PHP :: Bug #38420 :: stream_filter_append function with a zlib filter segfaults or hangs

[2006-08-11 09:46 UTC] rb at ez dot no

Description:
------------
The application I am writing uses the  
stream_filter_append() function to inflate / decompress a  
part of the file content. Unfortunately, this results into  
a segmentation fault. I wrote a small script to reproduce  
this problem, but that script hangs instead of segfaults.  
There may be a relation.  
 
Backtracing the segfault shows that there is a null 
pointer assignment (thanks to Derick). 

Reproduce code:
---------------
// Script that hangs.

// Compress
$fw = fopen( "myfile.txt", "r+b" );
stream_filter_append( $fw, "zlib.deflate");
fwrite( $fw, "Hello world" );
fclose($fw);

// Decompress
$fr = fopen( "myfile.txt", "r+b" );
stream_filter_append( $fr, "zlib.inflate");
echo fread( $fr, 100 );
fclose($fr);


Actual result:
--------------
// Backtrace from the crash ( brigade = 0x0 ). 
 
Program received signal SIGSEGV, Segmentation fault. 
0x081fcc88 in php_stream_bucket_unlink (bucket=0x885d0f4) 
at /usr/local/php/php5/src/main/streams/filter.c:228 
228                     bucket->brigade->head = 
bucket->next; 
(gdb) print *bucket 
$1 = {next = 0x0, prev = 0x0, brigade = 0x0, 
  buf = 0x8860cf5 
"[\017TT?\231\177\203O\235\220?\231\032\210\230b|
f\237\t&8\202?F?\027P4??J\024+Y10???f\230?3o@??\0262`x??%'v?mm?\234???X\213?5\202\215???IҬ?\234mZ?)?\232?\004?1?\030Z?
????;? 
\230??\234=g????}߽????{???7?}}Q?b\213?\"%?$i\204DX\203.
[g?l\233??gH\212d\2252?;???(\206\003\032@\003`\035", 
buflen = 7762, own_buf = 0, is_persistent = 0, refcount = 
0}

[2006-08-11 10:02 UTC] rb at ez dot no

Oops, forgot to attach the backtrace. 
 
Program received signal SIGSEGV, Segmentation fault. 
0x081fcc88 in php_stream_bucket_unlink (bucket=0x884dbe4) 
at /usr/local/php/php5/src/main/streams/filter.c:228 
228                     bucket->brigade->head = 
bucket->next; 
(gdb) bt 
#0  0x081fcc88 in php_stream_bucket_unlink 
(bucket=0x884dbe4) 
at /usr/local/php/php5/src/main/streams/filter.c:228 
#1  0x081fd0f2 in _php_stream_filter_append 
(chain=0x88603a4, filter=0x885ba74) 
at /usr/local/php/php5/src/main/streams/filter.c:370 
#2  0x081d9f7d in apply_filter_to_stream (append=1, ht=0, 
return_value=0x885e0cc, return_value_ptr=0x0, 
this_ptr=0x0, return_value_used=1) 
    
at /usr/local/php/php5/src/ext/standard/streamsfuncs.c:1095 
#3  0x081da065 in zif_stream_filter_append (ht=0, 
return_value=0x0, return_value_ptr=0x0, this_ptr=0x0, 
return_value_used=0) 
at /usr/local/php/php5/src/ext/standard/streamsfuncs.c:1133 
#4  0x0823bcc0 in execute_internal (execute_data_ptr=0x0, 
return_value_used=0) 
at /usr/local/php/php5/src/Zend/zend_execute.c:1368 
#5  0xb788e6cf in xdebug_execute_internal 
(current_execute_data=0xbf90be70, return_value_used=1) 
at /tmp/tmpOl29f1/xdebug-2.0.0beta5/xdebug.c:1299 
#6  0x0823c557 in zend_do_fcall_common_helper_SPEC 
(execute_data=0xbf90be70) at zend_vm_execute.h:202 
#7  0x0823bdd8 in execute (op_array=0x87db654) at 
zend_vm_execute.h:92 
#8  0xb788e437 in xdebug_execute (op_array=0x87db654) 
at /tmp/tmpOl29f1/xdebug-2.0.0beta5/xdebug.c:1242 
#9  0x0823c2f1 in zend_do_fcall_common_helper_SPEC 
(execute_data=0xbf90c3a0) at zend_vm_execute.h:234 
#10 0x0823bdd8 in execute (op_array=0x879b41c) at 
zend_vm_execute.h:92 
#11 0xb788e437 in xdebug_execute (op_array=0x879b41c) 
at /tmp/tmpOl29f1/xdebug-2.0.0beta5/xdebug.c:1242 
#12 0x0823c2f1 in zend_do_fcall_common_helper_SPEC 
(execute_data=0xbf90c560) at zend_vm_execute.h:234 
#13 0x0823bdd8 in execute (op_array=0x8796654) at 
zend_vm_execute.h:92 
#14 0xb788e437 in xdebug_execute (op_array=0x8796654) 
at /tmp/tmpOl29f1/xdebug-2.0.0beta5/xdebug.c:1242 
#15 0x0823c2f1 in zend_do_fcall_common_helper_SPEC 
(execute_data=0xbf90d220) at zend_vm_execute.h:234 
#16 0x0823bdd8 in execute (op_array=0x878a904) at 
zend_vm_execute.h:92 
#17 0xb788e437 in xdebug_execute (op_array=0x878a904) 
at /tmp/tmpOl29f1/xdebug-2.0.0beta5/xdebug.c:1242 
#18 0x0823c2f1 in zend_do_fcall_common_helper_SPEC 
(execute_data=0xbf90d480) at zend_vm_execute.h:234 
#19 0x0823bdd8 in execute (op_array=0x873d50c) at 
zend_vm_execute.h:92 
#20 0xb788e437 in xdebug_execute (op_array=0x873d50c) 
at /tmp/tmpOl29f1/xdebug-2.0.0beta5/xdebug.c:1242 
#21 0x08219751 in zend_call_function (fci=0xbf90d640, 
fci_cache=0xbf90d630) 
at /usr/local/php/php5/src/Zend/zend_execute_API.c:938 
#22 0x08119c68 in zif_reflection_method_invoke (ht=1, 
return_value=0x87f3d3c, return_value_ptr=0x0, 
this_ptr=0x880bd54, return_value_used=0) 
    
at /usr/local/php/php5/src/ext/reflection/php_reflection.c:2286 
#23 0x0823bcc0 in execute_internal (execute_data_ptr=0x0, 
return_value_used=0) 
at /usr/local/php/php5/src/Zend/zend_execute.c:1368 
#24 0xb788e6cf in xdebug_execute_internal 
(current_execute_data=0xbf90d940, return_value_used=0) 
at /tmp/tmpOl29f1/xdebug-2.0.0beta5/xdebug.c:1299 
#25 0x0823c557 in zend_do_fcall_common_helper_SPEC 
(execute_data=0xbf90d940) at zend_vm_execute.h:202 
#26 0x0823bdd8 in execute (op_array=0x875631c) at 
zend_vm_execute.h:92

[2006-08-11 10:08 UTC] tony2001@php.net

Please try using this CVS snapshot:

  http://snaps.php.net/php5.2-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5.2-win32-latest.zip

Can't reproduce.

[2006-08-19 01:00 UTC] php-bugs at lists dot php dot net

No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".

Patches

Pull Requests

History

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Mon Jun 17 09:01:30 2024 UTC