php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #21406 Appending same filter twice causes segfault
Submitted: 2003-01-03 22:30 UTC Modified: 2011-04-11 01:01 UTC
From: pollita@php.net Assigned: cataphract (profile)
Status: Closed Package: Filesystem function related
PHP Version: 4CVS-2003-01-03 (dev) OS: linux
Private report: No CVE-ID: None
 [2003-01-03 22:30 UTC] pollita@php.net
The following code works fine when "stream_filter_append()" is called only once.  Adding the second call causes a segfault when fclose() is called.


<?php

class rot13_filter extends php_user_filter {
  function read($length) {
    $tempstr = parent::read($length);
    for($i = 0; $i < strlen($tempstr); $i++)
      if (($tempstr[$i] >= 'A' AND $tempstr[$i] <= 'M') OR
          ($tempstr[$i] >= 'a' AND $tempstr[$i] <= 'm')) $tempstr[$i] = chr(ord($tempstr[$i]) + 13);
      else if (($tempstr[$i] >= 'N' AND $tempstr[$i] <= 'Z') OR
               ($tempstr[$i] >= 'n' AND $tempstr[$i] <= 'z')) $tempstr[$i] = chr(ord($tempstr[$i]) - 13);
    return $tempstr;
  }

  function write($data) {
    for($i = 0; $i < strlen($data); $i++)
      if (($data[$i] >= 'A' AND $data[$i] <= 'M') OR
          ($data[$i] >= 'a' AND $data[$i] <= 'm')) $data[$i] = chr(ord($data[$i]) + 13);
      else if (($data[$i] >= 'N' AND $data[$i] <= 'Z') OR
               ($data[$i] >= 'n' AND $data[$i] <= 'z')) $data[$i] = chr(ord($data[$i]) - 13);
    return parent::write($data);
  }
}

stream_register_filter("rot13", "rot13_filter")
    or die("Failed to register filter");

$fp = fopen("foo-bar.txt", "r");

stream_filter_append($fp, "rot13");
stream_filter_append($fp, "rot13");

fwrite($fp, "Line1\n");
fwrite($fp, "Word - 2\n");
fwrite($fp, "Easy As 123\n");

fclose($fp);

?>

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-01-03 22:37 UTC] pollita@php.net
Correction... Any two filters:

stream_filter_append($fp, "rot13");
stream_filter_append($fp, "rot13");

or

stream_filter_append($fp, "rot13");
stream_filter_append($fp, "default");

or

stream_filter_append($fp, "default");
stream_filter_append($fp, "default");

all produce the same segfault when fclose()ing (presumably during the calls to write() or flush() in the filters).

Note: "default" was previously registered using:
stream_register_filter("default", "php_user_filter");
 [2003-01-04 04:41 UTC] wez@php.net
Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read
http://bugs.php.net/bugs-generating-backtrace.php

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.

Always include a backtrace in reports of segfaults or bus errors (it saves a good 15 minutes or more of my time!)
Thanks!
 [2003-01-04 13:54 UTC] pollita@php.net
The backtrace tottalled up to over 11MB so I've put it on a webserver for you to grab.  I also made a gzip -9 version to save downloading time.

http://169.229.139.97/backtrace      (~11.8MB)
http://169.229.139.97/backtrace.gz   (~530KB)

I can save you even that much downloading though by telling you that it seems the execution just goes into an infinite loop calling:

#1122 0x080b403a in userfilter_flush (stream=0x817ace4, thisfilter=0x817adb4, closing=1) at /home/sarag/cvs/php4/ext/standard/user_filters.c:255
#1123 0x080b3cce in zif_user_filter_flush (ht=1, return_value=0x82aeaf4, this_ptr=0x817ae34, return_value_used=1) at /home/sarag/cvs/php4/ext/standard/user_filters.c:107
#1124 0x080ed80c in call_user_function_ex (function_table=0x817a850, object_pp=0xbf826890, function_name=0xbf8268a0, retval_ptr_ptr=0xbf826894, param_count=1,
    params=0xbf826898, no_separation=0, symbol_table=0x0) at /home/sarag/cvs/php4/Zend/zend_execute_API.c:584

The pointers change, but the commands and the their sequence remain the same...over...and over...and over...and over...

An early morning guess would say that the filterhead chain isn't being setup properly.


Though as a slight aside, why does the fops structure show eof/dtor methods when user_filter.c calls them oncreate/onclose ?  When are oncreate/onclose called?
 [2003-01-06 17:41 UTC] wez@php.net
This bug has been fixed in CVS.

In case this was a PHP problem, snapshots of the sources are packaged
every three hours; this change will be in the next snapshot. You can
grab the snapshot at http://snaps.php.net/.
 
In case this was a documentation problem, the fix will show up soon at
http://www.php.net/manual/.

In case this was a PHP.net website problem, the change will show
up on the PHP.net site and on the mirror sites in short time.
 
Thank you for the report, and for helping us make PHP better.


 [2011-04-11 01:01 UTC] cataphract@php.net
-Assigned To: +Assigned To: cataphract
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Dec 21 12:01:31 2024 UTC