php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #38420 stream_filter_append function with a zlib filter segfaults or hangs
Submitted: 2006-08-11 09:46 UTC Modified: 2006-08-19 01:00 UTC
From: rb at ez dot no Assigned:
Status: No Feedback Package: Reproducible crash
PHP Version: 5.1.4 OS: Linux
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2006-08-11 09:46 UTC] rb at ez dot no
Description:
------------
The application I am writing uses the  
stream_filter_append() function to inflate / decompress a  
part of the file content. Unfortunately, this results into  
a segmentation fault. I wrote a small script to reproduce  
this problem, but that script hangs instead of segfaults.  
There may be a relation.  
 
Backtracing the segfault shows that there is a null 
pointer assignment (thanks to Derick). 

Reproduce code:
---------------
// Script that hangs.

// Compress
$fw = fopen( "myfile.txt", "r+b" );
stream_filter_append( $fw, "zlib.deflate");
fwrite( $fw, "Hello world" );
fclose($fw);

// Decompress
$fr = fopen( "myfile.txt", "r+b" );
stream_filter_append( $fr, "zlib.inflate");
echo fread( $fr, 100 );
fclose($fr);


Actual result:
--------------
// Backtrace from the crash ( brigade = 0x0 ). 
 
Program received signal SIGSEGV, Segmentation fault. 
0x081fcc88 in php_stream_bucket_unlink (bucket=0x885d0f4) 
at /usr/local/php/php5/src/main/streams/filter.c:228 
228                     bucket->brigade->head = 
bucket->next; 
(gdb) print *bucket 
$1 = {next = 0x0, prev = 0x0, brigade = 0x0, 
  buf = 0x8860cf5 
"[\017TT?\231\177\203O\235\220?\231\032\210\230b|
f\237\t&8\202?F?\027P4??J\024+Y10???f\230?3o@??\0262`x??%'v?mm?\234???X\213?5\202\215???IҬ?\234mZ?)?\232?\004?1?\030Z?
????;? 
\230??\234=g????}߽????{???7?}}Q?b\213?\"%?$i\204DX\203.
[g?l\233??gH\212d\2252?;???(\206\003\032@\003`\035", 
buflen = 7762, own_buf = 0, is_persistent = 0, refcount = 
0} 
 

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-08-11 10:02 UTC] rb at ez dot no
Oops, forgot to attach the backtrace. 
 
Program received signal SIGSEGV, Segmentation fault. 
0x081fcc88 in php_stream_bucket_unlink (bucket=0x884dbe4) 
at /usr/local/php/php5/src/main/streams/filter.c:228 
228                     bucket->brigade->head = 
bucket->next; 
(gdb) bt 
#0  0x081fcc88 in php_stream_bucket_unlink 
(bucket=0x884dbe4) 
at /usr/local/php/php5/src/main/streams/filter.c:228 
#1  0x081fd0f2 in _php_stream_filter_append 
(chain=0x88603a4, filter=0x885ba74) 
at /usr/local/php/php5/src/main/streams/filter.c:370 
#2  0x081d9f7d in apply_filter_to_stream (append=1, ht=0, 
return_value=0x885e0cc, return_value_ptr=0x0, 
this_ptr=0x0, return_value_used=1) 
    
at /usr/local/php/php5/src/ext/standard/streamsfuncs.c:1095 
#3  0x081da065 in zif_stream_filter_append (ht=0, 
return_value=0x0, return_value_ptr=0x0, this_ptr=0x0, 
return_value_used=0) 
at /usr/local/php/php5/src/ext/standard/streamsfuncs.c:1133 
#4  0x0823bcc0 in execute_internal (execute_data_ptr=0x0, 
return_value_used=0) 
at /usr/local/php/php5/src/Zend/zend_execute.c:1368 
#5  0xb788e6cf in xdebug_execute_internal 
(current_execute_data=0xbf90be70, return_value_used=1) 
at /tmp/tmpOl29f1/xdebug-2.0.0beta5/xdebug.c:1299 
#6  0x0823c557 in zend_do_fcall_common_helper_SPEC 
(execute_data=0xbf90be70) at zend_vm_execute.h:202 
#7  0x0823bdd8 in execute (op_array=0x87db654) at 
zend_vm_execute.h:92 
#8  0xb788e437 in xdebug_execute (op_array=0x87db654) 
at /tmp/tmpOl29f1/xdebug-2.0.0beta5/xdebug.c:1242 
#9  0x0823c2f1 in zend_do_fcall_common_helper_SPEC 
(execute_data=0xbf90c3a0) at zend_vm_execute.h:234 
#10 0x0823bdd8 in execute (op_array=0x879b41c) at 
zend_vm_execute.h:92 
#11 0xb788e437 in xdebug_execute (op_array=0x879b41c) 
at /tmp/tmpOl29f1/xdebug-2.0.0beta5/xdebug.c:1242 
#12 0x0823c2f1 in zend_do_fcall_common_helper_SPEC 
(execute_data=0xbf90c560) at zend_vm_execute.h:234 
#13 0x0823bdd8 in execute (op_array=0x8796654) at 
zend_vm_execute.h:92 
#14 0xb788e437 in xdebug_execute (op_array=0x8796654) 
at /tmp/tmpOl29f1/xdebug-2.0.0beta5/xdebug.c:1242 
#15 0x0823c2f1 in zend_do_fcall_common_helper_SPEC 
(execute_data=0xbf90d220) at zend_vm_execute.h:234 
#16 0x0823bdd8 in execute (op_array=0x878a904) at 
zend_vm_execute.h:92 
#17 0xb788e437 in xdebug_execute (op_array=0x878a904) 
at /tmp/tmpOl29f1/xdebug-2.0.0beta5/xdebug.c:1242 
#18 0x0823c2f1 in zend_do_fcall_common_helper_SPEC 
(execute_data=0xbf90d480) at zend_vm_execute.h:234 
#19 0x0823bdd8 in execute (op_array=0x873d50c) at 
zend_vm_execute.h:92 
#20 0xb788e437 in xdebug_execute (op_array=0x873d50c) 
at /tmp/tmpOl29f1/xdebug-2.0.0beta5/xdebug.c:1242 
#21 0x08219751 in zend_call_function (fci=0xbf90d640, 
fci_cache=0xbf90d630) 
at /usr/local/php/php5/src/Zend/zend_execute_API.c:938 
#22 0x08119c68 in zif_reflection_method_invoke (ht=1, 
return_value=0x87f3d3c, return_value_ptr=0x0, 
this_ptr=0x880bd54, return_value_used=0) 
    
at /usr/local/php/php5/src/ext/reflection/php_reflection.c:2286 
#23 0x0823bcc0 in execute_internal (execute_data_ptr=0x0, 
return_value_used=0) 
at /usr/local/php/php5/src/Zend/zend_execute.c:1368 
#24 0xb788e6cf in xdebug_execute_internal 
(current_execute_data=0xbf90d940, return_value_used=0) 
at /tmp/tmpOl29f1/xdebug-2.0.0beta5/xdebug.c:1299 
#25 0x0823c557 in zend_do_fcall_common_helper_SPEC 
(execute_data=0xbf90d940) at zend_vm_execute.h:202 
#26 0x0823bdd8 in execute (op_array=0x875631c) at 
zend_vm_execute.h:92
 [2006-08-11 10:08 UTC] tony2001@php.net
Please try using this CVS snapshot:

  http://snaps.php.net/php5.2-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5.2-win32-latest.zip

Can't reproduce.
 [2006-08-19 01:00 UTC] php-bugs at lists dot php dot net
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Mon Jun 17 09:01:30 2024 UTC