|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #44862 Invalid encoding in pspell_config_create() w/ pspell_new_config() causes abort
Submitted: 2008-04-29 17:18 UTC Modified: 2008-09-16 23:12 UTC
From: twm at twmacinta dot com Assigned:
Status: Closed Package: Pspell related
PHP Version: 5.2.5 OS: Red Hat Enterprise Linux ES 3
Private report: No CVE-ID: None
 [2008-04-29 17:18 UTC] twm at twmacinta dot com
When I pass an invalid encoding as the fourth argument to the function pspell_config_create() and then pass that return value to pspell_new_config(), PHP aborts and stops running.  This is causing the "make test" script named "ext/pspell/tests/003.phpt" to fail on my system when I try to test my new build of PHP.  I have created a simpler test case for this bug report and also read through the code a bit more to come up with an analysis which I think might be helpful.

My test script works as expected in older versions of PHP on the same operating system.  In particular, it works fine in PHP 4.3 on the same OS.  This applies to both my custom compiled version of PHP as well as the most recent build from Red Hat.  I believe that the problem was introduced in revision  See line 405 below:

The problem is that delete_pspell_manager() is called on a pointer obtained from new_pspell_manager() which isn't necessarily a pspell manager.  It can either be an error or a pspell manager.  Here is the code from the pspell library - note that the first return statement can result in PHP getting something which isn't a pspell manager (which is what it incorrectly frees):

PspellCanHaveError * new_pspell_manager(PspellConfig * c) 
  PspellCanHaveError * possible_err = find_word_list(c);
  if (possible_err->error_number() != 0)
    return possible_err;
  PspellConfig * config = (PspellConfig *)(possible_err);
  possible_err = new_pspell_manager_class(config);
  delete config;
  return possible_err;

Perhaps this error isn't being triggered on your test systems since it depends upon whether the system's pspell library was compiled to enforce assertions.

Note that there were several other changes like this made in revision  There were other lines added which call delete_pspell_*(), possibly with an invalid argument.  I don't know if they are a problem in reality - I only caught the line that I'm reporting because "make test" failed for me.  I was a little hesitant to remove those lines in my own code since they were added without other major changes, so there was presumably some reason for them, though the revision comment and change log don't mention what it was.

I used "php -n" to run all of the tests, so as to rule out "php.ini" as a problem.  I tried the test script with both PHP 5.2.5 and the latest CVS snapshot, php5.2-200804291230.

Reproduce code:
$cfg2 = pspell_config_create('en', 'british', '', 'b0rked');
$p2 = pspell_new_config($cfg2);

Expected result:
Warning: pspell_new_config(): PSPELL couldn't open the dictionary. reason: The encoding "b0rked" is not known. This could also mean that the file "/usr/share/pspell/" could not be opened for reading or does not exist.  in /tmp/timtest20080429.php on line 3

Actual result:
Warning: pspell_new_config(): PSPELL couldn't open the dictionary. reason: The encoding "b0rked" is not known. This could also mean that the file "/usr/share/pspell/" could not be opened for reading or does not exist.  in /tmp/timtest20080429.php on line 3
php: void free_lt_handle(void*): Assertion `s == 0' failed.


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2008-04-30 00:01 UTC]
Which version of aspell library are you using? here things work as 
 [2008-04-30 14:19 UTC] twm at twmacinta dot com
Here is a list of all of my 'aspell' and 'pspell' RPMs, with version numbers:


It does appear to be dying because of a failed assertion, so maybe it doesn't die for you because your 'pspell' library wasn't compiled to enforce assertions?
 [2008-09-16 23:12 UTC]
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
Thank you for the report, and for helping us make PHP better.

PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sun Apr 14 02:01:30 2024 UTC