php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #54092 Segmentation fault when using FTP proxy
Submitted: 2011-02-24 16:47 UTC Modified: 2011-02-27 21:24 UTC
From: daniel dot buschke at nextiraone dot de Assigned: cataphract (profile)
Status: Closed Package: Reproducible crash
PHP Version: 5.2.17 OS: Linux
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: daniel dot buschke at nextiraone dot de
New email:
PHP Version: OS:

 

 [2011-02-24 16:47 UTC] daniel dot buschke at nextiraone dot de
Description:
------------
Hi,
either the Bug (#42420) is still alive or it is re-alive. But I am not allowed to re-open it. So sorry for opening a dup.

php -v says:
------------------
PHP 5.2.17-pl0-gentoo (cli) (built: Feb 18 2011 10:01:58)
Copyright (c) 1997-2010 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2010 Zend Technologies
    with Xdebug v2.1.0, Copyright (c) 2002-2010, by Derick Rethans
------------------

The PHP died with SegFault on two different machines with two different Proxies.

regards
Daniel

Test script:
---------------
<?php

        $uri = 'ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/shadow-4.1.4.3.tar.bz2';
        $proxy = 'tcp://proxy:8080';

        $opts = array(
                'ftp' => array(
                        'proxy' => $proxy
                )
        );

        $context = stream_context_create($opts);
        stream_context_set_params($context, array());

        $fh = fopen($uri, 'r', false, $context);
        while (!feof($fh)) {
                echo "foo\n";
                fread($fh, 4 * 1024);
        }

        fclose($fh);

?>


Expected result:
----------------
many foos ;-) and no segmentation fault

Actual result:
--------------
many foos and segementation fault

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-02-24 17:02 UTC] daniel dot buschke at nextiraone dot de
BackTrace (without debug symbols, hope it is usefull):

#0  0x082c9780 in ?? ()
#1  0x08286b4e in ?? ()
#2  0x082c9c54 in _php_stream_free ()
#3  0x082c9e1b in ?? ()
#4  0x08303a2c in list_entry_destructor ()
#5  0x08301288 in zend_hash_del_key_or_index ()
#6  0x08303cc0 in _zend_list_delete ()
#7  0x0824cc6d in zif_fclose ()
#8  0x08314381 in execute_internal ()
#9  0xb705e672 in xdebug_execute_internal () from /usr/lib/php5.2/lib/extensions/no-debug-non-zts-20060613/xdebug.so
#10 0x0832a071 in ?? ()
#11 0x08318420 in execute ()
#12 0xb705e324 in xdebug_execute () from /usr/lib/php5.2/lib/extensions/no-debug-non-zts-20060613/xdebug.so
#13 0x082f6d0c in zend_execute_scripts ()
#14 0x082b5724 in php_execute_script ()
#15 0x0836f023 in main ()
 [2011-02-24 17:06 UTC] pajoye@php.net
-Status: Open +Status: Feedback
 [2011-02-24 17:06 UTC] pajoye@php.net
Please try using this snapshot:

  http://snaps.php.net/php5.3-latest.tar.gz
 
For Windows:

  http://windows.php.net/snapshots/


 [2011-02-24 17:14 UTC] daniel dot buschke at nextiraone dot de
-Status: Feedback +Status: Open
 [2011-02-24 17:14 UTC] daniel dot buschke at nextiraone dot de
Hi,
PHP 5.3(!) is compiling with --enable-debug and --enable-ftp. Hope that's enough. Our test machine is not the fastest one ;-)

But I am confused about 5.3. I think using 5.2-latest would be a better idea?!

regards
Daniel
 [2011-02-24 17:31 UTC] daniel dot buschke at nextiraone dot de
BackTrace of 5.3-latest:

#0  0x08394b84 in _php_stream_write_filtered (stream=0x8888ca0, buf=0x87431c6 "QUIT\r\n", count=6, flags=0)
    at /usr/src/php5.3-201102241530/main/streams/streams.c:1001
#1  0x08394d24 in _php_stream_write (stream=0x8888ca0, buf=0x87431c6 "QUIT\r\n", count=6) at /usr/src/php5.3-201102241530/main/streams/streams.c:1067
#2  0x0834cdc0 in php_stream_ftp_stream_close (wrapper=0x87768e8, stream=0x8888d10)
    at /usr/src/php5.3-201102241530/ext/standard/ftp_fopen_wrapper.c:120
#3  0x083938f3 in _php_stream_free (stream=0x8888d10, close_options=11) at /usr/src/php5.3-201102241530/main/streams/streams.c:376
#4  0x0839591f in stream_resource_regular_dtor (rsrc=0x8888e14) at /usr/src/php5.3-201102241530/main/streams/streams.c:1433
#5  0x083f715b in list_entry_destructor (ptr=0x8888e14) at /usr/src/php5.3-201102241530/Zend/zend_list.c:184
#6  0x083f47fe in zend_hash_del_key_or_index (ht=0x878e42c, arKey=0x0, nKeyLength=0, h=5, flag=1)
    at /usr/src/php5.3-201102241530/Zend/zend_hash.c:500
#7  0x083f6e49 in _zend_list_delete (id=5) at /usr/src/php5.3-201102241530/Zend/zend_list.c:58
#8  0x08300d78 in zif_fclose (ht=1, return_value=0x88884f8, return_value_ptr=0x0, this_ptr=0x0, return_value_used=0)
    at /usr/src/php5.3-201102241530/ext/standard/file.c:957
#9  0x084145de in zend_do_fcall_common_helper_SPEC (execute_data=0x88b5258) at /usr/src/php5.3-201102241530/Zend/zend_vm_execute.h:316
#10 0x08418122 in ZEND_DO_FCALL_SPEC_CONST_HANDLER (execute_data=0x88b5258) at /usr/src/php5.3-201102241530/Zend/zend_vm_execute.h:1606
#11 0x08413c7b in execute (op_array=0x8887010) at /usr/src/php5.3-201102241530/Zend/zend_vm_execute.h:107
#12 0x083e6f23 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /usr/src/php5.3-201102241530/Zend/zend.c:1194
#13 0x0837de64 in php_execute_script (primary_file=0xbffff12c) at /usr/src/php5.3-201102241530/main/main.c:2268
#14 0x084aa2f8 in main (argc=2, argv=0xbffff2a4) at /usr/src/php5.3-201102241530/sapi/cli/php_cli.c:1193
 [2011-02-24 17:33 UTC] daniel dot buschke at nextiraone dot de
Just for history:

php -v
----------------
PHP 5.3.6RC2-dev (cli) (built: Feb 24 2011 17:17:30) (DEBUG)
Copyright (c) 1997-2011 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2011 Zend Technologies
----------------
 [2011-02-24 21:52 UTC] iliaa@php.net
-Status: Open +Status: Feedback
 [2011-02-24 21:52 UTC] iliaa@php.net
Please try using this snapshot:

  http://snaps.php.net/php5.3-latest.tar.gz
 
For Windows:

  http://windows.php.net/snapshots/

Cannot reproduce the crash in 5.3
 [2011-02-25 00:00 UTC] cataphract@php.net
I can reproduce in 5.3 with Apache working as the proxy.
 [2011-02-25 11:07 UTC] cataphract@php.net
-Status: Feedback +Status: Assigned -Assigned To: +Assigned To: cataphract
 [2011-02-25 11:07 UTC] cataphract@php.net
I'll fix it over the weekend.
 [2011-02-27 21:23 UTC] cataphract@php.net
Automatic comment from SVN on behalf of cataphract
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=308734
Log: - Fixed bug #54092 (Segmentation fault when using HTTP proxy with the FTP
  wrapper).
#php_stream-&gt;wrapperdata should hold an array zval (like its zval* type
#indicates...), it's not a place where the wrapper can drop an arbitrary
#pointer. For that, .wrapperthis should be used.
#Also, since the ftp dir wrapper defines its own stream type, it's more
#appropriate to use .abstract to store the stream instance specific data.
 [2011-02-27 21:24 UTC] cataphract@php.net
-Status: Assigned +Status: Closed
 [2011-02-27 21:24 UTC] cataphract@php.net
This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Wed Sep 18 11:01:27 2024 UTC