php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #55819 segfault on mb_ereg_replace_callback
Submitted: 2011-09-30 08:06 UTC Modified: 2011-10-07 04:26 UTC
From: laruence@php.net Assigned: laruence (profile)
Status: Closed Package: mbstring related
PHP Version: 5.4SVN-2011-09-30 (SVN) OS:
Private report: No CVE-ID: None
 [2011-09-30 08:06 UTC] laruence@php.net
Description:
------------
there are two segfault when run test of mbstring:
Test mb_ereg_replace() function : usage variations 
[ext/mbstring/tests/mb_ereg_replace_variation2.phpt]
Test mb_ereg_replace() function : usage variations 
[ext/mbstring/tests/mb_ereg_replace_variation3.phpt]


Expected result:
----------------
pass

Actual result:
--------------
segfault:
#0  0x0000000000653edc in _php_mb_regex_ereg_replace_exec (ht=4, 
return_value=0x2a95de6768, return_value_ptr=0x0, this_ptr=0x0, 
return_value_used=1, options=0, is_callable=0)
    at /home/huixc/opensource/php-src/trunk/ext/mbstring/php_mbregex.c:924
924						if ((replace_len - i) >= 2 && 
fwd == 1 &&
(gdb) bt
#0  0x0000000000653edc in _php_mb_regex_ereg_replace_exec (ht=4, 
return_value=0x2a95de6768, return_value_ptr=0x0, this_ptr=0x0, 
return_value_used=1, options=0, is_callable=0)
    at /home/huixc/opensource/php-src/trunk/ext/mbstring/php_mbregex.c:924
#1  0x000000000065531f in zif_mb_ereg_replace (ht=4, return_value=0x2a95de6768, 
return_value_ptr=0x0, this_ptr=0x0, return_value_used=1)
    at /home/huixc/opensource/php-src/trunk/ext/mbstring/php_mbregex.c:1031
#2  0x00000000008d3de6 in zend_do_fcall_common_helper_SPEC 
(execute_data=0x2a95dac0e8) at /home/huixc/opensource/php-
src/trunk/Zend/zend_vm_execute.h:642
#3  0x00000000008da583 in ZEND_DO_FCALL_SPEC_CONST_HANDLER 
(execute_data=0x2a95dac0e8) at /home/huixc/opensource/php-
src/trunk/Zend/zend_vm_execute.h:2215
#4  0x00000000008d2aea in execute (op_array=0x2a95de03b0) at 
/home/huixc/opensource/php-src/trunk/Zend/zend_vm_execute.h:410
#5  0x000000000089b19f in zend_execute_scripts (type=8, retval=0x0, 
file_count=3) at /home/huixc/opensource/php-src/trunk/Zend/zend.c:1271
#6  0x000000000081bb23 in php_execute_script (primary_file=0x7fbffff400) at 
/home/huixc/opensource/php-src/trunk/main/main.c:2391
#7  0x00000000009bb061 in do_cli (argc=66, argv=0x7fbffff6e8) at 
/home/huixc/opensource/php-src/trunk/sapi/cli/php_cli.c:983
#8  0x00000000009bbf02 in main (argc=66, argv=0x7fbffff6e8) at 
/home/huixc/opensource/php-src/trunk/sapi/cli/php_cli.c:1356

Patches

bug55819.diff (last revision 2011-09-30 15:14 UTC by laruence@php.net)

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-09-30 15:14 UTC] laruence@php.net
The following patch has been added/updated:

Patch Name: bug55819.diff
Revision:   1317395694
URL:        https://bugs.php.net/patch-display.php?bug=55819&patch=bug55819.diff&revision=1317395694
 [2011-09-30 15:16 UTC] laruence@php.net
-PHP Version: 5.3.8 +PHP Version: 5.4.0beta1 -Assigned To: +Assigned To: hirokawa
 [2011-09-30 15:16 UTC] laruence@php.net
hirokawa, plz look at this, thanks :)
 [2011-10-01 04:06 UTC] laruence@php.net
-PHP Version: 5.4.0beta1 +PHP Version: 5.3SVN-2011-09-30 (SVN)
 [2011-10-01 04:06 UTC] laruence@php.net
this segfault only exists in svn trunk now.
 [2011-10-06 13:23 UTC] laruence@php.net
-PHP Version: 5.3SVN-2011-09-30 (SVN) +PHP Version: 5.4SVN-2011-09-30 (SVN) -Assigned To: hirokawa +Assigned To: laruence
 [2011-10-06 13:23 UTC] laruence@php.net
Assign to myself, and will cc to hirokawa, ask for his review.
 [2011-10-07 04:23 UTC] laruence@php.net
-Summary: segfault on mbstring tests +Summary: segfault on mb_ereg_replace_callback
 [2011-10-07 04:23 UTC] laruence@php.net
Automatic comment from SVN on behalf of laruence
Revision: http://svn.php.net/viewvc/?view=revision&revision=317850
Log: Fix #55819 crash on mb_ereg_replace_callback
Need hirokawa to review this.
 [2011-10-07 04:26 UTC] laruence@php.net
-Status: Assigned +Status: Closed
 [2011-10-07 04:26 UTC] laruence@php.net
This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.

 For Windows:

http://windows.php.net/snapshots/
 
Thank you for the report, and for helping us make PHP better.


 [2012-04-18 09:48 UTC] laruence@php.net
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=c8ff0fe2542c296eda4e337a308ac9bb4e2df1ed
Log: Fix #55819 crash on mb_ereg_replace_callback Need hirokawa to review this.
 [2012-07-24 23:39 UTC] rasmus@php.net
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=c8ff0fe2542c296eda4e337a308ac9bb4e2df1ed
Log: Fix #55819 crash on mb_ereg_replace_callback Need hirokawa to review this.
 [2013-11-17 09:36 UTC] laruence@php.net
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=c8ff0fe2542c296eda4e337a308ac9bb4e2df1ed
Log: Fix #55819 crash on mb_ereg_replace_callback Need hirokawa to review this.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Mar 28 12:01:27 2024 UTC