php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #32999 Segmentation fault
Submitted: 2005-05-10 15:27 UTC Modified: 2007-04-04 18:28 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: andrea dot busia at axis-sv dot it Assigned:
Status: Closed Package: Unknown/Other Function
PHP Version: 5.0.4 OS: linux redhat enterprise
Private report: No CVE-ID: None
 [2005-05-10 15:27 UTC] andrea dot busia at axis-sv dot it
Description:
------------
All my scripts using mailparse exit with a segmentation fault since I installed php5, in php4 it worked.

this is email_prova.txt content:

Return-Path: <andrea.busia@axis-sv.it>
Delivered-To: axis-sv.it-andrea.busia@axis-sv.it
Received: (qmail 18935 invoked from network); 10 May 2005 13:12:48 -0000
Received: from ppp-217-133-20-168.cust-adsl.tiscali.it (HELO axis20) (217.133.20.168)
  by 212.100.249.98 with SMTP; 10 May 2005 13:12:48 -0000
Message-ID: <009901c55561$c64d71c0$1401a8c0@axis20>
From: "Andrea Busia - Axis" <andrea.busia@axis-sv.it>
To: "Andrea Busia - Axis" <andrea.busia@axis-sv.it>
Subject: sdohhoisdfhi
Date: Tue, 10 May 2005 15:11:27 +0200
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0096_01C55572.897E0FA0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2527
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527

This is a multi-part message in MIME format.

------=_NextPart_000_0096_01C55572.897E0FA0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

obidsfb=E8odfsb=E8odgbp=E8dgd
gs+dfghp=E8dfhp=E8gpdh=E8gfds
hgsfdhgiohpdsgoipsd
fdhoigsoidhgpfdfpo
------=_NextPart_000_0096_01C55572.897E0FA0
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2900.2627" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial =
size=3D2>obidsfb=E8odfsb=E8odgbp=E8dgd</FONT></DIV>
<DIV><FONT face=3DArial =
size=3D2>gs+dfghp=E8dfhp=E8gpdh=E8gfds</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>hgsfdhgiohpdsgoipsd</FONT></DIV>
<DIV><FONT face=3DArial =
size=3D2>fdhoigsoidhgpfdfpo</FONT></DIV></BODY></HTML>

------=_NextPart_000_0096_01C55572.897E0FA0--





Reproduce code:
---------------
<?
error_reporting(E_ALL);
$email_in=file_get_contents("email_prova.txt");
$msg =& new MimeMessage("var", $email_in);

$n = $msg->get_child_count();
if ($n != 0) {
	for ($i = 0; $i < $n; $i++) {
echo "a $i $n\n";
		$part =& $msg->get_child($i);
echo "b $i $n\n";
	}
}
else echo "99\n";
?>

Expected result:
----------------
a 0 3
b 0 3
a 1 3
b 1 3
a 2 3
b 2 3


Actual result:
--------------
a 0 3
Segmentation fault



backtrace:
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 8192 (LWP 27129)]
zend_hash_apply_with_argument (ht=0x0,
    apply_func=0x819e5a8 <zval_update_constant>, argument=0x1)
    at /home/archivi/php-5.0.4/Zend/zend_hash.c:680
680             HASH_PROTECT_RECURSION(ht);
(gdb) bt

#0  zend_hash_apply_with_argument (ht=0x0,
    apply_func=0x819e5a8 <zval_update_constant>, argument=0x1)
    at /home/archivi/php-5.0.4/Zend/zend_hash.c:680
#1  0x081a9a58 in zend_update_class_constants (class_type=0x40522b40)
    at /home/archivi/php-5.0.4/Zend/zend_API.c:694
#2  0x081a9aaa in _object_and_properties_init (arg=0x843509c,
    class_type=0x40522b40, properties=0x0)
    at /home/archivi/php-5.0.4/Zend/zend_API.c:714
#3  0x081a9b67 in _object_init_ex (arg=0x843509c, class_type=0x40522b40)
    at /home/archivi/php-5.0.4/Zend/zend_API.c:734
#4  0x4051b1d4 in mailparse_mimemessage_export (part=0x84326e4,
    object=0x843509c) at /tmp/tmpzRZItJ/mailparse-2.1.1/mailparse.c:214
#5  0x4051b99e in zif_mailparse_mimemessage_get_child (ht=1,
    return_value=0x843509c, this_ptr=0x8436f54, return_value_used=1)
    at /tmp/tmpzRZItJ/mailparse-2.1.1/mailparse.c:374
#6  0x081dd9db in zend_do_fcall_common_helper (execute_data=0xbffe9a50,
    opline=0x8437e18, op_array=0x8431654)
    at /home/archivi/php-5.0.4/Zend/zend_execute.c:2727
#7  0x081c4cfa in execute (op_array=0x8431654)
    at /home/archivi/php-5.0.4/Zend/zend_execute.c:1406
#8  0x081a87a5 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at /home/archivi/php-5.0.4/Zend/zend.c:1069
#9  0x0817a386 in php_execute_script (primary_file=0xbffebdd0)
    at /home/archivi/php-5.0.4/main/main.c:1632
#10 0x081e6948 in main (argc=2, argv=0xbffebe74)
    at /home/archivi/php-5.0.4/sapi/cgi/cgi_main.c:1577


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-05-11 21:00 UTC] tony2001@php.net
Please try using this CVS snapshot:

  http://snaps.php.net/php5-STABLE-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5.0-win32-latest.zip

Can't reproduce with latest CVS,
 [2005-05-11 22:52 UTC] andrew at sourcelabs dot com
The problem here is in mailparse.  In mailparse.c:151, 
zend_register_internal_class is called but the return value 
is ignored.  This function in PHP5 will always return a new 
object which should be used by the caller.  In PHP4, it 
wasn't replaced so the address was ok.  I will notify the 
maintainer of mailparse.

Here is a patch to fix mailparse:

1 73c73
      2 < static zend_class_entry mimemsg_class_entry;
      3 ---
      4 > static zend_class_entry *mimemsg_class_entry;
      5 140a141,142
      6 >       zend_class_entry mmce;
      7 > 
      8 148,149c150,151
      9 <       INIT_CLASS_ENTRY(mimemsg_class_entry, 
"mimemessage", mimemessage        _methods);
     10 <       zend_register_internal_class
(&mimemsg_class_entry TSRMLS_CC);
     11 ---
     12 >       INIT_CLASS_ENTRY(mmce, "mimemessage", 
mimemessage_methods);
     13 >       mimemsg_class_entry = 
zend_register_internal_class(&mmce TSRMLS_        CC);
     14 214c216
     15 <       object_init_ex(object, 
&mimemsg_class_entry);
     16 ---
     17 >       object_init_ex(object, mimemsg_class_entry);
 [2005-05-12 17:15 UTC] andrea dot busia at axis-sv dot it
It's necessary to try the CVS or I have to wait the application of the parch submitted by andrew at "sourcelabs"?
 [2005-05-12 18:30 UTC] tony2001@php.net
Yes, you can try it from the CVS, Wez commited the patch recently.
See: http://cvs.php.net/diff.php/pecl/mailparse/mailparse.c?r1=1.48&r2=1.49&ty=u
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Fri Jul 19 03:01:25 2019 UTC