php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #25294 ftp_nlist fails on nai site with coredump
Submitted: 2003-08-28 09:36 UTC Modified: 2003-09-10 07:13 UTC
From: steveh at brendata dot co dot uk Assigned:
Status: Closed Package: FTP related
PHP Version: 4.3.4-dev OS: Linux 2.4.21
Private report: No CVE-ID:
 [2003-08-28 09:36 UTC] steveh at brendata dot co dot uk
Description:
------------
When I to run the following script against the network associates site (it's part of a bigger system to pull down virus updates) then it fails, it works fine on other sites (this code snippet came from another PHP bug entry).

I also tried ftp'ing to the NAI site to prove that I really could do this and it works fine.


Reproduce code:
---------------
<?php
  $fp = ftp_connect("ftp.nai.com");
  var_dump($fp);
  ftp_login($fp, "anonymous","ntrujillo@cox.net");
  var_dump($fp);
  var_dump(ftp_nlist($fp,"/"));
  var_dump($fp);
?>

Expected result:
----------------
Would expect it to finish normally and dump the various arrays.

Actual result:
--------------
Core dump

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-08-28 09:55 UTC] pollita@php.net
I can't reproduce a crash with the code snippet provided using 4.3.3 on a 2.4.21 kernel.

Please provide the ./configure line used to compile PHP and note on which line (I'm assuming the nlist line itself) the crash occurs.
 [2003-08-28 11:15 UTC] steveh at brendata dot co dot uk
Looks like it's dying after the dump:
[root@Linux3 /root]# php test.php
resource(4) of type (FTP Buffer)
resource(4) of type (FTP Buffer)
bool(false)
resource(4) of type (FTP Buffer)
Segmentation fault (core dumped)
[root@Linux3 /root]# cat test.php 
<?php
  $fp = ftp_connect("ftp.nai.com");
  var_dump($fp);
  ftp_login($fp, "anonymous","ntrujillo@cox.net");
  var_dump($fp);
  var_dump(ftp_nlist($fp,"/"));
  var_dump($fp);
?>

Here's the ./configure:

./configure  i386-redhat-linux --prefix=/usr --exec-prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc --datadir=
/usr/share --includedir=/usr/include --libdir=/usr/lib --libexecdir=/usr/libexec --localstatedir=/var --sharedstatedir=/usr/com --ma
ndir=/usr/share/man --infodir=/usr/share/info --prefix=/usr --with-config-file-path=/etc --enable-force-cgi-redirect --enable-debug-
-enable-pic --disable-rpath --enable-inline-optimization --with-bz2 --with-db3 --with-exec-dir=/usr/bin --with-png-dir=/usr --with-g
d --enable-gd-native-ttf --with-ttf --with-gdbm --with-gettext --with-ncurses --with-gmp --with-iconv --with-jpeg-dir=/usr --with-op
enssl --with-png --with-pspell --with-regex=system --with-ftp --with-zlib --with-layout=GNU --enable-bcmath --enable-debugger --enab
le-magic-quotes --enable-safe-mode --enable-sockets --enable-sysvsem --enable-sysvshm --enable-discard-path --enable-track-vars --en
able-trans-sid --enable-yp --enable-wddx --without-oci8 --with-imap=shared --with-imap-ssl --with-kerberos=/usr/kerberos --with-ldap
=shared --with-mysql=shared,/usr --with-xml --with-pgsql=shared --with-snmp=shared,/usr --with-snmp=shared --enable-ucd-snmp-hack --with-unixODBC=shared --enable-memory-limit --enable-bcmath --enable-shmop --enable-versioning --enablecalendar --enable-dbx --enable-dio --enable-mbstring --enable-mbstr-enc-trans --withapxs=/usr/sbin/apxs --with-sybasect=shared,/usr/local/freetds --enable-ftp
 [2003-08-28 11:19 UTC] steveh at brendata dot co dot uk
Just realised, one thing I haven't mentioned (!) is that I'm running this as a command line script (php test.php).

Here's the backtrace (looks like it's when it's trying to deallocate stuff)

(gdb) bt
#0  0x403a9490 in chunk_free (ar_ptr=0x4045d300, p=0x830ba58) at malloc.c:3231
#1  0x403a93f4 in __libc_free (mem=0x830baa8) at malloc.c:3154
#2  0x08175fb4 in shutdown_memory_manager (silent=0, clean_cache=0) at /usr/src/php-4.3.3/Zend/zend_alloc.c:492
#3  0x0815be20 in php_request_shutdown (dummy=0x0) at /usr/src/php-4.3.3/main/main.c:1005
#4  0x081a6c61 in main (argc=2, argv=0xbffffbe4) at /usr/src/php-4.3.3/sapi/cli/php_cli.c:869
#5  0x40344657 in __libc_start_main (main=0x81a61fc <main>, argc=2, ubp_av=0xbffffbe4, init=0x8072174 <_init>, 
    fini=0x81ac480 <_fini>, rtld_fini=0x4000dcd4 <_dl_fini>, stack_end=0xbffffbdc) at ../sysdeps/generic/libc-start.c:129
 [2003-08-28 19:48 UTC] sniper@php.net
Try the following:

# rm config.cache
# ./configure --disable-all --disable-cgi --enable-ftp --enable-debug
# make clean && make

And then run the script:

# gdb sapi/cli/php
(gdb) run ftptest.php
.
.


 [2003-08-29 03:16 UTC] steveh at brendata dot co dot uk
Ok, it failed as before, here's the output:

(gdb) run test.php
Starting program: /usr/src/php-4.3.3/sapi/cli/php test.php
resource(4) of type (FTP Buffer)
resource(4) of type (FTP Buffer)
bool(false)
resource(4) of type (FTP Buffer)
[Fri Aug 29 09:04:06 2003]  Script:  'test.php'
---------------------------------------
/usr/src/php-4.3.3/ext/ftp/ftp.c(1443) : Block 0x081EF888 status:
Beginning:      Overrun (magic=0x401E0470, expected=0x7312F8DC)
      End:      Unknown
---------------------------------------

Program exited normally.
(gdb)
 [2003-09-09 04:49 UTC] steveh at brendata dot co dot uk
Sorry, still fails, same as before:
[root@Linux3 php4-STABLE-200309081530]# ./sapi/cli/php ~/test.php 
resource(4) of type (FTP Buffer)
resource(4) of type (FTP Buffer)
bool(false)
resource(4) of type (FTP Buffer)
Segmentation fault (core dumped)
[root@Linux3 php4-STABLE-200309081530]#
 [2003-09-09 09:43 UTC] sniper@php.net
Do this:

# rm config.cache
# ./configure --disable-all --disable-cgi --enable-ftp --enable-debug
# make clean && make

And try that script again. (with the snapshot)
If it crashes, provide a backtrace.

 [2003-09-09 12:16 UTC] pollita@php.net
If the rebuild fails, try adding this line to the end of your script.  

  var_dump(ftp_close($fp));
 [2003-09-09 17:20 UTC] pollita@php.net
This bug has been fixed in CVS.

In case this was a PHP problem, snapshots of the sources are packaged
every three hours; this change will be in the next snapshot. You can
grab the snapshot at http://snaps.php.net/.
 
In case this was a documentation problem, the fix will show up soon at
http://www.php.net/manual/.

In case this was a PHP.net website problem, the change will show
up on the PHP.net site and on the mirror sites in short time.
 
Thank you for the report, and for helping us make PHP better.

A developer was able to reproduce this finally and came up with a patch.  The next snapshot should work fine (give it time to be generated).  If not, please reopen.

 [2003-09-10 07:13 UTC] steveh at brendata dot co dot uk
Confirmed, that has fixed it.

Thanks.
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Sun Apr 20 19:01:51 2014 UTC