|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
[2007-11-15 01:35 UTC] yoy dot noneoff at dfgh dot net
Description: ------------ php crash on mbstring(php_mbstring.dll) when runnign as CGI. 'e' flag/option and $replacement parameter contian php-expression with syntax error. problem not present when php loaded as module(Apache) Parse error is thrown. applay on the latest php 5.3 and also on php 5.2 Reproduce code: --------------- <?php $ptr = 'hello'; $txt = <<<doc hello, I have got a cr*sh on you doc; echo C($ptr,'$1',$txt,'e'); ?> Expected result: ---------------- see Parse Error, similer to php loaded as module. Actual result: -------------- crash error AppName: php-cgi.exe AppVer: 5.3.0.0 ModName: php_mbstring.dll ModVer: 5.3.0.0 Offset: 00031595 PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
|
|||||||||||||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Sun Apr 13 00:01:28 2025 UTC |
Parse error: syntax error, unexpected T_LNUMBER, expecting T_VARIABLE or '$' in /home/jani/t.php(8) : mbregex replace on line 1 Program received signal SIGSEGV, Segmentation fault. 0x082f5175 in _zval_dtor_func (zvalue=0xbfe4782c, __zend_filename=0x85d62c0 "/home/jani/src/php-5.3/Zend/zend_variables.h", __zend_lineno=35) at /home/jani/src/php-5.3/Zend/zend_variables.c:35 35 CHECK_ZVAL_STRING_REL(zvalue); (gdb) bt #0 0x082f5175 in _zval_dtor_func (zvalue=0xbfe4782c, __zend_filename=0x85d62c0 "/home/jani/src/php-5.3/Zend/zend_variables.h", __zend_lineno=35) at /home/jani/src/php-5.3/Zend/zend_variables.c:35 #1 0x082ee134 in _zval_dtor (zvalue=0xbfe4782c, __zend_filename=0x85d6198 "/home/jani/src/php-5.3/Zend/zend_operators.c", __zend_lineno=599) at /home/jani/src/php-5.3/Zend/zend_variables.h:35 #2 0x082eed13 in _convert_to_string (op=0xbfe4782c, __zend_filename=0x85858cc "/home/jani/src/php-5.3/ext/mbstring/php_mbregex.c", __zend_lineno=742) at /home/jani/src/php-5.3/Zend/zend_operators.c:599 #3 0x081a569a in _php_mb_regex_ereg_replace_exec (ht=4, return_value=0x8ae35c0, return_value_ptr=0x0, this_ptr=0x0, return_value_used=1, options=0) at /home/jani/src/php-5.3/ext/mbstring/php_mbregex.c:742 #4 0x081a5deb in zif_mb_ereg_replace (ht=4, return_value=0x8ae35c0, return_value_ptr=0x0, this_ptr=0x0, return_value_used=1) at /home/jani/src/php-5.3/ext/mbstring/php_mbregex.c:788 #5 0x0831ea96 in zend_do_fcall_common_helper_SPEC (execute_data=0xbfe47abc) at /home/jani/src/php-5.3/Zend/zend_vm_execute.h:194 #6 0x083241f3 in ZEND_DO_FCALL_SPEC_CONST_HANDLER (execute_data=0xbfe47abc) at /home/jani/src/php-5.3/Zend/zend_vm_execute.h:1439 #7 0x0831e59a in execute (op_array=0x8ae2e7c) at /home/jani/src/php-5.3/Zend/zend_vm_execute.h:87 #8 0x082f76c6 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /home/jani/src/php-5.3/Zend/zend.c:1139 #9 0x082a0049 in php_execute_script (primary_file=0xbfe49e40) at /home/jani/src/php-5.3/main/main.c:2007 #10 0x0837ef60 in main (argc=2, argv=0xbfe49f94) at /home/jani/src/php-5.3/sapi/cli/php_cli.c:1140the crash issue is indeed gone but two new problems appear I download the latest package, and I notice that now there is 2 errors raised PHP Parse error and PHP Fatal error prob 1: the rest of script execution stop I also think the PHP Fatal error is NOT required , in addition its a security risk. for example mb_ereg_replace('ptr','<script>alert(\'are you sure\')</script>','text with ptr','e') return: PHP Parse error: syntax error, unexpected '<' in test.php: mbregex replace on line 1 PHP Fatal error: mb_ereg_replace(): Failed evaluating code: <script>alert('are you sure')</script> in test.php on line 3