php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #5720 swf_openfile("php://stdout"...) SEG_FAULT (11)
Submitted: 2000-07-21 14:13 UTC Modified: 2000-08-15 13:54 UTC
From: diego at nwbox dot com Assigned:
Status: Closed Package: Reproducible Crash
PHP Version: 4.0.1pl2 OS: Linux 2.2.16
Private report: No CVE-ID: None
 [2000-07-21 14:13 UTC] diego at nwbox dot com
<?
swf_openfile("php://stdout", 256, 256, 30 ,1 , 1, 1);
swf_closefile();
?>

This produces a Segmentation Fault (11) in the Apache error_log.

It seems to me the problem is related to the missing permission
for "nobody" to write to the standard output device "/dev/stdout".

I say this because of this test I conducted from a root shell:

[root@ns /root]# su - nobody
bash$ echo "Hello" > /dev/stdout
sh: /dev/stdout: Permission denied
bash$
bash$ ls -al /dev/stdout
lrwxrwxrwx    1 root     root           17 May 30 17:52 /dev/stdout -> ../proc/self/fd/1
bash$ ls -al /proc/self/fd/1
lrwx------    1 nobody   nobody         64 Jul 21 13:45 /proc/self/fd/1 -> /dev/pts/7
bash$ ls -al /dev/pts/7
crw--w----    1 root     tty      136,   7 Jul 21 13:47 /dev/pts/7
bash$   

As you can see "nobody" has no write permission on the current
stdout device which in this case is "/dev/pts/7", so I tryed to put
"nobody" in the "tty" group since this group has the write perms
but no way to do what it should do from the docs.

I do not now if this is the normal behaviour of the console devices
but I thought it would be normal for every user of the system to
write to "stdout" !!! Is there another way to do this and then
have it corrected ???

From the "libswf" docs I was reading it would be necessary to
swf_openfile("STDOUT", ...) but this gives the same results,
I mean SEG FAULT (11). So I am stuck...

I have RedHat 6.2, Apache 1.3.12 and PHP 4.0.1pl2.

Writing to disk works without a glitch, but I need to avoid
writing to a disk file and send the "swf" directly to the
browser through "stdout".

Compiling PHP and SWF as a CGI allows to do this with no
problems at all but I do want a shared environment, CGI
is not as safe for us...The strange thing is that also the
CGI version of PHP is executed with the same user
"nobody" but it doesn't have the problem of
writing to "/dev/stdout" or "/proc/self/fd/1".

Somebody have tryed this and has a solution ???

Thank you in advance,

Diego Perini
(NWBOX S.r.l.)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2000-07-24 23:10 UTC] waldschrott@php.net
Please verify, that it?s still happening using the latest version of PHP (CVS only).

There have been some changes on SWF since 4.0.1pl2
 [2000-07-25 00:34 UTC] waldschrott@php.net
one part of this bug is possibly fixed, the other part it in work...
 [2000-08-15 13:54 UTC] sterling@php.net
Fixed in CVS.
 
PHP Copyright © 2001-2026 The PHP Group
All rights reserved.
Last updated: Mon Jul 06 15:00:02 2026 UTC