PHP :: Bug #48951 :: calling get_defined_constans with any paramenter results in sigsev

Bug #48951

calling get_defined_constans with any paramenter results in sigsev

Submitted:

2009-07-16 22:59 UTC

Modified:

2009-07-30 01:00 UTC

Votes:	8
Avg. Score:	4.1 ± 1.2
Reproduced:	8 of 8 (100.0%)
Same Version:	7 (87.5%)
Same OS:	4 (50.0%)

From:

rajivk at sparklit dot com

Assigned:

Status:

No Feedback

Package:

Apache related

PHP Version:

5.2.10, 5.3.0

OS:

Debian Linux

Private report:

CVE-ID:

None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	rajivk at sparklit dot com
New email:
PHP Version:		OS:

New Comment:

[2009-07-16 22:59 UTC] rajivk at sparklit dot com

Description:
------------
Calling get_defined_constants with a parameter causes a segfault.  The occurs in 5.2.10 and 5.3.0



Reproduce code:
---------------
=== case 1 causes crash ======

<?
var_dump(get_defined_constants(false));
?>
=============================================

=== case 2 also causes crash ======

<?
var_dump(get_defined_constants(false));
?>
=============================================

=== case 3 NO CRASH  ======

<?
var_dump(get_defined_constants());
?>
=============================================




Expected result:
----------------
no crash

Actual result:
--------------
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb73b1910 (LWP 15496)]
0xb77a2b01 in kill () from /lib/libc.so.6
(gdb) bt
#0  0xb77a2b01 in kill () from /lib/libc.so.6
#1  0x0810ace9 in zend_mm_panic (message=0x84d1d40 "zend_mm_heap corrupted") at /usr/src/2009july15/php-5.2.10/Zend/zend_alloc.c:94
#2  0x0810d45f in _zend_mm_alloc_int (heap=0x89f7b70, size=44, __zend_filename=0x84d57d8 "/usr/src/2009july15/php-5.2.10/Zend/zend_hash.c", __zend_lineno=247,
    __zend_orig_filename=0x0, __zend_orig_lineno=0) at /usr/src/2009july15/php-5.2.10/Zend/zend_alloc.c:1895
#3  0x0810e6d6 in _emalloc (size=44, __zend_filename=0x84d57d8 "/usr/src/2009july15/php-5.2.10/Zend/zend_hash.c", __zend_lineno=247, __zend_orig_filename=0x0,
    __zend_orig_lineno=0) at /usr/src/2009july15/php-5.2.10/Zend/zend_alloc.c:2300
#4  0x08135f7b in _zend_hash_add_or_update (ht=0x87cb62c, arKey=0x89d9fc0 "E_STRICT", nKeyLength=9, pData=0xbfcc367c, nDataSize=4, pDest=0x0, flag=1,
    __zend_filename=0x84d4f30 "/usr/src/2009july15/php-5.2.10/Zend/zend_hash.h", __zend_lineno=341) at /usr/src/2009july15/php-5.2.10/Zend/zend_hash.c:247
#5  0x0812e86d in zend_symtable_update (ht=0x87cb62c, arKey=0x89d9fc0 "E_STRICT", nKeyLength=9, pData=0xbfcc367c, nDataSize=4, pDest=0x0)
    at /usr/src/2009july15/php-5.2.10/Zend/zend_hash.h:341
#6  0x0812ecb4 in add_assoc_zval_ex (arg=0x87e5838, key=0x89d9fc0 "E_STRICT", key_len=9, value=0x87e4ccc) at /usr/src/2009july15/php-5.2.10/Zend/zend_API.c:1056
#7  0x0813f211 in zif_get_defined_constants (ht=1, return_value=0x87e58e0, return_value_ptr=0x0, this_ptr=0x0, return_value_used=1)
    at /usr/src/2009july15/php-5.2.10/Zend/zend_builtin_functions.c:1674
#8  0x0814e496 in zend_do_fcall_common_helper_SPEC (execute_data=0xbfcc3818) at /usr/src/2009july15/php-5.2.10/Zend/zend_vm_execute.h:200
#9  0x08153ead in ZEND_DO_FCALL_SPEC_CONST_HANDLER (execute_data=0xbfcc3818) at /usr/src/2009july15/php-5.2.10/Zend/zend_vm_execute.h:1739
#10 0x0814dffa in execute (op_array=0x87c19b8) at /usr/src/2009july15/php-5.2.10/Zend/zend_vm_execute.h:92
#11 0x0812b810 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /usr/src/2009july15/php-5.2.10/Zend/zend.c:1134
#12 0x080e4ad1 in php_execute_script (primary_file=0xbfcc5aec) at /usr/src/2009july15/php-5.2.10/main/main.c:2025
#13 0x081a47c1 in apache_php_module_main (r=0x87822bc, display_source_mode=0) at /usr/src/2009july15/php-5.2.10/sapi/apache/sapi_apache.c:53
#14 0x080d8792 in send_php ()
#15 0x080d87dd in send_parsed_php ()
#16 0x08468875 in ap_invoke_handler ()
#17 0x0847fe6d in process_request_internal ()
#18 0x0847feca in ap_process_request ()
#19 0x084760c0 in child_main ()
#20 0x084763f4 in make_child ()
#21 0x084767e2 in perform_idle_server_maintenance ()
#22 0x08476eb7 in standalone_main ()
#23 0x08477562 in main ()
(gdb) frame 10
#10 0x0814dffa in execute (op_array=0x87c19b8) at /usr/src/2009july15/php-5.2.10/Zend/zend_vm_execute.h:92
92                      if (EX(opline)->handler(&execute_data TSRMLS_CC) > 0) {
(gdb) print (char *)(executor_globals.function_state_ptr->function)->common.function_name
$1 = 0x84d5d1b "get_defined_constants"
(gdb) print (char *)executor_globals.active_op_array->function_name
$2 = 0x0
(gdb) print (char *)executor_globals.active_op_array->filename
$3 = 0x87c6284 "/home/rajivk/dev/webroot/forum/www/forum.sparklit.com/foobar.spark"
(gdb)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2009-07-17 13:20 UTC] jani@php.net

I can not reproduce this with current PHP_5_2 / PHP_5_3 or HEAD branches. Exactly what was your configure line? What compiler and version? Can you reproduce it using CLI:

# php -n -r 'var_dump(get_defined_constants(false));'

[2009-07-20 20:42 UTC] rajivk at sparklit dot com

I can't reproduce it with the CLI at all. Here is the configure line:

'./configure' '--with-gd' '--with-mysql' '--with-apache=../apache_1.3.41' '--with-zlib' '--with-cybercash=/cybercash/mck' '--enable-memory-limit' '--enable-inline-optimization' '--with-gettext' '--with-xml' '--with-pspell' '--enable-memcache' '--with-curl' '--enable-mbstring' '--with-jpeg-dir=/usr/lib' '--enable-debug'

AND 


gcc -v
Using built-in specs.
Target: i486-linux-gnu
Configured with: ../src/configure -v --enable-languages=c,c++,fortran,objc,obj-c++ --prefix=/usr --enable-shared --with-system-zlib --libexecdir=/usr/lib --without-included-gettext --enable-threads=posix --enable-nls --with-gxx-include-dir=/usr/include/c++/4.2 --program-suffix=-4.2 --enable-clocale=gnu --enable-libstdcxx-debug --enable-objc-gc --enable-mpfr --enable-targets=all --with-tune=generic --enable-checking=release --build=i486-linux-gnu --host=i486-linux-gnu --target=i486-linux-gnu
Thread model: posix
gcc version 4.2.4 (Debian 4.2.4-6))

[2009-07-22 20:49 UTC] jani@php.net

Try without '--enable-inline-optimization' and do not set any 
optimization flags or such when configuring / compiling.

[2009-07-30 01:00 UTC] php-bugs at lists dot php dot net

No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Dec 26 11:01:30 2024 UTC