php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #57829 ssh2 causes php segfaults
Submitted: 2007-09-08 00:03 UTC Modified: 2008-12-02 17:04 UTC
From: adam-peclbugs at adam dot gs Assigned: mikesul (profile)
Status: Closed Package: ssh2 (PECL)
PHP Version: Irrelevant OS: Multiple (FreeBSD/OSX/Linux)
Private report: No CVE-ID: None
View Developer Edit
 [2007-09-08 00:03 UTC] adam-peclbugs at adam dot gs 
Description:
------------
ssh2 function causes segfaults when using ssh2_exec.

If, stream_set_blocking($stream,true) is called prior to 
stream_get_contents the script proceeds normally and does 
not segfault.

Program received signal EXC_BAD_ACCESS, Could not access 
memory.
Reason: KERN_INVALID_ADDRESS at address: 0x01784000
0xffff0d25 in ___memcpy () at 
/System/Library/Frameworks/System.framework/PrivateHeaders/i
386/cpu_capabilities.h:228
228     
/System/Library/Frameworks/System.framework/PrivateHeaders/i
386/cpu_capabilities.h: No such file or directory.
        in 
/System/Library/Frameworks/System.framework/PrivateHeaders/i
386/cpu_capabilities.h
(gdb) bt
#0  0xffff0d25 in ___memcpy () at 
/System/Library/Frameworks/System.framework/PrivateHeaders/i
386/cpu_capabilities.h:228
#1  0x00255748 in _php_stream_read (stream=0x16f94dc, 
buf=0x208e010 "", size=0) at 
/Users/adam/Scripts/compile/php-
5.2.4/main/streams/streams.c:573
#2  0x0025648b in _php_stream_copy_to_mem (src=0x16f94dc, 
buf=0xbffff2dc, maxlen=0, persistent=0) at 
/Users/adam/Scripts/compile/php-
5.2.4/main/streams/streams.c:1258
#3  0x0022ed2d in zif_stream_get_contents (ht=1, 
return_value=0x16f7604, return_value_ptr=0x0, this_ptr=0x0, 
return_value_used=1) at /Users/adam/Scripts/compile/php-
5.2.4/ext/standard/streamsfuncs.c:413
#4  0x002a4ecb in zend_do_fcall_common_helper_SPEC 
(execute_data=0xbffff3f0) at 
/Users/adam/Scripts/compile/php-
5.2.4/Zend/zend_vm_execute.h:200
#5  0x002a2a6b in execute (op_array=0x16f8b0c) at 
/Users/adam/Scripts/compile/php-
5.2.4/Zend/zend_vm_execute.h:92
#6  0x00286364 in zend_execute_scripts (type=8, retval=0x0, 
file_count=3) at /Users/adam/Scripts/compile/php-
5.2.4/Zend/zend.c:1134
#7  0x00241f8b in php_execute_script 
(primary_file=0xbffffb58) at 
/Users/adam/Scripts/compile/php-5.2.4/main/main.c:1982
#8  0x00317d18 in main (argc=2, argv=0xbffffc08) at 
/Users/adam/Scripts/compile/php-
5.2.4/sapi/cli/php_cli.c:1140




Reproduce code:
---------------
<?php

$connection = ssh2_connect('gotlinux.us', 22);
ssh2_auth_password($connection, 'username', 'password');

$stream = ssh2_exec($connection, "/usr/bin/uname -snr");
//stream_set_blocking($stream,true);
print stream_get_contents($stream);
?>

Expected result:
----------------
should output uname -snr something like: OpenBSD 
cocytus.adamjacobmuller.com 4.1




Actual result:
--------------
segfault!

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2008-12-02 17:04 UTC] mike at regexia dot com 
This bug has been fixed in CVS.

In case this was a documentation problem, the fix will show up at the
end of next Sunday (CET) on pecl.php.net.

In case this was a pecl.php.net website problem, the change will show
up on the website in short time.
 
Thank you for the report, and for helping us make PECL better.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Sun Mar 16 21:01:29 2025 UTC