php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #58894 Empty string as a parametr causes seg fault
Submitted: 2009-10-14 07:20 UTC Modified: 2010-02-22 13:03 UTC
From: toorion at gmail dot com Assigned: crobin (profile)
Status: Closed Package: spidermonkey (PECL)
PHP Version: 5_3 SVN-2009-10-14 (dev) OS: freebsd
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: toorion at gmail dot com
New email:
PHP Version: OS:

 

 [2009-10-14 07:20 UTC] toorion at gmail dot com 
Description:
------------
When use a empty string parameter "" or '' for function in javascript assign from php class it causes segmentation fault 11

Reproduce code:
---------------
class myClass
{
   public function test( $str )
   {
      //any code
      echo 'TestWrite';
   }
}

$myclass = new myClass();

$js = new JSContext();
$js->assign("myclass", $myclass);

$js->evaluateScript( 'myclass.test("")' );

Actual result:
--------------
if I set $js->evaluateScript( 'myclass.test("123")' );
all work fine, but if just "" - Segmentation fault: 11 is appear.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2009-10-27 10:15 UTC] drslump at pollinimini dot net 
The following use case also fails with either a "Bus Error (10)" or a "Segmentation fault (11)".

Reproduce code:
---------------
$js = new JsContext();
$result = $js->evaluateScript("''");
// Note that the error only triggers when accessing the PHP variable
var_dump($result);

It seems that there is an error in spidermonkey.c:296 :

/* then we retrieve the pointer to the string */
char *txt = JS_GetStringBytes(str);
RETVAL_STRING(txt, strlen(txt));

The signature for RETVAL_STRING is RETVAL_STRING(string, duplicate), so for an empty string, strlen(txt) is 0 which indicates to not create a copy of the string. Perhaps changing it to:

RETVAL_STRINGL(txt, strlen(txt), true)

or:

if (strlen(txt)) {
  RETVAL_STRING(txt, true);
} else {
  RETVAL_EMPTY_STRING;
}

I'll try to apply those changes and report back
 [2009-10-27 10:26 UTC] drslump at pollinimini dot net 
Good news!

I applied the changes indicated above and the bug with empty strings seem to be gone :)

Note that I haven't done anything in C in years so please check that I've got it right.

Index: spidermonkey.c
===================================================================
--- spidermonkey.c	(revision 53)
+++ spidermonkey.c	(working copy)
@@ -293,7 +293,12 @@
 		{
 			/* then we retrieve the pointer to the string */
 			char *txt = JS_GetStringBytes(str);
-			RETVAL_STRING(txt, strlen(txt));
+			int len = strlen(txt);
+			if (len) {
+			    RETVAL_STRINGL(txt, len, true);
+			} else {
+			    RETVAL_EMPTY_STRING();
+			}
 		}
 		else
 		{
 [2009-10-30 13:39 UTC] scottsteffens at gmail dot com 
drslump: I get the following error when I try to compile your final changes:
/path/spidermonkey/spidermonkey.c: In function 'jsval_to_zval':
/path/spidermonkey/spidermonkey.c: error: 'true' undeclared (first use in this function)

However, when I change your:
RETVAL_STRINGL(txt, len, true);
to:
RETVAL_STRINGL(txt, len, 1);

..it works, and the original poster's empty space segfault goes away, as well as several others I've tested. I don't understand C, so someone else can tell me if I've this causes other problems.
 [2010-02-22 13:03 UTC] c dot robin at smartphp dot org 
This bug has been fixed in SVN.

In case this was a documentation problem, the fix will show up at the
end of next Sunday (CET) on pecl.php.net.

In case this was a pecl.php.net website problem, the change will show
up on the website in short time.
 
Thank you for the report, and for helping us make PECL better.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Tue May 13 10:01:27 2025 UTC