PHP :: Bug #58484 :: [PATCH] HttpInflateStream::finish segfaults when passing NULL

Bug #58484	[PATCH] HttpInflateStream::finish segfaults when passing NULL
Submitted:	2009-01-03 17:53 UTC	Modified:	2009-01-12 05:03 UTC
From:	felipe@php.net	Assigned:	mike (profile)
Status:	Closed	Package:	pecl_http (PECL)
PHP Version:	5_3 CVS-2009-01-03 (dev)	OS:
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

[2009-01-03 17:53 UTC] felipe@php.net

Description:
------------
See below.

Here's a suggestion:
http://felipe.ath.cx/diff/httpinflatestream_finish.diff

Reproduce code:
---------------
$x = new HttpInflateStream; $x->finish(NULL);

Expected result:
----------------
Nothing

Actual result:
--------------
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb79196b0 (LWP 30477)]
0x0843df3a in _zval_dtor_func (zvalue=0x8e6a250, __zend_filename=0x878599c "/home/felipe/dev/php5/Zend/zend_variables.h", __zend_lineno=35)
    at /home/felipe/dev/php5/Zend/zend_variables.c:35
35				CHECK_ZVAL_STRING_REL(zvalue);
(gdb) bt
#0  0x0843df3a in _zval_dtor_func (zvalue=0x8e6a250, __zend_filename=0x878599c "/home/felipe/dev/php5/Zend/zend_variables.h", __zend_lineno=35)
    at /home/felipe/dev/php5/Zend/zend_variables.c:35
#1  0x0842e144 in _zval_dtor (zvalue=0x8e6a250, __zend_filename=0x8785938 "/home/felipe/dev/php5/Zend/zend_execute_API.c", __zend_lineno=429)
    at /home/felipe/dev/php5/Zend/zend_variables.h:35
#2  0x0842e529 in _zval_ptr_dtor (zval_ptr=0x8e976f4, __zend_filename=0x878bac8 "/home/felipe/dev/php5/Zend/zend_vm_execute.h", __zend_lineno=319)
    at /home/felipe/dev/php5/Zend/zend_execute_API.c:429
#3  0x08472f16 in zend_do_fcall_common_helper_SPEC (execute_data=0x8e9763c, tsrm_ls=0x8cf2070) at /home/felipe/dev/php5/Zend/zend_vm_execute.h:319
#4  0x0847402e in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0x8e9763c, tsrm_ls=0x8cf2070) at /home/felipe/dev/php5/Zend/zend_vm_execute.h:422
#5  0x08471c70 in execute (op_array=0x8e69a48, tsrm_ls=0x8cf2070) at /home/felipe/dev/php5/Zend/zend_vm_execute.h:104
#6  0x08431c7f in zend_eval_string (str=0xbfafb89f "$x = new HttpInflateStream; $x->finish(NULL);", retval_ptr=0x0, string_name=0x87919b8 "Command line code", 
    tsrm_ls=0x8cf2070) at /home/felipe/dev/php5/Zend/zend_execute_API.c:1150
#7  0x08431ec6 in zend_eval_string_ex (str=0xbfafb89f "$x = new HttpInflateStream; $x->finish(NULL);", retval_ptr=0x0, string_name=0x87919b8 "Command line code", 
    handle_exceptions=1, tsrm_ls=0x8cf2070) at /home/felipe/dev/php5/Zend/zend_execute_API.c:1185
#8  0x084e1c29 in main (argc=3, argv=0xbfafa244) at /home/felipe/dev/php5/sapi/cli/php_cli.c:1177
(gdb) 
#0  0x0843df3a in _zval_dtor_func (zvalue=0x8e6a250, __zend_filename=0x878599c "/home/felipe/dev/php5/Zend/zend_variables.h", __zend_lineno=35)
    at /home/felipe/dev/php5/Zend/zend_variables.c:35
#1  0x0842e144 in _zval_dtor (zvalue=0x8e6a250, __zend_filename=0x8785938 "/home/felipe/dev/php5/Zend/zend_execute_API.c", __zend_lineno=429)
    at /home/felipe/dev/php5/Zend/zend_variables.h:35
#2  0x0842e529 in _zval_ptr_dtor (zval_ptr=0x8e976f4, __zend_filename=0x878bac8 "/home/felipe/dev/php5/Zend/zend_vm_execute.h", __zend_lineno=319)
    at /home/felipe/dev/php5/Zend/zend_execute_API.c:429
#3  0x08472f16 in zend_do_fcall_common_helper_SPEC (execute_data=0x8e9763c, tsrm_ls=0x8cf2070) at /home/felipe/dev/php5/Zend/zend_vm_execute.h:319
#4  0x0847402e in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0x8e9763c, tsrm_ls=0x8cf2070) at /home/felipe/dev/php5/Zend/zend_vm_execute.h:422
#5  0x08471c70 in execute (op_array=0x8e69a48, tsrm_ls=0x8cf2070) at /home/felipe/dev/php5/Zend/zend_vm_execute.h:104
#6  0x08431c7f in zend_eval_string (str=0xbfafb89f "$x = new HttpInflateStream; $x->finish(NULL);", retval_ptr=0x0, string_name=0x87919b8 "Command line code", 
    tsrm_ls=0x8cf2070) at /home/felipe/dev/php5/Zend/zend_execute_API.c:1150
#7  0x08431ec6 in zend_eval_string_ex (str=0xbfafb89f "$x = new HttpInflateStream; $x->finish(NULL);", retval_ptr=0x0, string_name=0x87919b8 "Command line code", 
    handle_exceptions=1, tsrm_ls=0x8cf2070) at /home/felipe/dev/php5/Zend/zend_execute_API.c:1185
#8  0x084e1c29 in main (argc=3, argv=0xbfafa244) at /home/felipe/dev/php5/sapi/cli/php_cli.c:1177
(gdb) 
#0  0x0843df3a in _zval_dtor_func (zvalue=0x8e6a250, __zend_filename=0x878599c "/home/felipe/dev/php5/Zend/zend_variables.h", __zend_lineno=35)
    at /home/felipe/dev/php5/Zend/zend_variables.c:35
#1  0x0842e144 in _zval_dtor (zvalue=0x8e6a250, __zend_filename=0x8785938 "/home/felipe/dev/php5/Zend/zend_execute_API.c", __zend_lineno=429)
    at /home/felipe/dev/php5/Zend/zend_variables.h:35
#2  0x0842e529 in _zval_ptr_dtor (zval_ptr=0x8e976f4, __zend_filename=0x878bac8 "/home/felipe/dev/php5/Zend/zend_vm_execute.h", __zend_lineno=319)
    at /home/felipe/dev/php5/Zend/zend_execute_API.c:429
#3  0x08472f16 in zend_do_fcall_common_helper_SPEC (execute_data=0x8e9763c, tsrm_ls=0x8cf2070) at /home/felipe/dev/php5/Zend/zend_vm_execute.h:319
#4  0x0847402e in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0x8e9763c, tsrm_ls=0x8cf2070) at /home/felipe/dev/php5/Zend/zend_vm_execute.h:422
#5  0x08471c70 in execute (op_array=0x8e69a48, tsrm_ls=0x8cf2070) at /home/felipe/dev/php5/Zend/zend_vm_execute.h:104
#6  0x08431c7f in zend_eval_string (str=0xbfafb89f "$x = new HttpInflateStream; $x->finish(NULL);", retval_ptr=0x0, string_name=0x87919b8 "Command line code", 
    tsrm_ls=0x8cf2070) at /home/felipe/dev/php5/Zend/zend_execute_API.c:1150
#7  0x08431ec6 in zend_eval_string_ex (str=0xbfafb89f "$x = new HttpInflateStream; $x->finish(NULL);", retval_ptr=0x0, string_name=0x87919b8 "Command line code", 
    handle_exceptions=1, tsrm_ls=0x8cf2070) at /home/felipe/dev/php5/Zend/zend_execute_API.c:1185
#8  0x084e1c29 in main (argc=3, argv=0xbfafa244) at /home/felipe/dev/php5/sapi/cli/php_cli.c:1177

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2009-01-12 05:03 UTC] mike@php.net

This bug has been fixed in CVS.

In case this was a documentation problem, the fix will show up at the
end of next Sunday (CET) on pecl.php.net.

In case this was a pecl.php.net website problem, the change will show
up on the website in short time.
 
Thank you for the report, and for helping us make PECL better.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2023 The PHP Group All rights reserved.	Last updated: Mon Dec 11 13:01:29 2023 UTC