|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #49677 ini parser crashes with apache2 and using ${something} ini variables
Submitted: 2009-09-25 22:39 UTC Modified: 2009-11-25 12:35 UTC
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: crrodriguez at opensuse dot org Assigned: jani
Status: Closed Package: Apache2 related
PHP Version: 5.*, 6 OS: *
Private report: No CVE-ID:
 [2009-09-25 22:39 UTC] crrodriguez at opensuse dot org
The ini parser crashes with when a directive like

zend_extension = ${extension_dir}"/"

is found in the configuration file, this has worked in all versions since 5.1 but fails now.

Reproduce code:
zend_extension = ${extension_dir}"/" in php.ini

This only crashes at startup in apache 2

Expected result:
No crash

Actual result:
gdb) bt
#0  0x00007ffff2c555e0 in php_apache_sapi_getenv (name=0x7ffff83777f0 "extension_dir", name_len=<value optimized out>)
    at /usr/src/debug/php-5.3.1+svn20090925/sapi/apache2handler/sapi_apache2.c:242
#1  0x00007ffff2b7f25a in sapi_getenv (name=0x7ffff83777f0 "extension_dir", name_len=140737357772784)
    at /usr/src/debug/php-5.3.1+svn20090925/main/SAPI.c:938
#2  0x00007ffff2ba5f9b in ini_parse () at /usr/src/debug/php-5.3.1+svn20090925/Zend/zend_ini_parser.y:148
#3  0x00007ffff2ba62f8 in zend_parse_ini_file (fh=0x7fffffffcec0, unbuffered_errors=1 '\001', scanner_mode=<value optimized out>,
    ini_parser_cb=<value optimized out>, arg=<value optimized out>) at /usr/src/debug/php-5.3.1+svn20090925/Zend/zend_ini_parser.y:206
#4  0x00007ffff2b7e722 in php_init_config () at /usr/src/debug/php-5.3.1+svn20090925/main/php_ini.c:650
#5  0x00007ffff2b76ac5 in php_module_startup (sf=<value optimized out>, additional_modules=0x7ffff2f00dc0, num_additional_modules=1)
    at /usr/src/debug/php-5.3.1+svn20090925/main/main.c:1926
#6  0x00007ffff2c559a5 in php_apache2_startup (sapi_module=0x7ffff83777f0) at /usr/src/debug/php-5.3.1+svn20090925/sapi/apache2handler/sapi_apache2.c:328
#7  0x00007ffff2c564e0 in php_apache_server_startup (pconf=0x7ffff820e138, plog=<value optimized out>, ptemp=<value optimized out>, s=0x7ffff8213850)
    at /usr/src/debug/php-5.3.1+svn20090925/sapi/apache2handler/sapi_apache2.c:437
#8  0x00007ffff7fd9bf4 in ap_run_post_config () from /usr/sbin/httpd2-prefork
#9  0x00007ffff7fc5bbf in main () from /usr/sbin/httpd2-prefork


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2009-09-26 11:55 UTC]
I would guess it crashes with any option name and value when the ini 
setting is not set. f.e.

foobar = ${thisdoesnotexist}

should also crash..?
 [2009-09-26 11:56 UTC]
I'm also assuming it does not crash with CGI or CLI binaries? :)
 [2009-09-26 12:02 UTC] crrodriguez at opensuse dot org
No crash with CGI or CLI, and extension_dir *is* set in php.ini.
 [2009-09-26 12:06 UTC] crrodriguez at opensuse dot org
and yes, foobar = ${thisdoesnotexist} crashes.

note that in previous versions ${extension_dir} expanded correctly.
 [2009-11-25 12:22 UTC]
It does also crash with 5.2 branch.
 [2009-11-25 12:35 UTC]
Automatic comment from SVN on behalf of jani
Log: - Fixed bug #49677 (ini parser crashes with apache2 and using ${something} ini variables)
 [2009-11-25 12:35 UTC]
This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
Thank you for the report, and for helping us make PHP better.

PHP Copyright © 2001-2015 The PHP Group
All rights reserved.
Last updated: Sun Nov 29 15:01:40 2015 UTC