php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #67359 Segfault in recursiveDirectoryIterator
Submitted: 2014-05-29 13:55 UTC Modified: 2014-06-01 11:40 UTC
Votes:1
Avg. Score:1.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: kevin dot waterson at gmail dot com Assigned:
Status: Closed Package: SPL related
PHP Version: 5.6Git-2014-05-29 (Git) OS: Linux
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: kevin dot waterson at gmail dot com
New email:
PHP Version: OS:

 

 [2014-05-29 13:55 UTC] kevin dot waterson at gmail dot com 
Description:
------------
(gdb) bt
#0  0x0000000000a04d5d in zend_call_function (fci=0x7fffda4a13d0, fci_cache=0x7fffda4a1360, tsrm_ls=0x1d754b0)
    at /home/kevin/php/php5.6-201405270630/Zend/zend_execute_API.c:711
#1  0x0000000000a4220e in zend_call_method (object_pp=0x7fffda4a1490, obj_ce=0x1eb6df0, fn_proxy=0x7fed57b82238, function_name=0xe8d1a3 "valid", function_name_len=5, 
    retval_ptr_ptr=0x7fffda4a14b8, param_count=0, arg1=0x0, arg2=0x0, tsrm_ls=0x1d754b0) at /home/kevin/php/php5.6-201405270630/Zend/zend_interfaces.c:97
#2  0x00000000007a6037 in zim_spl_DirectoryIterator_seek (ht=1, return_value=0x7fed57b81b38, return_value_ptr=0x7fed57b46488, this_ptr=0x7fed57b7f4a8, return_value_used=0, 
    tsrm_ls=0x1d754b0) at /home/kevin/php/php5.6-201405270630/ext/spl/spl_directory.c:837
#3  0x0000000000a6c601 in zend_do_fcall_common_helper_SPEC (execute_data=0x7fed57b46620, tsrm_ls=0x1d754b0) at /home/kevin/php/php5.6-201405270630/Zend/zend_vm_execute.h:558
#4  0x0000000000a6d0df in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0x7fed57b46620, tsrm_ls=0x1d754b0)
    at /home/kevin/php/php5.6-201405270630/Zend/zend_vm_execute.h:693
#5  0x0000000000a6b830 in execute_ex (execute_data=0x7fed57b46620, tsrm_ls=0x1d754b0) at /home/kevin/php/php5.6-201405270630/Zend/zend_vm_execute.h:363
#6  0x0000000000a6b913 in zend_execute (op_array=0x7fed57b804d8, tsrm_ls=0x1d754b0) at /home/kevin/php/php5.6-201405270630/Zend/zend_vm_execute.h:388
#7  0x0000000000a1e5a3 in zend_execute_scripts (type=8, tsrm_ls=0x1d754b0, retval=0x0, file_count=3) at /home/kevin/php/php5.6-201405270630/Zend/zend.c:1330
#8  0x000000000095bc69 in php_execute_script (primary_file=0x7fffda4a4b30, tsrm_ls=0x1d754b0) at /home/kevin/php/php5.6-201405270630/main/main.c:2584
#9  0x0000000000aeb10a in do_cli (argc=2, argv=0x1d753d0, tsrm_ls=0x1d754b0) at /home/kevin/php/php5.6-201405270630/sapi/cli/php_cli.c:994
#10 0x0000000000aec49d in main (argc=2, argv=0x1d753d0) at /home/kevin/php/php5.6-201405270630/sapi/cli/php_cli.c:1378
(gdb) quit


Test script:
---------------
http://pastie.org/private/9fwdoeiukaip9dhyjlu1g

Expected result:
----------------
Exception

Actual result:
--------------
Seg Fault

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2014-05-29 14:10 UTC] rasmus@php.net
-Status: Open +Status: Verified
 [2014-05-29 14:10 UTC] rasmus@php.net 
Reproduced. Here is the relevant Valgrind output:

==27787== Invalid read of size 4
==27787==    at 0x86AECC: zim_spl_DirectoryIterator_seek (spl_directory.c:827)
==27787==    by 0xAAB89E: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:558)
==27787==    by 0xAAC075: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:693)
==27787==    by 0xAAAF13: execute_ex (zend_vm_execute.h:363)
==27787==    by 0xAAAF9C: zend_execute (zend_vm_execute.h:388)
==27787==    by 0xA65F2F: zend_execute_scripts (zend.c:1330)
==27787==    by 0x9CDEF1: php_execute_script (main.c:2584)
==27787==    by 0xB190AC: do_cli (php_cli.c:994)
==27787==    by 0xB1A3DA: main (php_cli.c:1378)
==27787==  Address 0x10d575f4 is not stack'd, malloc'd or (recently) free'd
==27787==
==27787== Invalid read of size 4
==27787==    at 0x86B073: zim_spl_DirectoryIterator_seek (spl_directory.c:835)
==27787==    by 0xAAB89E: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:558)
==27787==    by 0xAAC075: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:693)
==27787==    by 0xAAAF13: execute_ex (zend_vm_execute.h:363)
==27787==    by 0xAAAF9C: zend_execute (zend_vm_execute.h:388)
==27787==    by 0xA65F2F: zend_execute_scripts (zend.c:1330)
==27787==    by 0x9CDEF1: php_execute_script (main.c:2584)
==27787==    by 0xB190AC: do_cli (php_cli.c:994)
==27787==    by 0xB1A3DA: main (php_cli.c:1378)
==27787==  Address 0x10d575f4 is not stack'd, malloc'd or (recently) free'd
==27787==
==27787== Invalid read of size 8
==27787==    at 0xA861A0: zend_call_method (zend_interfaces.c:75)
==27787==    by 0x86AFBB: zim_spl_DirectoryIterator_seek (spl_directory.c:837)
==27787==    by 0xAAB89E: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:558)
==27787==    by 0xAAC075: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:693)
==27787==    by 0xAAAF13: execute_ex (zend_vm_execute.h:363)
==27787==    by 0xAAAF9C: zend_execute (zend_vm_execute.h:388)
==27787==    by 0xA65F2F: zend_execute_scripts (zend.c:1330)
==27787==    by 0x9CDEF1: php_execute_script (main.c:2584)
==27787==    by 0xB190AC: do_cli (php_cli.c:994)
==27787==    by 0xB1A3DA: main (php_cli.c:1378)
==27787==  Address 0x10d57610 is not stack'd, malloc'd or (recently) free'd
==27787==
==27787== Invalid write of size 8
==27787==    at 0xA8624D: zend_call_method (zend_interfaces.c:81)
==27787==    by 0x86AFBB: zim_spl_DirectoryIterator_seek (spl_directory.c:837)
==27787==    by 0xAAB89E: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:558)
==27787==    by 0xAAC075: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:693)
==27787==    by 0xAAAF13: execute_ex (zend_vm_execute.h:363)
==27787==    by 0xAAAF9C: zend_execute (zend_vm_execute.h:388)
==27787==    by 0xA65F2F: zend_execute_scripts (zend.c:1330)
==27787==    by 0x9CDEF1: php_execute_script (main.c:2584)
==27787==    by 0xB190AC: do_cli (php_cli.c:994)
==27787==    by 0xB1A3DA: main (php_cli.c:1378)
==27787==  Address 0x10d57610 is not stack'd, malloc'd or (recently) free'd
==27787==
==27787== Invalid read of size 8
==27787==    at 0xA861A0: zend_call_method (zend_interfaces.c:75)
==27787==    by 0x86B04D: zim_spl_DirectoryIterator_seek (spl_directory.c:845)
==27787==    by 0xAAB89E: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:558)
==27787==    by 0xAAC075: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:693)
==27787==    by 0xAAAF13: execute_ex (zend_vm_execute.h:363)
==27787==    by 0xAAAF9C: zend_execute (zend_vm_execute.h:388)
==27787==    by 0xA65F2F: zend_execute_scripts (zend.c:1330)
==27787==    by 0x9CDEF1: php_execute_script (main.c:2584)
==27787==    by 0xB190AC: do_cli (php_cli.c:994)
==27787==    by 0xB1A3DA: main (php_cli.c:1378)
==27787==  Address 0x10d57608 is not stack'd, malloc'd or (recently) free'd
==27787==
==27787== Invalid write of size 8
==27787==    at 0xA8624D: zend_call_method (zend_interfaces.c:81)
==27787==    by 0x86B04D: zim_spl_DirectoryIterator_seek (spl_directory.c:845)
==27787==    by 0xAAB89E: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:558)
==27787==    by 0xAAC075: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:693)
==27787==    by 0xAAAF13: execute_ex (zend_vm_execute.h:363)
==27787==    by 0xAAAF9C: zend_execute (zend_vm_execute.h:388)
==27787==    by 0xA65F2F: zend_execute_scripts (zend.c:1330)
==27787==    by 0x9CDEF1: php_execute_script (main.c:2584)
==27787==    by 0xB190AC: do_cli (php_cli.c:994)
==27787==    by 0xB1A3DA: main (php_cli.c:1378)
==27787==  Address 0x10d57608 is not stack'd, malloc'd or (recently) free'd
==27787==
==27787== Invalid read of size 8
==27787==    at 0xA8625B: zend_call_method (zend_interfaces.c:84)
==27787==    by 0x86AFBB: zim_spl_DirectoryIterator_seek (spl_directory.c:837)
==27787==    by 0xAAB89E: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:558)
==27787==    by 0xAAC075: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:693)
==27787==    by 0xAAAF13: execute_ex (zend_vm_execute.h:363)
==27787==    by 0xAAAF9C: zend_execute (zend_vm_execute.h:388)
==27787==    by 0xA65F2F: zend_execute_scripts (zend.c:1330)
==27787==    by 0x9CDEF1: php_execute_script (main.c:2584)
==27787==    by 0xB190AC: do_cli (php_cli.c:994)
==27787==    by 0xB1A3DA: main (php_cli.c:1378)
==27787==  Address 0x10d57610 is not stack'd, malloc'd or (recently) free'd
==27787==
==27787== Invalid read of size 8
==27787==    at 0xA8625B: zend_call_method (zend_interfaces.c:84)
==27787==    by 0x86B04D: zim_spl_DirectoryIterator_seek (spl_directory.c:845)
==27787==    by 0xAAB89E: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:558)
==27787==    by 0xAAC075: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:693)
==27787==    by 0xAAAF13: execute_ex (zend_vm_execute.h:363)
==27787==    by 0xAAAF9C: zend_execute (zend_vm_execute.h:388)
==27787==    by 0xA65F2F: zend_execute_scripts (zend.c:1330)
==27787==    by 0x9CDEF1: php_execute_script (main.c:2584)
==27787==    by 0xB190AC: do_cli (php_cli.c:994)
==27787==    by 0xB1A3DA: main (php_cli.c:1378)
==27787==  Address 0x10d57608 is not stack'd, malloc'd or (recently) free'd
 [2014-06-01 11:40 UTC] laruence@php.net
-Summary: Seg Fault +Summary: Segfault in recursiveDirectoryIterator
 [2014-06-01 11:43 UTC] laruence@php.net 
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=38be99b739c6ad55b01fe304a083e7a1e36c05ee
Log: Fixed bug #67359 (Segfault in recursiveDirectoryIterator)
 [2014-06-01 11:43 UTC] laruence@php.net
-Status: Verified +Status: Closed
 [2014-06-01 15:05 UTC] laruence@php.net 
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=38be99b739c6ad55b01fe304a083e7a1e36c05ee
Log: Fixed bug #67359 (Segfault in recursiveDirectoryIterator)
 [2014-06-04 01:22 UTC] tyrael@php.net 
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=38be99b739c6ad55b01fe304a083e7a1e36c05ee
Log: Fixed bug #67359 (Segfault in recursiveDirectoryIterator)
 [2014-06-06 07:00 UTC] ab@php.net 
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=38be99b739c6ad55b01fe304a083e7a1e36c05ee
Log: Fixed bug #67359 (Segfault in recursiveDirectoryIterator)
 [2014-06-06 07:07 UTC] ab@php.net 
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=38be99b739c6ad55b01fe304a083e7a1e36c05ee
Log: Fixed bug #67359 (Segfault in recursiveDirectoryIterator)
 [2014-07-29 21:56 UTC] johannes@php.net 
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=b5051ff939eb9dbada8ce10fbea8cf37e50b5a36
Log: Fixed bug #67359 (Segfault in recursiveDirectoryIterator)
 [2014-08-13 13:27 UTC] aavindraa at gmail dot com 
Is there any chance of this patch going to the 5.5 branch?
 [2014-08-14 15:34 UTC] johannes@php.net 
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=b5051ff939eb9dbada8ce10fbea8cf37e50b5a36
Log: Fixed bug #67359 (Segfault in recursiveDirectoryIterator)
 [2014-08-14 19:32 UTC] dmitry@php.net 
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=b5051ff939eb9dbada8ce10fbea8cf37e50b5a36
Log: Fixed bug #67359 (Segfault in recursiveDirectoryIterator)
 [2014-10-07 23:13 UTC] stas@php.net 
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=b5051ff939eb9dbada8ce10fbea8cf37e50b5a36
Log: Fixed bug #67359 (Segfault in recursiveDirectoryIterator)
 [2014-10-07 23:14 UTC] stas@php.net 
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=38be99b739c6ad55b01fe304a083e7a1e36c05ee
Log: Fixed bug #67359 (Segfault in recursiveDirectoryIterator)
 [2014-10-07 23:25 UTC] stas@php.net 
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=b5051ff939eb9dbada8ce10fbea8cf37e50b5a36
Log: Fixed bug #67359 (Segfault in recursiveDirectoryIterator)
 [2014-10-07 23:26 UTC] stas@php.net 
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=38be99b739c6ad55b01fe304a083e7a1e36c05ee
Log: Fixed bug #67359 (Segfault in recursiveDirectoryIterator)
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Nov 21 10:01:29 2024 UTC