php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #64679 segfault, buffer overflow detected
Submitted: 2013-04-20 06:29 UTC Modified: 2013-07-17 15:37 UTC
From: remi@php.net Assigned: osmanov (profile)
Status: Closed Package: event (PECL)
PHP Version: 5.5.0beta3 OS: GNU/Linux
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: remi@php.net
New email:
PHP Version: OS:

 

 [2013-04-20 06:29 UTC] remi@php.net
Description:
------------
running 07-listener-error.php

Test script:
---------------
$ gdb php
(gdb) run 07-listener-error.php



Expected result:
----------------
No segfault


Actual result:
--------------
*** buffer overflow detected ***: /usr/bin/php terminated
======= Backtrace: =========
/lib64/libc.so.6(__fortify_fail+0x37)[0x7ffff4d194d7]
/lib64/libc.so.6(+0x3cd7307690)[0x7ffff4d17690]
/usr/lib64/php/modules/event.so(zim_EventListener___construct+0x2b6)[0x7fffcaa31026]
/usr/bin/php(dtrace_execute_internal+0x39)[0x555555777d09]
/usr/lib64/php/modules/xdebug.so(xdebug_execute_internal+0x13a)[0x7fffed6caafa]
/usr/bin/php(+0x2e27f3)[0x5555558367f3]
/usr/bin/php(execute_ex+0x38)[0x5555557f6898]
/usr/bin/php(dtrace_execute_ex+0x7d)[0x555555777bcd]
/usr/lib64/php/modules/xdebug.so(xdebug_execute_ex+0x394)[0x7fffed6cb184]
/usr/bin/php(zend_execute_scripts+0x158)[0x5555557895b8]
/usr/bin/php(php_execute_script+0x1ec)[0x55555572738c]
/usr/bin/php(+0x2e5f06)[0x555555839f06]
/usr/bin/php(+0xbb31a)[0x55555560f31a]
/lib64/libc.so.6(__libc_start_main+0xf5)[0x7ffff4c31735]
/usr/bin/php(+0xbb3ad)[0x55555560f3ad]


(gdb) bt
#0  0x00007ffff4c45935 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#1  0x00007ffff4c470e8 in __GI_abort () at abort.c:91
#2  0x00007ffff4c84e8b in __libc_message (do_abort=do_abort@entry=2, fmt=fmt@entry=0x7ffff4d875c0 "*** %s ***: %s terminated\n") at ../sysdeps/unix/sysv/linux/libc_fatal.c:198
#3  0x00007ffff4d194d7 in __GI___fortify_fail (msg=msg@entry=0x7ffff4d87566 "buffer overflow detected") at fortify_fail.c:32
#4  0x00007ffff4d17690 in __GI___chk_fail () at chk_fail.c:29
#5  0x00007fffcaa31026 in strcpy (__src=0x7ffff7fb4b95 "/tmp/1604843385.sock", __dest=0x7fffffffa37a "/tmp/1") at /usr/include/bits/string3.h:105
#6  zim_EventListener___construct (ht=<optimized out>, return_value=<optimized out>, return_value_ptr=<optimized out>, this_ptr=0x7ffff7fb2f00, return_value_used=<optimized out>)
    at /usr/src/debug/php-pecl-event-1.6.1/event-1.6.1/classes/listener.c:286
#7  0x0000555555777d09 in dtrace_execute_internal (execute_data_ptr=<optimized out>, fci=<optimized out>, return_value_used=<optimized out>)
    at /usr/src/debug/php5.5-201304181030/Zend/zend_dtrace.c:99
#8  0x00007fffed6caafa in xdebug_execute_internal () from /usr/lib64/php/modules/xdebug.so
#9  0x00005555558367f3 in zend_do_fcall_common_helper_SPEC (execute_data=0x7ffff7f7a4a0) at /usr/src/debug/php5.5-201304181030/Zend/zend_vm_execute.h:545
#10 0x00005555557f6898 in execute_ex (execute_data=0x7ffff7f7a4a0) at /usr/src/debug/php5.5-201304181030/Zend/zend_vm_execute.h:356
#11 0x0000555555777bcd in dtrace_execute_ex (execute_data=<optimized out>) at /usr/src/debug/php5.5-201304181030/Zend/zend_dtrace.c:75
#12 0x00007fffed6cb184 in xdebug_execute_ex () from /usr/lib64/php/modules/xdebug.so
#13 0x00005555557895b8 in zend_execute_scripts (type=type@entry=8, retval=retval@entry=0x0, file_count=file_count@entry=3) at /usr/src/debug/php5.5-201304181030/Zend/zend.c:1316
#14 0x000055555572738c in php_execute_script (primary_file=primary_file@entry=0x7fffffffcb80) at /usr/src/debug/php5.5-201304181030/main/main.c:2479
#15 0x0000555555839f06 in do_cli (argc=2, argv=0x555555b7c3e0) at /usr/src/debug/php5.5-201304181030/sapi/cli/php_cli.c:993
#16 0x000055555560f31a in main (argc=2, argv=0x555555b7c3e0) at /usr/src/debug/php5.5-201304181030/sapi/cli/php_cli.c:1377


Patches

event-buffer-overflow.patch (last revision 2013-04-20 07:20 UTC by remi@php.net)

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2013-04-20 07:20 UTC] remi@php.net
The following patch has been added/updated:

Patch Name: event-buffer-overflow.patch
Revision:   1366442451
URL:        https://bugs.php.net/patch-display.php?bug=64679&patch=event-buffer-overflow.patch&revision=1366442451
 [2013-07-17 15:37 UTC] osmanov@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: osmanov
 [2013-07-17 15:37 UTC] osmanov@php.net
Applied your patch in relese 1.6.2.
Thanks!
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved.
Last updated: Sun Jan 05 00:01:29 2025 UTC