php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #33733 PHP segfaults when using the pspell extension with -a
Submitted: 2005-07-17 13:21 UTC Modified: 2005-07-25 20:04 UTC
From: nlopess@php.net Assigned: helly (profile)
Status: Closed Package: CGI/CLI related
PHP Version: 5CVS-2005-07-17 (dev) OS: *
Private report: No CVE-ID: None
 [2005-07-17 13:21 UTC] nlopess@php.net
Description:
------------
I'm not sure if this is a PHP bug, but here it is:

(gdb) run -a
Starting program: /usr/local/bin/php -a
[Thread debugging using libthread_db enabled]
[New Thread 16384 (LWP 18864)]
Interactive mode enabled

php > $pspell_link = pspell_new('en');
php > pspell_config_mode($pspell_link, PSPELL_FAST);
*** glibc detected *** corrupted double-linked list: 0x0844e7f0 ***

Program received signal SIGABRT, Aborted.
[Switching to Thread 16384 (LWP 18864)]
0xb79b43e1 in kill () from /lib/libc.so.6
(gdb) bt
#0  0xb79b43e1 in kill () from /lib/libc.so.6
#1  0xb7aac131 in pthread_kill () from /lib/libpthread.so.0
#2  0xb7aac4ab in raise () from /lib/libpthread.so.0
#3  0xb79b4174 in raise () from /lib/libc.so.6
#4  0xb79b564d in abort () from /lib/libc.so.6
#5  0xb79f0030 in mallopt () from /lib/libc.so.6
#6  0xb79ef03c in mallopt () from /lib/libc.so.6
#7  0xb79ee6ea in mallopt () from /lib/libc.so.6
#8  0xb79ed803 in malloc () from /lib/libc.so.6
#9  0x081fbd51 in _emalloc (size=18864) at /cvs/php-src/Zend/zend_alloc.c:181
#10 0x0820909d in op_array_alloc_ops (op_array=0x84a0b54)
    at /cvs/php-src/Zend/zend_opcode.c:48
#11 0x08209107 in init_op_array (op_array=0x84a0b54, type=4 '\004',
    initial_ops_size=8192) at /cvs/php-src/Zend/zend_opcode.c:68
#12 0x081f64c5 in compile_string (source_string=0xbffff410, filename=0x0)
    at zend_language_scanner.l:541
#13 0x08207934 in zend_eval_string (str=0x1 <Address 0x1 out of bounds>,
    retval_ptr=0x0, string_name=0x0)
    at /cvs/php-src/Zend/zend_execute_API.c:1030
#14 0x0827fadc in main (argc=2, argv=0xbffff644)
    at /cvs/php-src/sapi/cli/php_cli.c:1024


I have glib 2.3.4 and aspell 0.60.3.

BTW, PHP segfaults when using aspell 0.50.5, so we should probably bump the version requirements (reference: http://sf.net/tracker/?func=detail&atid=100245&aid=1238839&group_id=245


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-07-18 13:02 UTC] nlopess@php.net
I don't know what kind of info you want...

Well, here it is the script used (which is above):
<?
$pspell_link = pspell_new('en');
pspell_config_mode($pspell_link, PSPELL_FAST);
?>
 [2005-07-19 13:26 UTC] nlopess@php.net
config.nice:
'./configure' \
'--disable-cgi' \
'--enable-pcntl' \
'--with-ftp' \
'--with-tidy' \
'--with-apxs2=/usr/local/apache2/bin/apxs' \
'--with-readline' \
'--with-bz2' \
'--with-zlib' \
'--with-openssl' \
'--with-pspell' \
'--with-zend-vm=GOTO'
 [2005-07-19 14:26 UTC] nlopess@php.net
Now the program receives a SIGABRT and backtrace shows readline.
In fact it seems I cannot reproduce the problem if I execute the script from a file, just when I run PHP in interactive mode (and when I use the auto-completition feature).

I'll try to debug this stupid thing.
 [2005-07-19 15:36 UTC] nlopess@php.net
Well, after some debugging I've found the problem. it was much simpler that I though.
The problem was that strcpy() was copying 1 more char than the memory allocated, corrupting it.

Patch: http://mega.ist.utl.pt/~ncpl/php_cli_interactive.txt
 [2005-07-19 15:46 UTC] tony2001@php.net
Marcus, you're the author of CLI completion, plz take a look at the patch.
 [2005-07-25 20:04 UTC] helly@php.net
thanks for the patch
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Sat Jul 24 02:01:24 2021 UTC