php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #16905 mkdir crashes
Submitted: 2002-04-29 10:55 UTC Modified: 2002-05-06 13:35 UTC
Votes:7
Avg. Score:4.7 ± 0.5
Reproduced:6 of 6 (100.0%)
Same Version:5 (83.3%)
Same OS:5 (83.3%)
From: mav at alkar dot net Assigned:
Status: Closed Package: Scripting Engine problem
PHP Version: 4.2.0 OS: FreeBSD 4.5
Private report: No CVE-ID: None
 [2002-04-29 10:55 UTC] mav at alkar dot net
Simple test like this makes segmentation fault:
<?

  mkdir('1/fv',0777);

  echo('!!!!!!!!!!!!!!\n\n');

?>
This error occurs in both Apache DSO module and console version.
PHP configures as:
./configure  --with-apxs=/usr/local/apache/bin/apxs --with-config-file-path=/usr/local/apache/conf --with-mysql=
/usr/local/mysql --with-gd=/usr/local --enable-trans-sid --enable-versioning --enable-inline-optimization --enabl
e-ftp --enable-dbase --enable-gd-native-ttf --with-ttf --with-freetype-dir=/usr/local

Here is back trace by gdb from core file:
# gdb php /www/www/clients/alkar/hotline/hotline.alkar.net/php.core 
GNU gdb 4.18
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-unknown-freebsd"...
Core was generated by `php'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /usr/lib/libpam.so.1...done.
Reading symbols from /usr/local/mysql/lib/mysql/libmysqlclient.so.10...done.
Reading symbols from /usr/lib/libz.so.2...done.
Reading symbols from /usr/lib/libcrypt.so.2...done.
Reading symbols from /usr/local/lib/libgd.so.2...done.
Reading symbols from /usr/local/lib/libfreetype.so.9...done.
Reading symbols from /usr/lib/libm.so.2...done.
Reading symbols from /usr/lib/libc.so.4...done.
Reading symbols from /usr/local/lib/libpng.so.5...done.
Reading symbols from /usr/local/lib/libjpeg.so.9...done.
Reading symbols from /usr/libexec/ld-elf.so.1...done.
#0  0x80fed24 in execute (op_array=0x0) at ./zend_execute.c:1602
1602                                                    EX(Ts)[EX(opline)->result.u.var].var.ptr->is_ref = 0;
(gdb) bt
#0  0x80fed24 in execute (op_array=0x0) at ./zend_execute.c:1602
(gdb) 

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-04-29 16:16 UTC] sniper@php.net
I can not reproduce this with PHP 4.3.0.
Please try latest CVS snapshot from http://snaps.php.net/

 [2002-05-02 04:54 UTC] jason at jase dot org
I've just tried a 4.3.0 snapshot using the same test file as mav@alkar.net posted above.

Operating system is FreeBSD 4.5.

-----------------------------------------------------

php4-200205020000# ./php ~/test.php
X-Powered-By: PHP/4.3.0-dev
Content-type: text/html

<br />
<b>Warning</b>:  mkdir() failed (No such file or directory) in <b>/disk1/home/jase/bigmailbox/test.php</b> on line <b>3</b><br />
Segmentation fault (core dumped)
 [2002-05-02 06:04 UTC] jason at jase dot org
Just to further confuse the issue.  If I build the 4.3.0-DEV snaphost (php4-200205020000) with --enable-debug then it behaves normally.

Jason
 [2002-05-06 11:37 UTC] kalowsky@php.net
Happens in 4.2.1RC1 as well.  When compiled with --enable-debug, works fine.  When compiled with --disable-debug, it doesn't work
 [2002-05-06 13:35 UTC] jimw@php.net
This bug has been fixed in CVS. You can grab a snapshot of the
CVS version at http://snaps.php.net/

fix was merged into 4.2 branch, so it should be included in 4.2.1. (we were passing a pointer to a mode_t, which is a short on freebsd, and it was being treated elsewhere as a pointer to a long. this is the fun sort of bug that usually only shows up on non-debug builds.)
 [2002-05-07 08:23 UTC] jason at jase dot org
Hi,

I've submitted a pr to the FreeBSD php port maintainer, including a patch.  

The patch can be downloaded from: 

http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/37825

Jason
 [2002-05-29 18:18 UTC] pav at oook dot cz
I have very similar thing happening. Script is reading directory with a lot of image files, printing them in colors. The script crash as both mod_php4 in apache and command-line. It crash every time at same position, however it crash in different positions when called thru apache and when run from command line. Relevant part of script:

$handle = opendir("/home/pav/images/fit"); 
while ($fajl = readdir($handle)) {
	if ($fajl == "." || $fajl == "..") continue;
	echo '<a href="wow.php3?showme='.$fajl.'" target="_blank" style="color: '; 
	if ($rates[$fajl]) echo calclinkcolor($ratingy[$fajl]); 
	else echo calclinkcolor(-1);
	echo '">'.$fajl."</a>\n";
}
closedir($handle);

backtrace
#0  0x2836aaed in readdir_r () from /usr/lib/libc.so.4
(gdb) bt
#0  0x2836aaed in readdir_r () from /usr/lib/libc.so.4
#1  0x8091935 in php_if_readdir ()
#2  0x80ed79c in execute ()
#3  0x80d9171 in zend_execute_scripts ()
#4  0x8062406 in php_execute_script ()
#5  0x8060288 in main ()
#6  0x805f629 in _start ()

PHP 4.2.1, Apache 1.3.24, FreeBSD 4.5-STABLE
 [2002-05-29 18:20 UTC] pav at oook dot cz
Yeah sorry! Commented bad bug. Sorry. This apply to bug #15665. Sorry again.
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Thu Sep 16 20:03:36 2021 UTC