php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #44862 Invalid encoding in pspell_config_create() w/ pspell_new_config() causes abort
Submitted: 2008-04-29 17:18 UTC Modified: 2008-09-16 23:12 UTC
From: twm at twmacinta dot com Assigned:
Status: Closed Package: Pspell related
PHP Version: 5.2.5 OS: Red Hat Enterprise Linux ES 3
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: twm at twmacinta dot com
New email:
PHP Version: OS:

 

 [2008-04-29 17:18 UTC] twm at twmacinta dot com 
Description:
------------
When I pass an invalid encoding as the fourth argument to the function pspell_config_create() and then pass that return value to pspell_new_config(), PHP aborts and stops running.  This is causing the "make test" script named "ext/pspell/tests/003.phpt" to fail on my system when I try to test my new build of PHP.  I have created a simpler test case for this bug report and also read through the code a bit more to come up with an analysis which I think might be helpful.

My test script works as expected in older versions of PHP on the same operating system.  In particular, it works fine in PHP 4.3 on the same OS.  This applies to both my custom compiled version of PHP as well as the most recent build from Red Hat.  I believe that the problem was introduced in revision 1.45.2.4.2.5.  See line 405 below:

http://cvs.php.net/viewvc.cgi/php-src/ext/pspell/pspell.c?r1=1.45.2.4.2.4&r2=1.45.2.4.2.5&pathrev=PHP_5_2

The problem is that delete_pspell_manager() is called on a pointer obtained from new_pspell_manager() which isn't necessarily a pspell manager.  It can either be an error or a pspell manager.  Here is the code from the pspell library - note that the first return statement can result in PHP getting something which isn't a pspell manager (which is what it incorrectly frees):

PspellCanHaveError * new_pspell_manager(PspellConfig * c) 
{
  PspellCanHaveError * possible_err = find_word_list(c);
  if (possible_err->error_number() != 0)
    return possible_err;
  PspellConfig * config = (PspellConfig *)(possible_err);
  possible_err = new_pspell_manager_class(config);
  delete config;
  return possible_err;
}

Perhaps this error isn't being triggered on your test systems since it depends upon whether the system's pspell library was compiled to enforce assertions.

Note that there were several other changes like this made in revision 1.45.2.4.2.5.  There were other lines added which call delete_pspell_*(), possibly with an invalid argument.  I don't know if they are a problem in reality - I only caught the line that I'm reporting because "make test" failed for me.  I was a little hesitant to remove those lines in my own code since they were added without other major changes, so there was presumably some reason for them, though the revision comment and change log don't mention what it was.

I used "php -n" to run all of the tests, so as to rule out "php.ini" as a problem.  I tried the test script with both PHP 5.2.5 and the latest CVS snapshot, php5.2-200804291230.


Reproduce code:
---------------
$cfg2 = pspell_config_create('en', 'british', '', 'b0rked');
$p2 = pspell_new_config($cfg2);
print("Done\n");


Expected result:
----------------
Warning: pspell_new_config(): PSPELL couldn't open the dictionary. reason: The encoding "b0rked" is not known. This could also mean that the file "/usr/share/pspell/b0rked.map" could not be opened for reading or does not exist.  in /tmp/timtest20080429.php on line 3
Done


Actual result:
--------------
Warning: pspell_new_config(): PSPELL couldn't open the dictionary. reason: The encoding "b0rked" is not known. This could also mean that the file "/usr/share/pspell/b0rked.map" could not be opened for reading or does not exist.  in /tmp/timtest20080429.php on line 3
php: manager_impl.cc:30: void free_lt_handle(void*): Assertion `s == 0' failed.
Aborted

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2008-04-30 00:01 UTC] iliaa@php.net 
Which version of aspell library are you using? here things work as 
intended.
 [2008-04-30 14:19 UTC] twm at twmacinta dot com 
Here is a list of all of my 'aspell' and 'pspell' RPMs, with version numbers:

aspell-0.33.7.1-25.3.rhel3.i386
aspell-config-0.33.7.1-25.3.rhel3.i386
aspell-da-1.4.22-7.i386
aspell-de-0.1.1-17.i386
aspell-devel-0.33.7.1-25.3.rhel3.i386
aspell-en-ca-0.33.7.1-25.3.rhel3.i386
aspell-en-gb-0.33.7.1-25.3.rhel3.i386
aspell-es-0.2-13.i386
aspell-fr-0.6-8.i386
aspell-it-0.1-16.i386
aspell-nl-0.1-17.i386
aspell-no-0.3-6.i386
aspell-pt-0.1-12.i386
aspell-pt_BR-2.4-12.i386
aspell-sv-1.3.8-4.i386
pspell-0.12.2-16.1.i386
pspell-devel-0.12.2-16.1.i386

It does appear to be dying because of a failed assertion, so maybe it doesn't die for you because your 'pspell' library wasn't compiled to enforce assertions?
 [2008-09-16 23:12 UTC] iliaa@php.net 
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Fri Apr 19 04:01:28 2024 UTC