go to bug id or search bugs for
I found what looks like a reproducible crash in the stream/sockets/thingy. I think...
Code to reproduce:
var_dump($s = stream_socket_server('tcp://0.0.0.0:1234', $errno, $errstr, 0));
The var_dumps and echo are not necessary to cause the problem, but just to show the tracing of the code.
resource(5) of type (stream)
resource(5) of type (stream)
...And then the darn thing just implodes -- doesn't even say goodbye, nevermind hello. If STREAM_SERVER_BIND is specified for the flags to stream_socket_server() then it works fine.
Tested on all the PHP versions I had installed (using the CLI interface):
6.0.0-dev (Windows): crashes
5.2.6 (Windows): crashes
5.2.5 (Windows): crashes
5.2.3 (Windows): crashes
5.2.4-2ubuntu5.3 (Linux): no crash (typicial of Linux to be different huh? :)
(This was generated with PHP 5.2.6.)
Thread 0 - System ID 2864
Entry point php!mainCRTStartup
Create time 2008-09-13 23:00:03
Time spent in user mode 0 Days 0:0:0.46
Time spent in kernel mode 0 Days 0:0:0.31
Function Arg 1 Arg 2 Arg 3 Source
php5ts!xbuf_format_converter+68a 00c0f978 102c178d 00c0fa04
php5ts!vspprintf+29 00c0f9b0 00000000 102c178c
php5ts!php_verror+4d 00000000 102c169c 00000002
php5ts!php_error_docref0+23 00000000 00f11d10 00000002
php5ts!php_set_sock_blocking+45 ffffffff 00000001 00f11d10
php5ts!php_sockop_set_option+121 011ee248 00000001 00000000
php5ts!php_tcp_sockop_set_option+56e 011ee248 00000001 00000000
php5ts!_php_stream_set_option+2c 011ee248 00000001 00000000
php5ts!zif_stream_set_blocking+10c 011e28f8 011ee1a0 00000000
php5ts!zend_do_fcall_common_helper_SPEC+7d9 00c0fbd0 00f11d10 011ed67f
php5ts!ZEND_DO_FCALL_SPEC_CONST_HANDLER+e5 00000000 00f11d10 00f11d10
php5ts!execute+1c5 011ed6e0 00f11d10 00000000
php5ts!zend_execute_scripts+107 00000008 00f11d10 00000000
php5ts!php_execute_script+20d 00c0fec8 00f11d10 00000000
php!main+c07 00000003 00f11d80 00f10c10
php!mainCRTStartup+e3 00000000 00000000 7ffde000
kernel32!IsProcessorFeaturePresent+9e 00402fc2 00000000 000000c1
PHP5TS!XBUF_FORMAT_CONVERTER+68AIn php__PID__2860__Date__09_13_2008__Time_11_00_07PM__202__Second_Chance_Exception_C0000005.dmp the assembly instruction at php5ts!xbuf_format_converter+68a in c:\Server\php\php5ts.dll from The PHP Group has caused an access violation exception (0xC0000005) when trying to read from memory location 0x00002736 on thread 0
(Actually, all I wanted to do was use SSL with the sockets extension. But it doesn't seem to support that so I switched my program to the stream_socket functions instead. But that doesn't seem to support raw sockets, except under stream_socket_pair() (What's the point of that function anyway? It doesn't let you connect to anything!). So I tried to use the context/options/params thing to set up a notification function so I could let stream_sockets notifications be sent directly to the handler functions while socket_select handles ordinary Berkeley sockets events, because I need them both, but I couldn't get the notification thing working at all, so I tried specifying the context directly when the listener socket was created, and that requires specifying the errno, errstr, and flags values as well, so I tried that. Well it was a real rollercoaster. It still didn't call the notifier, but it did crash, and that's how I found this muddle. If I was clever I would have tried to fix it myself but I couldn't find out where the actual the problem was. /end of rant)
Anyway, I figured even though the problem only happens with incorrect values for the flags parameter, that I should report it anyway, just in case it's exploitable. I would have reported it yesterday but the bug reporting page seemed to be broken for hours, even though I kept trying again. Then I discovered that actually you just need cookies enabled for it to work. Ah well. Hope this stuff makes sense to someone.
Add a Patch
Add a Pull Request
Probably that will fix the crash:
This bug has been fixed in CVS.
Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
Thank you for the report, and for helping us make PHP better.