PHP :: Bug #61106 :: Segfault when using header_register

Bug #61106	Segfault when using header_register_callback
Submitted:	2012-02-16 16:53 UTC	Modified:	2012-03-02 08:07 UTC
From:	nikic@php.net	Assigned:	nikic (profile)
Status:	Closed	Package:	Reproducible crash
PHP Version:	5.4.0RC7	OS:
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	nikic@php.net
New email:
PHP Version:		OS:

New Comment:

[2012-02-16 16:53 UTC] nikic@php.net

Description:
------------
Using header_register_callback may cause crashes due to a double zval_ptr_dtor.

The double zval_ptr_dtor occurs in 
http://lxr.php.net/xref/PHP_TRUNK/main/SAPI.c#sapi_deactivate in lines 
http://lxr.php.net/xref/PHP_TRUNK/main/SAPI.c#498 and 
http://lxr.php.net/xref/PHP_TRUNK/main/SAPI.c#546.

For me the issue is quite hard to reproduce reliably (especially after 
accidentally removing my only non-random reproduce script ^^), but I think it 
should be obvious that the double dtoring can cause a segfault if you try hard.

The issue can be fixed by removing one of the two calls.

Patches

headerCallback.patch (last revision 2012-02-16 16:53 UTC by nikic)

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2012-02-16 17:07 UTC] nikic@php.net

-PHP Version: Irrelevant +PHP Version: 5.4.0RC7

[2012-03-02 08:04 UTC] nikic@php.net

Automatic comment from SVN on behalf of nikic
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=323803
Log: Fix bug #61106 Segfault when using header_register_callback

The callback was double dtored

[2012-03-02 08:07 UTC] nikic@php.net

This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.

 For Windows:

http://windows.php.net/snapshots/
 
Thank you for the report, and for helping us make PHP better.

[2012-03-02 08:07 UTC] nikic@php.net

-Status: Open +Status: Closed -Assigned To: +Assigned To: nikic

[2012-04-18 09:45 UTC] laruence@php.net

Automatic comment on behalf of nikic
Revision: http://git.php.net/?p=php-src.git;a=commit;h=f465b219b5c686d0e6d84be234fc8129bdab3246
Log: Fix bug #61106 Segfault when using header_register_callback

[2012-07-24 23:36 UTC] rasmus@php.net

Automatic comment on behalf of nikic
Revision: http://git.php.net/?p=php-src.git;a=commit;h=f465b219b5c686d0e6d84be234fc8129bdab3246
Log: Fix bug #61106 Segfault when using header_register_callback

[2013-11-17 09:33 UTC] laruence@php.net

Automatic comment on behalf of nikic
Revision: http://git.php.net/?p=php-src.git;a=commit;h=f465b219b5c686d0e6d84be234fc8129bdab3246
Log: Fix bug #61106 Segfault when using header_register_callback

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Mon Feb 03 05:01:29 2025 UTC