php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #19907 Segmentation fault during FETCH command
Submitted: 2002-10-14 12:58 UTC Modified: 2002-10-14 13:03 UTC
From: jonfray at mediation-telecom dot com Assigned:
Status: Closed Package: IMAP related
PHP Version: 4.2.3 OS: GNU/Linux 2.4.9-34smp
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: jonfray at mediation-telecom dot com
New email:
PHP Version: OS:

 

 [2002-10-14 12:58 UTC] jonfray at mediation-telecom dot com 
If a mail has a very very long Header
(From field for example) Apache get killed
and this kind of entry is added to the logfile :

[Mon Oct 14 19:27:05 2002] [notice] child pid 29327 exit signal Segmentation fault (11)

I know that the Header fields are normaly limited (1024 I think) in the IMAP RFC but extra chars should be skiped (if any)

thanks

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-10-14 13:03 UTC] iliaa@php.net 
This bug has been fixed in CVS.

In case this was a PHP problem, snapshots of the sources are packaged
every three hours; this change will be in the next snapshot. You can
grab the snapshot at http://snaps.php.net/.
 
In case this was a documentation problem, the fix will show up soon at
http://www.php.net/manual/.

In case this was a PHP.net website problem, the change will show
up on the PHP.net site and on the mirror sites in short time.
 
Thank you for the report, and for helping us make PHP better.

The crash occured due to the old code not being able to handle emails where there were more then 100 or so 'To:' headers.
 [2002-10-22 07:06 UTC] jonfray at mediation-telecom dot net 
As this bug is not fixed in php4-STABLE (only in php4-LATEST) here is a patch I made to correct this bug :
--- COPY START ---
[jonfray@localhost php-4.2.3]$ diff ext/imap/php_imap.c.old  ext/imap/php_imap.c
60a61
> #define PHP_IMAP_ADDRESS_SIZE_BUF 10
3592c3593
<       int ret=0;
---
>       int ret=0, num_ent=0;
3600a3602
>               num_ent++;
3604c3606
<       ret += (ret) ? MAILTMPLEN : 0;
---
>       ret += (ret) ? num_ent*PHP_IMAP_ADDRESS_SIZE_BUF : 0;
--- COPY STOP ---

And it works !
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Fri Apr 19 23:01:28 2024 UTC