segfaults in interactive mode even on this:
<?
if (true) true;
?>
And it's caused by the fact that somehow EX(opline) happens to point to not initilized memory.

bt:
Program received signal SIGSEGV, Segmentation fault.
0x0819681b in execute (op_array=0x831093c) at zend_vm_execute.h:58
58                      if (EX(opline)->handler(&execute_data TSRMLS_CC) > 0) {
(gdb) bt
#0  0x0819681b in execute (op_array=0x831093c) at zend_vm_execute.h:58
#1  0x0816e574 in execute_new_code () at /home/dev/php-src/Zend/zend_execute_API.c:1089
#2  0x08159a24 in zendparse () at zend_language_parser.y:166
#3  0x0815c086 in compile_file (file_handle=0xbffff890, type=2) at zend_language_scanner.l:375
#4  0x08178445 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /home/dev/php-src/Zend/zend.c:1049
#5  0x0813fd23 in php_execute_script (primary_file=0xbffff890) at /home/dev/php-src/main/main.c:1634
#6  0x081f6250 in main (argc=2, argv=0xbffff914) at /home/dev/php-src/sapi/cli/php_cli.c:943

[2005-03-03 19:06 UTC] mweierophinney at gmail dot com

I have reproduced the problem with the similar code:

<test.php>:
<?php if (1) { echo "Working." } ?>

and 'php -a test.php' produces a segfault.

I can confirm it for PHP versions 5.0.1, 5.0.2, and 5.0.3 -- 5.0.3 on Gentoo GNU/Linux and 5.0.1 and 5.0.2 on Fedora Core 1.

[2005-03-09 00:43 UTC] sniper@php.net

See bug #28839

[2005-03-09 00:44 UTC] sniper@php.net

see also bug #32229

[2005-03-26 03:46 UTC] sniper@php.net

This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Nov 21 16:01:29 2024 UTC