PHP :: Bug #23483 :: segfault when file uploading and using ADOdb

Bug #23483	segfault when file uploading and using ADOdb
Submitted:	2003-05-04 18:45 UTC	Modified:	2003-05-04 20:49 UTC
From:	chip at cyan dot com	Assigned:
Status:	Not a bug	Package:	Reproducible crash
PHP Version:	4CVS-2003-05-04 (stable)	OS:	Lunar-Linux (the edge)
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	chip at cyan dot com
New email:
PHP Version:		OS:

New Comment:

[2003-05-04 18:45 UTC] chip at cyan dot com

This is happening with a script that takes a http POST file upload.  It then inserts the uploaded file into a SQL database using the ADOdb abstraction layer.  This project is over 40,000 lines, so it is difficult to rip one page out of it.  I try to get this into a reasonablely small packaged script later.

Here is the script:
http://php.red-illusions.dk/pasteit.php?id=191
(again, much of it won't make sense since much of the stuff is done outside this file.)

This happens everytime using:
Server version: Apache/2.0.45-dev
Server built:   Mar  8 2003 14:55:15

And PHP Snaps from:
2003-03-08 06:30
2003-05-04 21:30 (newest one)(and --enable-debug)

After starting httpd in GDB using httpd -X -k start, 
and as soon as I visit this page and upload any file, 
I get my segfault. I do not get it by just visiting the page by itself, without any upload POSTs.

Here is a full backtrace:

(gdb) bt full
#0  0x4021a92c in vfprintf () from /lib/libc.so.6
No symbol table info available.
#1  0x4023741c in vsprintf () from /lib/libc.so.6
No symbol table info available.
#2  0x40224d3d in sprintf () from /lib/libc.so.6
No symbol table info available.
#3  0x40445a38 in _convert_to_string (op=0x82af4a0, __zend_filename=0x40498720 "/home/httpd/src/php4-STABLE-200305042130/Zend/zend_execute.c",
    __zend_lineno=2446) at /home/httpd/src/php4-STABLE-200305042130/Zend/zend_operators.c:453
        lval = -1086320020
        dval = 2.08422883873882e-269
        tsrm_ls = (void ***) 0xbf40126c
#4  0x4045e481 in execute (op_array=0x8339fe8, tsrm_ls=0x81d64e0) at /home/httpd/src/php4-STABLE-200305042130/Zend/zend_execute.c:2446

        restored_error_reporting = {value = {lval = 137032864, dval = 1.7871824991067897e-262, str = {val = 0x82af4a0 'Z' <repeats 19 times>, "\204?\217*",
      len = 160858800}, ht = 0x82af4a0, obj = {ce = 0x82af4a0, properties = 0x99682b0}}, type = 1 '\001', is_ref = 23 '\027', refcount = 48960}
        execute_data = {opline = 0x833aa20, function_state = {function_symbol_table = 0x0, function = 0x8339fe8, reserved = {0x404511c5, 0x9968330,
      0x40477f9c, 0x5}}, fbc = 0x0, ce = 0x0, object = {ptr = 0x0}, Ts = 0xbf4013a8, original_in_execution = 1 '\001', op_array = 0x8339fe8,
  prev_execute_data = 0xbf401e8c}
#5  0x4045eecf in execute (op_array=0x82c26e0, tsrm_ls=0x81d64e0) at /home/httpd/src/php4-STABLE-200305042130/Zend/zend_execute.c:1650
        execute_data = {opline = 0x8302054, function_state = {function_symbol_table = 0x99682b0, function = 0x8339fe8, reserved = {0x404511c5, 0x9968098,
      0x40477f9c, 0x5}}, fbc = 0x8339fe8, ce = 0x0, object = {ptr = 0x99668f8}, Ts = 0xbf401818, original_in_execution = 1 '\001', op_array = 0x82c26e0,
  prev_execute_data = 0xbf403e9c}

...continued execute....

I noticed a simular backtrace in bug #20388 and they suggested trying to catch this in Xdebug ( http://xdebug.derickrethans.nl/ ) if i was entering a recursive function calling loop.  Loading this made no difference for me.

Configure Line:
'./configure' \
'--enable-sysvmsg' \
'--enable-sysvsem' \
'--enable-sysvshm' \
'--enable-sockets' \
'--with-mysql=/home/mysql/mysql-4' \
'--enable-ftp' \
'--enable-ipv6' \
'--with-gd' \
'--enable-gd-native-ttf' \
'--with-jpeg-dir=/usr/local/lib' \
'--with-freetype-dir=/usr' \
'--with-apxs2=/home/httpd/apache2/bin/apxs' \
'--with-zlib-dir=/usr/lib' \
'--enable-debug' \


-chip

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2003-05-04 20:49 UTC] chip at cyan dot com

It looks like it was a bug inside a while loop deep inside some of my code.


Still. Not cool that it was able to kill PHP like that.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Apr 18 19:01:30 2024 UTC