php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #31831 require("thisfile.php") from the script names "thisfile.php" crash PHP
Submitted: 2005-02-03 19:41 UTC Modified: 2005-02-03 20:44 UTC
From: samm at os2 dot kiev dot ua Assigned:
Status: Wont fix Package: Scripting Engine problem
PHP Version: 4.3.10 OS: FreeBSD 5.3
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: samm at os2 dot kiev dot ua
New email:
PHP Version: OS:

 

 [2005-02-03 19:41 UTC] samm at os2 dot kiev dot ua
Description:
------------
To reproduce a problem create a script, named
1.php.
--- begin of the 1.php ---
<?                                                                              
 echo ".";                                                                      
 require("1.php");                                                              
?>                   
--- eof ---
and run from cli or from browser.
Running from the CLI will produce output like:
samm@~/htdocs: php 1.php
.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
(core dumped)
Running gdb bt on produced core will show:
(gdb) bt
#0  0x28252c8c in strlcat () from /lib/libc.so.5
#1  0x281d4e41 in realpath () from /lib/libc.so.5
#2  0x080b8346 in virtual_file_ex ()
#3  0x080c00a6 in expand_filepath ()
#4  0x080c8b50 in _php_stream_fopen ()
#5  0x080c89ee in _php_stream_fopen_with_path ()
#6  0x080c95fd in php_plain_files_stream_opener ()
#7  0x080c9bf6 in _php_stream_open_wrapper_ex ()
#8  0x080c9e8e in _php_stream_open_wrapper_as_file_handle ()
#9  0x080ba272 in php_open_wrapper_for_zend ()
#10 0x080d314d in open_file_for_scanning ()
#11 0x080d332c in compile_file ()
#12 0x080d3506 in compile_filename ()
#13 0x08104fee in execute ()
[ ... same errors ]
#885 0x08105130 in execute ()
#886 0x080ec68c in zend_execute_scripts ()
#887 0x080bc7e7 in php_execute_script ()
#888 0x08109087 in main ()




Reproduce code:
---------------
<?                                                                              
 echo ".";                                                                      
 require("1.php");                                                              
?> 

Expected result:
----------------
Error, something like "recursion in require", or smth. like this

Actual result:
--------------
core dumped.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-02-03 19:58 UTC] pollita@php.net
Sorry, but your problem does not imply a bug in PHP itself.  For a
list of more appropriate places to ask for help using PHP, please
visit http://www.php.net/support.php as this bug system is not the
appropriate forum for asking support questions. 

Thank you for your interest in PHP.

<Patient> Doctor! It hurts when I do this!
<Doctor> Then don't do that.
 [2005-02-03 20:01 UTC] samm at os2 dot kiev dot ua
Crashing php or webserver in default installation by script from 1 line is not a bug?
 [2005-02-03 20:12 UTC] samm at os2 dot kiev dot ua
Also, i dont see any word in the documentation, which state that recursive require can crash apache/php.
 [2005-02-03 20:44 UTC] derick@php.net
This is a stack smash - PHP does not guard against this. Check the archives to find out why, as this was put here as a bug way too often already.
 
PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Mon Jul 04 03:03:50 2022 UTC