|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #35692 iconv_mime_decode segmentation fault
Submitted: 2005-12-15 22:30 UTC Modified: 2005-12-15 23:47 UTC
From: jgoldsmith at returnpath dot net Assigned:
Status: Closed Package: Reproducible crash
PHP Version: 5.1.1 OS: FC3
Private report: No CVE-ID:
 [2005-12-15 22:30 UTC] jgoldsmith at returnpath dot net
When calling iconv_mime_decode to decode between an unrecognized charset to UTF-8, PHP throws a segmentation fault. It only happens when mode=2

./configure --with-iconv=/usr/local/lib

I would expect it to just return the original string if it doesn't recognize the charset.

Reproduce code:
$string = "=?ISO-8859-11?B?4L7U6MG7w9DK1Le41MDSvuPL6aHRuuCr1MPsv+DHzcPstOnHwiBEdWFsLUNvcmUgSW50ZWwoUikgWGVvbihSKSBQcm9jZXNzb3Ig48vB6A==?=";
$string2 = iconv_mime_decode($string,2,'UTF-8');

Expected result:
I expect to get the original string back

Actual result:
Segmentation Fault


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2005-12-15 22:35 UTC]
Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read for *NIX and for Win32

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.

 [2005-12-15 23:00 UTC] jgoldsmith at returnpath dot net
#0  0x060c7cf8 in libiconv (icd=0xffffffff, inbuf=0xbfca2d98, inbytesleft=0xbfca2d94, outbuf=0xbfca2d90,
    outbytesleft=0xbfca2d8c) at ./iconv.c:426
#1  0x01137153 in _php_iconv_appendl (d=0xbfca2ecc,
    s=0x8dc0ebc "=?ISO-8859-11?B?4L7U6MG7w9DK1Le41MDSvuPL6aHRuuCr1MPsv+DHzcPstOnHwiBEdWFsLUNvcmUgSW50ZWwoUikgWGVvbihSKSBQcm9jZXNzb3Ig48vB6A==?=", l=14, cd=0xffffffff) at /home/jgoldsmith/downloads/php-5.1.1/ext/iconv/iconv.c:254
#2  0x011397bf in _php_iconv_mime_decode (pretval=0xbfca2ecc,
    str=0x8dc0ebc "=?ISO-8859-11?B?4L7U6MG7w9DK1Le41MDSvuPL6aHRuuCr1MPsv+DHzcPstOnHwiBEdWFsLUNvcmUgSW50ZWwoUikgWGVvbihSKSBQcm9jZXNzb3Ig48vB6A==?=", str_nbytes=126, enc=0x8dc0d3c "UTF-8", next_pos=0x0, mode=2)
    at /home/jgoldsmith/downloads/php-5.1.1/ext/iconv/iconv.c:1369
#3  0x0113a9c3 in zif_iconv_mime_decode (ht=3, return_value=0x8dc0fac, return_value_ptr=0x0, this_ptr=0x0,
    return_value_used=1) at /home/jgoldsmith/downloads/php-5.1.1/ext/iconv/iconv.c:2053
#4  0x013082db in zend_do_fcall_common_helper_SPEC (execute_data=0xbfca3074)
    at /home/jgoldsmith/downloads/php-5.1.1/Zend/zend_vm_execute.h:188
#5  0x0130d0a3 in ZEND_DO_FCALL_SPEC_CONST_HANDLER (execute_data=0xbfca3074)
    at /home/jgoldsmith/downloads/php-5.1.1/Zend/zend_vm_execute.h:1578
#6  0x01307f56 in execute (op_array=0x8dc0c7c) at /home/jgoldsmith/downloads/php-5.1.1/Zend/zend_vm_execute.h:88
#7  0x012de414 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at /home/jgoldsmith/downloads/php-5.1.1/Zend/zend.c:1090
#8  0x0129a6c4 in php_execute_script (primary_file=0xbfca5424) at /home/jgoldsmith/downloads/php-5.1.1/main/main.c:1704
#9  0x013544f3 in php_handler (r=0x8db1eb8)
    at /home/jgoldsmith/downloads/php-5.1.1/sapi/apache2handler/sapi_apache2.c:584
#10 0x08067a2a in ap_run_handler (r=0x8db1eb8) at config.c:152
#11 0x08067da2 in ap_invoke_handler (r=0x8db1eb8) at config.c:364
#12 0x080654f5 in ap_process_request (r=0x8db1eb8) at http_request.c:249
#13 0x08060db5 in ap_process_http_connection (c=0x8dabc20) at http_core.c:251
#14 0x080702de in ap_run_process_connection (c=0x8dabc20) at connection.c:43
#15 0x080661ca in child_main (child_num_arg=Variable "child_num_arg" is not available.
) at prefork.c:610
#16 0x0806637d in make_child (s=0x8bf8e88, slot=0) at prefork.c:650
#17 0x08066446 in startup_children (number_to_start=5) at prefork.c:722
#18 0x08066c08 in ap_mpm_run (_pconf=0x8bf70a8, plog=0x8c23158, s=0x8bf8e88) at prefork.c:941
#19 0x0806bf83 in main (argc=2, argv=0xbfca5864) at main.c:618
 [2005-12-15 23:36 UTC]
Works fine in latest CVS.
 [2005-12-15 23:47 UTC]
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
Thank you for the report, and for helping us make PHP better.

Reproducible only with libiconv, not the glibc's iconv.
Fixed in CVS.
PHP Copyright © 2001-2015 The PHP Group
All rights reserved.
Last updated: Wed Nov 25 06:02:11 2015 UTC