PHP :: Bug #52317 :: Segmentation fault when using mail() on a rhel 4.x (only 64 bit)

Bug #52317	Segmentation fault when using mail() on a rhel 4.x (only 64 bit)
Submitted:	2010-07-12 16:52 UTC	Modified:	2010-07-19 15:39 UTC
From:	om at wysiwyg dot de	Assigned:	aharvey (profile)
Status:	Closed	Package:	Reproducible crash
PHP Version:	5.2SVN-2010-07-12 (snap)	OS:	rhel4.8_x86_64
Private report:	No	CVE-ID:	None

View Developer Edit

[2010-07-12 16:52 UTC] om at wysiwyg dot de

Description:
------------
Since the patch for "headers_trimmed" was added in the mail.c I always get a segmentation fault when using mail(). This only affects rhel4.x 64 bit os. rhel 5.x 64 bit or rhel4.x 32 bit works fine.

Using mail.c from a snapshot before 2010-04-22 in the actual snapshot source everything works fine.

--- php/php-src/branches/PHP_5_2/ext/standard/mail.c	2010-04-22 01:07:48 UTC (rev 298290) -> works fine
+++ php/php-src/branches/PHP_5_2/ext/standard/mail.c	2010-04-22 02:22:49 UTC (rev 298291) -> segmentation fault when using mail() in a php script on a rhel4.x 64 bit host





Test script:
---------------
running "make test" after building php from source.

the provided test script also reports the problem.

Patches

Radio-Powerfreunde (last revision 2010-11-25 00:08 UTC by sendeleitung-radiofreunde at freenet dot de)

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2010-07-13 18:26 UTC] aharvey@php.net

-Status: Open +Status: Assigned -Assigned To: +Assigned To: aharvey

[2010-07-13 18:26 UTC] aharvey@php.net

Since I committed the offending patch, I'll look into it.

If you could provide both the test script (which doesn't seem to have made it) and, if possible, a backtrace per the instructions [1], that would be most helpful.

[1] http://bugs.php.net/bugs-generating-backtrace.php

[2010-07-15 10:15 UTC] om at wysiwyg dot de

sorry I forgot the testscript:

<?php

        $to      = 'om@wysiwyg.de';
        $subject = 'test';
        $message = 'test';

        $headers = 'From: OM' . "\r\n" .
                   'Reply-To: om@wysiwyg.de' . "\r\n" .
                   'X-Mailer: PHP/' . phpversion();


        //mail without $headers is working
        //mail($to, $subject, $message);
        
        //with $headers -> seg. fault
        mail($to, $subject, $message, $headers);

?>

[2010-07-15 10:32 UTC] om at wysiwyg dot de

(gdb) bt
#0  0x0000003fc0571360 in strlen () from /lib64/tls/libc.so.6
#1  0x0000003fc0542e79 in vfprintf () from /lib64/tls/libc.so.6
#2  0x0000003fc0548626 in fprintf () from /lib64/tls/libc.so.6
#3  0x000000000060b902 in php_mail (to=0x2a9557f208 "om@wysiwyg.de", subject=0x2a9557efc0 "the subject", 
    message=0x2a95580b28 "hello", headers=0xffffffff9557f388 <Address 0xffffffff9557f388 out of bounds>, 
    extra_cmd=0x0) at /usr/local/src/php5.2-201007131430/ext/standard/mail.c:281
#4  0x000000000060b6dc in zif_mail (ht=4, return_value=0x2a9557f318, return_value_ptr=0x0, this_ptr=0x0, 
    return_value_used=0) at /usr/local/src/php5.2-201007131430/ext/standard/mail.c:180
#5  0x00000000006ee2cb in zend_do_fcall_common_helper_SPEC (execute_data=0x7fbfffd1c0)
    at /usr/local/src/php5.2-201007131430/Zend/zend_vm_execute.h:200
#6  0x00000000006f3bdb in ZEND_DO_FCALL_SPEC_CONST_HANDLER (execute_data=0x7fbfffd1c0)
    at /usr/local/src/php5.2-201007131430/Zend/zend_vm_execute.h:1740
#7  0x00000000006eddc1 in execute (op_array=0x2a9557e130)
    at /usr/local/src/php5.2-201007131430/Zend/zend_vm_execute.h:92
#8  0x00000000006c747f in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at /usr/local/src/php5.2-201007131430/Zend/zend.c:1134
#9  0x0000000000671979 in php_execute_script (primary_file=0x7fbffff890)
    at /usr/local/src/php5.2-201007131430/main/main.c:2036
#10 0x0000000000741dfb in main (argc=2, argv=0x7fbffff9e8)
    at /usr/local/src/php5.2-201007131430/sapi/cli/php_cli.c:1165
(gdb)

[2010-07-19 12:46 UTC] aharvey@php.net

Automatic comment from SVN on behalf of aharvey
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=301392
Log: Fix for bug #52317 (Segmentation fault when using mail() on a rhel 4.x (only 64
bit)).

[2010-07-19 12:46 UTC] aharvey@php.net

-Status: Assigned +Status: Suspended

[2010-07-19 12:46 UTC] aharvey@php.net

Gah, missing header inclusion + older version of gcc = failure, hence
why this wasn't manifesting on RHEL 5 or recent Ubuntu versions. I do
find the fact it's 64-bit only interesting, 

Fix checked into trunk. Given we're deep into the RC cycle, I'll talk
to the RMs before committing to the 5.2 and 5.3 branches, although I
think this is a pretty good candidate for both.

[2010-07-19 12:47 UTC] aharvey@php.net

Editing fail: ignore "I do find the fact it's 64-bit only interesting,".

It's not that interesting when you think about it for two seconds. :)

[2010-07-19 15:08 UTC] johannes@php.net

-Status: Suspended +Status: Assigned

[2010-07-19 15:08 UTC] johannes@php.net

Approved for 5.2 and 5.3.

[2010-07-19 15:38 UTC] aharvey@php.net

Automatic comment from SVN on behalf of aharvey
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=301396
Log: MFH: fix for bug #52317 (Segmentation fault when using mail() on a rhel 4.x
(only 64 bit)).

[2010-07-19 15:39 UTC] aharvey@php.net

-Status: Assigned +Status: Closed

[2010-07-19 15:39 UTC] aharvey@php.net

This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sat Dec 21 16:01:28 2024 UTC