|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #35781 stream_filter_append will cause segfault
Submitted: 2005-12-23 03:00 UTC Modified: 2005-12-23 15:46 UTC
Avg. Score:4.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: sqchen at citiz dot net Assigned: tony2001 (profile)
Status: Closed Package: Filesystem function related
PHP Version: 5.1.2RC1 OS: redhat 7.3
Private report: No CVE-ID: None
 [2005-12-23 03:00 UTC] sqchen at citiz dot net
stream_filter_append($fp, "string.rot13", -49)
will cause Segmentation fault

Reproduce code:
$fp = fopen("test.txt", "w");
stream_filter_append($fp, "string.rot13", -49);
fwrite($fp, "This is a test\n");

Actual result:
Segmentation fault


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2005-12-23 04:17 UTC] judas dot iscariote at gmail dot com
==308== Process terminating with default action of signal 11 (SIGSEGV)
==308==  Bad permissions for mapped region at address 0x1669DFFF
==308==    at 0x11B1CEC7: memcpy (in /usr/lib64/valgrind/
==308==    by 0x508DDA: php_stream_bucket_make_writeable (string3.h:52)
==308==    by 0x4E48C4: ??? (filters.c:46)
==308==    by 0x506424: ??? (streams.c:458)
==308==    by 0x50689A: _php_stream_read (streams.c:584)
==308==    by 0x506E9F: _php_stream_passthru (streams.c:1183)
==308==    by 0x49F60E: zif_fpassthru (file.c:1487)
==308==    by 0x54F5E4: ??? (zend_vm_execute.h:192)
==308==    by 0x54ECD2: execute (zend_vm_execute.h:92)
==308==    by 0x526ADA: zend_eval_string (zend_execute_API.c:1085)
==308==    by 0x526C27: zend_eval_string_ex (zend_execute_API.c:1119)
==308==    by 0x5C2FBD: main (php_cli.c:1116)
php -v
PHP 5.1.2RC1 (cli) (built: Dec 22 2005 19:34:24)
Copyright (c) 1997-2005 The PHP Group
Zend Engine v2.1.0, Copyright (c) 1998-2005 Zend Technologies
 [2005-12-23 04:36 UTC] judas dot iscariote at gmail dot com
(gdb) bt
#0  0x00002aaaab5433f0 in memcpy () from /lib64/tls/
#1  0x0000000000000003 in ?? ()
#2  0x000000000071ca50 in php_register_internal_extensions ()
#3  0x000000000062acfa in strfilter_rot13_filter (stream=0xaa6fc0, thisfilter=0xaa7360, buckets_in=0x7fffffc21d60,
    buckets_out=0x7fffffc21d50, bytes_consumed=0x0, flags=0) at /local/local/bodegon/php-debug/ext/standard/filters.c:46
#4  0x000000000065e69d in php_stream_fill_read_buffer (stream=0xaa6fc0, size=8192)
    at /local/local/bodegon/php-debug/main/streams/streams.c:458
#5  0x000000000065ecfa in _php_stream_read (stream=0xaa6fc0, buf=0x7fffffc21e70 "", size=8192)
    at /local/local/bodegon/php-debug/main/streams/streams.c:584
#6  0x00000000006602d2 in _php_stream_passthru (stream=0xaa6fc0, __php_stream_call_depth=0,
    __zend_filename=0x762ae0 "/local/local/bodegon/php-debug/ext/standard/file.c", __zend_lineno=1487,
    __zend_orig_filename=0x0, __zend_orig_lineno=0) at /local/local/bodegon/php-debug/main/streams/streams.c:1183
#7  0x00000000005ca9ff in zif_fpassthru (ht=1, return_value=0xaa4f90, return_value_ptr=0x0, this_ptr=0x0,
    return_value_used=0) at /local/local/bodegon/php-debug/ext/standard/file.c:1487
#8  0x00000000006c2ef2 in zend_do_fcall_common_helper_SPEC (execute_data=0x7fffffc241a0) at zend_vm_execute.h:192
#9  0x00000000006c8e57 in ZEND_DO_FCALL_SPEC_CONST_HANDLER (execute_data=0x7fffffc241a0) at zend_vm_execute.h:1587
#10 0x00000000006c2a66 in execute (op_array=0xaa5e70) at zend_vm_execute.h:92
#11 0x000000000069ce03 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at /local/local/bodegon/php-debug/Zend/zend.c:1101
#12 0x0000000000649cd3 in php_execute_script (primary_file=0x7fffffc26830)
    at /local/local/bodegon/php-debug/main/main.c:1720
#13 0x000000000071bd3d in main (argc=2, argv=0x7fffffc26a28) at /local/local/bodegon/php-debug/sapi/cli/php_cli.c:1077
 [2005-12-23 15:12 UTC]
Assigned to the streams author.
 [2005-12-23 15:17 UTC]
I'll commit a patch shortly.
 [2005-12-23 15:46 UTC]
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
Thank you for the report, and for helping us make PHP better.

PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Mar 02 14:01:34 2024 UTC