PHP :: Bug #15665 :: readdir() crashes

Bug #15665

readdir() crashes

Submitted:

2002-02-21 17:24 UTC

Modified:

2002-07-18 01:00 UTC

Votes:	3
Avg. Score:	3.3 ± 1.7
Reproduced:	2 of 3 (66.7%)
Same Version:	0 (0.0%)
Same OS:	1 (50.0%)

From:

david at acz dot org

Assigned:

Status:

No Feedback

Package:

Directory function related

PHP Version:

4.1.1

OS:

FreeBSD 4.4-STABLE

Private report:

CVE-ID:

None

View Developer Edit

[2002-02-21 17:24 UTC] david at acz dot org

readdir() is consistently crashing PHP in one of my scripts.  Unfortunately, I can't reproduce the problem with a small test script, for some reason.  However, the function that is causing PHP to scrash is shown below.  It is crashing after a number of readdir() calls:

    function list_dir($name)
    {
        $d = opendir($name);
        while ($s = readdir($d))
            if (($s != ".") && ($s != ".."))
                $a[] = $s;
        closedir($d);
        return isset($a) ? $a : false;
    }

This is the CGI version, running from the command line.  A backtrace is shown below:

(gdb) bt
#0  0x286ed20d in readdir_r () from /usr/lib/libc.so.4
#1  0x80dbd9b in php_if_readdir ()
#2  0x8146e04 in execute ()
#3  0x8146ffd in execute ()
#4  0x8146ffd in execute ()
#5  0x8146ffd in execute ()
#6  0x8129418 in zend_execute_scripts ()
#7  0x806e6be in php_execute_script ()
#8  0x806c8d0 in main ()
#9  0x806bcd3 in _start ()

I can provide more information if necessary.  PHP was compiled from ports within the last week.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2002-02-21 18:50 UTC] mfischer@php.net

Can you enable --with-debug please and post a backtrace?

Btw, how often have you to call readdir() until it crashes?

Btw, your code won't work for directories containing files or dirs naming like '0'; see the manual page and use 'while (false !== ($s = readdir() ...'

Also, can you try the source relese itself please and not a/the port?

[2002-02-21 19:30 UTC] david at acz dot org

I'll compile PHP from source with debugging and test tomorrow.  Can't do it today since I just changed the code to exec find, and it already processed today's files (is a webserver log processing helper script).   You're right, I know about the 0/false issue, but I was lazy since all the filenames will always be fully qualified hostnames :)

I don't remember exactly how many times readdir() was being called before it crashed, but probably somewhere between 100-200.  When it first crashed, I noticed I had been calling that function a lot without using closedir(), but after I added it and only called it once on a single directory, it still crashed.

[2002-02-22 03:47 UTC] david at acz dot org

The option is --enable-debug, right?  --with-debug appeared to do nothing.  When compiled with --enable-debug, the script did not crash.  But it certainly crashes with a normal build without debugging.

[2002-04-13 08:54 UTC] noemail at a dot ml

I have the same problems with a script under freebsd4.5-release.
It just started crasching out of nothing. No change in the dirscancode, no change on the server. Worked just fine before yesterday. The only way to run the script now is to press the updatebutton in internetexplorer several times quite quickly, it works when I do so (I get about 5-6 httpds wotrking in the background).
This is so strange.

[2002-04-13 08:55 UTC] noemail at a dot ml

forgon to tell you...
apache 1.3.22 and php4.1.1 (both from the ports collection)

[2002-05-08 04:33 UTC] jason at jase dot org

See:

http://bugs.php.net/bug.php?id=16905 (closed)
&&
http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/37825 (patch)

Jason

[2002-05-08 04:35 UTC] jason at jase dot org

Ok, ignore that :) Maybe its related?

[2002-05-08 04:49 UTC] david at acz dot org

I had the mkdir problem in 4.1.1 under FreeBSD, but it appears to be fixed in 4.2.1RC2:

http://bugs.php.net/bug.php?id=17034

[2002-05-29 18:21 UTC] pav at oook dot cz

I have very similar thing happening. Script is reading directory with a
lot of image files, printing them in colors. The script crash as both
mod_php4 in apache and command-line. It crash every time at same
position, however it crash in different positions when called thru
apache and when run from command line. Relevant part of script:

$handle = opendir("/home/pav/images/fit"); 
while ($fajl = readdir($handle)) {
	if ($fajl == "." || $fajl == "..") continue;
	echo '<a href="wow.php3?showme='.$fajl.'" target="_blank" style="color:
'; 
	if ($rates[$fajl]) echo calclinkcolor($ratingy[$fajl]); 
	else echo calclinkcolor(-1);
	echo '">'.$fajl."</a>\n";
}
closedir($handle);

backtrace
#0  0x2836aaed in readdir_r () from /usr/lib/libc.so.4
(gdb) bt
#0  0x2836aaed in readdir_r () from /usr/lib/libc.so.4
#1  0x8091935 in php_if_readdir ()
#2  0x80ed79c in execute ()
#3  0x80d9171 in zend_execute_scripts ()
#4  0x8062406 in php_execute_script ()
#5  0x8060288 in main ()
#6  0x805f629 in _start ()

PHP 4.2.1, Apache 1.3.24, FreeBSD 4.5-STABLE

[2002-05-29 18:34 UTC] mfischer@php.net

Please recompile php with debug symbols (--enable-debug) and provide a backtrace.

[2002-05-30 16:38 UTC] pav at oook dot cz

Here it is:

~/www/local/wow $ gdb php php.core
GNU gdb 4.18
Core was generated by `php'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /usr/lib/libpam.so.1...done.
Reading symbols from /usr/lib/libcrypt.so.2...done.
Reading symbols from /usr/lib/libm.so.2...done.
Reading symbols from /usr/lib/libc.so.4...done.
Reading symbols from /usr/libexec/ld-elf.so.1...done.
#0  0x2822daed in readdir_r () from /usr/lib/libc.so.4
(gdb) bt
#0  0x2822daed in readdir_r () from /usr/lib/libc.so.4
#1  0x809909d in php_if_readdir (ht=1, return_value=0x82fa724, this_ptr=0x0,
    return_value_used=1) at dir.c:341
#2  0x8139522 in execute (op_array=0x81c3224) at ./zend_execute.c:1598
#3  0x8112e91 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at zend.c:810
#4  0x806064d in php_execute_script (primary_file=0xbfbff984) at main.c:1381
#5  0x805dd10 in main (argc=3, argv=0xbfbffa00) at cgi_main.c:778
#6  0x805ce25 in _start ()


Can you make something from it?

[2002-06-17 20:31 UTC] sniper@php.net

Can you please try this snapshot:
http://snaps.php.net/php4-latest.tar.gz

[2002-07-18 01:00 UTC] php-bugs at lists dot php dot net

No feedback was provided for this bug for over a month, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Wed Nov 27 23:01:27 2024 UTC