php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #24301 readfile() and fpassthru() die with SEGV on a 64k file
Submitted: 2003-06-23 14:50 UTC Modified: 2004-03-09 08:14 UTC
Votes:7
Avg. Score:4.7 ± 0.7
Reproduced:7 of 7 (100.0%)
Same Version:4 (57.1%)
Same OS:4 (57.1%)
From: hessu at hes dot iki dot fi Assigned:
Status: Closed Package: Apache2 related
PHP Version: 4CVS-2003-06-23 (stable) OS: linux 2.4.20
Private report: No CVE-ID: None
View Developer Edit
 [2003-06-23 14:50 UTC] hessu at hes dot iki dot fi 
Description:
------------
php-4.3.2 and php4-STABLE-200306231730 on apache-2.0.46, RedHat Linux on i386, vanilla 2.4.20 kernel, gcc version 3.2 20020903 (Red Hat Linux 8.0 3.2-7).

When trying to send a binary or ascii file of exactly 65536 bytes using readfile() or fpassthru(), the httpd process dies with a SIGSEGV. If the file is 65535 or 65537 bytes long, it is sent out just fine. 32768 and 131072 bytes do not seem to crash, either.

The same source file does not crash the command line version of php.


Reproduce code:
---------------
$ cat 64kcrash.php
<? readfile("64k-of-data"); ?>
$
$ dd if=/dev/urandom of=64k-of-data bs=1 count=65536
OR
$ perl -e 'print "a" ? 65536;' > 64k-of-data


Expected result:
----------------
The contents of the file should be sent.

Actual result:
--------------
[Mon Jun 23 22:46:56 2003] [notice] child pid 7805 exit signal Segmentation fault (11)

client gets EOF after sending the request.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-06-23 21:29 UTC] sniper@php.net 
I can not reproduce this within Apache 1.3.27. Could you please try that too to make sure it's just apache2 related issue..(FYI: Apache2 with PHP is really not ready for production use)
 [2003-06-30 03:32 UTC] wez@php.net 
Use apache1; apache2 + php is not a production combination as you have discovered.
 [2003-06-30 05:51 UTC] sniper@php.net 
Please give the requested feedback or let this report rot..
 [2004-03-08 17:01 UTC] joseph at serengeti dot com 
FreeBSD 4.9 Release
mod_php4-4.3.4_6
apache 2.0.48

fpassthrough and readfile both cause a segv intermittently with the following file, there may be others this is the only one I tested with. 
-rw-rw-rw-  1 builder  wheel   1802240 Mar  1 16:13 BRTL_STE_4-5-0-7.exe

as you can see this is not 2^x file size but my symptoms are identical and were fixed the same way
(by changing to fopen,fread,print)

I fixed readfile by changing 
#define HAVE_MMAP to #undef HAVE_MMAP
in main/php_config.h
and rebuilding. That may or may not be usefull to you.
 [2004-03-09 02:00 UTC] hessu at hes dot iki dot fi 
The bug is still present in php 4.3.4 with apache 2.0.48, Linux 2.6.3. The bug does not appear with apache 1.3.
 [2004-03-09 07:25 UTC] sniper@php.net 
Please try using this CVS snapshot:

  http://snaps.php.net/php4-STABLE-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php4-win32-STABLE-latest.zip

Also tell us what MPM you're using with Apache2.
 [2004-03-09 08:01 UTC] hessu at hes dot iki dot fi 
Thank you, php4-STABLE-200403091230 appears to fix this problem for me. I re-tested by doing 'make install' with php-4.3.4, restarting apache, verifying the crash, installing 
php4-STABLE-200403091230, restarting, and verifying it does not crash.

I'm using the prefork MPM, apache 2.0.48, php configured with:

GCC=gcc CFLAGS="-O3 -march=pentium2" ./configure --enable-memory-limit=yes --enable-debug=no --with-gd --with-zlib --enable-sockets --with-openssl=/opt/openssl-0.9.7c --with-apxs2=/opt/apache-2.0.48/bin/apxs --with-jpeg-dir=/usr --with-png-dir=/usr --with-mcrypt --prefix=/opt/apache-2.0.48/php-4.3.4 --with-config-file-path=/opt/apache-2.0.48/php-4.3.4 --with-mysql=/opt/mysql-4.1.1 --with-curl
 [2004-03-09 08:14 UTC] sniper@php.net 
Fixed -> closed.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Thu Oct 30 15:00:01 2025 UTC