php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #54092 Segmentation fault when using FTP proxy
Submitted: 2011-02-24 16:47 UTC Modified: 2011-02-27 21:24 UTC
From: daniel dot buschke at nextiraone dot de Assigned: cataphract
Status: Closed Package: Reproducible crash
PHP Version: 5.2.17 OS: Linux
Private report: No CVE-ID:
 [2011-02-24 16:47 UTC] daniel dot buschke at nextiraone dot de
Description:
------------
Hi,
either the Bug (#42420) is still alive or it is re-alive. But I am not allowed to re-open it. So sorry for opening a dup.

php -v says:
------------------
PHP 5.2.17-pl0-gentoo (cli) (built: Feb 18 2011 10:01:58)
Copyright (c) 1997-2010 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2010 Zend Technologies
    with Xdebug v2.1.0, Copyright (c) 2002-2010, by Derick Rethans
------------------

The PHP died with SegFault on two different machines with two different Proxies.

regards
Daniel

Test script:
---------------
<?php

        $uri = 'ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/shadow-4.1.4.3.tar.bz2';
        $proxy = 'tcp://proxy:8080';

        $opts = array(
                'ftp' => array(
                        'proxy' => $proxy
                )
        );

        $context = stream_context_create($opts);
        stream_context_set_params($context, array());

        $fh = fopen($uri, 'r', false, $context);
        while (!feof($fh)) {
                echo "foo\n";
                fread($fh, 4 * 1024);
        }

        fclose($fh);

?>


Expected result:
----------------
many foos ;-) and no segmentation fault

Actual result:
--------------
many foos and segementation fault

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-02-24 17:02 UTC] daniel dot buschke at nextiraone dot de
BackTrace (without debug symbols, hope it is usefull):

#0  0x082c9780 in ?? ()
#1  0x08286b4e in ?? ()
#2  0x082c9c54 in _php_stream_free ()
#3  0x082c9e1b in ?? ()
#4  0x08303a2c in list_entry_destructor ()
#5  0x08301288 in zend_hash_del_key_or_index ()
#6  0x08303cc0 in _zend_list_delete ()
#7  0x0824cc6d in zif_fclose ()
#8  0x08314381 in execute_internal ()
#9  0xb705e672 in xdebug_execute_internal () from /usr/lib/php5.2/lib/extensions/no-debug-non-zts-20060613/xdebug.so
#10 0x0832a071 in ?? ()
#11 0x08318420 in execute ()
#12 0xb705e324 in xdebug_execute () from /usr/lib/php5.2/lib/extensions/no-debug-non-zts-20060613/xdebug.so
#13 0x082f6d0c in zend_execute_scripts ()
#14 0x082b5724 in php_execute_script ()
#15 0x0836f023 in main ()
 [2011-02-24 17:06 UTC] pajoye@php.net
-Status: Open +Status: Feedback
 [2011-02-24 17:06 UTC] pajoye@php.net
Please try using this snapshot:

  http://snaps.php.net/php5.3-latest.tar.gz
 
For Windows:

  http://windows.php.net/snapshots/


 [2011-02-24 17:14 UTC] daniel dot buschke at nextiraone dot de
-Status: Feedback +Status: Open
 [2011-02-24 17:14 UTC] daniel dot buschke at nextiraone dot de
Hi,
PHP 5.3(!) is compiling with --enable-debug and --enable-ftp. Hope that's enough. Our test machine is not the fastest one ;-)

But I am confused about 5.3. I think using 5.2-latest would be a better idea?!

regards
Daniel
 [2011-02-24 17:31 UTC] daniel dot buschke at nextiraone dot de
BackTrace of 5.3-latest:

#0  0x08394b84 in _php_stream_write_filtered (stream=0x8888ca0, buf=0x87431c6 "QUIT\r\n", count=6, flags=0)
    at /usr/src/php5.3-201102241530/main/streams/streams.c:1001
#1  0x08394d24 in _php_stream_write (stream=0x8888ca0, buf=0x87431c6 "QUIT\r\n", count=6) at /usr/src/php5.3-201102241530/main/streams/streams.c:1067
#2  0x0834cdc0 in php_stream_ftp_stream_close (wrapper=0x87768e8, stream=0x8888d10)
    at /usr/src/php5.3-201102241530/ext/standard/ftp_fopen_wrapper.c:120
#3  0x083938f3 in _php_stream_free (stream=0x8888d10, close_options=11) at /usr/src/php5.3-201102241530/main/streams/streams.c:376
#4  0x0839591f in stream_resource_regular_dtor (rsrc=0x8888e14) at /usr/src/php5.3-201102241530/main/streams/streams.c:1433
#5  0x083f715b in list_entry_destructor (ptr=0x8888e14) at /usr/src/php5.3-201102241530/Zend/zend_list.c:184
#6  0x083f47fe in zend_hash_del_key_or_index (ht=0x878e42c, arKey=0x0, nKeyLength=0, h=5, flag=1)
    at /usr/src/php5.3-201102241530/Zend/zend_hash.c:500
#7  0x083f6e49 in _zend_list_delete (id=5) at /usr/src/php5.3-201102241530/Zend/zend_list.c:58
#8  0x08300d78 in zif_fclose (ht=1, return_value=0x88884f8, return_value_ptr=0x0, this_ptr=0x0, return_value_used=0)
    at /usr/src/php5.3-201102241530/ext/standard/file.c:957
#9  0x084145de in zend_do_fcall_common_helper_SPEC (execute_data=0x88b5258) at /usr/src/php5.3-201102241530/Zend/zend_vm_execute.h:316
#10 0x08418122 in ZEND_DO_FCALL_SPEC_CONST_HANDLER (execute_data=0x88b5258) at /usr/src/php5.3-201102241530/Zend/zend_vm_execute.h:1606
#11 0x08413c7b in execute (op_array=0x8887010) at /usr/src/php5.3-201102241530/Zend/zend_vm_execute.h:107
#12 0x083e6f23 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /usr/src/php5.3-201102241530/Zend/zend.c:1194
#13 0x0837de64 in php_execute_script (primary_file=0xbffff12c) at /usr/src/php5.3-201102241530/main/main.c:2268
#14 0x084aa2f8 in main (argc=2, argv=0xbffff2a4) at /usr/src/php5.3-201102241530/sapi/cli/php_cli.c:1193
 [2011-02-24 17:33 UTC] daniel dot buschke at nextiraone dot de
Just for history:

php -v
----------------
PHP 5.3.6RC2-dev (cli) (built: Feb 24 2011 17:17:30) (DEBUG)
Copyright (c) 1997-2011 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2011 Zend Technologies
----------------
 [2011-02-24 21:52 UTC] iliaa@php.net
-Status: Open +Status: Feedback
 [2011-02-24 21:52 UTC] iliaa@php.net
Please try using this snapshot:

  http://snaps.php.net/php5.3-latest.tar.gz
 
For Windows:

  http://windows.php.net/snapshots/

Cannot reproduce the crash in 5.3
 [2011-02-25 00:00 UTC] cataphract@php.net
I can reproduce in 5.3 with Apache working as the proxy.
 [2011-02-25 11:07 UTC] cataphract@php.net
-Status: Feedback +Status: Assigned -Assigned To: +Assigned To: cataphract
 [2011-02-25 11:07 UTC] cataphract@php.net
I'll fix it over the weekend.
 [2011-02-27 21:23 UTC] cataphract@php.net
Automatic comment from SVN on behalf of cataphract
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=308734
Log: - Fixed bug #54092 (Segmentation fault when using HTTP proxy with the FTP
  wrapper).
#php_stream-&gt;wrapperdata should hold an array zval (like its zval* type
#indicates...), it's not a place where the wrapper can drop an arbitrary
#pointer. For that, .wrapperthis should be used.
#Also, since the ftp dir wrapper defines its own stream type, it's more
#appropriate to use .abstract to store the stream instance specific data.
 [2011-02-27 21:24 UTC] cataphract@php.net
-Status: Assigned +Status: Closed
 [2011-02-27 21:24 UTC] cataphract@php.net
This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Sat Apr 19 01:01:59 2014 UTC