php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #62481 xdebug openssl_encrypt crash
Submitted: 2012-07-04 13:53 UTC Modified: 2013-05-29 04:53 UTC
From: bronze1man at gmail dot com Assigned:
Status: Closed Package: OpenSSL related
PHP Version: 5.3.10 OS: ubuntu 1204
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: bronze1man at gmail dot com
New email:
PHP Version: OS:

 

 [2012-07-04 13:53 UTC] bronze1man at gmail dot com 
Description:
------------
start xdebug openssl_encrypt an empty string ,then it will crash.

php version:
PHP 5.3.10-1ubuntu3.2 with Suhosin-Patch (cli) (built: Jun 13 2012 17:20:55) 
Copyright (c) 1997-2012 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2012 Zend Technologies
    with Xdebug v2.1.0, Copyright (c) 2002-2010, by Derick Rethans


Test script:
---------------
<?php
xdebug_start_code_coverage(XDEBUG_CC_UNUSED | XDEBUG_CC_DEAD_CODE);
$d1 = openssl_encrypt('', 'AES-256-CBC', str_repeat('b',32), true,str_repeat('a', 16));
var_dump(bin2hex($d1));

Expected result:
----------------
string(32) "60aed1d68451e752108a0ddc3390be92"

Actual result:
--------------
not output anything.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-07-04 15:08 UTC] ab@php.net 
You wrote 5.3.14 in the ticket, but 5.3.10 in the description ... what is 
correct?

On 5.3.10-dotdeb it segfaults for me without xdebug too. With the 5.3.15-dev 
there are no issues with or without xdebug for me. Can you confirm that?
 [2012-07-05 01:10 UTC] bronze1man at gmail dot com 
sorry,php version is 5.3.10
 [2012-07-05 01:10 UTC] bronze1man at gmail dot com
-PHP Version: 5.3.14 +PHP Version: 5.3.10
 [2012-07-05 09:51 UTC] pajoye@php.net
-Status: Open +Status: Feedback
 [2012-07-05 09:51 UTC] pajoye@php.net 
I'd to ask to try your code with a vanilla PHP version, either latest 5.3 or 
latest 5.4, without suhosin patch, as we can't reproduce this issue.
 [2013-02-18 00:35 UTC] php-bugs at lists dot php dot net 
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Open". Thank you.
 [2013-05-22 13:57 UTC] beporter at gmail dot com 
I've verified the same results. It seems specific to 5.3.10 and does not require 
xdebug to trigger: Passing an empty $data string to openssl_encrypt will cause a 
segmentation fault.

[me@host:~]$ php --version
PHP 5.3.10 (cli) (built: Feb  4 2012 07:16:03) 
Copyright (c) 1997-2012 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2012 Zend Technologies
    with the ionCube PHP Loader v4.0.10, Copyright (c) 2002-2011, by ionCube 
Ltd.

[me@host:~]$ php -r 'var_dump(bin2hex(openssl_encrypt("", "AES-256-CBC", 
str_repeat("b",32), true,str_repeat("a", 16))));'
Segmentation fault


With a different PHP version, openssl_encrypt behaves normally even with xdebug 
and suhosin:

[me@otherhost:~]$ php --version
PHP 5.3.23 (cli) (built: Apr  9 2013 18:07:12) 
Copyright (c) 1997-2013 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2013 Zend Technologies
    with Xdebug v2.2.2, Copyright (c) 2002-2013, by Derick Rethans
    with Suhosin v0.9.33, Copyright (c) 2007-2012, by SektionEins GmbH

[me@otherhost:~]$ php -r 'var_dump(bin2hex(openssl_encrypt("", "AES-256-CBC", 
str_repeat("b",32), true,str_repeat("a", 16))));'
string(32) "60aed1d68451e752108a0ddc3390be92"
 [2013-05-29 04:53 UTC] bronze1man at gmail dot com
-Status: No Feedback +Status: Closed
 [2013-05-29 04:53 UTC] bronze1man at gmail dot com 
I can not reproduce this issue on php 5.4.9
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Fri May 02 10:01:28 2025 UTC