php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #57182 default value of apc.mmap_file_mask causes a crash
Submitted: 2006-08-17 16:31 UTC Modified: 2006-08-17 16:42 UTC
From: andrei at yahoo-inc dot com Assigned:
Status: Not a bug Package: APC (PECL)
PHP Version: 5.1.4 OS: FreeBSD 4
Private report: No CVE-ID: None
 [2006-08-17 16:31 UTC] andrei at yahoo-inc dot com
Description:
------------
If the apc.mmap_file_mask is left at default value, which is "/tmp/apc", the APC will segfault with this backtrace:

#0  0x281bbf0b in mkstemp () from /usr/lib/libc.so.4
#1  0x288ad33c in apc_mmap (file_mask=0x288b0088 "/tmp/apc", size=31457280) at /homes/rasmus/apc/apc/apc_mmap.c:111
#2  0x288af6bd in apc_sma_init (numseg=1, segsize=31457280, mmap_file_mask=0x288b0088 "/tmp/apc")
    at /homes/rasmus/apc/apc/apc_sma.c:287
#3  0x288acf7b in apc_module_init (module_number=16) at /homes/rasmus/apc/apc/apc_main.c:342
#4  0x288a6c82 in zm_startup_apc (type=1, module_number=16) at /homes/rasmus/apc/apc/php_apc.c:188
#5  0x283cec47 in zend_startup_module_ex (module=0x80e8480)
    at /home/y/src/yahoo/packages/yahoo/php/php-5.1.4/Zend/zend_API.c:1397
#6  0x283d2c70 in zend_hash_apply (ht=0x28500940, apply_func=0x283ceb48 <zend_startup_module_ex>)
    at /home/y/src/yahoo/packages/yahoo/php/php-5.1.4/Zend/zend_hash.c:666
#7  0x283ced4f in zend_startup_modules () at /home/y/src/yahoo/packages/yahoo/php/php-5.1.4/Zend/zend_API.c:1444

I think that happens is that mktemp() expects the filename to contain X's which it overwrites with the digits, and since there are no X's, it tries to append to the string and segfaults.

Reproduce code:
---------------
Anything.

Expected result:
----------------
No crash.

Actual result:
--------------
Crash.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-08-17 16:42 UTC] rasmus@php.net
The default value is NULL.  And mktemp() shouldn't crash on that anyway.  File a bug against whoever wrote your mktemp()
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Mon Aug 19 16:01:27 2019 UTC