php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #57040 Use of mailparse causes segmentation faults (CentOS 4.3 64-bit)
Submitted: 2006-05-25 13:06 UTC Modified: 2007-11-07 16:15 UTC
From: saeven at saeven dot net Assigned:
Status: Closed Package: mailparse (PECL)
PHP Version: 5.1.6 OS: CentOS 4.3 (64-bit)
Private report: No CVE-ID: None
View Developer Edit
 [2006-05-25 13:06 UTC] saeven at saeven dot net 
Description:
------------
Actually am using php 5.1.4 (wasn't in bug dropdown list).

Using mailparse in any manner, causes segmentation faults which are logged to the apache error_log.

I've recompiled PHP already, and the configure command used is:

./configure --with-apxs --with-curl --with-gd --with-jpeg-dir=/usr/local/lib --with-mcrypt --with-mysql=/usr --with-pear --with-png-dir=/usr/local/lib --with-xml --with-zlib --with-zip --with-openssl --enable-bcmath --enable-calendar --enable-sockets --enable-mbstring=all --with-xsl --enable-inline-optimization

Mailparse was installed with "pecl install mailparse" and loads without problems.

This code is run on two machines for this bug report.  It runs successfully on a Fedora Core 2 (32-bit) machine, yet fails on the CentOS 4.3 (64-bit) server.

Reproduce code:
---------------
dropLog ( "decoding message " . $message );
$mail	= mailparse_msg_create();
dropLog( 'message created' );
mailparse_msg_parse( $mail, $message );
dropLog( 'MAIL : ' . print_r( $mail, true ) );
$struct = mailparse_msg_get_structure( $mail );
dropLog( print_r( $struct, true ) );

Expected result:
----------------
[2006-05-25 12:50:09]decoding message +OK 508 octets
Return-path: <xxxxx@xxxxxxxx.net>
Envelope-to: yyyyyy@yyyyyy.net
Delivery-date: Thu, 25 May 2006 12:49:53 -0500
Received: from apache by saevenstar.net with local (Exim 4.60)
        (envelope-from <xxxxx@xxxxxxxx.net>)
        id 1FjJy5-0000MD-07
        for support@saeven.net; Thu, 25 May 2006 12:49:53 -0500
To: yyyyyy@yyyyyy.net
Subject: This is a test message
Message-Id: <E1FjJy5-0000MD-07@zzzzzz.net>
From: xxxxx@xxxxxxxx.net
Date: Thu, 25 May 2006 12:49:53 -0500
 
Thanks for your consideration!
 
.
 
[2006-05-25 12:50:09]message created
[2006-05-25 12:50:09]MAIL : Resource id #41
[2006-05-25 12:50:09]Array
(
    [0] => 1
)


Actual result:
--------------
[2006-05-25 13:10:18]decoding message +OK 508 octets
Return-path: <xxxxx@xxxxxxxx.net>
Envelope-to: yyyyyy@yyyyyy.net
Delivery-date: Thu, 25 May 2006 12:49:53 -0500
Received: from apache by saevenstar.net with local (Exim 4.60)
        (envelope-from <xxxxx@xxxxxxxx.net>)
        id 1FjJy5-0000MD-07
        for support@saeven.net; Thu, 25 May 2006 12:49:53 -0500
To: yyyyyy@yyyyyy.net
Subject: This is a test message
Message-Id: <E1FjJy5-0000MD-07@zzzzzz.net>
From: xxxxx@xxxxxxxx.net
Date: Thu, 25 May 2006 12:49:53 -0500
 
Thanks for your consideration!
 
.

----->  The program then halts unexpectedly and drops a segmentation fault into the log <--------


[Thu May 25 12:56:08 2006] [notice] child pid 1317 exit signal Segmentation fault (11)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-09-04 14:30 UTC] saeven at saeven dot net 
Anything I can do to assist?  This bug is somewhat crippling..
 [2006-09-30 14:53 UTC] tony991 at yandex dot ru 
Same bug on SUSE Linux Enterprise Server 9 EM64T (php version 5.1.6, mailparse version 2.1.1).

Looks like there is a bug in mailparse.c that causes segfault only on 64bit platforms. 

The bug is in using long instead of int for string lengths in zend_parse_parameters(). sizeof(long) is 8 on some 64bit platforms, and using long instead of int might cause memory corruption.

I downloaded rev. 1.49 of mailparse.c from CVS repository and replaced long to int where appropriate. After this fix my scripts that use mailparse don't cause segfault any more. 

Below is unified diff that helped me (should be applied to rev. 1.49, not to release version 2.1.1):

--- mailparse-1.49.c	2006-09-30 18:42:45.000000000 +0400
+++ mailparse.c	2006-09-30 22:03:37.000000000 +0400
@@ -231,7 +231,7 @@
 	php_mimepart *part;
 	zval *zpart;
 	char *mode;
-	long mode_len;
+	int mode_len;
 	zval *source = NULL;
 
 	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "sz!", &mode, &mode_len, &source) == FAILURE)
@@ -839,7 +839,7 @@
 PHP_FUNCTION(mailparse_rfc822_parse_addresses)
 {
 	char *addresses;
-	long addresses_len;
+	int addresses_len;
 	php_rfc822_tokenized_t *toks = NULL;
 	php_rfc822_addresses_t *addrs = NULL;
 	int i;
@@ -1031,7 +1031,7 @@
 PHP_FUNCTION(mailparse_msg_parse)
 {
 	char *data;
-	long data_len;
+	int data_len;
 	zval *arg;
 	php_mimepart *part;
 
@@ -1053,7 +1053,7 @@
 PHP_FUNCTION(mailparse_msg_parse_file)
 {
 	char *filename;
-	long filename_len;
+	int filename_len;
 	php_mimepart *part;
 	char *filebuf;
 	php_stream *stream;
@@ -1501,7 +1501,7 @@
 	zval *arg;
 	php_mimepart *part, *foundpart;
 	char *mimesection;
-	long mimesection_len;
+	int mimesection_len;
 
 	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "rs", &arg, &mimesection, &mimesection_len) == FAILURE)	{
 		RETURN_FALSE; 

Anton
 [2006-10-10 07:47 UTC] judas dot iscariote at gmail dot com 
here is a improved patch HTH.

http://www.php5.cl/patches/mailparse-64bit.patch
 [2006-10-24 19:17 UTC] ssharma at odc dot net 
Can we get this patched into CSV and a new release?
 [2006-12-05 13:49 UTC] saeven at saeven dot net 
Yes please!
 [2007-11-05 15:21 UTC] shire@php.net 
At first glance this patch looks fine, however I'm unable to see the second patch posted on this list at http://www.php5.cl/patches/mailparse-64bit.patch.  Can someone respond here and let me know if this is still available somewhere or what the additional changes where?
 [2007-11-07 16:15 UTC] shire@php.net 
This bug has been fixed in CVS.

In case this was a documentation problem, the fix will show up at the
end of next Sunday (CET) on pecl.php.net.

In case this was a pecl.php.net website problem, the change will show
up on the website in short time.
 
Thank you for the report, and for helping us make PECL better.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Fri May 09 05:01:27 2025 UTC