php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #22688 readfile()/get_file_contents() seg faults
Submitted: 2003-03-13 18:01 UTC Modified: 2003-03-18 11:52 UTC
From: cfield at affinitysolutions dot com Assigned:
Status: Closed Package: Reproducible crash
PHP Version: 4CVS-2003-03-13 (stable) OS: Solaris (64Bit)
Private report: No CVE-ID: None
 [2003-03-13 18:01 UTC] cfield at affinitysolutions dot com
Build flags/config options
LD_LIBRARY_PATH=/usr/local/lib/sparcv9:/usr/local/lib:/usr/local/ssl/lib:/usr/local/pgsql/lib:/usr/local/mysql/lib
PATH=/usr/local/mysql/bin:/usr/local/pgsql/bin:/usr/local/bin:$PATH:/usr/ccs/bin:/opt/sfw/bin//php
CFLAGS="-D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -mcpu=v9 -m64 -ggdb3"
export LD_OPTIONS="-64"
export LD_FLAGS="-64"
export CPPFLAGS=$CFLAGS
export CXXFLAGS=$CFLAGS
export CC=gcc
./configure  --host=sparcv9-sun-solaris2.9 --build=sparcv9-sun-solaris2.9 --enable-bcmath\
 --with-pgsql=/usr/local/pgsql  --enable-ftp --enable-inline-optimization    \
 --enable-sockets --enable-sysvsem  --enable-sysvshm  --enable-magic-quotes --with-bz2 \
--enable-calendar --with-ftp --enable-cli --with-mysql=/usr/local/mysql \
--enable-cli --disable-cgi --enable-debug --without-pear --disable-pear



//this segfaults 
<?
	file_get_contents("/tmp/test.txt"); 
?>

Stack Trace:
Program received signal SIGSEGV, Segmentation fault.
0x00000001001a34d4 in php_stdiop_cast (stream=0x1003e3140, castas=1, ret=0xffffffff7fffd164) at /usr/local/src/php4/main/streams.c:1535
1535                                    *ret = (void*)fd;
(gdb) where
#0  0x00000001001a34d4 in php_stdiop_cast (stream=0x1003e3140, castas=1, ret=0xffffffff7fffd164) at /usr/local/src/php4/main/streams.c:1535
#1  0x00000001001a49d8 in _php_stream_cast (stream=0x1003e3140, castas=1, ret=0xffffffff7fffd164, show_err=0) at /usr/local/src/php4/main/streams.c:2041
#2  0x00000001001a1954 in _php_stream_copy_to_mem (src=0x1003e3140, buf=0xffffffff7fffd298, maxlen=0, persistent=0, __php_stream_call_depth=0,
    __zend_filename=0x1002267d0 "/usr/local/src/php4/ext/standard/file.c", __zend_lineno=432, __zend_orig_filename=0x0, __zend_orig_lineno=0)
    at /usr/local/src/php4/main/streams.c:1096
#3  0x00000001000bac50 in zif_file_get_contents (ht=1, return_value=0x1003e2fe0, this_ptr=0x0, return_value_used=0) at /usr/local/src/php4/ext/standard/file.c:432
#4  0x000000010020ec68 in execute (op_array=0x1003deac0) at /usr/local/src/php4/Zend/zend_execute.c:1606
#5  0x00000001001f14c4 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /usr/local/src/php4/Zend/zend.c:864
#6  0x000000010018bcb4 in php_execute_script (primary_file=0xffffffff7ffff7e0) at /usr/local/src/php4/main/main.c:1636
#7  0x00000001002191c0 in main (argc=1, argv=0xffffffff7ffff8e8) at /usr/local/src/php4/sapi/cli/php_cli.c:753



This fixes:
cvs diff main/streams.c
Index: main/streams.c
===================================================================
RCS file: /repository/php4/main/Attic/streams.c,v
retrieving revision 1.125.2.37
diff -u -r1.125.2.37 streams.c
--- main/streams.c      6 Mar 2003 20:58:19 -0000       1.125.2.37
+++ main/streams.c      13 Mar 2003 23:32:16 -0000
@@ -1024,7 +1024,7 @@
        int ready = 0;
        char buf[8192];
 #ifdef HAVE_MMAP
-       int fd;
+       long fd;
 #endif

 #ifdef HAVE_MMAP
@@ -1076,7 +1076,7 @@
        int step = CHUNK_SIZE;
        int min_room = CHUNK_SIZE / 4;
 #if HAVE_MMAP
-       int srcfd;
+       long srcfd;
 #endif

        if (buf)

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-03-13 23:42 UTC] wez@php.net
If you compile PHP without the 64bit defines and options, do you get the same problem?

Could you paste here the declaration for mmap from your system headers and man page ?
 [2003-03-13 23:43 UTC] wez@php.net
and open(), close() etc.

 [2003-03-18 09:38 UTC] cfield at affinitysolutions dot com
The real way to fix this....


Index: main/streams.c
===================================================================
RCS file: /repository/php4/main/Attic/streams.c,v
retrieving revision 1.125.2.37
diff -u -u -r1.125.2.37 streams.c
--- main/streams.c      6 Mar 2003 20:58:19 -0000       1.125.2.37
+++ main/streams.c      8 Mar 2003 10:48:16 -0000
@@ -1532,7 +1532,7 @@
                        }
                        if (ret) {
                                fflush(data->file);
-                               *ret = (void*)fd;
+                               *(int*)ret = fd;
                        }
                        return SUCCESS;
                default:
 [2003-03-18 11:52 UTC] wez@php.net
already fixed in CVS a couple of days ago
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Sat Jul 24 22:01:23 2021 UTC