php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #47663 dcngettext() crashes if count parameter is negative
Submitted: 2009-03-15 15:07 UTC Modified: 2009-04-14 09:26 UTC
From: dsp@php.net Assigned:
Status: Not a bug Package: Gettext related
PHP Version: 5.2.9 OS: OpenSolaris 2009.11
Private report: No CVE-ID: None
 [2009-03-15 15:07 UTC] dsp@php.net
Description:
------------
Passing -1 to the count argument of dcngettext leads to a PHP core dump 
on OpenSolaris.






Reproduce code:
---------------
make test TESTS=ext/gettext/tests

will crash when testing dcngettext.phpt

Expected result:
----------------
no crash

Actual result:
--------------
Program received signal SIGSEGV, Segmentation fault.
0xfedaaa76 in _real_gettext_u () from /lib/libc.so.1
(gdb) bt
#0  0xfedaaa76 in _real_gettext_u () from /lib/libc.so.1
#1  0xfeda8d7a in dcngettext () from /lib/libc.so.1
#2  0x080f8692 in zif_dcngettext (ht=5, return_value=0x83d4b0c, 
return_value_ptr=0x0, this_ptr=0x0, return_value_used=1)
    at /export/home/dsp/dev/c/php52/ext/gettext/gettext.c:356
#3  0x08275389 in zend_do_fcall_common_helper_SPEC 
(execute_data=0x8047320) at zend_vm_execute.h:200
#4  0x08274b39 in execute (op_array=0x83d5090) at zend_vm_execute.h:92
#5  0x0825b469 in zend_execute_scripts (type=8, retval=0x0, 
file_count=3) at /export/home/dsp/dev/c/php52/Zend/zend.c:1134
#6  0x08223079 in php_execute_script (primary_file=0x8047a94) at 
/export/home/dsp/dev/c/php52/main/main.c:2023
#7  0x082d7a09 in main (argc=2, argv=0x8047b18) at 
/export/home/dsp/dev/c/php52/sapi/cli/php_cli.c:1133





Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2009-04-14 09:13 UTC] jani@php.net
"In the "C" locale, or if none of the used catalogs contain a translation for msgid, the ngettext, dngettext and dcngettext functions return msgid if n == 1, or msgid_plural if n != 1."

That crash should be reported to Sun too so they can fix their gettext implementation. :)
 [2009-04-14 09:15 UTC] jani@php.net
Also, the possible fix to prevent this in PHP should consider all the plural gettext functions:

ngettext(), dngettext() and dcngettext()

 [2009-04-14 09:20 UTC] jani@php.net
Note: Linux glibc gettext implementation does not crash..
 [2009-04-14 09:26 UTC] dsp@php.net
Sorry, but your problem does not imply a bug in PHP itself.  For a
list of more appropriate places to ask for help using PHP, please
visit http://www.php.net/support.php as this bug system is not the
appropriate forum for asking support questions.  Due to the volume
of reports we can not explain in detail here why your report is not
a bug.  The support channels will be able to provide an explanation
for you.

Thank you for your interest in PHP.

The bug was reported to the opensolaris community. Its a bug in their gettext 
implementation and not in phps wrapper
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Mar 19 10:01:30 2024 UTC