php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #52317 Segmentation fault when using mail() on a rhel 4.x (only 64 bit)
Submitted: 2010-07-12 16:52 UTC Modified: 2010-07-19 15:39 UTC
From: om at wysiwyg dot de Assigned: aharvey
Status: Closed Package: Reproducible crash
PHP Version: 5.2SVN-2010-07-12 (snap) OS: rhel4.8_x86_64
Private report: No CVE-ID:
 [2010-07-12 16:52 UTC] om at wysiwyg dot de
Description:
------------
Since the patch for "headers_trimmed" was added in the mail.c I always get a segmentation fault when using mail(). This only affects rhel4.x 64 bit os. rhel 5.x 64 bit or rhel4.x 32 bit works fine.

Using mail.c from a snapshot before 2010-04-22 in the actual snapshot source everything works fine.

--- php/php-src/branches/PHP_5_2/ext/standard/mail.c	2010-04-22 01:07:48 UTC (rev 298290) -> works fine
+++ php/php-src/branches/PHP_5_2/ext/standard/mail.c	2010-04-22 02:22:49 UTC (rev 298291) -> segmentation fault when using mail() in a php script on a rhel4.x 64 bit host





Test script:
---------------
running "make test" after building php from source.

the provided test script also reports the problem.


Patches

Radio-Powerfreunde (last revision 2010-11-25 00:08 UTC) by sendeleitung-radiofreunde at freenet dot de)

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2010-07-13 18:26 UTC] aharvey@php.net
-Status: Open +Status: Assigned -Assigned To: +Assigned To: aharvey
 [2010-07-13 18:26 UTC] aharvey@php.net
Since I committed the offending patch, I'll look into it.

If you could provide both the test script (which doesn't seem to have made it) and, if possible, a backtrace per the instructions [1], that would be most helpful.

[1] http://bugs.php.net/bugs-generating-backtrace.php
 [2010-07-15 10:15 UTC] om at wysiwyg dot de
sorry I forgot the testscript:

<?php

        $to      = 'om@wysiwyg.de';
        $subject = 'test';
        $message = 'test';

        $headers = 'From: OM' . "\r\n" .
                   'Reply-To: om@wysiwyg.de' . "\r\n" .
                   'X-Mailer: PHP/' . phpversion();


        //mail without $headers is working
        //mail($to, $subject, $message);
        
        //with $headers -> seg. fault
        mail($to, $subject, $message, $headers);

?>
 [2010-07-15 10:32 UTC] om at wysiwyg dot de
(gdb) bt
#0  0x0000003fc0571360 in strlen () from /lib64/tls/libc.so.6
#1  0x0000003fc0542e79 in vfprintf () from /lib64/tls/libc.so.6
#2  0x0000003fc0548626 in fprintf () from /lib64/tls/libc.so.6
#3  0x000000000060b902 in php_mail (to=0x2a9557f208 "om@wysiwyg.de", subject=0x2a9557efc0 "the subject", 
    message=0x2a95580b28 "hello", headers=0xffffffff9557f388 <Address 0xffffffff9557f388 out of bounds>, 
    extra_cmd=0x0) at /usr/local/src/php5.2-201007131430/ext/standard/mail.c:281
#4  0x000000000060b6dc in zif_mail (ht=4, return_value=0x2a9557f318, return_value_ptr=0x0, this_ptr=0x0, 
    return_value_used=0) at /usr/local/src/php5.2-201007131430/ext/standard/mail.c:180
#5  0x00000000006ee2cb in zend_do_fcall_common_helper_SPEC (execute_data=0x7fbfffd1c0)
    at /usr/local/src/php5.2-201007131430/Zend/zend_vm_execute.h:200
#6  0x00000000006f3bdb in ZEND_DO_FCALL_SPEC_CONST_HANDLER (execute_data=0x7fbfffd1c0)
    at /usr/local/src/php5.2-201007131430/Zend/zend_vm_execute.h:1740
#7  0x00000000006eddc1 in execute (op_array=0x2a9557e130)
    at /usr/local/src/php5.2-201007131430/Zend/zend_vm_execute.h:92
#8  0x00000000006c747f in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at /usr/local/src/php5.2-201007131430/Zend/zend.c:1134
#9  0x0000000000671979 in php_execute_script (primary_file=0x7fbffff890)
    at /usr/local/src/php5.2-201007131430/main/main.c:2036
#10 0x0000000000741dfb in main (argc=2, argv=0x7fbffff9e8)
    at /usr/local/src/php5.2-201007131430/sapi/cli/php_cli.c:1165
(gdb)
 [2010-07-19 12:46 UTC] aharvey@php.net
Automatic comment from SVN on behalf of aharvey
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=301392
Log: Fix for bug #52317 (Segmentation fault when using mail() on a rhel 4.x (only 64
bit)).
 [2010-07-19 12:46 UTC] aharvey@php.net
-Status: Assigned +Status: Suspended
 [2010-07-19 12:46 UTC] aharvey@php.net
Gah, missing header inclusion + older version of gcc = failure, hence
why this wasn't manifesting on RHEL 5 or recent Ubuntu versions. I do
find the fact it's 64-bit only interesting, 

Fix checked into trunk. Given we're deep into the RC cycle, I'll talk
to the RMs before committing to the 5.2 and 5.3 branches, although I
think this is a pretty good candidate for both.
 [2010-07-19 12:47 UTC] aharvey@php.net
Editing fail: ignore "I do find the fact it's 64-bit only interesting,".

It's not that interesting when you think about it for two seconds. :)
 [2010-07-19 15:08 UTC] johannes@php.net
-Status: Suspended +Status: Assigned
 [2010-07-19 15:08 UTC] johannes@php.net
Approved for 5.2 and 5.3.
 [2010-07-19 15:38 UTC] aharvey@php.net
Automatic comment from SVN on behalf of aharvey
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=301396
Log: MFH: fix for bug #52317 (Segmentation fault when using mail() on a rhel 4.x
(only 64 bit)).
 [2010-07-19 15:39 UTC] aharvey@php.net
-Status: Assigned +Status: Closed
 [2010-07-19 15:39 UTC] aharvey@php.net
This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Wed Apr 23 17:01:58 2014 UTC