php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #25170 Segmentation Fault str_shuffle
Submitted: 2003-08-20 04:37 UTC Modified: 2003-08-20 12:00 UTC
Votes:3
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: s dot masugata at digicom dot dnp dot co dot jp Assigned:
Status: Closed Package: Strings related
PHP Version: 4.3.3RC4 OS: Solaris 2.6
Private report: No CVE-ID:
 [2003-08-20 04:37 UTC] s dot masugata at digicom dot dnp dot co dot jp
Description:
------------
Segmentation Fault str_suffle.

http://www.php.net/manual/en/function.str-shuffle.php

FreeBSD 4.8-RELEASE:No problem.
Linux 2.2.14-5.0:No problem.
SunOS 5.6 Generic_105181-23 sun4u :Those with a problem.

Reproduce code:
---------------
<?php
$str = 'abcdef';
$shuffled = str_shuffle($str);

// This will print something like: bfdaec
print $shuffled;
?>



Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-08-20 04:43 UTC] derick@php.net
Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read
http://bugs.php.net/bugs-generating-backtrace.php

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.
 [2003-08-20 06:30 UTC] s dot masugata at digicom dot dnp dot co dot jp
Hi, derick.

backtrace sent.

----------------------------------------------

# gdb /usr/local/Apache1.3.27_PHP4/bin/httpd
GNU gdb 5.3
Copyright 2002 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "sparc-sun-solaris2.6"...
(gdb) run -X -f /usr/local/Apache1.3.27_PHP4/conf/httpd.conf
Starting program: /usr/local/Apache1.3.27_PHP4/bin/httpd -X -f /usr/local/Apache1.3.27_PHP4/conf/httpd.conf
[New LWP 1]
[New LWP 2]
[New LWP 3]
[New LWP 4]

Program received signal SIGSEGV, Segmentation fault.
0xee5fd140 in php_string_shuffle (str=0x174408 "abcdef", len=6) at /usr/local/src/php-4.3.3RC4/ext/standard/string.c:4010
4010                            str[n_left] = str[rnd_idx];
(gdb) where
#0  0xee5fd140 in php_string_shuffle (str=0x174408 "abcdef", len=6) at /usr/local/src/php-4.3.3RC4/ext/standard/string.c:4010
#1  0xee5fd360 in zif_str_shuffle (ht=1, return_value=0x1743c0, this_ptr=0x0, return_value_used=1)
    at /usr/local/src/php-4.3.3RC4/ext/standard/string.c:4031
#2  0xee6fc7e4 in execute (op_array=0x1740e0) at /usr/local/src/php-4.3.3RC4/Zend/zend_execute.c:1616
#3  0xee6df92c in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /usr/local/src/php-4.3.3RC4/Zend/zend.c:885
#4  0xee680900 in php_execute_script (primary_file=0xeffff310) at /usr/local/src/php-4.3.3RC4/main/main.c:1721
#5  0xee703874 in apache_php_module_main (r=0x15d8e8, display_source_mode=0)
    at /usr/local/src/php-4.3.3RC4/sapi/apache/sapi_apache.c:54
#6  0xee7050b8 in send_php (r=0x15d8e8, display_source_mode=0, filename=0x15e960 "/WWW/Web/gaia/Masugata/test.php")
    at /usr/local/src/php-4.3.3RC4/sapi/apache/mod_php4.c:620
#7  0xee70513c in send_parsed_php (r=0x15d8e8) at /usr/local/src/php-4.3.3RC4/sapi/apache/mod_php4.c:635
#8  0x0001ef38 in ap_invoke_handler ()
#9  0x0003e060 in process_request_internal ()
#10 0x0003e0e4 in ap_process_request ()
#11 0x00030bf8 in child_main ()
#12 0x00030e8c in make_child ()
#13 0x000310a8 in startup_children ()
#14 0x00031adc in standalone_main ()
#15 0x00032738 in main ()
(gdb)
 [2003-08-20 09:03 UTC] wez@php.net
Verified on
SunOS 5.8 Generic_108528-13 sun4u sparc SUNW,Ultra-5_10
Program received signal SIGSEGV, Segmentation fault.
php_string_shuffle (str=0x17d450 "abcdef", len=5) at /export/home/guest/php-4.3.3RC4/ext/standard/string.c:4010
4010                            str[n_left] = str[rnd_idx];

(gdb) print rnd_idx
$3 = 380661


 [2003-08-20 11:41 UTC] iliaa@php.net
This bug has been fixed in CVS.

In case this was a PHP problem, snapshots of the sources are packaged
every three hours; this change will be in the next snapshot. You can
grab the snapshot at http://snaps.php.net/.
 
In case this was a documentation problem, the fix will show up soon at
http://www.php.net/manual/.

In case this was a PHP.net website problem, the change will show
up on the PHP.net site and on the mirror sites in short time.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Tue Aug 29 15:01:52 2017 UTC