php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #27365 http_input encoding causes segfault at multipart/form-data
Submitted: 2004-02-23 11:09 UTC Modified: 2004-02-23 14:42 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: zsolt dot banyai at kirowski dot com Assigned:
Status: Closed Package: mbstring related
PHP Version: 5.0.0b4 (beta4) OS: debian linux apache 1.3/apache 2
Private report: No CVE-ID: None
 [2004-02-23 11:09 UTC] zsolt dot banyai at kirowski dot com
Description:
------------
php.ini set in httpd.conf:

php_value mbstring.internal_encoding UTF-8
php_flag mbstring.encoding_translation On
php_value mbstring.http_input UTF-8

causes segfault when a multipart/form-data form posted with both of apache 1.3 and apache2 




Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-02-23 12:44 UTC] zsolt dot banyai at kirowski dot com
Here it is the result of backtrace. The problem appears when using long names in input fields, but just if you post them as multipart/form-data

0x404ed740 in _efree (ptr=0x0, __zend_filename=0x4053f980 "/usr/src/php-5.0.0b4/ext/mbstring/mbstring.c", __zend_lineno=3391, __zend_orig_filename=0x0,
    __zend_orig_lineno=0) at /usr/src/php-5.0.0b4/Zend/zend_alloc.c:257
257             CALCULATE_REAL_SIZE_AND_CACHE_INDEX(p->size);


#0  0x404ed740 in _efree (ptr=0x0, __zend_filename=0x4053f980 "/usr/src/php-5.0.0b4/ext/mbstring/mbstring.c", __zend_lineno=3391, __zend_orig_filename=0x0,
    __zend_orig_lineno=0) at /usr/src/php-5.0.0b4/Zend/zend_alloc.c:257
#1  0x40383c47 in php_mb_gpc_encoding_converter (str=0x40c019fc, len=0x40c01b10, num=50, encoding_to=0x0, encoding_from=0x0)
    at /usr/src/php-5.0.0b4/ext/mbstring/mbstring.c:3391
#2  0x404c982a in php_mb_flush_gpc_variables (num_vars=50, val_list=0x40c019fc, len_list=0x40c01b10, array_ptr=0x40bf7d40) at /usr/src/php-5.0.0b4/main/rfc1867.c:62
#3  0x404cb109 in rfc1867_post_handler (content_type_dup=0x40bf6384 "multipart/form-data; boundary=", '-' <repeats 27 times>, "7d412f2f1160128", arg=0x40bf7d40)
    at /usr/src/php-5.0.0b4/main/rfc1867.c:841
#4  0x404c79cc in sapi_handle_post (arg=0x40bf7d40) at /usr/src/php-5.0.0b4/main/SAPI.c:114
#5  0x40384995 in mbstr_treat_data (arg=0, str=0x0, destArray=0x0) at /usr/src/php-5.0.0b4/ext/mbstring/mb_gpc.c:117
#6  0x404ce42e in php_hash_environment () at /usr/src/php-5.0.0b4/main/php_variables.c:582
#7  0x404c19a1 in php_request_startup () at /usr/src/php-5.0.0b4/main/main.c:1084
#8  0x40534dc8 in php_apache_request_ctor (r=0x8229900, ctx=0x822fb18) at /usr/src/php-5.0.0b4/sapi/apache2handler/sapi_apache2.c:442
#9  0x40535331 in php_handler (r=0x8229900) at /usr/src/php-5.0.0b4/sapi/apache2handler/sapi_apache2.c:521
#10 0x08099596 in ap_run_handler (r=0x8229900) at config.c:195
#11 0x08099aae in ap_invoke_handler (r=0x8229900) at config.c:401
#12 0x080748b3 in ap_process_request (r=0x8229900) at http_request.c:288
#13 0x08070b01 in ap_process_http_connection (c=0x82237f8) at http_core.c:293
#14 0x080a21ae in ap_run_process_connection (c=0x82237f8) at connection.c:85
#15 0x0809814c in child_main (child_num_arg=-36) at prefork.c:696
#16 0x080982f6 in make_child (s=0x812fd28, slot=0) at prefork.c:736
#17 0x0809834f in startup_children (number_to_start=5) at prefork.c:808
#18 0x08098a41 in ap_mpm_run (_pconf=0x80dd0a8, plog=0x811f1b0, s=0x812fd28) at prefork.c:1024
#19 0x0809d75a in main (argc=2, argv=0xbffffd74) at main.c:660
 [2004-02-23 13:48 UTC] sniper@php.net
Please try using this CVS snapshot:

  http://snaps.php.net/php5-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5-win32-latest.zip


 [2004-02-23 14:42 UTC] zsolt dot banyai at kirowski dot com
ok! it seems to be resolved in the snapshot version
many thanks!
 
PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Wed Oct 05 06:05:53 2022 UTC