PHP :: Bug #46194 :: SIGSEGV when requested file is not found

Bug #46194	SIGSEGV when requested file is not found
Submitted:	2008-09-29 03:13 UTC	Modified:	2008-09-30 02:42 UTC
From:	xuefer at gmail dot com	Assigned:	cellog (profile)
Status:	Closed	Package:	PHAR related
PHP Version:	5.3CVS-2008-09-29 (CVS)	OS:	linux
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	xuefer at gmail dot com
New email:
PHP Version:		OS:

New Comment:

[2008-09-29 03:13 UTC] xuefer at gmail dot com

Description:
------------
i have setup lighttpd + fastcgi + php, it used to work with old php but not with 5.3 (not sure about 5.2)

  "localhost:1026" => (
    "host" => "127.0.0.1", "port" => 2048,
    "check-local" => "disable", "disable-time" => 1,
    "broken-scriptfilename" => "enable",
    ),
be aware that it is check-local => disable, which mean lighttpd won't check if the file is exists but will forward the request to php anyway
when i try to request a non existing file, php SIGSEGV

Program received signal SIGSEGV, Segmentation fault.
0x4b319f51 in strstr () from /lib/libc.so.6
(gdb) bt
#0  0x4b319f51 in strstr () from /lib/libc.so.6
#1  0x082292c1 in phar_compile_file (file_handle=0xbfec434c, type=8) at /home/xuefer/src/php/php5/ext/phar/phar.c:3294
#2  0x0849d9b2 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /home/xuefer/src/php/php5/Zend/zend.c:1189
#3  0x08433dbb in php_execute_script (primary_file=0xbfec434c) at /home/xuefer/src/php/php5/main/main.c:2080
#4  0x0852e362 in main (argc=3, argv=0xbfec44b4) at /home/xuefer/src/php/php5/sapi/cgi/cgi_main.c:1980
(gdb) up
#1  0x082292c1 in phar_compile_file (file_handle=0xbfec434c, type=8) at /home/xuefer/src/php/php5/ext/phar/phar.c:3294
3294        if (strstr(file_handle->filename, ".phar") && !strstr(file_handle->filename, "://")) {
(gdb) p file_handle[0]
$2 = {type = ZEND_HANDLE_FILENAME, filename = 0x0, opened_path = 0x0, handle = {fd = 0, fp = 0x0, stream = {handle = 0x0, isatty = 0,
      mmap = {len = 0, pos = 1, map = 0x83f, buf = 0xb7f14878 "j?\t\b\020ii\r", old_handle = 0xb7f15000, old_closer = 0x807ba17},
      reader = 0x4b2b9840, fsizer = 0x805f4a4, closer = 0x1}}, free_filename = 0 '\0'}

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2008-09-29 11:13 UTC] jani@php.net

Seems to be PHAR related issue (once again) so the quick fix: disable phar. This is quite critical bug..

[2008-09-29 13:02 UTC] cellog@php.net

Please try this simple patch found at http://pear.php.net/~greg/fixbug46194.patch.txt

Index: ext/phar/phar.c
===================================================================
RCS file: /repository/php-src/ext/phar/phar.c,v
retrieving revision 1.370.2.45
diff -u -r1.370.2.45 phar.c
--- ext/phar/phar.c     13 Sep 2008 22:30:55 -0000      1.370.2.45
+++ ext/phar/phar.c     29 Sep 2008 13:00:22 -0000
@@ -3286,6 +3286,9 @@
        int failed;
        phar_archive_data *phar;

+       if (!file_handle || !file_handle->filename) {
+               return phar_orig_compile_file(file_handle, type TSRMLS_CC);
+       }
        if (strstr(file_handle->filename, ".phar") && !strstr(file_handle->filename, "://")) {
                if (SUCCESS == phar_open_from_filename(file_handle->filename, strlen(file_handle->filename), NULL, 0, 0, &phar, NULL TSRMLS_CC)) {
                        if (phar->is_zip || phar->is_tar) {

[2008-09-30 02:10 UTC] xuefer at gmail dot com

ok, it seems fixed with your patch, but i don't think it right. why filename can be NULL before it is past to compile file?
with php5.2-CVS cgi-fcgi:
No input file specified.
with php5.3-CVS and phar patch (or disable phar)
Fatal error: Unknown: Failed opening required '' (include_path='.:') in Unknown on line 0

something changed in cgi, many zend extensions might be affected

$ diff ~/src/php/php5.2/sapi/cgi/cgi_main.c  ~/src/php/php5/sapi/cgi/cgi_main.c
yeah... there are big changes
$ diff -u ~/src/php/php5.2/sapi/cgi/cgi_main.c  ~/src/php/php5/sapi/cgi/cgi_main.c |grep 'No input file specified' -C 5
+                       SG(sapi_headers).http_response_code = 403;
+                       PUTS("Access denied.\n");
                    } else {
-                       len += strlen(argv[i]);
+                       SG(sapi_headers).http_response_code = 404;
+                       PUTS("No input file specified.\n");
+                   }
+                   /* we want to serve more requests if this is fastcgi
+                      so cleanup and continue, request shutdown is
+                      handled later */
+                   if (fastcgi) {
--
-           if (errno == EACCES) {
-               SG(sapi_headers).http_response_code = 403;
-               PUTS("Access denied.\n");
-           } else {
-               SG(sapi_headers).http_response_code = 404;
-               PUTS("No input file specified.\n");
-           }
-#if PHP_FASTCGI
-           /* we want to serve more requests if this is fastcgi
-              so cleanup and continue, request shutdown is
-              handled later */


i'm not sure when will 5.3 cgi-fcgi prints out "No input file specified" which used to be print by 5.2, are you?

summary:
1. "Fatal error" just does not make sense here. it should be legal to pass any request including which might cause "404 File not found", from the webserver to php cgi-fcgi backend, and php should issue 404 error like 5.2 does

otherwise i have to set up
a. webserver(frontend) on server1 -> webserver + mod_php(backend) on server2, or
b. webserver(frontend, check-local=disabled) on server 1 -> webserver(backend, check-local=enabled to produce 404) -> php cgi-fcgi (backend)

2. passing file_handle == NULL || file_handle->filename == NULL does not make sense, it breaks zend extensions that hook zend_compile_file, like phar, apc, ZendOptimizer, XCache, Xdebug, eaccelerator, blahblah...

as you assigned it to phar category, i ask your advise

[2008-09-30 02:42 UTC] cellog@php.net

This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

I'm marking this bug closed, as phar now handles stupid input correctly.  Please open another bug in CGI/CLI related category for the other problem.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sun Dec 22 02:01:28 2024 UTC