php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #58901 GearmanWorker::addFunction segfaults when function name is non-string
Submitted: 2009-10-18 13:35 UTC Modified: 2011-05-15 04:41 UTC
From: felipe@php.net Assigned: hradtke (profile)
Status: Closed Package: gearman (PECL)
PHP Version: Trunk SVN-2009-10-18 (dev) OS:
Private report: No CVE-ID: None
 [2009-10-18 13:35 UTC] felipe@php.net
Description:
------------
See below.

Reproduce code:
---------------
Starting program: /usr/local/bin/php -dextension=gearman.so -r '$x = new gearmanworker; $x->addfunction(1,function(){});'
[Thread debugging using libthread_db enabled]
[New Thread 0xb59676d0 (LWP 11298)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb59676d0 (LWP 11298)]
0xb5ee738b in strlen () from /lib/i686/cmov/libc.so.6
(gdb) bt
#0  0xb5ee738b in strlen () from /lib/i686/cmov/libc.so.6
#1  0xb5ee70e5 in strdup () from /lib/i686/cmov/libc.so.6
#2  0xb7f26d51 in _worker_function_add (worker=0xaa5e25c, function_name=0x1 <Address 0x1 out of bounds>, timeout=0, 
    worker_fn=0xb57b7216 <_php_worker_function_callback>, context=0xaa5ee78) at worker.c:885
#3  0xb57b788b in zif_gearman_worker_add_function (ht=2, return_value=0xaa5edf0, return_value_ptr=0x0, this_ptr=0xaa5c1b8, 
    return_value_used=0, tsrm_ls=0xa8c2070) at /home/felipe/dev/pecl/gearman/php_gearman.c:3512
#4  0x084ed671 in zend_do_fcall_common_helper_SPEC (execute_data=0xaa8af64, tsrm_ls=0xa8c2070)
    at /home/felipe/dev/php5/Zend/zend_vm_execute.h:313
#5  0x084ee838 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0xaa8af64, tsrm_ls=0xa8c2070)
    at /home/felipe/dev/php5/Zend/zend_vm_execute.h:418
#6  0x084ec356 in execute (op_array=0xaa5c7fc, tsrm_ls=0xa8c2070) at /home/felipe/dev/php5/Zend/zend_vm_execute.h:104
#7  0x084ab869 in zend_eval_stringl (str=0xbfc47815 "$x = new gearmanworker; $x->addfunction(1,function(){});", str_len=56, retval_ptr=0x0, 
    string_name=0x8a08c10 "Command line code", tsrm_ls=0xa8c2070) at /home/felipe/dev/php5/Zend/zend_execute_API.c:1167
#8  0x084abb18 in zend_eval_stringl_ex (str=0xbfc47815 "$x = new gearmanworker; $x->addfunction(1,function(){});", str_len=56, 
    retval_ptr=0x0, string_name=0x8a08c10 "Command line code", handle_exceptions=1, tsrm_ls=0xa8c2070)
    at /home/felipe/dev/php5/Zend/zend_execute_API.c:1209
---Type <return> to continue, or q <return> to quit---
#9  0x084abbcc in zend_eval_string_ex (str=0xbfc47815 "$x = new gearmanworker; $x->addfunction(1,function(){});", retval_ptr=0x0, 
    string_name=0x8a08c10 "Command line code", handle_exceptions=1, tsrm_ls=0xa8c2070) at /home/felipe/dev/php5/Zend/zend_execute_API.c:1220
#10 0x0859df5b in main (argc=4, argv=0xbfc462f4) at /home/felipe/dev/php5/sapi/cli/php_cli.c:1229



Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-05-15 04:32 UTC] hradtke@php.net
The closure works fine if you don't use a non-string for the function name:
/usr/local/bin/php -dextension=gearman.so -r '$x = new
gearmanworker; $x->addfunction("foo",function(){});'
 [2011-05-15 04:41 UTC] hradtke@php.net
This bug has been fixed in SVN.

In case this was a documentation problem, the fix will show up at the
end of next Sunday (CET) on pecl.php.net.

In case this was a pecl.php.net website problem, the change will show
up on the website in short time.
 
Thank you for the report, and for helping us make PECL better.


 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Mon Dec 30 14:01:28 2024 UTC