php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #57188 rename_function causes segfault and/or strange unexpected results
Submitted: 2006-08-19 10:44 UTC Modified: 2013-10-24 08:10 UTC
From: adam-peclbugs at adam dot gs Assigned:
Status: Wont fix Package: apd (PECL)
PHP Version: 5.1.4 OS: Independant
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2006-08-19 10:44 UTC] adam-peclbugs at adam dot gs
Description:
------------
this is PHP 5.1.5 in CLI! (php 5.1.5 is not avaliable as a 
drop-down choice yet)
The specific code example I left below causes one set of 
results, the get_defined_functions() call changes the output 
of the backtrace.
I am going to ammend this with some other cases in a moment.


Reproduce code:
---------------
<?php
rename_function("ip2long","ip2long_real");
rename_function("ip2long_wrapper","ip2long");
function ip2long_wrapper($ip) {
	return sprintf("%u",ip2long_real($ip));
}
$functions=get_defined_functions();
eval("return ip2long('200.200.200.200');");
?>

Expected result:
----------------
3368601800

Actual result:
--------------
Segfault, backtrace as follows:
Program received signal EXC_BAD_INSTRUCTION, Illegal 
instruction/operand.
0x02b12e80 in ?? ()
(gdb) bt
#0  0x02b12e80 in ?? ()
#1  0x002042b0 in execute (op_array=0x291b050) at /Users/
adam/Scripts/php/php-5.1.2/Zend/zend_vm_execute.h:92
#2  0x00fe5cb4 in apd_execute (op_array=0x291b050) at /
private/tmp/tmpZbKSq8/apd-1.0.1/php_apd.c:518
#3  0x00204aa8 in zend_do_fcall_common_helper_SPEC 
(execute_data=0xbfffdfb8) at /Users/adam/Scripts/php/
php-5.1.2/Zend/zend_vm_execute.h:226
#4  0x002042b0 in execute (op_array=0x2b13670) at /Users/
adam/Scripts/php/php-5.1.2/Zend/zend_vm_execute.h:92
#5  0x00fe5cb4 in apd_execute (op_array=0x2b13670) at /
private/tmp/tmpZbKSq8/apd-1.0.1/php_apd.c:518
#6  0x0020ad50 in ZEND_INCLUDE_OR_EVAL_SPEC_CONST_HANDLER 
(execute_data=0xbfffe168) at /Users/adam/Scripts/php/
php-5.1.2/Zend/zend_vm_execute.h:1918
#7  0x002042b0 in execute (op_array=0x29f1020) at /Users/
adam/Scripts/php/php-5.1.2/Zend/zend_vm_execute.h:92
#8  0x00fe5cb4 in apd_execute (op_array=0x29f1020) at /
private/tmp/tmpZbKSq8/apd-1.0.1/php_apd.c:518
#9  0x001e9028 in zend_execute_scripts (type=8, retval=0x0, 
file_count=3) at /Users/adam/Scripts/php/php-5.1.2/Zend/
zend.c:1101
#10 0x001aadd0 in php_execute_script 
(primary_file=0xbfffeb68) at /Users/adam/Scripts/php/
php-5.1.2/main/main.c:1720
#11 0x00281ce0 in main (argc=2, argv=0xbffff028) at /Users/
adam/Scripts/php/php-5.1.2/sapi/cli/php_cli.c:1077
#12 0x000023fc in _start (argc=2, argv=0xbffff028, 
envp=0xbffff034) at /SourceCache/Csu/Csu-58/crt.c:272
#13 0x000022a4 in start ()

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-08-19 10:46 UTC] adam-peclbugs at adam dot gs
The Following Code:
<?php
rename_function("ip2long","ip2long_real");
rename_function("ip2long_wrapper","ip2long");
function ip2long_wrapper($ip) {
	return sprintf("%u",ip2long_real($ip));
}
print ip2long('200.200.200.200');
?>
Returns the Following Result:
PHP Fatal error:  Call to undefined function ?(?() in /
Users/adam/Scripts/apps/phpc/apdt.php on line 5

Note that now ip2long() is called outside of eval() and 
get_defined_functions is not called.
 [2006-08-19 10:51 UTC] adam-peclbugs at adam dot gs
The following has no get_defined_functions and ip2long is 
called inside eval.
The Following Code:
<?php
rename_function("ip2long","ip2long_real");
rename_function("ip2long_wrapper","ip2long");
function ip2long_wrapper($ip) {
	return sprintf("%u",ip2long_real($ip));
}
eval("return ip2long('200.200.200.200');");
?>
Causes a segfault, backtrace as follows:
Program received signal EXC_BAD_ACCESS, Could not access 
memory.
Reason: KERN_INVALID_ADDRESS at address: 0xbf7fffe0
0x90003880 in szone_malloc ()
(gdb) bt
#0  0x90003880 in szone_malloc ()
#1  0x90003520 in malloc ()
#2  0x0019e1d0 in _estrndup (s=0x1ef2560 "200.200.200.200", 
length=15) at /Users/adam/Scripts/php/php-5.1.5/Zend/
zend_alloc.c:418
#3  0x001b5bec in _zval_copy_ctor_func (zvalue=0x33c9860) at 
/Users/adam/Scripts/php/php-5.1.5/Zend/zend_variables.c:120
#4  0x001d5e34 in ZEND_SEND_VAL_SPEC_CONST_HANDLER 
(execute_data=0x900032b0) at /Users/adam/Scripts/php/
php-5.1.5/Zend/zend_variables.h:45
#5  0x001d2d34 in execute (op_array=0x1e1b220) at /Users/
adam/Scripts/php/php-5.1.5/Zend/zend_vm_execute.h:92
#6  0x00fe7cb4 in apd_execute (op_array=0x10) at /private/
tmp/tmpZbKSq8/apd-1.0.1/php_apd.c:518
#7  0x001d3584 in zend_do_fcall_common_helper_SPEC 
(execute_data=0xbf800418) at /Users/adam/Scripts/php/
php-5.1.5/Zend/zend_vm_execute.h:234
#8  0x001d2d34 in execute (op_array=0x1e1b220) at /Users/
adam/Scripts/php/php-5.1.5/Zend/zend_vm_execute.h:92
#9  0x00fe7cb4 in apd_execute (op_array=0x1e1b220) at /
private/tmp/tmpZbKSq8/apd-1.0.1/php_apd.c:518
#10 0x001d3584 in zend_do_fcall_common_helper_SPEC 
(execute_data=0xbf8005b8) at /Users/adam/Scripts/php/
php-5.1.5/Zend/zend_vm_execute.h:234
#11 0x001d2d34 in execute (op_array=0x1e1b220) at /Users/
adam/Scripts/php/php-5.1.5/Zend/zend_vm_execute.h:92
#12 0x00fe7cb4 in apd_execute (op_array=0x1e1b220) at /
private/tmp/tmpZbKSq8/apd-1.0.1/php_apd.c:518
#13 0x001d3584 in zend_do_fcall_common_helper_SPEC 
(execute_data=0xbf800758) at /Users/adam/Scripts/php/
php-5.1.5/Zend/zend_vm_execute.h:234
#14 0x001d2d34 in execute (op_array=0x1e1b220) at /Users/
adam/Scripts/php/php-5.1.5/Zend/zend_vm_execute.h:92
#15 0x00fe7cb4 in apd_execute (op_array=0x1e1b220) at /
private/tmp/tmpZbKSq8/apd-1.0.1/php_apd.c:518
#16 0x001d3584 in zend_do_fcall_common_helper_SPEC 
(execute_data=0xbf8008f8) at /Users/adam/Scripts/php/
php-5.1.5/Zend/zend_vm_execute.h:234
#17 0x001d2d34 in execute (op_array=0x1e1b220) at /Users/
adam/Scripts/php/php-5.1.5/Zend/zend_vm_execute.h:92
#18 0x00fe7cb4 in apd_execute (op_array=0x1e1b220) at /
private/tmp/tmpZbKSq8/apd-1.0.1/php_apd.c:518
#19 0x001d3584 in zend_do_fcall_common_helper_SPEC 
(execute_data=0xbf800a98) at /Users/adam/Scripts/php/
php-5.1.5/Zend/zend_vm_execute.h:234


the backtrace loops on the functions execute->apd_execute-
>zend_do_fcall_common_helper_SPEC->execute et al.
 [2006-08-19 10:52 UTC] adam-peclbugs at adam dot gs
I marked this as OS indendant, since I can trigger this on my 
OSX laptop and on FreeBSD boxes as well.
 [2011-08-28 21:09 UTC] h-oyakawa at rkkline dot co dot jp
http://www.pillslife.net/ accutane %O http://www.lexprices.com/ lexapro :-PPP
 [2011-09-15 21:23 UTC] info at khmin dot org
http://www.pillspass.com/ priligy online pwt http://www.halfpricemed.com/ viagra for woman >:-D
 [2013-10-24 08:10 UTC] yohgaki@php.net
-Status: Open +Status: Wont fix
 [2013-10-24 08:10 UTC] yohgaki@php.net
It's not maintained.
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Sat Apr 20 09:01:24 2019 UTC