PHP :: Bug #41451 :: Segmentation core dump glibc detected *** free(): invalid next size

Bug #41451	Segmentation core dump glibc detected *** free(): invalid next size
Submitted:	2007-05-20 18:14 UTC	Modified:	2007-05-21 21:36 UTC
From:	farayi dot nyamadzawo at unodc dot org	Assigned:
Status:	Not a bug	Package:	Filesystem function related
PHP Version:	5.2.2	OS:	Redhat
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	farayi dot nyamadzawo at unodc dot org
New email:
PHP Version:		OS:

New Comment:

[2007-05-20 18:14 UTC] farayi dot nyamadzawo at unodc dot org

Description:
------------
 I am running the below script from command line.it gives me a segmentation error when it is trying to download files and save them and return any arraz. 
I get the following error
glibc detected *** free(): invalid next size

function attached below
./configure --with-apxs2=/usr/local/apache2/bin/apxs   --with-openssl --with-zlib --enable-bcmath --enable-calendar --with-curl     --enable-dom --enable-exif --with-gd --with-jpeg-dir=/usr  --with-png-dir=/usr --with-freetype-dir=/usr    --with-iconv  --enable-json --with-mysql --enable-xml --with-xsl --enable-zip --enable-shared  --with-ldap=/usr  --with-mysqli --enable-mbstring


PHP 5.2.2 (cli)
Archive_Tar      1.3.2   stable
Console_Getopt   1.2.2   stable
DB               1.7.11  stable
PEAR             1.5.4   stable
Structures_Graph 1.0.2   stable






Reproduce code:
---------------
function upload_file_from_url($filename, $url, $dir = 'transfer/docs/', $overwrite_uid = false)
{
	//ver. 2.0
//error_reporting(E_ALL);

	if($fp = fopen($url,"rb")) //file exists
	{
		logmsg ("DEBUG:UPLOAD - open remote file.");
		//generate UNQ name
		$filename = $filename;
		$filetype = 'application/octet-stream';
		$fileinfo = pathinfo($filename);
		$fname = $fileinfo['filename'];
		$filedata = '';

		logmsg ("DEBUG:UPLOAD - read remote file.");
		while (!feof($fp)) {
  			$filedata .= fread($fp, 8192);
		}
		if(!$filedata)
		{
			fclose($fp);
			return false;
		}
		logmsg ("DEBUG:UPLOAD - reading done!");

		logmsg ("DEBUG:UPLOAD - check file size");
		$filesize = strlen($filedata);

		if($filesize == 0)
		{
			fclose($fp);
			return false;
		}
		logmsg ("DEBUG:UPLOAD - size is ok:{$filesize}");

		logmsg ("DEBUG:UPLOAD - check existance of filename");
		//check file exists
		$exists = true;
		$i = 0;
		while(file_exists($this->web_root.$dir.$fname.'.'.$fileinfo['extension']))
		{
			$i++;
			$fname.= '-'.$i;
		}
		$filepath = $fname.'.'.$fileinfo['extension'];
		logmsg ("DEBUG:UPLOAD - check name done. using - ".$filepath);

		logmsg ("DEBUG:UPLOAD - copy data..");
		//store file
		$fpl = fopen($this->web_root.$dir.$filepath,"w");
		if($fpl)
		{
			fwrite($fpl,$filedata,$filesize);
			fclose($fpl);
		}
		else
		{
			fclose($fp);
			return false;
		}
		fclose($fp);
		logmsg ("DEBUG:UPLOAD - data copied - done.");
		return array('name' => $filename,'size'=>$filesize, 'path'=> $filepath);
	}
	else
	{
	    return false;
	}
}



Expected result:
----------------
download files from website , store and return array

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2007-05-20 18:29 UTC] farayi dot nyamadzawo at unodc dot org

The following function also gives a error
*** glibc detected *** free(): invalid next size (normal): 0x00632898 ***
function upload_file_from_url($filename, $url, $dir = 'transfer/docs/', $overwrite_uid = false)
{
	//ver. 2.0
if($fp = fopen($url,"rb")) //file exists
	{
		//generate UNQ name
		$filename = $filename;
		$filetype = 'application/octet-stream';
		$fileinfo = pathinfo($filename);
		$fname = $fileinfo['filename'];

		$filedata = @file_get_contents($url);
		if(!$filedata) return false;

		$filesize = strlen($filedata);
		if($filesize == 0)
		{
			return false;
		}

		//check file exists
		$exists = true;
		$i = 0;
		while(file_exists($root.$dir.$fname.'.'.$fileinfo['extension']))
		{
			$i++;
			$fname.= '-'.$i;
		}
		$filepath = $fname.'.'.$fileinfo['extension'];
		//store file
		if(!file_put_contents($root.$dir.$filepath, $filedata)) return false;

		return array('name' => $filename,'size'=>$filesize, 'path'=> $filepath);
	}
	else
	{
	    return false;
	}
}

[2007-05-20 21:29 UTC] johannes@php.net

Please try using this CVS snapshot:

  http://snaps.php.net/php5.2-latest.tar.gz
 
For Windows (zip):
 
  http://snaps.php.net/win32/php5.2-win32-latest.zip

For Windows (installer):

  http://snaps.php.net/win32/php5.2-win32-installer-latest.msi

I wasn't able to reproduce your problem using your function with either a local file, an file from an ftp server or from an http site. If the problem still exists with a current snapshot please give more information what kind of file you're trying to transfer and a gdb backtrace. Thanks.

[2007-05-21 15:08 UTC] farayi dot nyamadzawo at unodc dot org

I have tried the latest php 5 snapshot and still i get the same problem . please see below the backtrace information.

Core was generated by `php interface.php -fconfig/refreshprojects.xml -rRefreshP                                                                                            rojects'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /lib/libcrypt.so.1...done.
Loaded symbols for /lib/libcrypt.so.1
Reading symbols from /usr/local/lib/libexslt.so.0...done.
Loaded symbols for /usr/local/lib/libexslt.so.0
Reading symbols from /lib/tls/libpthread.so.0...done.
Loaded symbols for /lib/tls/libpthread.so.0
Reading symbols from /lib/tls/libm.so.6...done.
Loaded symbols for /lib/tls/libm.so.6
Reading symbols from /lib/tls/librt.so.1...done.
Loaded symbols for /lib/tls/librt.so.1
Reading symbols from /usr/lib/libldap-2.2.so.7...done.
Loaded symbols for /usr/lib/libldap-2.2.so.7
Reading symbols from /usr/lib/liblber-2.2.so.7...done.
Loaded symbols for /usr/lib/liblber-2.2.so.7
Reading symbols from /usr/local/lib/libfreetype.so.6...done.
Loaded symbols for /usr/local/lib/libfreetype.so.6
Reading symbols from /usr/local/lib/libpng12.so.0...done.
Loaded symbols for /usr/local/lib/libpng12.so.0
Reading symbols from /usr/local/lib/libjpeg.so.62...done.
Loaded symbols for /usr/local/lib/libjpeg.so.62
Reading symbols from /usr/lib/libcurl.so.3...done.
Loaded symbols for /usr/lib/libcurl.so.3
Reading symbols from /lib/libresolv.so.2...done.
Loaded symbols for /lib/libresolv.so.2
Reading symbols from /lib/libdl.so.2...done.
Loaded symbols for /lib/libdl.so.2
Reading symbols from /lib/libnsl.so.1...done.
Loaded symbols for /lib/libnsl.so.1
Reading symbols from /lib/libssl.so.4...done.
Loaded symbols for /lib/libssl.so.4
Reading symbols from /lib/libcrypto.so.4...done.
Loaded symbols for /lib/libcrypto.so.4
Reading symbols from /usr/lib/libgssapi_krb5.so.2...done.
Loaded symbols for /usr/lib/libgssapi_krb5.so.2
Reading symbols from /usr/lib/libkrb5.so.3...done.
Loaded symbols for /usr/lib/libkrb5.so.3
Reading symbols from /lib/libcom_err.so.2...done.
Loaded symbols for /lib/libcom_err.so.2
Reading symbols from /usr/lib/libk5crypto.so.3...done.
Loaded symbols for /usr/lib/libk5crypto.so.3
Reading symbols from /usr/lib/libidn.so.11...done.
Loaded symbols for /usr/lib/libidn.so.11
Reading symbols from /usr/local/lib/libxslt.so.1...done.
Loaded symbols for /usr/local/lib/libxslt.so.1
Reading symbols from /usr/lib/libxml2.so.2...done.
Loaded symbols for /usr/lib/libxml2.so.2
Reading symbols from /lib/tls/libc.so.6...done.
Loaded symbols for /lib/tls/libc.so.6
Reading symbols from /usr/lib/libz.so.1...done.
Loaded symbols for /usr/lib/libz.so.1
Reading symbols from /lib/ld-linux.so.2...done.
Loaded symbols for /lib/ld-linux.so.2
Reading symbols from /usr/lib/libsasl2.so.2...done.
Loaded symbols for /usr/lib/libsasl2.so.2
Reading symbols from /lib/libnss_files.so.2...done.
Loaded symbols for /lib/libnss_files.so.2
Reading symbols from /lib/libnss_dns.so.2...done.
Loaded symbols for /lib/libnss_dns.so.2
#0  0x00bb78e7 in ASN1_template_free () from /lib/libcrypto.so.4
(gdb) bt
#0  0x00bb78e7 in ASN1_template_free () from /lib/libcrypto.so.4
#1  0x00bb7873 in ASN1_primitive_free () from /lib/libcrypto.so.4
#2  0x00bb7983 in ASN1_item_free () from /lib/libcrypto.so.4
#3  0x00bb2d3c in X509_CERT_AUX_free () from /lib/libcrypto.so.4
#4  0x00bb299a in X509_CINF_free () from /lib/libcrypto.so.4
#5  0x00bb77b3 in ASN1_primitive_free () from /lib/libcrypto.so.4
#6  0x00bb7983 in ASN1_item_free () from /lib/libcrypto.so.4
#7  0x00bb2ac1 in X509_free () from /lib/libcrypto.so.4
#8  0x00b9d5eb in sk_pop_free () from /lib/libcrypto.so.4
#9  0x00c5c737 in ssl_sess_cert_free () from /lib/libssl.so.4
#10 0x00c5d4a9 in SSL_SESSION_free () from /lib/libssl.so.4
#11 0x00c5b24b in SSL_free () from /lib/libssl.so.4
#12 0x080c7fdd in php_openssl_sockop_close (stream=0xb7d0da80, close_handle=1)
    at /home/adam/php5.2-200705211030/ext/openssl/xp_ssl.c:267
#13 0x082c1505 in _php_stream_free (stream=0xb7d0da80, close_options=3)
    at /home/adam/php5.2-200705211030/main/streams/streams.c:346
#14 0x082554a4 in zif_file_get_contents (ht=1, return_value=0xb7bfc3c4,
    return_value_ptr=0x0, this_ptr=0x0, return_value_used=1)
    at /home/adam/php5.2-200705211030/ext/standard/file.c:574
#15 0x08302dca in zend_do_fcall_common_helper_SPEC (execute_data=0xbfec1070)
    at /home/adam/php5.2-200705211030/Zend/zend_vm_execute.h:200
#16 0x08302551 in execute (op_array=0xb7d1c9f8)
    at /home/adam/php5.2-200705211030/Zend/zend_vm_execute.h:92
---Type <return> to continue, or q <return> to quit---
#17 0x0830279d in zend_do_fcall_common_helper_SPEC (execute_data=0xbfec2b50)
    at /home/adam/php5.2-200705211030/Zend/zend_vm_execute.h:234
#18 0x08302551 in execute (op_array=0xb7d18ca0)
    at /home/adam/php5.2-200705211030/Zend/zend_vm_execute.h:92
#19 0x0830279d in zend_do_fcall_common_helper_SPEC (execute_data=0xbfec5920)
    at /home/adam/php5.2-200705211030/Zend/zend_vm_execute.h:234
#20 0x08302551 in execute (op_array=0xb7d8989c)
    at /home/adam/php5.2-200705211030/Zend/zend_vm_execute.h:92
#21 0x0830279d in zend_do_fcall_common_helper_SPEC (execute_data=0xbfec6200)
    at /home/adam/php5.2-200705211030/Zend/zend_vm_execute.h:234
#22 0x08302551 in execute (op_array=0xa651690)
    at /home/adam/php5.2-200705211030/Zend/zend_vm_execute.h:92
#23 0x0830279d in zend_do_fcall_common_helper_SPEC (execute_data=0xbfec6430)
    at /home/adam/php5.2-200705211030/Zend/zend_vm_execute.h:234
#24 0x08302551 in execute (op_array=0xb7fb0844)
    at /home/adam/php5.2-200705211030/Zend/zend_vm_execute.h:92
#25 0x082e9361 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at /home/adam/php5.2-200705211030/Zend/zend.c:1134
#26 0x082b1a79 in php_execute_script (primary_file=0xbfec8890)
    at /home/adam/php5.2-200705211030/main/main.c:1794
#27 0x083639a7 in main (argc=4, argv=0xbfec8964)
    at /home/adam/php5.2-200705211030/sapi/cli/php_cli.c:1138
(gdb)

[2007-05-21 18:59 UTC] tony2001@php.net

I don't think a segfault somewhere deep inside of /lib/libcrypto.so.4 has something to do with PHP.
Try updating OpenSSL or reporting it to OpenSSL developers, there is not much we can do about it.

[2007-05-21 21:36 UTC] farayi dot nyamadzawo at unodc dot org

Yes off cause you are right . I upgraded my openssl to the lastest version then i start getting compile errors because mysql dev lib was old. i upgraded that and php compliled . i tested my program and it works.
The problem occured because i was accessing sites with https and since my openssl was bugger, it crashed with a segmentation error.
thx for all u help

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Thu Jul 03 00:01:35 2025 UTC