PHP :: Bug #38010 :: Segfault in zend_assign_to

Bug #38010

Segfault in zend_assign_to_varible

Submitted:

2006-07-04 21:34 UTC

Modified:

2006-07-08 10:06 UTC

Votes:	1
Avg. Score:	5.0 ± 0.0
Reproduced:	0 of 0 (0.0%)

From:

ben dot tc1415 at gmail dot com

Assigned:

Status:

Not a bug

Package:

MySQLi related

PHP Version:

5CVS-2006-07-04 (CVS)

OS:

Linux

Private report:

CVE-ID:

None

View Developer Edit

[2006-07-04 21:34 UTC] ben dot tc1415 at gmail dot com

Description:
------------
When running complex scripts, e.g. phpMyAdmin, php segfaults. This seems to be happening inside the zend engine - in the zend_assign_to_varible. It also occurs in php 5.1.4.

Reproduce code:
---------------
I cannot yet find any other reproduce code other than running phpMyAdmin :(

Expected result:
----------------
phpMyAdmin runs

Actual result:
--------------
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1213146208 (LWP 32409)]
0x0101b3f5 in zend_assign_to_variable (result=0xa85d114, op1=0xa85d128,
    op2=0xa85d13c, value=0xa85d140, type=1, Ts=0xb7afffe0, tsrm_ls=0xa47c3a0)
    at /home/blewis/php-src/Zend/zend_execute.c:273
273                     if (zend_hash_quick_find(EG(active_symbol_table), cv->na   me, cv->name_len+1, cv->hash_value, (void **)ptr)==FAILURE) {
(gdb) bt
#0  0x0101b3f5 in zend_assign_to_variable (result=0xa85d114, op1=0xa85d128,
    op2=0xa85d13c, value=0xa85d140, type=1, Ts=0xb7afffe0, tsrm_ls=0xa47c3a0)
    at /home/blewis/php-src/Zend/zend_execute.c:273
#1  0x0101b9ae in ZEND_ASSIGN_SPEC_CV_CONST_HANDLER (execute_data=0xb7b049cc,
    tsrm_ls=0xa47c3a0) at /home/blewis/php-src/Zend/zend_vm_execute.h:20842
#2  0x00fed85c in execute (op_array=0xa82ed48, tsrm_ls=0xa47c3a0)
    at /home/blewis/php-src/Zend/zend_vm_execute.h:92
#3  0x01037d38 in ZEND_INCLUDE_OR_EVAL_SPEC_CV_HANDLER (
    execute_data=0xb7b05cbc, tsrm_ls=0xa47c3a0)
    at /home/blewis/php-src/Zend/zend_vm_execute.h:19527
#4  0x00fed85c in execute (op_array=0xa788300, tsrm_ls=0xa47c3a0)
    at /home/blewis/php-src/Zend/zend_vm_execute.h:92
#5  0x00ff2e9b in ZEND_INCLUDE_OR_EVAL_SPEC_CONST_HANDLER (
    execute_data=0xb7b0954c, tsrm_ls=0xa47c3a0)
    at /home/blewis/php-src/Zend/zend_vm_execute.h:1971
#6  0x00fed85c in execute (op_array=0xa45af58, tsrm_ls=0xa47c3a0)
    at /home/blewis/php-src/Zend/zend_vm_execute.h:92
#7  0x00ff2e9b in ZEND_INCLUDE_OR_EVAL_SPEC_CONST_HANDLER (
    execute_data=0xb7b0af9c, tsrm_ls=0xa47c3a0)
    at /home/blewis/php-src/Zend/zend_vm_execute.h:1971
#8  0x00fed85c in execute (op_array=0xa76d6f0, tsrm_ls=0xa47c3a0)
    at /home/blewis/php-src/Zend/zend_vm_execute.h:92
#9  0x00fc5a3f in zend_execute_scripts (type=8, tsrm_ls=0xa47c3a0, retval=Variab   le "retval" is not available.
)
    at /home/blewis/php-src/Zend/zend.c:1109
#10 0x00f77ea0 in php_execute_script (primary_file=0xb7b0d2e4,
    tsrm_ls=0xa47c3a0) at /home/blewis/php-src/main/main.c:1732
#11 0x01059526 in php_handler (r=0xa3fe328)
    at /home/blewis/php-src/sapi/apache2handler/sapi_apache2.c:586
#12 0x080794d9 in ap_run_handler (r=0xa3fe328) at config.c:157
#13 0x0807c631 in ap_invoke_handler (r=0xa3fe328) at config.c:371
#14 0x080b2b48 in ap_process_request (r=0xa3fe328) at http_request.c:258
#15 0x080afe5b in ap_process_http_connection (c=0xa2fad18) at http_core.c:172
#16 0x080802b9 in ap_run_process_connection (c=0xa2fad18) at connection.c:43
#17 0x080bcf94 in worker_thread (thd=0x9f15f10, dummy=0xa2700b8)
    at worker.c:531
#18 0x00c0a686 in dummy_worker (opaque=0x9f15f10)
    at threadproc/unix/thread.c:138
#19 0x00119255 in start_thread () from /lib/libpthread.so.0
#20 0x003bf92e in clone () from /lib/libc.so.6

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2006-07-04 22:01 UTC] derick@php.net

Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves. 

A proper reproducing script starts with <?php and ends with ?>,
is max. 10-20 lines long and does not require any external 
resources such as databases, etc.

If possible, make the script source available online and provide
an URL to it here. Try to avoid embedding huge scripts into the report.

[2006-07-04 22:20 UTC] ben dot tc1415 at gmail dot com

I don't seem to be able to produce an actual script, but I have narrowed it down to MySQLi. All being well I'll try and produce a script that causes this tomorrow. I've re-catergoriesed the bug to MySQLi though.

[2006-07-05 07:10 UTC] derick@php.net

We would really need a short reproducable script though...

[2006-07-08 09:32 UTC] ben dot tc1415 at gmail dot com

This is probably not a bug, I think I may have a broken version of gcc on my linux box, sorry for wasting everyone's time.

[2006-07-08 10:06 UTC] tony2001@php.net

Not PHP problem -> bogus.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Dec 26 11:01:30 2024 UTC