PHP :: Bug #47930 :: ext/filter crashes when module startup bails out

Bug #47930	ext/filter crashes when module startup bails out
Submitted:	2009-04-08 23:01 UTC	Modified:	2010-09-01 20:14 UTC
From:	stas at zend dot com	Assigned:	stas (profile)
Status:	Closed	Package:	Reproducible crash
PHP Version:	5.2CVS-2009-04-29	OS:	*
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !

Your email address: MUST BE VALID
Solve the problem: 33 + 46 = ?
Subscribe to this entry?

[2009-04-08 23:01 UTC] stas at zend dot com

Description:
------------
1. If one of the modules startup bails out, that leads to aborting the startup sequence and PG(modules_activated) be 0.
This, in turn, precludes running RSHUTDOWN functions on modules.

2. ext/filter allocates IF_G(get_array), etc. in the course of the request startup, and if RSHUTDOWN is not called, they are not cleaned up.

3. Since ext/filter does not initialize IF_G arrays, on the next request uncleaned value will be used. Since these arrays are no longer pointing to a valid memory (which was cleaned on the end of the previous request), this will result in a crash. 

Reproduce code:
---------------
1. Create extension that uses zend_bailout in RINIT.
2. Run two requests while ext/filter is present and turned on
3. Crash!

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2009-04-29 00:41 UTC] stas@php.net

fixed for 5.3/HEAD, 5.2 fix still required, since 5.3+ fix changes binary API

[2009-09-05 17:17 UTC] pajoye@php.net

Any reason why this change has been commited to HEAD but never to 5.3, or has it been reverted?

Please clarify the situation and sync both branches as soon as possible.

[2009-09-05 23:40 UTC] stas@php.net

Fix for 5.3 changes binary API, so it can't be applied to 5.2

[2009-09-06 10:16 UTC] pajoye@php.net

I got that, but why trunk (HEAD) is different from 5.3?

Or do you mean:

- 5.2, no fix at all
- 5.3, fix but without ABI break
- 6, all changes kept

?

[2010-09-01 20:14 UTC] stas@php.net

-Status: Assigned +Status: Closed

[2010-09-01 20:14 UTC] stas@php.net

This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

I think this one is fine in both 5.3 and trunk.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sat May 04 22:01:33 2024 UTC