php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #58901 GearmanWorker::addFunction segfaults when function name is non-string
Submitted: 2009-10-18 13:35 UTC Modified: 2011-05-15 04:41 UTC
From: felipe@php.net Assigned: hradtke (profile)
Status: Closed Package: gearman (PECL)
PHP Version: Trunk SVN-2009-10-18 (dev) OS:
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: felipe@php.net
New email:
PHP Version: OS:

 

 [2009-10-18 13:35 UTC] felipe@php.net
Description:
------------
See below.

Reproduce code:
---------------
Starting program: /usr/local/bin/php -dextension=gearman.so -r '$x = new gearmanworker; $x->addfunction(1,function(){});'
[Thread debugging using libthread_db enabled]
[New Thread 0xb59676d0 (LWP 11298)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb59676d0 (LWP 11298)]
0xb5ee738b in strlen () from /lib/i686/cmov/libc.so.6
(gdb) bt
#0  0xb5ee738b in strlen () from /lib/i686/cmov/libc.so.6
#1  0xb5ee70e5 in strdup () from /lib/i686/cmov/libc.so.6
#2  0xb7f26d51 in _worker_function_add (worker=0xaa5e25c, function_name=0x1 <Address 0x1 out of bounds>, timeout=0, 
    worker_fn=0xb57b7216 <_php_worker_function_callback>, context=0xaa5ee78) at worker.c:885
#3  0xb57b788b in zif_gearman_worker_add_function (ht=2, return_value=0xaa5edf0, return_value_ptr=0x0, this_ptr=0xaa5c1b8, 
    return_value_used=0, tsrm_ls=0xa8c2070) at /home/felipe/dev/pecl/gearman/php_gearman.c:3512
#4  0x084ed671 in zend_do_fcall_common_helper_SPEC (execute_data=0xaa8af64, tsrm_ls=0xa8c2070)
    at /home/felipe/dev/php5/Zend/zend_vm_execute.h:313
#5  0x084ee838 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0xaa8af64, tsrm_ls=0xa8c2070)
    at /home/felipe/dev/php5/Zend/zend_vm_execute.h:418
#6  0x084ec356 in execute (op_array=0xaa5c7fc, tsrm_ls=0xa8c2070) at /home/felipe/dev/php5/Zend/zend_vm_execute.h:104
#7  0x084ab869 in zend_eval_stringl (str=0xbfc47815 "$x = new gearmanworker; $x->addfunction(1,function(){});", str_len=56, retval_ptr=0x0, 
    string_name=0x8a08c10 "Command line code", tsrm_ls=0xa8c2070) at /home/felipe/dev/php5/Zend/zend_execute_API.c:1167
#8  0x084abb18 in zend_eval_stringl_ex (str=0xbfc47815 "$x = new gearmanworker; $x->addfunction(1,function(){});", str_len=56, 
    retval_ptr=0x0, string_name=0x8a08c10 "Command line code", handle_exceptions=1, tsrm_ls=0xa8c2070)
    at /home/felipe/dev/php5/Zend/zend_execute_API.c:1209
---Type <return> to continue, or q <return> to quit---
#9  0x084abbcc in zend_eval_string_ex (str=0xbfc47815 "$x = new gearmanworker; $x->addfunction(1,function(){});", retval_ptr=0x0, 
    string_name=0x8a08c10 "Command line code", handle_exceptions=1, tsrm_ls=0xa8c2070) at /home/felipe/dev/php5/Zend/zend_execute_API.c:1220
#10 0x0859df5b in main (argc=4, argv=0xbfc462f4) at /home/felipe/dev/php5/sapi/cli/php_cli.c:1229



Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-05-15 04:32 UTC] hradtke@php.net
The closure works fine if you don't use a non-string for the function name:
/usr/local/bin/php -dextension=gearman.so -r '$x = new
gearmanworker; $x->addfunction("foo",function(){});'
 [2011-05-15 04:41 UTC] hradtke@php.net
This bug has been fixed in SVN.

In case this was a documentation problem, the fix will show up at the
end of next Sunday (CET) on pecl.php.net.

In case this was a pecl.php.net website problem, the change will show
up on the website in short time.
 
Thank you for the report, and for helping us make PECL better.


 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Dec 21 17:01:58 2024 UTC