PHP :: Bug #33733 :: PHP segfaults when using the pspell extension with -a

Bug #33733	PHP segfaults when using the pspell extension with -a
Submitted:	2005-07-17 13:21 UTC	Modified:	2005-07-25 20:04 UTC
From:	nlopess@php.net	Assigned:	helly (profile)
Status:	Closed	Package:	CGI/CLI related
PHP Version:	5CVS-2005-07-17 (dev)	OS:	*
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	nlopess@php.net
New email:
PHP Version:		OS:

New Comment:

[2005-07-17 13:21 UTC] nlopess@php.net

Description:
------------
I'm not sure if this is a PHP bug, but here it is:

(gdb) run -a
Starting program: /usr/local/bin/php -a
[Thread debugging using libthread_db enabled]
[New Thread 16384 (LWP 18864)]
Interactive mode enabled

php > $pspell_link = pspell_new('en');
php > pspell_config_mode($pspell_link, PSPELL_FAST);
*** glibc detected *** corrupted double-linked list: 0x0844e7f0 ***

Program received signal SIGABRT, Aborted.
[Switching to Thread 16384 (LWP 18864)]
0xb79b43e1 in kill () from /lib/libc.so.6
(gdb) bt
#0  0xb79b43e1 in kill () from /lib/libc.so.6
#1  0xb7aac131 in pthread_kill () from /lib/libpthread.so.0
#2  0xb7aac4ab in raise () from /lib/libpthread.so.0
#3  0xb79b4174 in raise () from /lib/libc.so.6
#4  0xb79b564d in abort () from /lib/libc.so.6
#5  0xb79f0030 in mallopt () from /lib/libc.so.6
#6  0xb79ef03c in mallopt () from /lib/libc.so.6
#7  0xb79ee6ea in mallopt () from /lib/libc.so.6
#8  0xb79ed803 in malloc () from /lib/libc.so.6
#9  0x081fbd51 in _emalloc (size=18864) at /cvs/php-src/Zend/zend_alloc.c:181
#10 0x0820909d in op_array_alloc_ops (op_array=0x84a0b54)
    at /cvs/php-src/Zend/zend_opcode.c:48
#11 0x08209107 in init_op_array (op_array=0x84a0b54, type=4 '\004',
    initial_ops_size=8192) at /cvs/php-src/Zend/zend_opcode.c:68
#12 0x081f64c5 in compile_string (source_string=0xbffff410, filename=0x0)
    at zend_language_scanner.l:541
#13 0x08207934 in zend_eval_string (str=0x1 <Address 0x1 out of bounds>,
    retval_ptr=0x0, string_name=0x0)
    at /cvs/php-src/Zend/zend_execute_API.c:1030
#14 0x0827fadc in main (argc=2, argv=0xbffff644)
    at /cvs/php-src/sapi/cli/php_cli.c:1024


I have glib 2.3.4 and aspell 0.60.3.

BTW, PHP segfaults when using aspell 0.50.5, so we should probably bump the version requirements (reference: http://sf.net/tracker/?func=detail&atid=100245&aid=1238839&group_id=245

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2005-07-18 13:02 UTC] nlopess@php.net

I don't know what kind of info you want...

Well, here it is the script used (which is above):
<?
$pspell_link = pspell_new('en');
pspell_config_mode($pspell_link, PSPELL_FAST);
?>

[2005-07-19 13:26 UTC] nlopess@php.net

config.nice:
'./configure' \
'--disable-cgi' \
'--enable-pcntl' \
'--with-ftp' \
'--with-tidy' \
'--with-apxs2=/usr/local/apache2/bin/apxs' \
'--with-readline' \
'--with-bz2' \
'--with-zlib' \
'--with-openssl' \
'--with-pspell' \
'--with-zend-vm=GOTO'

[2005-07-19 14:26 UTC] nlopess@php.net

Now the program receives a SIGABRT and backtrace shows readline.
In fact it seems I cannot reproduce the problem if I execute the script from a file, just when I run PHP in interactive mode (and when I use the auto-completition feature).

I'll try to debug this stupid thing.

[2005-07-19 15:36 UTC] nlopess@php.net

Well, after some debugging I've found the problem. it was much simpler that I though.
The problem was that strcpy() was copying 1 more char than the memory allocated, corrupting it.

Patch: http://mega.ist.utl.pt/~ncpl/php_cli_interactive.txt

[2005-07-19 15:46 UTC] tony2001@php.net

Marcus, you're the author of CLI completion, plz take a look at the patch.

[2005-07-25 20:04 UTC] helly@php.net

thanks for the patch

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Sat Oct 25 23:00:01 2025 UTC