php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #35692 iconv_mime_decode segmentation fault
Submitted: 2005-12-15 22:30 UTC Modified: 2005-12-15 23:47 UTC
From: jgoldsmith at returnpath dot net Assigned:
Status: Closed Package: Reproducible crash
PHP Version: 5.1.1 OS: FC3
Private report: No CVE-ID:
 [2005-12-15 22:30 UTC] jgoldsmith at returnpath dot net
Description:
------------
When calling iconv_mime_decode to decode between an unrecognized charset to UTF-8, PHP throws a segmentation fault. It only happens when mode=2

./configure --with-iconv=/usr/local/lib

I would expect it to just return the original string if it doesn't recognize the charset.

Reproduce code:
---------------
$string = "=?ISO-8859-11?B?4L7U6MG7w9DK1Le41MDSvuPL6aHRuuCr1MPsv+DHzcPstOnHwiBEdWFsLUNvcmUgSW50ZWwoUikgWGVvbihSKSBQcm9jZXNzb3Ig48vB6A==?=";
$string2 = iconv_mime_decode($string,2,'UTF-8');
var_dump($string2);

Expected result:
----------------
I expect to get the original string back

Actual result:
--------------
Segmentation Fault

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-12-15 22:35 UTC] tony2001@php.net
Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read
http://bugs.php.net/bugs-generating-backtrace.php for *NIX and
http://bugs.php.net/bugs-generating-backtrace-win32.php for Win32

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.


 [2005-12-15 23:00 UTC] jgoldsmith at returnpath dot net
#0  0x060c7cf8 in libiconv (icd=0xffffffff, inbuf=0xbfca2d98, inbytesleft=0xbfca2d94, outbuf=0xbfca2d90,
    outbytesleft=0xbfca2d8c) at ./iconv.c:426
#1  0x01137153 in _php_iconv_appendl (d=0xbfca2ecc,
    s=0x8dc0ebc "=?ISO-8859-11?B?4L7U6MG7w9DK1Le41MDSvuPL6aHRuuCr1MPsv+DHzcPstOnHwiBEdWFsLUNvcmUgSW50ZWwoUikgWGVvbihSKSBQcm9jZXNzb3Ig48vB6A==?=", l=14, cd=0xffffffff) at /home/jgoldsmith/downloads/php-5.1.1/ext/iconv/iconv.c:254
#2  0x011397bf in _php_iconv_mime_decode (pretval=0xbfca2ecc,
    str=0x8dc0ebc "=?ISO-8859-11?B?4L7U6MG7w9DK1Le41MDSvuPL6aHRuuCr1MPsv+DHzcPstOnHwiBEdWFsLUNvcmUgSW50ZWwoUikgWGVvbihSKSBQcm9jZXNzb3Ig48vB6A==?=", str_nbytes=126, enc=0x8dc0d3c "UTF-8", next_pos=0x0, mode=2)
    at /home/jgoldsmith/downloads/php-5.1.1/ext/iconv/iconv.c:1369
#3  0x0113a9c3 in zif_iconv_mime_decode (ht=3, return_value=0x8dc0fac, return_value_ptr=0x0, this_ptr=0x0,
    return_value_used=1) at /home/jgoldsmith/downloads/php-5.1.1/ext/iconv/iconv.c:2053
#4  0x013082db in zend_do_fcall_common_helper_SPEC (execute_data=0xbfca3074)
    at /home/jgoldsmith/downloads/php-5.1.1/Zend/zend_vm_execute.h:188
#5  0x0130d0a3 in ZEND_DO_FCALL_SPEC_CONST_HANDLER (execute_data=0xbfca3074)
    at /home/jgoldsmith/downloads/php-5.1.1/Zend/zend_vm_execute.h:1578
#6  0x01307f56 in execute (op_array=0x8dc0c7c) at /home/jgoldsmith/downloads/php-5.1.1/Zend/zend_vm_execute.h:88
#7  0x012de414 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at /home/jgoldsmith/downloads/php-5.1.1/Zend/zend.c:1090
#8  0x0129a6c4 in php_execute_script (primary_file=0xbfca5424) at /home/jgoldsmith/downloads/php-5.1.1/main/main.c:1704
#9  0x013544f3 in php_handler (r=0x8db1eb8)
    at /home/jgoldsmith/downloads/php-5.1.1/sapi/apache2handler/sapi_apache2.c:584
#10 0x08067a2a in ap_run_handler (r=0x8db1eb8) at config.c:152
#11 0x08067da2 in ap_invoke_handler (r=0x8db1eb8) at config.c:364
#12 0x080654f5 in ap_process_request (r=0x8db1eb8) at http_request.c:249
#13 0x08060db5 in ap_process_http_connection (c=0x8dabc20) at http_core.c:251
#14 0x080702de in ap_run_process_connection (c=0x8dabc20) at connection.c:43
#15 0x080661ca in child_main (child_num_arg=Variable "child_num_arg" is not available.
) at prefork.c:610
#16 0x0806637d in make_child (s=0x8bf8e88, slot=0) at prefork.c:650
#17 0x08066446 in startup_children (number_to_start=5) at prefork.c:722
#18 0x08066c08 in ap_mpm_run (_pconf=0x8bf70a8, plog=0x8c23158, s=0x8bf8e88) at prefork.c:941
#19 0x0806bf83 in main (argc=2, argv=0xbfca5864) at main.c:618
 [2005-12-15 23:36 UTC] iliaa@php.net
Works fine in latest CVS.
 [2005-12-15 23:47 UTC] tony2001@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

Reproducible only with libiconv, not the glibc's iconv.
Fixed in CVS.
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Sun Apr 20 01:02:05 2014 UTC