php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #17150 combining define() and resources causes a segfault
Submitted: 2002-05-10 21:39 UTC Modified: 2002-09-13 06:27 UTC
Votes:3
Avg. Score:2.3 ± 0.9
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: jgouveia at accao dot net Assigned:
Status: Closed Package: Directory function related
PHP Version: 4.1.2 OS: LInux 2.4.18
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: jgouveia at accao dot net
New email:
PHP Version: OS:

 

 [2002-05-10 21:39 UTC] jgouveia at accao dot net
This probably doesn't matter much but.
Due to a faulty copy/paste on a script, i noticed that apache segfaults on the following code:
<? 
define("FOOBAR",opendir("/tmp/"));
$foo=opendir("/etc/");
?>

Obviously this code is incorrect, but still you might find usefull to correct the segfault.

error.log:
[Sat May 11 02:32:51 2002] [notice] child pid 13397 exit signal Segmentation fault (11)
(repeats)

Regards,

Joao Gouveia

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-05-10 22:02 UTC] mfischer@php.net
Reproduced, there's something weird going on:

$ ~/php/4.1.2d/bin/php -v
4.1.2

Program received signal SIGSEGV, Segmentation fault.
0x0811565b in zend_hash_index_find (ht=0x81893c4, h=1, pData=0xbffff0c8) at zend_hash.c:935
935                     if ((p->h == h) && (p->nKeyLength == 0)) {
(gdb) bt
#0  0x0811565b in zend_hash_index_find (ht=0x81893c4, h=1, pData=0xbffff0c8) at zend_hash.c:935
#1  0x081161af in _zend_list_delete (id=1) at zend_list.c:53
#2  0x0810dc61 in _zval_dtor (zvalue=0x81aed20, __zend_filename=0x815f0b1 "zend_constants.c", __zend_lineno=32) at zend_variables.c:64
#3  0x08104a35 in free_zend_constant (c=0x81aed20) at zend_constants.c:32
#4  0x0811458e in zend_hash_del_key_or_index (ht=0x8189cd8, arKey=0x81ad710 "foobar", nKeyLength=7, h=1711630034, flag=0) at zend_hash.c:512
#5  0x08114e27 in zend_hash_reverse_apply (ht=0x8189cd8, apply_func=0x8104ae8 <clean_non_persistent_constant>) at zend_hash.c:741
#6  0x08104e46 in clean_non_persistent_constants () at zend_constants.c:166
#7  0x08105677 in shutdown_executor () at zend_execute_API.c:199
#8  0x0810ee66 in zend_deactivate () at zend.c:600
#9  0x0805f65f in php_request_shutdown (dummy=0x0) at main.c:735
#10 0x0805dfb3 in main (argc=3, argv=0xbffffb04) at cgi_main.c:776
#11 0x400bb6cf in __libc_start_main () from /lib/libc.so.6

$ php -v
PHP 4.3.0-dev (cli)
Zend Engine v1.2.1, Copyright (c) 1998-2002 Zend Technologies

$ php -f 17150.php 
/home/mfischer/isrc/cvs/php4/Zend/zend_hash.c(948) : ht=0x081f5864 is already destroyed

 [2002-05-10 22:23 UTC] jimw@php.net
it's not exclusive to opendir(). this blows up, too:

<?
$baz = fopen("/tmp/foo","w");
define("FOOBAR",$baz);
$foo=fopen("/tmp/bar", "w");
?>

(should you even be able to define() a resource? seems like a recipe for trouble.)
 [2002-09-13 06:27 UTC] iliaa@php.net
This bug has been fixed in CVS.

In case this was a PHP problem, snapshots of the sources are packaged
every three hours; this change will be in the next snapshot. You can
grab the snapshot at http://snaps.php.net/.
 
In case this was a documentation problem, the fix will show up soon at
http://www.php.net/manual/.

In case this was a PHP.net website problem, the change will show
up on the PHP.net site and on the mirror sites in short time.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Mon Dec 06 15:03:34 2021 UTC