PHP :: Bug #58484 :: [PATCH] HttpInflateStream::finish segfaults when passing NULL

Bug #58484	[PATCH] HttpInflateStream::finish segfaults when passing NULL
Submitted:	2009-01-03 17:53 UTC	Modified:	2009-01-12 05:03 UTC
From:	felipe@php.net	Assigned:	mike (profile)
Status:	Closed	Package:	pecl_http (PECL)
PHP Version:	5_3 CVS-2009-01-03 (dev)	OS:
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	felipe@php.net
New email:
PHP Version:		OS:

New Comment:

[2009-01-03 17:53 UTC] felipe@php.net

Description:
------------
See below.

Here's a suggestion:
http://felipe.ath.cx/diff/httpinflatestream_finish.diff

Reproduce code:
---------------
$x = new HttpInflateStream; $x->finish(NULL);

Expected result:
----------------
Nothing

Actual result:
--------------
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb79196b0 (LWP 30477)]
0x0843df3a in _zval_dtor_func (zvalue=0x8e6a250, __zend_filename=0x878599c "/home/felipe/dev/php5/Zend/zend_variables.h", __zend_lineno=35)
    at /home/felipe/dev/php5/Zend/zend_variables.c:35
35				CHECK_ZVAL_STRING_REL(zvalue);
(gdb) bt
#0  0x0843df3a in _zval_dtor_func (zvalue=0x8e6a250, __zend_filename=0x878599c "/home/felipe/dev/php5/Zend/zend_variables.h", __zend_lineno=35)
    at /home/felipe/dev/php5/Zend/zend_variables.c:35
#1  0x0842e144 in _zval_dtor (zvalue=0x8e6a250, __zend_filename=0x8785938 "/home/felipe/dev/php5/Zend/zend_execute_API.c", __zend_lineno=429)
    at /home/felipe/dev/php5/Zend/zend_variables.h:35
#2  0x0842e529 in _zval_ptr_dtor (zval_ptr=0x8e976f4, __zend_filename=0x878bac8 "/home/felipe/dev/php5/Zend/zend_vm_execute.h", __zend_lineno=319)
    at /home/felipe/dev/php5/Zend/zend_execute_API.c:429
#3  0x08472f16 in zend_do_fcall_common_helper_SPEC (execute_data=0x8e9763c, tsrm_ls=0x8cf2070) at /home/felipe/dev/php5/Zend/zend_vm_execute.h:319
#4  0x0847402e in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0x8e9763c, tsrm_ls=0x8cf2070) at /home/felipe/dev/php5/Zend/zend_vm_execute.h:422
#5  0x08471c70 in execute (op_array=0x8e69a48, tsrm_ls=0x8cf2070) at /home/felipe/dev/php5/Zend/zend_vm_execute.h:104
#6  0x08431c7f in zend_eval_string (str=0xbfafb89f "$x = new HttpInflateStream; $x->finish(NULL);", retval_ptr=0x0, string_name=0x87919b8 "Command line code", 
    tsrm_ls=0x8cf2070) at /home/felipe/dev/php5/Zend/zend_execute_API.c:1150
#7  0x08431ec6 in zend_eval_string_ex (str=0xbfafb89f "$x = new HttpInflateStream; $x->finish(NULL);", retval_ptr=0x0, string_name=0x87919b8 "Command line code", 
    handle_exceptions=1, tsrm_ls=0x8cf2070) at /home/felipe/dev/php5/Zend/zend_execute_API.c:1185
#8  0x084e1c29 in main (argc=3, argv=0xbfafa244) at /home/felipe/dev/php5/sapi/cli/php_cli.c:1177
(gdb) 
#0  0x0843df3a in _zval_dtor_func (zvalue=0x8e6a250, __zend_filename=0x878599c "/home/felipe/dev/php5/Zend/zend_variables.h", __zend_lineno=35)
    at /home/felipe/dev/php5/Zend/zend_variables.c:35
#1  0x0842e144 in _zval_dtor (zvalue=0x8e6a250, __zend_filename=0x8785938 "/home/felipe/dev/php5/Zend/zend_execute_API.c", __zend_lineno=429)
    at /home/felipe/dev/php5/Zend/zend_variables.h:35
#2  0x0842e529 in _zval_ptr_dtor (zval_ptr=0x8e976f4, __zend_filename=0x878bac8 "/home/felipe/dev/php5/Zend/zend_vm_execute.h", __zend_lineno=319)
    at /home/felipe/dev/php5/Zend/zend_execute_API.c:429
#3  0x08472f16 in zend_do_fcall_common_helper_SPEC (execute_data=0x8e9763c, tsrm_ls=0x8cf2070) at /home/felipe/dev/php5/Zend/zend_vm_execute.h:319
#4  0x0847402e in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0x8e9763c, tsrm_ls=0x8cf2070) at /home/felipe/dev/php5/Zend/zend_vm_execute.h:422
#5  0x08471c70 in execute (op_array=0x8e69a48, tsrm_ls=0x8cf2070) at /home/felipe/dev/php5/Zend/zend_vm_execute.h:104
#6  0x08431c7f in zend_eval_string (str=0xbfafb89f "$x = new HttpInflateStream; $x->finish(NULL);", retval_ptr=0x0, string_name=0x87919b8 "Command line code", 
    tsrm_ls=0x8cf2070) at /home/felipe/dev/php5/Zend/zend_execute_API.c:1150
#7  0x08431ec6 in zend_eval_string_ex (str=0xbfafb89f "$x = new HttpInflateStream; $x->finish(NULL);", retval_ptr=0x0, string_name=0x87919b8 "Command line code", 
    handle_exceptions=1, tsrm_ls=0x8cf2070) at /home/felipe/dev/php5/Zend/zend_execute_API.c:1185
#8  0x084e1c29 in main (argc=3, argv=0xbfafa244) at /home/felipe/dev/php5/sapi/cli/php_cli.c:1177
(gdb) 
#0  0x0843df3a in _zval_dtor_func (zvalue=0x8e6a250, __zend_filename=0x878599c "/home/felipe/dev/php5/Zend/zend_variables.h", __zend_lineno=35)
    at /home/felipe/dev/php5/Zend/zend_variables.c:35
#1  0x0842e144 in _zval_dtor (zvalue=0x8e6a250, __zend_filename=0x8785938 "/home/felipe/dev/php5/Zend/zend_execute_API.c", __zend_lineno=429)
    at /home/felipe/dev/php5/Zend/zend_variables.h:35
#2  0x0842e529 in _zval_ptr_dtor (zval_ptr=0x8e976f4, __zend_filename=0x878bac8 "/home/felipe/dev/php5/Zend/zend_vm_execute.h", __zend_lineno=319)
    at /home/felipe/dev/php5/Zend/zend_execute_API.c:429
#3  0x08472f16 in zend_do_fcall_common_helper_SPEC (execute_data=0x8e9763c, tsrm_ls=0x8cf2070) at /home/felipe/dev/php5/Zend/zend_vm_execute.h:319
#4  0x0847402e in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0x8e9763c, tsrm_ls=0x8cf2070) at /home/felipe/dev/php5/Zend/zend_vm_execute.h:422
#5  0x08471c70 in execute (op_array=0x8e69a48, tsrm_ls=0x8cf2070) at /home/felipe/dev/php5/Zend/zend_vm_execute.h:104
#6  0x08431c7f in zend_eval_string (str=0xbfafb89f "$x = new HttpInflateStream; $x->finish(NULL);", retval_ptr=0x0, string_name=0x87919b8 "Command line code", 
    tsrm_ls=0x8cf2070) at /home/felipe/dev/php5/Zend/zend_execute_API.c:1150
#7  0x08431ec6 in zend_eval_string_ex (str=0xbfafb89f "$x = new HttpInflateStream; $x->finish(NULL);", retval_ptr=0x0, string_name=0x87919b8 "Command line code", 
    handle_exceptions=1, tsrm_ls=0x8cf2070) at /home/felipe/dev/php5/Zend/zend_execute_API.c:1185
#8  0x084e1c29 in main (argc=3, argv=0xbfafa244) at /home/felipe/dev/php5/sapi/cli/php_cli.c:1177

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2009-01-12 05:03 UTC] mike@php.net

This bug has been fixed in CVS.

In case this was a documentation problem, the fix will show up at the
end of next Sunday (CET) on pecl.php.net.

In case this was a pecl.php.net website problem, the change will show
up on the website in short time.
 
Thank you for the report, and for helping us make PECL better.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sun Dec 22 02:01:28 2024 UTC