PHP :: Request #32132 :: SSH2 + "Segmentaion Fault"

Request #32132	SSH2 + "Segmentaion Fault"
Submitted:	2005-02-28 15:56 UTC	Modified:	2005-02-28 19:47 UTC
From:	me at bereal dot ru	Assigned:
Status:	Not a bug	Package:	Feature/Change Request
PHP Version:	5.0.3	OS:
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	me at bereal dot ru
New email:
PHP Version:		OS:

New Comment:

[2005-02-28 15:56 UTC] me at bereal dot ru

Description:
------------
We've got the "Segmentation Fault" error when trying to send more than 2 files via ssh2_scp_send within one connection.

But its all okay when we use new connection for each file upload.

Reproduce code:
---------------
            $ssh2 = $this->Connect($host);
            @ssh2_scp_send($ssh2, $from, $path1.basename($from));
            @ssh2_scp_send($ssh2, $from, $path2.basename($from));
            @ssh2_scp_send($ssh2, $from, $path3.basename($from));
            @ssh2_scp_send($ssh2, $from, $path4.basename($from));


Expected result:
----------------
Segmentation fault

Actual result:
--------------
Segmentation fault

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2005-02-28 17:25 UTC] me at bereal dot ru

Program received signal SIGSEGV, Segmentation fault.
0x081d7c07 in _efree (ptr=0x836b85d) at /usr/local/src/php-5.0.2/Zend/zend_alloc.c:281
281             REMOVE_POINTER_FROM_LIST(p);
(gdb) bt
#0  0x081d7c07 in _efree (ptr=0x836b85d) at /usr/local/src/php-5.0.2/Zend/zend_alloc.c:281
#1  0x0813466d in php_ssh2_free_cb (ptr=0x6174732d, abstract=0x836b6ec) at /usr/local/src/php-5.0.2/ext/ssh2/ssh2.c:68
#2  0x40052a1e in libssh2_comp_method_zlib_comp (session=0x836b6ec, compress=0, dest=0x6174732d, dest_len=0x6174732d, payload_limit=40000, 
    free_dest=0x6174732d, src=0x6174732d <Address 0x6174732d out of bounds>, src_len=7566708, abstract=0x6174732d) at comp.c:223
#3  0x40059a2f in libssh2_packet_read (session=0x836b6ec, should_block=0) at packet.c:695
#4  0x40059d19 in libssh2_packet_ask_ex (session=0x836b6ec, packet_type=99 'c', data=0x6174732d, data_len=0x6174732d, match_ofs=1, match_buf=0xbfff9fa8 "", 
    match_len=4, poll_socket=1) at packet.c:787
#5  0x400515d6 in libssh2_channel_process_startup (channel=0x83beedc, request=0x6174732d <Address 0x6174732d out of bounds>, request_len=4, 
    message=0x8357484 "scp -pt /vhosts/test/htdocs/synchronizer/test3/newser/0000001070902835.txt", message_len=75) at channel.c:704
#6  0x4005a9c0 in libssh2_scp_send_ex (session=0x836b6ec, path=0x83573bc "/vhosts/test/htdocs/synchronizer/test3/newser/0000001070902835.txt", 
    mode=1635021613, size=1635021613, mtime=1109608206, atime=1070956777) at scp.c:358
#7  0x08138d46 in zif_ssh2_scp_send (ht=3, return_value=0x83705ac, this_ptr=0x0, return_value_used=0)
    at /usr/local/src/php-5.0.2/ext/ssh2/ssh2_fopen_wrappers.c:965
#8  0x08225434 in zend_do_fcall_common_helper (execute_data=0xbfffcce0, opline=0x83680f0, op_array=0x8361c14)
    at /usr/local/src/php-5.0.2/Zend/zend_execute.c:2711
#9  0x08225798 in zend_do_fcall_handler (execute_data=0xbfffcce0, opline=0x83680f0, op_array=0x6174732d)
    at /usr/local/src/php-5.0.2/Zend/zend_execute.c:2843
#10 0x08213418 in execute (op_array=0x8361c14) at /usr/local/src/php-5.0.2/Zend/zend_execute.c:1400
#11 0x08224f05 in zend_do_fcall_common_helper (execute_data=0xbfffd4e0, opline=0x835adfc, op_array=0x8353cdc)
    at /usr/local/src/php-5.0.2/Zend/zend_execute.c:2740
#12 0x08225671 in zend_do_fcall_by_name_handler (execute_data=0x737574, opline=0x6174732d, op_array=0x6174732d)
    at /usr/local/src/php-5.0.2/Zend/zend_execute.c:2825
#13 0x08213418 in execute (op_array=0x8353cdc) at /usr/local/src/php-5.0.2/Zend/zend_execute.c:1400
#14 0x081f0151 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /usr/local/src/php-5.0.2/Zend/zend.c:1060
#15 0x081b2ddf in php_execute_script (primary_file=0xbffff9a0) at /usr/local/src/php-5.0.2/main/main.c:1629
#16 0x0822e9f5 in main (argc=2, argv=0xbffffa24) at /usr/local/src/php-5.0.2/sapi/cli/php_cli.c:943
#17 0x40252912 in __libc_start_main () from /lib/i686/libc.so.6

[2005-02-28 17:56 UTC] pollita@php.net

I *think* I've identified the bug in libssh2 (try the next release when it comes out), for now you can avoid this bug by disabling compression.

$methods = array('client_to_server'=>array('comp'=>'none'),'server_to_client'=>array('comp'=>'none'));

$connection = ssh2_connect($host, $post, $methods);

[2005-02-28 19:47 UTC] pollita@php.net

This bug system is for bugs in core PHP.   The ssh2 extension is a PECL project so reporting of this bug probably should have started with http://pecl.php.net/bugs/

Of course, beyond that the actual problem is in libssh2 which is a sourceforge.net project so it *really* belongs in that bug system.

Sorry it's so convoluted, but there are a fair number of cooks in the kitchen.

I will continue to work on the libssh2 bug despite closing this report.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Fri Jul 04 11:01:37 2025 UTC