|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
[2006-08-19 10:44 UTC] adam-peclbugs at adam dot gs
Description:
------------
this is PHP 5.1.5 in CLI! (php 5.1.5 is not avaliable as a
drop-down choice yet)
The specific code example I left below causes one set of
results, the get_defined_functions() call changes the output
of the backtrace.
I am going to ammend this with some other cases in a moment.
Reproduce code:
---------------
<?php
rename_function("ip2long","ip2long_real");
rename_function("ip2long_wrapper","ip2long");
function ip2long_wrapper($ip) {
return sprintf("%u",ip2long_real($ip));
}
$functions=get_defined_functions();
eval("return ip2long('200.200.200.200');");
?>
Expected result:
----------------
3368601800
Actual result:
--------------
Segfault, backtrace as follows:
Program received signal EXC_BAD_INSTRUCTION, Illegal
instruction/operand.
0x02b12e80 in ?? ()
(gdb) bt
#0 0x02b12e80 in ?? ()
#1 0x002042b0 in execute (op_array=0x291b050) at /Users/
adam/Scripts/php/php-5.1.2/Zend/zend_vm_execute.h:92
#2 0x00fe5cb4 in apd_execute (op_array=0x291b050) at /
private/tmp/tmpZbKSq8/apd-1.0.1/php_apd.c:518
#3 0x00204aa8 in zend_do_fcall_common_helper_SPEC
(execute_data=0xbfffdfb8) at /Users/adam/Scripts/php/
php-5.1.2/Zend/zend_vm_execute.h:226
#4 0x002042b0 in execute (op_array=0x2b13670) at /Users/
adam/Scripts/php/php-5.1.2/Zend/zend_vm_execute.h:92
#5 0x00fe5cb4 in apd_execute (op_array=0x2b13670) at /
private/tmp/tmpZbKSq8/apd-1.0.1/php_apd.c:518
#6 0x0020ad50 in ZEND_INCLUDE_OR_EVAL_SPEC_CONST_HANDLER
(execute_data=0xbfffe168) at /Users/adam/Scripts/php/
php-5.1.2/Zend/zend_vm_execute.h:1918
#7 0x002042b0 in execute (op_array=0x29f1020) at /Users/
adam/Scripts/php/php-5.1.2/Zend/zend_vm_execute.h:92
#8 0x00fe5cb4 in apd_execute (op_array=0x29f1020) at /
private/tmp/tmpZbKSq8/apd-1.0.1/php_apd.c:518
#9 0x001e9028 in zend_execute_scripts (type=8, retval=0x0,
file_count=3) at /Users/adam/Scripts/php/php-5.1.2/Zend/
zend.c:1101
#10 0x001aadd0 in php_execute_script
(primary_file=0xbfffeb68) at /Users/adam/Scripts/php/
php-5.1.2/main/main.c:1720
#11 0x00281ce0 in main (argc=2, argv=0xbffff028) at /Users/
adam/Scripts/php/php-5.1.2/sapi/cli/php_cli.c:1077
#12 0x000023fc in _start (argc=2, argv=0xbffff028,
envp=0xbffff034) at /SourceCache/Csu/Csu-58/crt.c:272
#13 0x000022a4 in start ()
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
|
|||||||||||||||||||||||||||
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Sun Dec 22 11:01:30 2024 UTC |
The Following Code: <?php rename_function("ip2long","ip2long_real"); rename_function("ip2long_wrapper","ip2long"); function ip2long_wrapper($ip) { return sprintf("%u",ip2long_real($ip)); } print ip2long('200.200.200.200'); ?> Returns the Following Result: PHP Fatal error: Call to undefined function ?(?() in / Users/adam/Scripts/apps/phpc/apdt.php on line 5 Note that now ip2long() is called outside of eval() and get_defined_functions is not called.The following has no get_defined_functions and ip2long is called inside eval. The Following Code: <?php rename_function("ip2long","ip2long_real"); rename_function("ip2long_wrapper","ip2long"); function ip2long_wrapper($ip) { return sprintf("%u",ip2long_real($ip)); } eval("return ip2long('200.200.200.200');"); ?> Causes a segfault, backtrace as follows: Program received signal EXC_BAD_ACCESS, Could not access memory. Reason: KERN_INVALID_ADDRESS at address: 0xbf7fffe0 0x90003880 in szone_malloc () (gdb) bt #0 0x90003880 in szone_malloc () #1 0x90003520 in malloc () #2 0x0019e1d0 in _estrndup (s=0x1ef2560 "200.200.200.200", length=15) at /Users/adam/Scripts/php/php-5.1.5/Zend/ zend_alloc.c:418 #3 0x001b5bec in _zval_copy_ctor_func (zvalue=0x33c9860) at /Users/adam/Scripts/php/php-5.1.5/Zend/zend_variables.c:120 #4 0x001d5e34 in ZEND_SEND_VAL_SPEC_CONST_HANDLER (execute_data=0x900032b0) at /Users/adam/Scripts/php/ php-5.1.5/Zend/zend_variables.h:45 #5 0x001d2d34 in execute (op_array=0x1e1b220) at /Users/ adam/Scripts/php/php-5.1.5/Zend/zend_vm_execute.h:92 #6 0x00fe7cb4 in apd_execute (op_array=0x10) at /private/ tmp/tmpZbKSq8/apd-1.0.1/php_apd.c:518 #7 0x001d3584 in zend_do_fcall_common_helper_SPEC (execute_data=0xbf800418) at /Users/adam/Scripts/php/ php-5.1.5/Zend/zend_vm_execute.h:234 #8 0x001d2d34 in execute (op_array=0x1e1b220) at /Users/ adam/Scripts/php/php-5.1.5/Zend/zend_vm_execute.h:92 #9 0x00fe7cb4 in apd_execute (op_array=0x1e1b220) at / private/tmp/tmpZbKSq8/apd-1.0.1/php_apd.c:518 #10 0x001d3584 in zend_do_fcall_common_helper_SPEC (execute_data=0xbf8005b8) at /Users/adam/Scripts/php/ php-5.1.5/Zend/zend_vm_execute.h:234 #11 0x001d2d34 in execute (op_array=0x1e1b220) at /Users/ adam/Scripts/php/php-5.1.5/Zend/zend_vm_execute.h:92 #12 0x00fe7cb4 in apd_execute (op_array=0x1e1b220) at / private/tmp/tmpZbKSq8/apd-1.0.1/php_apd.c:518 #13 0x001d3584 in zend_do_fcall_common_helper_SPEC (execute_data=0xbf800758) at /Users/adam/Scripts/php/ php-5.1.5/Zend/zend_vm_execute.h:234 #14 0x001d2d34 in execute (op_array=0x1e1b220) at /Users/ adam/Scripts/php/php-5.1.5/Zend/zend_vm_execute.h:92 #15 0x00fe7cb4 in apd_execute (op_array=0x1e1b220) at / private/tmp/tmpZbKSq8/apd-1.0.1/php_apd.c:518 #16 0x001d3584 in zend_do_fcall_common_helper_SPEC (execute_data=0xbf8008f8) at /Users/adam/Scripts/php/ php-5.1.5/Zend/zend_vm_execute.h:234 #17 0x001d2d34 in execute (op_array=0x1e1b220) at /Users/ adam/Scripts/php/php-5.1.5/Zend/zend_vm_execute.h:92 #18 0x00fe7cb4 in apd_execute (op_array=0x1e1b220) at / private/tmp/tmpZbKSq8/apd-1.0.1/php_apd.c:518 #19 0x001d3584 in zend_do_fcall_common_helper_SPEC (execute_data=0xbf800a98) at /Users/adam/Scripts/php/ php-5.1.5/Zend/zend_vm_execute.h:234 the backtrace loops on the functions execute->apd_execute- >zend_do_fcall_common_helper_SPEC->execute et al.