|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
[2005-02-15 07:30 UTC] markus dot lervik at necora dot fi
Description:
------------
Trying to copy an about 60KB file from a remote system repeatedly causes a segfault. I haven't been able to pinpoint the exact size of the file, because it behaves a bit randomly, but a 64253 byte file gets copied, while a 65514 byte file causes the segfault. A 65515 byte file causes ssh2_scp_recv to hang. A 65491 byte file gets copied normally, while a 65490 byte file causes a segfault.
OpenSSH is version 3.8p1-100.SuSE.ulb.1
php -m
[PHP Modules]
bz2
ctype
curl
dom
exif
gd
iconv
libxml
openssl
pcre
pgsql
posix
session
SimpleXML
soap
SPL
ssh2
standard
tokenizer
wddx
xml
xmlrpc
xsl
zlib
[Zend Modules]
Reproduce code:
---------------
<?php
$c = ssh2_connect('server', 22);
ssh2_auth_pubkey_file($c, 'user', '/home/user/.ssh/id_dsa.pub', '/home/user/.ssh/id_dsa');
ssh2_scp_recv($c, 'test', './test');
?>
Actual result:
--------------
65514 byte file
---------------------------------------
/home/mle/x/pecl/ssh2/ssh2.c(68) : Block 0x08414E8C status:
Beginning: Overrun (magic=0x00000000, expected=0x7312F8DC)
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 16384 (LWP 15854)]
0x404ddb2c in memcpy () from /lib/libc.so.6
(gdb) bt
#0 0x404ddb2c in memcpy () from /lib/libc.so.6
#1 0x082246cf in _mem_block_check (ptr=0x8414eb0, silent=0,
__zend_filename=0x405c0246 "/home/mle/x/pecl/ssh2/ssh2.c", __zend_lineno=68,
__zend_orig_filename=0x0, __zend_orig_lineno=0)
at /home/mle/soares/php-5.0.3/Zend/zend_alloc.c:722
#2 0x08224696 in _mem_block_check (ptr=0x8414eb0, silent=1,
__zend_filename=0x405c0246 "/home/mle/x/pecl/ssh2/ssh2.c", __zend_lineno=68,
__zend_orig_filename=0x0, __zend_orig_lineno=0)
at /home/mle/soares/php-5.0.3/Zend/zend_alloc.c:714
#3 0x08223932 in _efree (ptr=0x8414eb0,
__zend_filename=0x405c0246 "/home/mle/x/pecl/ssh2/ssh2.c", __zend_lineno=68,
__zend_orig_filename=0x0, __zend_orig_lineno=0)
at /home/mle/soares/php-5.0.3/Zend/zend_alloc.c:265
#4 0x405ba689 in php_ssh2_free_cb (ptr=0x8414eb0, abstract=0x83b6fc4)
at /home/mle/x/pecl/ssh2/ssh2.c:68
#5 0x405c7639 in libssh2_comp_method_zlib_comp (session=0x83b6fc4, compress=0, dest=0xbfffc9c0,
dest_len=0xbfffc9c0, payload_limit=40000, free_dest=0xbfffc9c0, src=0xbfffc9c0 "",
src_len=48, abstract=0xbfffc9c0) at comp.c:223
#6 0x405cd582 in libssh2_packet_read (session=0x83b6fc4, should_block=0) at packet.c:695
#7 0x405c5653 in libssh2_channel_read_ex (channel=0x83fc4ec, stream_id=0, buf=0xbfffcc70 "",
buflen=8192) at channel.c:819
#8 0x405bd542 in zif_ssh2_scp_recv (ht=3, return_value=0x83b5d84, this_ptr=0x0,
return_value_used=0) at /home/mle/x/pecl/ssh2/ssh2_fopen_wrappers.c:900
#9 0x082691d8 in zend_do_fcall_common_helper (execute_data=0xbfffee20, opline=0x83b63a8,
op_array=0x83b5c94) at /home/mle/soares/php-5.0.3/Zend/zend_execute.c:2711
#10 0x08269951 in zend_do_fcall_handler (execute_data=0xbfffee20, opline=0x83b63a8,
op_array=0x83b5c94) at /home/mle/soares/php-5.0.3/Zend/zend_execute.c:2843
#11 0x082657ce in execute (op_array=0x83b5c94)
at /home/mle/soares/php-5.0.3/Zend/zend_execute.c:1400
#12 0x08232b71 in zend_eval_string (
str=0xbffff2e1 "$c = ssh2_connect(\"dev.necora.fi\", 22); ssh2_auth_pubkey_file($c, \"mle\", \"/home/mle/.ssh/id_dsa.pub\", \"/home/mle/.ssh/id_dsa\"); ssh2_scp_recv($c, \"test\", \"./test\");", retval_ptr=0x0, string_name=0x82b8a9c "Command line code")
at /home/mle/soares/php-5.0.3/Zend/zend_execute_API.c:990
#13 0x08232d03 in zend_eval_string_ex (
str=0xbffff2e1 "$c = ssh2_connect(\"dev.necora.fi\", 22); ssh2_auth_pubkey_file($c, \"mle\", \"/home/mle/.ssh/id_dsa.pub\", \"/home/mle/.ssh/id_dsa\"); ssh2_scp_recv($c, \"test\", \"./test\");", retval_ptr=0x0, string_name=0x82b8a9c "Command line code", handle_exceptions=1)
at /home/mle/soares/php-5.0.3/Zend/zend_execute_API.c:1024
#14 0x08272e84 in main (argc=3, argv=0xbffff0e4)
at /home/mle/soares/php-5.0.3/sapi/cli/php_cli.c:982
65515 byte file
Thread debugging using libthread_db enabled]
[New Thread 16384 (LWP 15857)]
<...time passes...>
(CTRL-C)
Program received signal SIGINT, Interrupt.
[Switching to Thread 16384 (LWP 15857)]
0x404fd475 in nanosleep () from /lib/libc.so.6
(gdb) bt
#0 0x404fd475 in nanosleep () from /lib/libc.so.6
#1 0x40528c0a in usleep () from /lib/libc.so.6
#2 0x405cbdeb in libssh2_blocking_read (session=0x83b6fc4, buf=0xbfffcb90 "\034??\bZ", count=16)
at packet.c:552
#3 0x405cd1ce in libssh2_packet_read (session=0x83b6fc4, should_block=1) at packet.c:612
#4 0x405c5653 in libssh2_channel_read_ex (channel=0x83fc5cc, stream_id=0, buf=0xbfffcc70 "",
buflen=23) at channel.c:819
#5 0x405bd542 in zif_ssh2_scp_recv (ht=3, return_value=0x83b5d84, this_ptr=0x0,
return_value_used=0) at /home/mle/x/pecl/ssh2/ssh2_fopen_wrappers.c:900
#6 0x082691d8 in zend_do_fcall_common_helper (execute_data=0xbfffee20, opline=0x83b63a8,
op_array=0x83b5c94) at /home/mle/soares/php-5.0.3/Zend/zend_execute.c:2711
#7 0x08269951 in zend_do_fcall_handler (execute_data=0xbfffee20, opline=0x83b63a8,
op_array=0x83b5c94) at /home/mle/soares/php-5.0.3/Zend/zend_execute.c:2843
#8 0x082657ce in execute (op_array=0x83b5c94)
at /home/mle/soares/php-5.0.3/Zend/zend_execute.c:1400
#9 0x08232b71 in zend_eval_string (
str=0xbffff2e1 "$c = ssh2_connect(\"dev.necora.fi\", 22); ssh2_auth_pubkey_file($c, \"mle\", \"/home/mle/.ssh/id_dsa.pub\", \"/home/mle/.ssh/id_dsa\"); ssh2_scp_recv($c, \"test\", \"./test\");", retval_ptr=0x0, string_name=0x82b8a9c "Command line code")
at /home/mle/soares/php-5.0.3/Zend/zend_execute_API.c:990
#10 0x08232d03 in zend_eval_string_ex (
str=0xbffff2e1 "$c = ssh2_connect(\"dev.necora.fi\", 22); ssh2_auth_pubkey_file($c, \"mle\", \"/home/mle/.ssh/id_dsa.pub\", \"/home/mle/.ssh/id_dsa\"); ssh2_scp_recv($c, \"test\", \"./test\");", retval_ptr=0x0, string_name=0x82b8a9c "Command line code", handle_exceptions=1)
at /home/mle/soares/php-5.0.3/Zend/zend_execute_API.c:1024
#11 0x08272e84 in main (argc=3, argv=0xbffff0e4)
at /home/mle/soares/php-5.0.3/sapi/cli/php_cli.c:982
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
|
|||||||||||||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Sun Dec 14 19:00:01 2025 UTC |
The problem occurs while using the same connection for more than one ssh2_scp_recv (a 'for' loop). No problem when creating a new connection for each ssh2_scp_recv. FAILS : if($connection = my_ssh2_connect()){ $arrayloc[0] = 'toto1' ; $arrayloc[1] = 'toto2' ; if (my_ssh2_auth_password($connection)){ for($i=0; $i < count() ; $i++){ ssh2_scp_send($connection,$arrayloc[$i] , $arrayloc[$i]."snd",0644) ; } } } WORKS: $arrayloc[0] = 'toto1' ; $arrayloc[1] = 'toto2' ; for($i=0; $i < count() ; $i++){ if($connection = my_ssh2_connect()){ if (my_ssh2_auth_password($connection)){ ssh2_scp_send($connection,$arrayloc[$i] , $arrayloc[$i]."snd",0644) ; } } } Hope it can help !!!