php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #49677 ini parser crashes with apache2 and using ${something} ini variables
Submitted: 2009-09-25 22:39 UTC Modified: 2009-11-25 12:35 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: crrodriguez at opensuse dot org Assigned: jani
Status: Closed Package: Apache2 related
PHP Version: 5.*, 6 OS: *
Private report: No CVE-ID:
 [2009-09-25 22:39 UTC] crrodriguez at opensuse dot org
Description:
------------
The ini parser crashes with when a directive like

zend_extension = ${extension_dir}"/xcache.so"


is found in the configuration file, this has worked in all versions since 5.1 but fails now.

Reproduce code:
---------------
zend_extension = ${extension_dir}"/foo.so" in php.ini


This only crashes at startup in apache 2

Expected result:
----------------
No crash

Actual result:
--------------
gdb) bt
#0  0x00007ffff2c555e0 in php_apache_sapi_getenv (name=0x7ffff83777f0 "extension_dir", name_len=<value optimized out>)
    at /usr/src/debug/php-5.3.1+svn20090925/sapi/apache2handler/sapi_apache2.c:242
#1  0x00007ffff2b7f25a in sapi_getenv (name=0x7ffff83777f0 "extension_dir", name_len=140737357772784)
    at /usr/src/debug/php-5.3.1+svn20090925/main/SAPI.c:938
#2  0x00007ffff2ba5f9b in ini_parse () at /usr/src/debug/php-5.3.1+svn20090925/Zend/zend_ini_parser.y:148
#3  0x00007ffff2ba62f8 in zend_parse_ini_file (fh=0x7fffffffcec0, unbuffered_errors=1 '\001', scanner_mode=<value optimized out>,
    ini_parser_cb=<value optimized out>, arg=<value optimized out>) at /usr/src/debug/php-5.3.1+svn20090925/Zend/zend_ini_parser.y:206
#4  0x00007ffff2b7e722 in php_init_config () at /usr/src/debug/php-5.3.1+svn20090925/main/php_ini.c:650
#5  0x00007ffff2b76ac5 in php_module_startup (sf=<value optimized out>, additional_modules=0x7ffff2f00dc0, num_additional_modules=1)
    at /usr/src/debug/php-5.3.1+svn20090925/main/main.c:1926
#6  0x00007ffff2c559a5 in php_apache2_startup (sapi_module=0x7ffff83777f0) at /usr/src/debug/php-5.3.1+svn20090925/sapi/apache2handler/sapi_apache2.c:328
#7  0x00007ffff2c564e0 in php_apache_server_startup (pconf=0x7ffff820e138, plog=<value optimized out>, ptemp=<value optimized out>, s=0x7ffff8213850)
    at /usr/src/debug/php-5.3.1+svn20090925/sapi/apache2handler/sapi_apache2.c:437
#8  0x00007ffff7fd9bf4 in ap_run_post_config () from /usr/sbin/httpd2-prefork
#9  0x00007ffff7fc5bbf in main () from /usr/sbin/httpd2-prefork


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2009-09-26 11:55 UTC] jani@php.net
I would guess it crashes with any option name and value when the ini 
setting is not set. f.e.

foobar = ${thisdoesnotexist}

should also crash..?
 [2009-09-26 11:56 UTC] jani@php.net
I'm also assuming it does not crash with CGI or CLI binaries? :)
 [2009-09-26 12:02 UTC] crrodriguez at opensuse dot org
No crash with CGI or CLI, and extension_dir *is* set in php.ini.
 [2009-09-26 12:06 UTC] crrodriguez at opensuse dot org
and yes, foobar = ${thisdoesnotexist} crashes.

note that in previous versions ${extension_dir} expanded correctly.
 [2009-11-25 12:22 UTC] jani@php.net
It does also crash with 5.2 branch.
 [2009-11-25 12:35 UTC] svn@php.net
Automatic comment from SVN on behalf of jani
Revision: http://svn.php.net/viewvc/?view=revision&revision=291305
Log: - Fixed bug #49677 (ini parser crashes with apache2 and using ${something} ini variables)
 [2009-11-25 12:35 UTC] jani@php.net
This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Thu Apr 17 03:01:55 2014 UTC