PHP :: Bug #45010 :: Output buffering produces segmentation fault

Bug #45010	Output buffering produces segmentation fault
Submitted:	2008-05-15 17:12 UTC	Modified:	2008-05-22 14:35 UTC
From:	Jurijs Cerepanovs <Jurijs dot Cerepanovs at lat	Assigned:
Status:	Not a bug	Package:	Reproducible crash
PHP Version:	5.2.1	OS:	Linux (Slackware/SuSE)
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	Jurijs Cerepanovs <Jurijs dot Cerepanovs at lat
New email:
PHP Version:		OS:

New Comment:

[2008-05-15 17:12 UTC] Jurijs Cerepanovs <Jurijs dot Cerepanovs at lat

Description:
------------
Output buffering gets segmentation fault

Reproduce code:
---------------
<?php
function ob_bug($buf)
{
        $full_buf = ob_get_clean();
        return $full_buf;
}

ob_start("ob_bug");

echo "test";
exit();
?>


Expected result:
----------------
$full_buf and $buf contains buffer

Actual result:
--------------
(gdb) run -q ob_bug.php
The program being debugged has been started already.
Start it from the beginning? (y or n) y
Starting program: /usr/bin/php -q ob_bug.php
[New Thread 16384 (LWP 1860)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 16384 (LWP 1860)]
0x08255a92 in _zend_mm_alloc_int (heap=0x8534208, size=32) at /usr/src/websvr/php-5.2.1/Zend/zend_alloc.c:1497
1497                            zend_mm_add_to_free_list(heap, new_free_block);
(gdb) run -q ob_bug.php
The program being debugged has been started already.
Start it from the beginning? (y or n) y
Starting program: /usr/bin/php -q ob_bug.php
[New Thread 16384 (LWP 1873)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 16384 (LWP 1873)]
0x08256565 in _emalloc (size=16) at /usr/src/websvr/php-5.2.1/Zend/zend_alloc.c:1866
1866            return _zend_mm_alloc_int(AG(mm_heap), size ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC);
(gdb) run -q ob_bug.php
The program being debugged has been started already.
Start it from the beginning? (y or n) y
Starting program: /usr/bin/php -q ob_bug.php
[New Thread 16384 (LWP 1875)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 16384 (LWP 1875)]
zend_call_function (fci=0xbfd01080, fci_cache=0x0) at /usr/src/websvr/php-5.2.1/Zend/zend_execute_API.c:615
615             zend_class_entry *calling_scope = NULL;

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2008-05-15 22:23 UTC] felipe@php.net

In HEAD this issue is fixed (the output control was rewrited):

"Fatal error: ob_get_clean(): Cannot use output buffering in output buffering display handlers"

[2008-05-16 21:47 UTC] jani@php.net

And does not crash with 5.2.6 either. Get that first.

[2008-05-22 14:34 UTC] Jurijs Cerepanovs <Jurijs dot Cerepanovs at lat

In PHP.v4 this not produces segmentation.
Checked with this version. Crashes.

PHP 5.2.6 (cli) (built: May 15 2008 13:46:54)
Copyright (c) 1997-2008 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2008 Zend Technologies

[2008-05-22 14:34 UTC] Jurijs Cerepanovs <Jurijs dot Cerepanovs at lat

In PHP.v4 this not produces segmentation.
Checked with this version. Crashes.

PHP 5.2.6 (cli) (built: May 15 2008 13:46:54)
Copyright (c) 1997-2008 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2008 Zend Technologies

[2008-05-22 14:35 UTC] Jurijs Cerepanovs <Jurijs dot Cerepanovs at lat

In PHP.v4 this not produces segmentation.
Checked with this version. Crashes.

PHP 5.2.6 (cli) (built: May 15 2008 13:46:54)
Copyright (c) 1997-2008 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2008 Zend Technologies

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Fri Jul 04 15:01:36 2025 UTC