|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #58871 Segmentation Fault on OAuth::fetch() using GET
Submitted: 2009-10-02 06:45 UTC Modified: 2009-10-04 15:20 UTC
From: shiplu dot net at gmail dot com Assigned: jawed (profile)
Status: Closed Package: oauth (PECL)
PHP Version: 5.2.6 OS: Ubuntu 8.10
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
Solve the problem:
33 - 30 = ?
Subscribe to this entry?

 [2009-10-02 06:45 UTC] shiplu dot net at gmail dot com
In my application I call OAuth::fetch() several times. some of them never causes segfault. And some them _always_ causes segfault. I am running php from cli. Here is a usefull gdb backtrace

#0  0xb79452fb in strlen () from /lib/tls/i686/cmov/
#1  0xb71ad45c in oauth_url_encode (url=0xffffffff <Address 0xffffffff out of bounds>) at /tmp/pear/temp/oauth/oauth.c:397
#2  0xb71ae25c in oauth_http_build_query (s=0xbfc421b4, args=0x874c320, prepend_amp=0 '\0', filter=0) at /tmp/pear/temp/oauth/oauth.c:432
#3  0xb71b2a1d in oauth_fetch (soo=0x874ab90, url=0x874c404 "", method=0x8712558 "GET", request_params=0x874c398, request_headers=0x0,
    init_oauth_args=0x0, fetch_flags=1) at /tmp/pear/temp/oauth/oauth.c:1060
#4  0xb71b3784 in zim_oauth_fetch (ht=3, return_value=0x874c484, return_value_ptr=0x0, this_ptr=0x870eeb0, return_value_used=0) at /tmp/pear/temp/oauth/oauth.c:1777
#5  0x082fb8d1 in execute_internal ()

I think "<Address 0xffffffff out of bounds>" is causing the problem.

Reproduce code:
$params['cursor'] = -1;
$data = $oauth->fetch("",$params,OAUTH_HTTP_METHOD_GET); // this call causes segmentation fault 
$json = json_decode($data);

Expected result:
No segfault. 
It will just return the protected resource to $data variable.

Actual result:
A segmentation fault. PHP dies.


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2009-10-04 15:20 UTC]
This bug has been fixed in CVS.

In case this was a documentation problem, the fix will show up at the
end of next Sunday (CET) on

In case this was a website problem, the change will show
up on the website in short time.
Thank you for the report, and for helping us make PECL better.

One can cast $params['cursor'] to a string for a workaround in 
older versions:

$params['cursor'] = (string)-1;
PHP Copyright © 2001-2023 The PHP Group
All rights reserved.
Last updated: Mon Oct 02 01:01:25 2023 UTC