php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #58910 Segfaults when unserializing an HttpRequest object and Xdebug is enabled
Submitted: 2009-10-21 20:15 UTC Modified: 2009-12-30 04:30 UTC
From: tobias382 at gmail dot com Assigned: mike (profile)
Status: Wont fix Package: pecl_http (PECL)
PHP Version: 1.6.5 OS: Ubuntu 9.04
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: tobias382 at gmail dot com
New email:
PHP Version: OS:

 

 [2009-10-21 20:15 UTC] tobias382 at gmail dot com
Description:
------------
When attempting to unserialize a serialized HttpRequest 
object, and only when Xdebug is enabled, PHP segfaults. In 
discussing the issue with Derick Rethans, he believes that 
the issue lies in the pecl_http extension and that Xdebug 
merely exposes it.

See the included reproduce code and actual result. PHP 
configuration information is included below.

$ php -v
PHP 5.3.0 (cli) (built: Sep  2 2009 18:56:37) 
Copyright (c) 1997-2009 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2009 Zend 
Technologies
    with Xdebug v2.0.5, Copyright (c) 2002-2008, by Derick 
Rethans
[1]+  Done                    gedit test.php
$ php -i | grep xdebug
xdebug
xdebug support => enabled
xdebug.auto_trace => On => On
xdebug.collect_includes => On => On
xdebug.collect_params => 4 => 4
xdebug.collect_return => On => On
xdebug.collect_vars => On => On
xdebug.default_enable => On => On
xdebug.dump.COOKIE => no value => no value
xdebug.dump.ENV => no value => no value
xdebug.dump.FILES => no value => no value
xdebug.dump.GET => no value => no value
xdebug.dump.POST => no value => no value
xdebug.dump.REQUEST => no value => no value
xdebug.dump.SERVER => no value => no value
xdebug.dump.SESSION => no value => no value
xdebug.dump_globals => On => On
xdebug.dump_once => On => On
xdebug.dump_undefined => Off => Off
xdebug.extended_info => On => On
xdebug.idekey => matt => no value
xdebug.manual_url => http://www.php.net => 
http://www.php.net
xdebug.max_nesting_level => 100 => 100
xdebug.profiler_aggregate => Off => Off
xdebug.profiler_append => Off => Off
xdebug.profiler_enable => Off => Off
xdebug.profiler_enable_trigger => Off => Off
xdebug.profiler_output_dir => /home/matt/Desktop/xdebug => 
/home/matt/Desktop/xdebug
xdebug.profiler_output_name => cachegrind.out.%p => 
cachegrind.out.%p
xdebug.remote_autostart => Off => Off
xdebug.remote_enable => Off => Off
xdebug.remote_handler => dbgp => dbgp
xdebug.remote_host => localhost => localhost
xdebug.remote_log => no value => no value
xdebug.remote_mode => req => req
xdebug.remote_port => 9000 => 9000
xdebug.show_exception_trace => Off => Off
xdebug.show_local_vars => Off => Off
xdebug.show_mem_delta => Off => Off
xdebug.trace_format => 0 => 0
xdebug.trace_options => 0 => 0
xdebug.trace_output_dir => /home/matt/Desktop/xdebug => 
/home/matt/Desktop/xdebug
xdebug.trace_output_name => trace.%c => trace.%c
xdebug.var_display_max_children => 128 => 128
xdebug.var_display_max_data => 512 => 512
xdebug.var_display_max_depth => 3 => 3
$ php -m
[PHP Modules]
Core
ctype
curl
date
dom
ereg
fileinfo
filter
gd
hash
http
iconv
json
libxml
mbstring
mcrypt
mysql
mysqli
pcre
PDO
pdo_mysql
pdo_sqlite
Phar
posix
Reflection
session
SimpleXML
SPL
SQLite
sqlite3
standard
tidy
tokenizer
xdebug
xml
xmlreader
xmlrpc
xmlwriter
xsl

[Zend Modules]
Xdebug

Reproduce code:
---------------
http://www.pasteninja.com/paste/xaeb

Expected result:
----------------
The unserialized version of the HttpRequest should be 
returned without causing PHP to segfault.

Actual result:
--------------
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7ffc51b66710 (LWP 16596)]
0x00007ffc4c2e7715 in _http_message_object_get_props 
(object=<value optimized out>) at 
/tmp/pear/temp/pecl_http/http_message_object.c:699
699	/tmp/pear/temp/pecl_http/http_message_object.c: No 
such file or directory.
	in /tmp/pear/temp/pecl_http/http_message_object.c
(gdb) bt
#0  0x00007ffc4c2e7715 in _http_message_object_get_props 
(object=<value optimized out>) at 
/tmp/pear/temp/pecl_http/http_message_object.c:699
#1  0x00007ffc4c54e904 in xdebug_var_export 
(struc=0x7fff59b91368, str=0x7fff59b91370, level=1, 
debug_zval=0, options=0x14dda60)
    at /home/matt/Documents/Projects/xdebug-
2.0.5/xdebug_var.c:318
#2  0x00007ffc4c54eb3d in xdebug_get_zval_value 
(val=0x15966f8, debug_zval=0, options=0x14dda60)
    at /home/matt/Documents/Projects/xdebug-
2.0.5/xdebug_var.c:365
#3  0x00007ffc4c53860c in return_trace_stack_retval 
(i=0x14d76b0, retval=0x15966f8) at 
/home/matt/Documents/Projects/xdebug-2.0.5/xdebug.c:1987
#4  0x00007ffc4c53771a in xdebug_execute_internal 
(current_execute_data=0x7ffc51a0f050, return_value_used=1)
    at /home/matt/Documents/Projects/xdebug-
2.0.5/xdebug.c:1644
#5  0x0000000000773058 in zend_do_fcall_common_helper_SPEC 
(execute_data=0x7ffc51a0f050) at /home/matt/srcs/php-
5.3.0/Zend/zend_vm_execute.h:315
#6  0x000000000074c331 in execute (op_array=0x14ad100) at 
/home/matt/srcs/php-5.3.0/Zend/zend_vm_execute.h:104
#7  0x00007ffc4c537304 in xdebug_execute 
(op_array=0x14ad100) at 
/home/matt/Documents/Projects/xdebug-2.0.5/xdebug.c:1562
#8  0x00000000007209fb in zend_execute_scripts (type=8, 
retval=0x0, file_count=3) at /home/matt/srcs/php-
5.3.0/Zend/zend.c:1188
#9  0x00000000006cc222 in php_execute_script 
(primary_file=0x7fff59b93ce0) at /home/matt/srcs/php-
5.3.0/main/main.c:2196
#10 0x00000000007aceef in main (argc=2, argv=0x7fff59b93f48) 
at /home/matt/srcs/php-5.3.0/sapi/cli/php_cli.c:1188

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2009-10-27 15:56 UTC] tobias382 at gmail dot com
Corrected package version field value.
 [2009-12-10 08:38 UTC] mike@php.net
Cannot reproduce.  Your script produces other errors (unserialize errors), but no segfault.
 [2009-12-11 08:42 UTC] tobias382 at gmail dot com
Appears that it isn't reproducible under PHP 5.2.1 with 
pecl_http 1.6.5 or PHP 5.3.1 with pecl_http 1.6.6. May be the 
specific case of PHP 5.3.0 and pecl_http 1.6.5?
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Oct 10 17:01:27 2024 UTC