php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #55866 PHP segfaults if IMAP server returns "\r\n00000005 NO FETCH failed..
Submitted: 2011-10-07 17:08 UTC Modified: 2011-12-04 13:45 UTC
Votes:2
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:1 (100.0%)
From: thevlad at gmail dot com Assigned:
Status: Not a bug Package: IMAP related
PHP Version: 5.3.8 OS: Linux, Oracle Linux Server relea
Private report: No CVE-ID: None
 [2011-10-07 17:08 UTC] thevlad at gmail dot com
Description:
------------
PHP segfaults if IMAP server returns ""\r\n00000005 NO FETCH failed: Internal 
error\r\n"" randomly during communication.

[root@ ~]# rpm -qa|grep php
php-pear-Auth-SASL-1.0.4-1.el6.noarch
php-common-5.3.3-3.el6.x86_64
php-ldap-5.3.3-3.el6.x86_64
php-mysql-5.3.3-3.el6.x86_64
php-gd-5.3.3-3.el6.x86_64
php-pear-1.9.0-2.el6.noarch
php-pear-Mail-1.2.0-1.el6.noarch
php-cli-5.3.3-3.el6.x86_64
php-pdo-5.3.3-3.el6.x86_64
php-xml-5.3.3-3.el6.x86_64
php-pear-Net-Socket-1.0.10-1.el6.noarch
php-debuginfo-5.3.3-3.el6.x86_64
php-5.3.3-3.el6.x86_64
php-imap-5.3.3-3.el6.x86_64
php-pear-Net-SMTP-1.6.0-1.el6.noarch


(gdb) bt
#0  0x00007fe6b51ac221 in tcp_host (stream=0x0) at tcp_unix.c:767
#1  0x00007fe6b51e709c in imap_parse_header (stream=<value optimized out>, 
env=0x31594f0, hdr=0x7fff861b71c0, 
    stl=0x0) at imap4r1.c:4525
#2  0x00007fe6b51e73e2 in imap_cache (stream=0x309eba0, msgno=1, seg=<value 
optimized out>, stl=0x0, 
    text=0x7fff861b71c0) at imap4r1.c:5022
#3  0x00007fe6b51ea01c in imap_parse_unsolicited (stream=0x309eba0, 
reply=0x309ee08) at imap4r1.c:3835
#4  0x00007fe6b51eabf3 in imap_reply (stream=0x309eba0, tag=0x7fff861b7870 
"00000005") at imap4r1.c:3560
#5  0x00007fe6b51eade3 in imap_sout (stream=0x309eba0, tag=0x7fff861b7870 
"00000005", base=0x309eeb0 "", 
    s=0x7fff861b7468) at imap4r1.c:3519
#6  0x00007fe6b51ec0d5 in imap_send (stream=0x309eba0, cmd=0x7fe6b5287039 
"FETCH", args=0x7fff861b7900)
    at imap4r1.c:3129
#7  0x00007fe6b51f0987 in imap_msgdata (stream=0x309eba0, msgno=1, section=
<value optimized out>, first=0, 
    last=0, lines=<value optimized out>, flags=<value optimized out>) at 
imap4r1.c:1845
#8  0x00007fe6b51c52df in mail_fetch_header (stream=0x309eba0, msgno=1, 
section=0x0, lines=0x0, len=0x0, 
    flags=2) at mail.c:1748
#9  0x00007fe6b54aa963 in zif_imap_fetchheader (ht=2, return_value=0x30550f0, 
    return_value_ptr=<value optimized out>, this_ptr=<value optimized out>, 
    return_value_used=<value optimized out>) at /usr/src/debug/php-
5.3.3/ext/imap/php_imap.c:3140
#10 0x00000000005f5e58 in zend_do_fcall_common_helper_SPEC (execute_data=<value 
optimized out>)
    at /usr/src/debug/php-5.3.3/Zend/zend_vm_execute.h:316
#11 0x00000000005cd180 in execute (op_array=0x2307380) at /usr/src/debug/php-
5.3.3/Zend/zend_vm_execute.h:107
#12 0x00000000005a787d in zend_execute_scripts (type=8, retval=0x0, 
file_count=3)
    at /usr/src/debug/php-5.3.3/Zend/zend.c:1194
---Type <return> to continue, or q <return> to quit---
#13 0x0000000000555b48 in php_execute_script (primary_file=0x7fff861baae0)
    at /usr/src/debug/php-5.3.3/main/main.c:2260
#14 0x00000000006315ee in main (argc=6, argv=0x7fff861bace8)
    at /usr/src/debug/php-5.3.3/sapi/cli/php_cli.c:1192


#0  0x00007fe6b51ac221 in tcp_host (stream=0x0) at tcp_unix.c:767
No locals.
#1  0x00007fe6b51e709c in imap_parse_header (stream=<value optimized out>, 
env=0x31594f0, hdr=0x7fff861b71c0, 
    stl=0x0) at imap4r1.c:4525
        nenv = 0x7fff861b71c0
#2  0x00007fe6b51e73e2 in imap_cache (stream=0x309eba0, msgno=1, seg=<value 
optimized out>, stl=0x0, 
    text=0x7fff861b71c0) at imap4r1.c:5022
        ...
        ret = 0x3159528
        stc = <value optimized out>
        elt = 0x31594b0
#3  0x00007fe6b51ea01c in imap_parse_unsolicited (stream=0x309eba0, 
reply=0x309ee08) at imap4r1.c:3835
        stl = 0x0
---Type <return> to continue, or q <return> to quit---
        text = {data = 0x314bff0 "\r\n00000005 NO FETCH failed: Internal 
error\r\n", size = 1655}



Actual result:
--------------
(gdb) bt
#0  0x00007fe6b51ac221 in tcp_host (stream=0x0) at tcp_unix.c:767
#1  0x00007fe6b51e709c in imap_parse_header (stream=<value optimized out>, 
env=0x31594f0, hdr=0x7fff861b71c0, 
    stl=0x0) at imap4r1.c:4525
#2  0x00007fe6b51e73e2 in imap_cache (stream=0x309eba0, msgno=1, seg=<value 
optimized out>, stl=0x0, 
    text=0x7fff861b71c0) at imap4r1.c:5022
#3  0x00007fe6b51ea01c in imap_parse_unsolicited (stream=0x309eba0, 
reply=0x309ee08) at imap4r1.c:3835
#4  0x00007fe6b51eabf3 in imap_reply (stream=0x309eba0, tag=0x7fff861b7870 
"00000005") at imap4r1.c:3560
#5  0x00007fe6b51eade3 in imap_sout (stream=0x309eba0, tag=0x7fff861b7870 
"00000005", base=0x309eeb0 "", 
    s=0x7fff861b7468) at imap4r1.c:3519
#6  0x00007fe6b51ec0d5 in imap_send (stream=0x309eba0, cmd=0x7fe6b5287039 
"FETCH", args=0x7fff861b7900)
    at imap4r1.c:3129
#7  0x00007fe6b51f0987 in imap_msgdata (stream=0x309eba0, msgno=1, section=
<value optimized out>, first=0, 
    last=0, lines=<value optimized out>, flags=<value optimized out>) at 
imap4r1.c:1845
#8  0x00007fe6b51c52df in mail_fetch_header (stream=0x309eba0, msgno=1, 
section=0x0, lines=0x0, len=0x0, 
    flags=2) at mail.c:1748
#9  0x00007fe6b54aa963 in zif_imap_fetchheader (ht=2, return_value=0x30550f0, 
    return_value_ptr=<value optimized out>, this_ptr=<value optimized out>, 
    return_value_used=<value optimized out>) at /usr/src/debug/php-
5.3.3/ext/imap/php_imap.c:3140
#10 0x00000000005f5e58 in zend_do_fcall_common_helper_SPEC (execute_data=<value 
optimized out>)
    at /usr/src/debug/php-5.3.3/Zend/zend_vm_execute.h:316
#11 0x00000000005cd180 in execute (op_array=0x2307380) at /usr/src/debug/php-
5.3.3/Zend/zend_vm_execute.h:107
#12 0x00000000005a787d in zend_execute_scripts (type=8, retval=0x0, 
file_count=3)
    at /usr/src/debug/php-5.3.3/Zend/zend.c:1194
---Type <return> to continue, or q <return> to quit---
#13 0x0000000000555b48 in php_execute_script (primary_file=0x7fff861baae0)
    at /usr/src/debug/php-5.3.3/main/main.c:2260
#14 0x00000000006315ee in main (argc=6, argv=0x7fff861bace8)
    at /usr/src/debug/php-5.3.3/sapi/cli/php_cli.c:1192


#0  0x00007fe6b51ac221 in tcp_host (stream=0x0) at tcp_unix.c:767
No locals.
#1  0x00007fe6b51e709c in imap_parse_header (stream=<value optimized out>, 
env=0x31594f0, hdr=0x7fff861b71c0, 
    stl=0x0) at imap4r1.c:4525
        nenv = 0x7fff861b71c0
#2  0x00007fe6b51e73e2 in imap_cache (stream=0x309eba0, msgno=1, seg=<value 
optimized out>, stl=0x0, 
    text=0x7fff861b71c0) at imap4r1.c:5022
        ...
        ret = 0x3159528
        stc = <value optimized out>
        elt = 0x31594b0
#3  0x00007fe6b51ea01c in imap_parse_unsolicited (stream=0x309eba0, 
reply=0x309ee08) at imap4r1.c:3835
        stl = 0x0
---Type <return> to continue, or q <return> to quit---
        text = {data = 0x314bff0 "\r\n00000005 NO FETCH failed: Internal 
error\r\n", size = 1655}


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-11-18 14:11 UTC] thevlad at gmail dot com
segfaults in PHP 5.3.8 as well.
 [2011-11-18 14:13 UTC] thevlad at gmail dot com
-PHP Version: Irrelevant +PHP Version: 5.3.8
 [2011-11-18 14:13 UTC] thevlad at gmail dot com
The same error in PHP 5.3.8
 [2011-12-04 13:45 UTC] iliaa@php.net
-Status: Open +Status: Bogus
 [2011-12-04 13:45 UTC] iliaa@php.net
Sorry, but your problem does not imply a bug in PHP itself.  For a
list of more appropriate places to ask for help using PHP, please
visit http://www.php.net/support.php as this bug system is not the
appropriate forum for asking support questions.  Due to the volume
of reports we can not explain in detail here why your report is not
a bug.  The support channels will be able to provide an explanation
for you.

Thank you for your interest in PHP.

The crash is happening deep inside the c-client library and not PHP, this is a not 
a PHP bug.
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Wed Dec 01 11:03:37 2021 UTC