PHP :: Bug #36815 :: glob -> Segmentation fault

Bug #36815

glob -> Segmentation fault

Submitted:

2006-03-21 16:32 UTC

Modified:

2006-03-22 18:10 UTC

Votes:	1
Avg. Score:	3.0 ± 0.0
Reproduced:	0 of 1 (0.0%)

From:

rd at mesos dot de

Assigned:

Status:

Not a bug

Package:

Directory function related

PHP Version:

5.1.2

OS:

Linux 2.6.14.5

Private report:

CVE-ID:

None

View Developer Edit

[2006-03-21 16:32 UTC] rd at mesos dot de

Description:
------------
glob returns segmentation fault, even with the example from php.net. PHP4 on the same server is working without problem.

Reproduce code:
---------------
<?php
echo "Test1\n";
$x=glob('./img/managed/*');
echo "Test2\n";
?>

Expected result:
----------------
something like:

server:~ # php4 glob.php 
X-Powered-By: PHP/4.4.2
Content-type: text/html

Test1
Test2

Actual result:
--------------
server:~ # php5 glob.php 
X-Powered-By: PHP/5.1.2
Content-type: text/html

Test1
Segmentation fault

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2006-03-21 16:33 UTC] derick@php.net

Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read
http://bugs.php.net/bugs-generating-backtrace.php for *NIX and
http://bugs.php.net/bugs-generating-backtrace-win32.php for Win32

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.

[2006-03-21 16:53 UTC] rd at mesos dot de

(gdb) bt
#0  0x0826c042 in zif_glob (ht=1, return_value=0x87a6f54, return_value_ptr=0x0, this_ptr=0x0, return_value_used=1) at /usr/src/mesos/php-5.1.2/ext/standard/dir.c:424
#1  0x08322674 in zend_do_fcall_common_helper_SPEC (execute_data=0xbfd84220) at /usr/src/mesos/php-5.1.2/Zend/zend_vm_execute.h:192
#2  0x08321ee9 in execute (op_array=0x87a70a4) at /usr/src/mesos/php-5.1.2/Zend/zend_vm_execute.h:92
#3  0x08308c7a in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /usr/src/mesos/php-5.1.2/Zend/zend.c:1101
#4  0x082cf698 in php_execute_script (primary_file=0xbfd865c0) at /usr/src/mesos/php-5.1.2/main/main.c:1720
#5  0x083725cb in main (argc=2, argv=0xbfd86664) at /usr/src/mesos/php-5.1.2/sapi/cgi/cgi_main.c:1568
#6  0x407e2522 in __libc_start_main () from /lib/libc.so.6
(gdb)

[2006-03-21 16:59 UTC] tony2001@php.net

Works pretty fine here.
And btw there are 0 differencies between PHP4 glob() and PHP5 glob().

[2006-03-21 17:14 UTC] rd at mesos dot de

what information can I give you else?

does this help?
server:~ # php4 -i | grep configure
<tr><td class="e">Configure Command </td><td class="v"> &#039;./configure&#039; &#039;--prefix=/usr/share&#039; &#039;--datadir=/usr/share/php&#039; &#039;--bindir=/usr/bin&#039; &#039;--libdir=/usr/share&#039; &#039;--with-config-file-path=/etc&#039; &#039;--with-exec-dir=/usr/lib/php/bin&#039; &#039;--with-mysql&#039; &#039;--enable-gd-native-ttf&#039; &#039;--enable-gd-native-tt&#039; &#039;--enable-gd-imgstrttf&#039; &#039;--with-tiff-dir=/usr&#039; &#039;--with-jpeg-dir=/usr&#039; &#039;--with-png-dir=/usr/local&#039; &#039;--with-xpm-dir=/usr/X11R6&#039; &#039;--with-zlib=yes&#039; &#039;--with-bz2&#039; &#039;--with-gmp&#039; &#039;--with-xml&#039; &#039;--with-dom&#039; &#039;--with-ttf&#039; &#039;--with-t1lib&#039; &#039;--with-mcal=/usr&#039; &#039;--with-imap=yes&#039; &#039;--with-sablot&#039; &#039;--with-ftp&#039; &#039;--with-ndbm&#039; &#039;--with-gdbm&#039; &#039;--with-gettext&#039; &#039;--enable-versioning&#039; &#039;--enable-bcmath&#039; &#039;--enable-trans-sid&#039; &#039;--enable-inline-optimization&#039; &#039;--enable-track-vars&#039; &#039;--enable-magic-quotes&#039; &#039;--enable-safe-mode&#039; &#039;--enable-sockets&#039; &#039;--enable-sysvsem&#039; &#039;--enable-sysvshm&#039; &#039;--enable-shmop&#039; &#039;--enable-calendar&#039; &#039;--enable-mbstring&#039; &#039;--enable-mbstr-enc-trans&#039; &#039;--enable-exif&#039; &#039;--enable-ftp&#039; &#039;--enable-memory-limit&#039; &#039;--enable-wddx&#039; &#039;--enable-filepro&#039; &#039;--enable-dbase&#039; &#039;--enable-ctype&#039; &#039;--disable-debug&#039; &#039;--enable-force-cgi-redirect&#039; &#039;--enable-discard-path&#039; &#039;--enable-sigchild&#039; &#039;--with-gd=yes&#039; &#039;--with-pgsql=/usr&#039; &#039;i386-suse-linux&#039; &#039;--with-dbm&#039; &#039;--with-freetype-dir&#039; &#039;--with-db&#039; &#039;--with-pdflib=/usr/local&#039; &#039;--with-curl=/usr/local/curl&#039; &#039;--prefix=/usr/local/php&#039; &#039;--enable-xslt&#039; &#039;--with-xslt-sablot&#039; &#039;--with-curl&#039; &#039;--with-iconv&#039; &#039;--with-openssl=/usr&#039; &#039;--with-openssl-dir=/usr&#039; &#039;--with-pspell&#039; &#039;--with-mime-magic&#039; </td></tr>
server:~ # php5 -i | grep configure
<tr><td class="e">Configure Command </td><td class="v"> &#039;./configure&#039; &#039;--prefix=/usr/share&#039; &#039;--datadir=/usr/share/php&#039; &#039;--bindir=/usr/bin&#039; &#039;--libdir=/usr/share&#039; &#039;--with-config-file-path=/etc&#039; &#039;--with-exec-dir=/usr/lib/php/bin&#039; &#039;--with-mysql=/usr&#039; &#039;--with-gd=yes&#039; &#039;--enable-gd-native-ttf&#039; &#039;--enable-gd-imgstrttf&#039; &#039;--with-tiff-dir=/usr&#039; &#039;--with-jpeg-dir=/usr&#039; &#039;--with-png-dir=/usr&#039; &#039;--with-xpm-dir=/usr/X11R6&#039; &#039;--with-ldap=yes&#039; &#039;--with-zlib=yes&#039; &#039;--with-bz2&#039; &#039;--with-gmp&#039; &#039;--with-xml=/usr/local/lib&#039; &#039;--with-dom&#039; &#039;--with-ttf&#039; &#039;--with-mcal=/usr&#039; &#039;--with-imap-ssl=yes&#039; &#039;--with-sablot&#039; &#039;--with-ftp&#039; &#039;--with-ndbm&#039; &#039;--with-gdbm&#039; &#039;--with-mcrypt&#039; &#039;--with-gettext&#039; &#039;--with-gd=yes&#039; &#039;--enable-versioning&#039; &#039;--enable-yp&#039; &#039;--enable-bcmath&#039; &#039;--enable-trans-sid&#039; &#039;--enable-inline-optimization&#039; &#039;--enable-track-vars&#039; &#039;--enable-magic-quotes&#039; &#039;--enable-safe-mode&#039; &#039;--enable-sockets&#039; &#039;--enable-sysvsem&#039; &#039;--enable-sysvshm&#039; &#039;--enable-shmop&#039; &#039;--enable-calendar&#039; &#039;--enable-mbstring&#039; &#039;--enable-mbstr-enc-trans&#039; &#039;--enable-exif&#039; &#039;--enable-ftp&#039; &#039;--enable-memory-limit&#039; &#039;--enable-wddx&#039; &#039;--enable-filepro&#039; &#039;--enable-dbase&#039; &#039;--enable-ctype&#039; &#039;--enable-debug&#039; &#039;--enable-force-cgi-redirect&#039; &#039;--enable-discard-path&#039; &#039;--enable-sigchild&#039; &#039;--with-db&#039; &#039;--with-dbm&#039; &#039;--with-pdflib&#039; &#039;--with-freetype-dir&#039; &#039;--with-imap&#039; &#039;--with-pspell&#039; &#039;--enable-xslt&#039; &#039;--with-xslt-sablot&#039; &#039;--with-curl&#039; &#039;--with-iconv&#039; &#039;--with-openssl&#039; &#039;--with-dom&#039; &#039;--with-dom-xslt&#039; &#039;--with-dom-exslt&#039; &#039;--with-mime-magic&#039; </td></tr>
server:~ # strace -f -s 300 php5 glob.php 2>&1 | tail -n 30
rt_sigprocmask(SIG_UNBLOCK, [PROF], NULL, 8) = 0
ioctl(3, TCGETS, 0xbfedebf0)            = -1 ENOTTY (Inappropriate ioctl for device)
brk(0x87ac000)                          = 0x87ac000
brk(0x87ae000)                          = 0x87ae000
read(3, "<?php\r\necho \"Test1\\n\";\r\n$x=glob(\'./img/managed/*\');\r\necho \"Test2\\n\";\r\n?>\r\n", 8192) = 74
read(3, "", 4096)                       = 0
read(3, "", 8192)                       = 0
close(3)                                = 0
munmap(0x40014000, 4096)                = 0
write(1, "X-Powered-By: PHP/5.1.2", 23X-Powered-By: PHP/5.1.2) = 23
write(1, "\r\n", 2
)                     = 2
write(1, "Content-type: text/html", 23Content-type: text/html) = 23
write(1, "\r\n", 2
)                     = 2
write(1, "\r\n", 2
)                     = 2
write(1, "Test1\n", 6Test1
)                  = 6
open("/dev/null", O_RDONLY|O_NONBLOCK|O_DIRECTORY) = -1 ENOTDIR (Not a directory)
open("./img/managed/", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY) = 3
fstat64(3, {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
fcntl64(3, F_SETFD, FD_CLOEXEC)         = 0
getdents64(0x3, 0x87ab2c0, 0x1000, 0)   = 96
lstat64("./img/managed/1", {st_mode=S_IFREG|0644, st_size=0, ...}) = 0
lstat64("./img/managed/2", {st_mode=S_IFREG|0644, st_size=0, ...}) = 0
getdents64(0x3, 0x87ab2c0, 0x1000, 0)   = 0
close(3)                                = 0
--- SIGSEGV (Segmentation fault) ---
+++ killed by SIGSEGV +++

And here is the part from php4:
write(1, "Content-type: text/html", 23Content-type: text/html) = 23
write(1, "\r\n", 2
)                     = 2
write(1, "\r\n", 2
)                     = 2
write(1, "Test1\n", 6Test1
)                  = 6
open("/dev/null", O_RDONLY|O_NONBLOCK|O_DIRECTORY) = -1 ENOTDIR (Not a directory)
open("./img/managed", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY) = 3
fstat64(3, {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
fcntl64(3, F_SETFD, FD_CLOEXEC)         = 0
getdents64(0x3, 0x8493bf8, 0x1000, 0x2) = 96
getdents64(0x3, 0x8493bf8, 0x1000, 0x2) = 0
close(3)                                = 0
write(1, "Test2\n", 6Test2
)                  = 6

[2006-03-21 22:09 UTC] judas dot iscariote at gmail dot com

cannot be reproduced here (linux/amd64) works perfectly fine with current CVS version.

[2006-03-22 13:52 UTC] rd at mesos dot de

When I remove "--with-ldap=yes" from the configure-string, it is working.

We don't need ldap on this server, so you may close it.

[2006-03-22 18:10 UTC] iliaa@php.net

library conflict.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sat Dec 21 14:01:32 2024 UTC