PHP :: Bug #21037 :: setcookie() with an expire argument causes a bus error

Bug #21037

setcookie() with an expire argument causes a bus error

Submitted:

2002-12-15 23:34 UTC

Modified:

2002-12-31 01:00 UTC

Votes:	2
Avg. Score:	4.0 ± 1.0
Reproduced:	2 of 2 (100.0%)
Same Version:	2 (100.0%)
Same OS:	1 (50.0%)

From:

jcs at rt dot fm

Assigned:

Status:

No Feedback

Package:

Reproducible crash

PHP Version:

4.2.3

OS:

OpenBSD 3.2 (sparc64)

Private report:

CVE-ID:

None

View Developer Edit

[2002-12-15 23:34 UTC] jcs at rt dot fm

Installed PHP 4.2.3 as a DSO with the mysql extension enabled.  Everything works fine until doing a setcookie() with any argument for the expiration, which results in:

[Sun Dec 15 22:35:57 2002] [notice] child pid 3155 exit signal Bus error (10)

The bug in its most basic form using the PHP CLI (no working gdb available, using pmdb):

$> pmdb ./php -r 'setcookie("test", "test", 1, "/");'
pmdb: Loading symbols from ./php at 0x0
pmdb> run
pmdb: process started with PID 6187
PMDB stopping child. signal: BUS
pmdb: Loading symbols from /usr/local/lib/libintl.so.1.1 at 0x40408000
pmdb: Loading symbols from /usr/local/lib/libiconv.so.3.0 at 0x40510000
pmdb: Loading symbols from /usr/lib/libz.so.2.0 at 0x40718000
pmdb: Loading symbols from /usr/lib/libssl.so.7.0 at 0x40828000
pmdb: Loading symbols from /usr/lib/libcrypto.so.9.0 at 0x4096a000
pmdb: Loading symbols from /usr/lib/libm.so.1.0 at 0x40baa000
pmdb: Loading symbols from /usr/lib/libc.so.29.0 at 0x40ce8000
pmdb: Loading symbols from /usr/libexec/ld.so at 0x40300000
pmdb: Loading symbols from /usr/local/lib/php/modules/mysql.so at 0x40ed8000
pmdb: Loading symbols from /usr/local/lib/libmysqlclient.so.10.0 at 0x40fe8000
pmdb> trace
zend_parse_arg_impl(0x1, 0x0, 0x0, 0x0, 0x0, 0x0)+0x47c
zend_parse_arg_impl(0x104b50, 0x47c, 0x28, 0x400, 0xffffffffffffcb48, 0x0)+0x8
zend_parse_arg(0x464c28, 0xffffffffffffcc08, 0xffffffffffffcbd8, 0x112d2f, 0x112d45, 0x110990)+0x50
zend_parse_va_args(0x3, 0x464c28, 0xffffffffffffcc08, 0xffffffffffffcbd8, 0x0, 0x40306188)+0x410
zend_parse_parameters(0x4, 0x282808, 0xffffffffffffcc08, 0x0, 0x0, 0x40306188)+0x40
zif_setcookie(0x4, 0x282808, 0xffffffffffffcd38, 0xffffffffffffcd14, 0xffffffffffffcd30, 0xffffffffffffcd10)+0x94
execute(0x4, 0x45ac58, 0x0, 0x0, 0x1e3054, 0x0)+0x4130
zend_eval_string(0x462118, 0x3da5f0, 0x246c44, 0x0, 0x0, 0x0)+0x1dc
main(0xffffffffffffd9c1, 0x0, 0x26bc20, 0x26b000, 0x4, 0x4)+0xfb4
___start(0x3, 0xffffffffffffd4d8, 0xffffffffffffd4f8, 0x3d4000, 0x0, 0x40305960)+0x80
_dl_start(0xffffffffffffd9b8, 0x3c34f8, 0x40306008, 0xffffffffffffd450, 0x40305968, 0x40300000)+0x40
pmdb> 

Using nothing for the expiration works without crashing:

$> pmdb ./php -r 'setcookie("test", "test", "", "/");'
pmdb: Loading symbols from ./php at 0x0
pmdb> run
pmdb: process started with PID 24403
PHP Warning:  setcookie() expects parameter 3 to be long, string given in Command line code on line 1
process exited with status 0
pmdb>

I cannot reproduce this on i386, so I'm assuming it's a 64-bit issue.  I cannot reproduce the crash on sparc64 with any other functions I've tried, other than setcookie.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2002-12-16 00:35 UTC] derick@php.net

It would help if you could try the latest RC, available through http://qa.php.net . THere is a big change this is fixed.

Derick

[2002-12-16 19:08 UTC] jcs at rt dot fm

RC3 doesn't even start...

$> pmdb ./php
pmdb: Loading symbols from ./php at 0x0
pmdb> run
pmdb: process started with PID 12195
PMDB stopping child. signal: BUS
pmdb: Loading symbols from /usr/local/lib/libintl.so.1.1 at 0x40408000
pmdb: Loading symbols from /usr/local/lib/libiconv.so.3.0 at 0x40510000
pmdb: Loading symbols from /usr/lib/libz.so.2.0 at 0x40718000
pmdb: Loading symbols from /usr/lib/libssl.so.7.0 at 0x40828000
pmdb: Loading symbols from /usr/lib/libcrypto.so.9.0 at 0x4096a000
pmdb: Loading symbols from /usr/lib/libm.so.1.0 at 0x40baa000
pmdb: Loading symbols from /usr/lib/libc.so.29.0 at 0x40ce8000
pmdb: Loading symbols from /usr/libexec/ld.so at 0x40300000
pmdb> trace
OnUpdateInt(0x1, 0x0, 0x0, 0x0, 0x0, 0x0)+0x10
OnUpdateInt(0x104b50, 0x10, 0x28, 0x400, 0xffffffffffffcc68, 0x0)+0x8
OnUpdate_zlib_output_compression_level(0x40a480, 0x21c2e0, 0x2, 0x8c, 0x36c438, 0x0)+0x20
zend_register_ini_entries(0x40a480, 0x21c2e0, 0x2, 0x8c, 0x36c438, 0x0)+0x104
zm_startup_zlib(0x346d40, 0x14, 0x78, 0x3, 0x14, 0x0)+0x7c
zend_startup_module(0x0, 0x14, 0x126534, 0x6, 0x0, 0x40306188)+0x30
php_startup_extensions(0x346c60, 0x0, 0x23, 0x6, 0x0, 0x40306188)+0x24
php_startup_internal_extensions(0x3591b0, 0x3591b0, 0x7ac0, 0x1, 0x0, 0x0)+0x1c
php_module_startup(0x0, 0x5c00, 0x231118, 0x2, 0x3, 0x0)+0x5b4
main(0x359038, 0x0, 0x0, 0x359100, 0x373cc8, 0x0)+0x120
___start(0x1, 0xffffffffffffd6a8, 0xffffffffffffd6b8, 0x36c000, 0x0, 0x40305960)+0x80
_dl_start(0xffffffffffffdb80, 0x36b0f8, 0x40306008, 0xffffffffffffd620, 0x40305968, 0x40300000)+0x40
pmdb> quit

[2002-12-31 01:00 UTC] php-bugs at lists dot php dot net

No feedback was provided for this bug for over 2 weeks, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Fri Oct 24 13:00:02 2025 UTC