php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #35916 stream_socket_append() twice will cause segfault
Submitted: 2006-01-06 06:59 UTC Modified: 2006-01-10 17:14 UTC
From: sqchen at citiz dot net Assigned: pollita (profile)
Status: Closed Package: Streams related
PHP Version: 5CVS-2006-01-07 (cvs) OS: *
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: sqchen at citiz dot net
New email:
PHP Version: OS:

 

 [2006-01-06 06:59 UTC] sqchen at citiz dot net 
Description:
------------
stream_socket_append() twice will cause segfault, the same as stream_socket_prepend()

Reproduce code:
---------------
<?php
class strtoupper_filter extends php_user_filter{
        function filter($in, $out, &$consumed, $closing)
        {
         while($bucket=stream_bucket_make_writeable($in)){
        $bucket->data = strtoupper($bucket->data);
                $consumed += $bucket->datalen;
        stream_bucket_append($out, $bucket);
        /*here twice will cause segfault*/
        stream_bucket_append($out, $bucket);

                }
        return PSFS_PASS_ON;
        }
function onCreate(){
echo "fffffffffff\n";
}
function onClose(){
echo "hello\n";
}
}


stream_filter_register("strtoupper", "strtoupper_filter");
$fp=fopen("1.txt", "w");
stream_filter_append($fp,  "strtoupper");
fread($fp, 1024);
fwrite($fp, "Thank you\n");
fclose($fp);
readfile("1.txt");
unlink("1.txt");
?>

Actual result:
--------------
segfault

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-01-06 09:03 UTC] sqchen at citiz dot net 
sorry, it's stream_bucket_append and stream_bucket_prepend
 [2006-01-06 12:51 UTC] tony2001@php.net 
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1085230688 (LWP 21490)]
0x0814f3ae in php_stream_bucket_unlink (bucket=0x8300c3c) at /usr/src/dev/php-src_5_1/main/streams/filter.c:222
222                     bucket->prev->next = bucket->next;
(gdb) p bucket
$1 = (php_stream_bucket *) 0x8300c3c
(gdb) p bucket->prev
$2 = (php_stream_bucket *) 0x5a5a5a5a
(gdb) bt
#0  0x0814f3ae in php_stream_bucket_unlink (bucket=0x8300c3c) at /usr/src/dev/php-src_5_1/main/streams/filter.c:222
#1  0x0814b171 in _php_stream_write_filtered (stream=0x83033a4, buf=0x830519c "Thank you\n", count=10, flags=0) at /usr/src/dev/php-src_5_1/main/streams/streams.c:978
#2  0x0814b22b in _php_stream_write (stream=0x83033a4, buf=0x830519c "Thank you\n", count=10) at /usr/src/dev/php-src_5_1/main/streams/streams.c:1017
#3  0x080de0a7 in zif_fwrite (ht=2, return_value=0x830357c, return_value_ptr=0x0, this_ptr=0x0, return_value_used=0) at /usr/src/dev/php-src_5_1/ext/standard/file.c:1257
#4  0x0819a7c8 in zend_do_fcall_common_helper_SPEC (execute_data=0xbfffca90) at zend_vm_execute.h:192
#5  0x0819d50e in ZEND_DO_FCALL_SPEC_CONST_HANDLER (execute_data=0xbfffca90) at zend_vm_execute.h:1587
#6  0x0819a475 in execute (op_array=0x82fe3f4) at zend_vm_execute.h:92
#7  0x0817d890 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /usr/src/dev/php-src_5_1/Zend/zend.c:1101
#8  0x08139bf0 in php_execute_script (primary_file=0xbfffef30) at /usr/src/dev/php-src_5_1/main/main.c:1720
#9  0x081e0df6 in main (argc=2, argv=0xbffff014) at /usr/src/dev/php-src_5_1/sapi/cli/php_cli.c:1077
 [2006-01-06 14:40 UTC] sniper@php.net 
Sara, here's one more..
 [2006-01-10 17:14 UTC] iliaa@php.net 
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Sun Oct 26 12:00:01 2025 UTC