PHP :: Bug #35692 :: iconv_mime_decode segmentation fault

Bug #35692	iconv_mime_decode segmentation fault
Submitted:	2005-12-15 22:30 UTC	Modified:	2005-12-15 23:47 UTC
From:	jgoldsmith at returnpath dot net	Assigned:
Status:	Closed	Package:	Reproducible crash
PHP Version:	5.1.1	OS:	FC3
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

[2005-12-15 22:30 UTC] jgoldsmith at returnpath dot net

Description:
------------
When calling iconv_mime_decode to decode between an unrecognized charset to UTF-8, PHP throws a segmentation fault. It only happens when mode=2

./configure --with-iconv=/usr/local/lib

I would expect it to just return the original string if it doesn't recognize the charset.

Reproduce code:
---------------
$string = "=?ISO-8859-11?B?4L7U6MG7w9DK1Le41MDSvuPL6aHRuuCr1MPsv+DHzcPstOnHwiBEdWFsLUNvcmUgSW50ZWwoUikgWGVvbihSKSBQcm9jZXNzb3Ig48vB6A==?=";
$string2 = iconv_mime_decode($string,2,'UTF-8');
var_dump($string2);

Expected result:
----------------
I expect to get the original string back

Actual result:
--------------
Segmentation Fault

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2005-12-15 22:35 UTC] tony2001@php.net

Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read
http://bugs.php.net/bugs-generating-backtrace.php for *NIX and
http://bugs.php.net/bugs-generating-backtrace-win32.php for Win32

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.

[2005-12-15 23:00 UTC] jgoldsmith at returnpath dot net

#0  0x060c7cf8 in libiconv (icd=0xffffffff, inbuf=0xbfca2d98, inbytesleft=0xbfca2d94, outbuf=0xbfca2d90,
    outbytesleft=0xbfca2d8c) at ./iconv.c:426
#1  0x01137153 in _php_iconv_appendl (d=0xbfca2ecc,
    s=0x8dc0ebc "=?ISO-8859-11?B?4L7U6MG7w9DK1Le41MDSvuPL6aHRuuCr1MPsv+DHzcPstOnHwiBEdWFsLUNvcmUgSW50ZWwoUikgWGVvbihSKSBQcm9jZXNzb3Ig48vB6A==?=", l=14, cd=0xffffffff) at /home/jgoldsmith/downloads/php-5.1.1/ext/iconv/iconv.c:254
#2  0x011397bf in _php_iconv_mime_decode (pretval=0xbfca2ecc,
    str=0x8dc0ebc "=?ISO-8859-11?B?4L7U6MG7w9DK1Le41MDSvuPL6aHRuuCr1MPsv+DHzcPstOnHwiBEdWFsLUNvcmUgSW50ZWwoUikgWGVvbihSKSBQcm9jZXNzb3Ig48vB6A==?=", str_nbytes=126, enc=0x8dc0d3c "UTF-8", next_pos=0x0, mode=2)
    at /home/jgoldsmith/downloads/php-5.1.1/ext/iconv/iconv.c:1369
#3  0x0113a9c3 in zif_iconv_mime_decode (ht=3, return_value=0x8dc0fac, return_value_ptr=0x0, this_ptr=0x0,
    return_value_used=1) at /home/jgoldsmith/downloads/php-5.1.1/ext/iconv/iconv.c:2053
#4  0x013082db in zend_do_fcall_common_helper_SPEC (execute_data=0xbfca3074)
    at /home/jgoldsmith/downloads/php-5.1.1/Zend/zend_vm_execute.h:188
#5  0x0130d0a3 in ZEND_DO_FCALL_SPEC_CONST_HANDLER (execute_data=0xbfca3074)
    at /home/jgoldsmith/downloads/php-5.1.1/Zend/zend_vm_execute.h:1578
#6  0x01307f56 in execute (op_array=0x8dc0c7c) at /home/jgoldsmith/downloads/php-5.1.1/Zend/zend_vm_execute.h:88
#7  0x012de414 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at /home/jgoldsmith/downloads/php-5.1.1/Zend/zend.c:1090
#8  0x0129a6c4 in php_execute_script (primary_file=0xbfca5424) at /home/jgoldsmith/downloads/php-5.1.1/main/main.c:1704
#9  0x013544f3 in php_handler (r=0x8db1eb8)
    at /home/jgoldsmith/downloads/php-5.1.1/sapi/apache2handler/sapi_apache2.c:584
#10 0x08067a2a in ap_run_handler (r=0x8db1eb8) at config.c:152
#11 0x08067da2 in ap_invoke_handler (r=0x8db1eb8) at config.c:364
#12 0x080654f5 in ap_process_request (r=0x8db1eb8) at http_request.c:249
#13 0x08060db5 in ap_process_http_connection (c=0x8dabc20) at http_core.c:251
#14 0x080702de in ap_run_process_connection (c=0x8dabc20) at connection.c:43
#15 0x080661ca in child_main (child_num_arg=Variable "child_num_arg" is not available.
) at prefork.c:610
#16 0x0806637d in make_child (s=0x8bf8e88, slot=0) at prefork.c:650
#17 0x08066446 in startup_children (number_to_start=5) at prefork.c:722
#18 0x08066c08 in ap_mpm_run (_pconf=0x8bf70a8, plog=0x8c23158, s=0x8bf8e88) at prefork.c:941
#19 0x0806bf83 in main (argc=2, argv=0xbfca5864) at main.c:618

[2005-12-15 23:36 UTC] iliaa@php.net

Works fine in latest CVS.

[2005-12-15 23:47 UTC] tony2001@php.net

This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

Reproducible only with libiconv, not the glibc's iconv.
Fixed in CVS.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Fri Apr 19 15:01:28 2024 UTC