|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
[2014-12-23 12:20 UTC] xoJIog at inbox dot lv
Description: ------------ PHP segfaults when src is null in function php_strlcpy Expected result: ---------------- expected to check src Actual result: -------------- Program terminated with signal SIGSEGV, Segmentation fault. #0 0x084e4795 in php_strlcpy (dst=0xbd55f35c "", src=0x0, siz=1024) at /var/tmp/portage/dev-lang/php-5.5.19/work/sapis-build/fpm/main/strlcpy.c:78 78 /var/tmp/portage/dev-lang/php-5.5.19/work/sapis-build/fpm/main/strlcpy.c: No such file or directory. (gdb) bt #0 0x084e4795 in php_strlcpy (dst=0xbd55f35c "", src=0x0, siz=1024) at /var/tmp/portage/dev-lang/php-5.5.19/work/sapis-build/fpm/main/strlcpy.c:78 #1 0x082085a0 in mm_login (mb=0xbd55efbc, user=0xbd55f35c "", pwd=0xbd55f75c "", trial=0) at /var/tmp/portage/dev-lang/php-5.5.19/work/sapis-build/fpm/ext/imap/php_imap.c:5098 #2 0xa69a2e0b in imap_login () from /usr/lib/libc-client.so.1 #3 0xa69a1a17 in imap_open () from /usr/lib/libc-client.so.1 #4 0xa696dfd0 in mail_open_work () from /usr/lib/libc-client.so.1 #5 0xa696d943 in mail_open () from /usr/lib/libc-client.so.1 #6 0x081f82a2 in zif_imap_reopen (ht=3, return_value=0xce1ea48, return_value_ptr=0x0, this_ptr=0x0, return_value_used=1) at /var/tmp/portage/dev-lang/php-5.5.19/work/sapis-build/fpm/ext/imap/php_imap.c:1327 #7 0x085a75db in zend_do_fcall_common_helper_SPEC (execute_data=0xa42d4194) at /var/tmp/portage/dev-lang/php-5.5.19/work/sapis-build/fpm/Zend/zend_vm_execute.h:550 #8 0x085a7d4f in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0xa42d4194) at /var/tmp/portage/dev-lang/php-5.5.19/work/sapis-build/fpm/Zend/zend_vm_execute.h:685 #9 0x085a6d2b in execute_ex (execute_data=0xa42d4194) at /var/tmp/portage/dev-lang/php-5.5.19/work/sapis-build/fpm/Zend/zend_vm_execute.h:363 #10 0x085a6db9 in zend_execute (op_array=0xce00274) at /var/tmp/portage/dev-lang/php-5.5.19/work/sapis-build/fpm/Zend/zend_vm_execute.h:388 #11 0x08554b6d in zend_call_function (fci=0xbd560d74, fci_cache=0xbd560d60) at /var/tmp/portage/dev-lang/php-5.5.19/work/sapis-build/fpm/Zend/zend_execute_API.c:937 #12 0x0839a748 in zif_call_user_func_array (ht=2, return_value=0xce24148, return_value_ptr=0x0, this_ptr=0x0, return_value_used=1) at /var/tmp/portage/dev-lang/php-5.5.19/work/sapis-build/fpm/ext/standard/basic_functions.c:4806 #13 0x085a75db in zend_do_fcall_common_helper_SPEC (execute_data=0xa42d409c) at /var/tmp/portage/dev-lang/php-5.5.19/work/sapis-build/fpm/Zend/zend_vm_execute.h:550 #14 0x085a7d4f in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0xa42d409c) at /var/tmp/portage/dev-lang/php-5.5.19/work/sapis-build/fpm/Zend/zend_vm_execute.h:685 #15 0x085a6d2b in execute_ex (execute_data=0xa42d409c) at /var/tmp/portage/dev-lang/php-5.5.19/work/sapis-build/fpm/Zend/zend_vm_execute.h:363 #16 0x085a6db9 in zend_execute (op_array=0xccddd4c) at /var/tmp/portage/dev-lang/php-5.5.19/work/sapis-build/fpm/Zend/zend_vm_execute.h:388 #17 0x08554b6d in zend_call_function (fci=0xbd560f94, fci_cache=0xbd560f80) at /var/tmp/portage/dev-lang/php-5.5.19/work/sapis-build/fpm/Zend/zend_execute_API.c:937 #18 0x0839a748 in zif_call_user_func_array (ht=2, return_value=0xccfaff0, return_value_ptr=0x0, this_ptr=0x0, return_value_used=1) at /var/tmp/portage/dev-lang/php-5.5.19/work/sapis-build/fpm/ext/standard/basic_functions.c:4806 #19 0x085a75db in zend_do_fcall_common_helper_SPEC (execute_data=0xa42d3b08) at /var/tmp/portage/dev-lang/php-5.5.19/work/sapis-build/fpm/Zend/zend_vm_execute.h:550 #20 0x085a7d4f in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0xa42d3b08) at /var/tmp/portage/dev-lang/php-5.5.19/work/sapis-build/fpm/Zend/zend_vm_execute.h:685 #21 0x085a6d2b in execute_ex (execute_data=0xa42d3b08) at /var/tmp/portage/dev-lang/php-5.5.19/work/sapis-build/fpm/Zend/zend_vm_execute.h:363 #22 0x085a6db9 in zend_execute (op_array=0xa42ef25c) at /var/tmp/portage/dev-lang/php-5.5.19/work/sapis-build/fpm/Zend/zend_vm_execute.h:388 #23 0x08568228 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /var/tmp/portage/dev-lang/php-5.5.19/work/sapis-build/fpm/Zend/zend.c:1330 #24 0x084d4ece in php_execute_script (primary_file=0xbd565464) at /var/tmp/portage/dev-lang/php-5.5.19/work/sapis-build/fpm/main/main.c:2506 #25 0x08626668 in main (argc=5, argv=0xbd5655b4) at /var/tmp/portage/dev-lang/php-5.5.19/work/sapis-build/fpm/sapi/fpm/fpm/fpm_main.c:1949 PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
|
|||||||||||||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Sun Dec 14 15:00:01 2025 UTC |
--- main/strlcpy.c.orig 2014-12-23 14:23:25.451809947 +0200 +++ main/strlcpy.c 2014-12-23 14:25:13.439982613 +0200 @@ -73,7 +73,7 @@ register size_t n = siz; /* Copy as many bytes as will fit */ - if (n != 0 && --n != 0) { + if (n != 0 && --n != 0 && src) { do { if ((*d++ = *s++) == 0) break;