php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #59240 segfault on fetch()
Submitted: 2010-05-27 20:38 UTC Modified: 2010-05-28 03:42 UTC
From: james at digitalfusion dot co dot nz Assigned:
Status: Closed Package: oauth (PECL)
PHP Version: 5.3.1 OS: Mac OS X 10.6.3
Private report: No CVE-ID: None
 [2010-05-27 20:38 UTC] james at digitalfusion dot co dot nz
Description:
------------
Have built trunk r299837 on Mac OS X 10.6.3 machine running 
Apache 2.2.14 and PHP 5.3.1.

Get reproducable segfaults in apache upon some calls to 
fetch() when using setRSACertificate. Have loaded into a 
debug 
build of php, backtrace below.

Error from apache log:

[Thu May 27 15:30:03 2010] [notice] child pid 87030 exit 
signal Segmentation fault (11)

Similar symptom to bug #16853 but happens with both GET and 
POST, and still happens in trunk now so must be different 
cause.


Reproduce code:
---------------
// Create the oAuth connection object: we are using RSA_SHA1 signing here...
$nz = new OAuth( XERO_NZ_KEY, XERO_NZ_SECRET, OAUTH_SIG_METHOD_RSASHA1 );
$nz->setToken( XERO_NZ_KEY, XERO_NZ_SECRET );
$nz->setRSACertificate( file_get_contents( XERO_RSASHA1_PRIVATE ) );

foreach( $invoices as $data ){
$nz->fetch( API_XERO.'Invoices', $data, OAUTH_HTTP_METHOD_POST );
}

Expected result:
----------------
fetch() should return expected result, or throw an error... 
basically anything but crash apache :-)

Actual result:
--------------
#0  0x00000001012a6ad0 in zend_hash_destroy ()
#1  0x0000000101299567 in _zval_dtor_func ()
#2  0x0000000101034e9d in _zval_dtor ()
#3  0x000000010103f8dc in zif_openssl_sign ()
#4  0x000000010128e437 in zend_call_function ()
#5  0x000000010128ef3c in call_user_function_ex ()
#6  0x000000010128efae in call_user_function ()
#7  0x00000001005039ad in soo_sign ()
#8  0x0000000100509e56 in oauth_fetch ()
#9  0x000000010050ab7b in zim_oauth_fetch ()
#10 0x00000001012c1baa in zend_do_fcall_common_helper_SPEC 
()
#11 0x00000001012bdf4b in execute ()
#12 0x00000001012998ab in zend_execute_scripts ()
#13 0x00000001012423b2 in php_execute_script ()
#14 0x00000001013290c6 in php_handler ()
#15 0x00000001000012af in ap_run_handler ()
#16 0x0000000100001b8e in ap_invoke_handler ()
#17 0x000000010002f175 in ap_internal_redirect ()
#18 0x00000001003fbd02 in handler_redirect ()
#19 0x00000001000012af in ap_run_handler ()
#20 0x0000000100001b8e in ap_invoke_handler ()
#21 0x000000010002e784 in ap_process_request ()
#22 0x000000010002aff7 in ap_process_http_connection ()
#23 0x000000010001280b in ap_run_process_connection ()
#24 0x0000000100012ca5 in ap_process_connection ()
#25 0x00000001000353f2 in child_main ()
#26 0x00000001000354dc in make_child ()
#27 0x0000000100035aaf in ap_mpm_run ()
#28 0x00000001000098f5 in main ()


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2010-05-27 20:40 UTC] james at digitalfusion dot co dot nz
also tried php532 and php533, same result.
 [2010-05-28 00:59 UTC] datibbaw@php.net
This bug has been fixed in SVN.

In case this was a documentation problem, the fix will show up at the
end of next Sunday (CET) on pecl.php.net.

In case this was a pecl.php.net website problem, the change will show
up on the website in short time.
 
Thank you for the report, and for helping us make PECL better.

Didn't catch this while running my valgrind tests; zval_dtor is called on the passed signature, which is empty on our call.

Now I'm explicitly setting it to an empty string; hope this fixes the segfault on your machine (and hopefully others)
 [2010-05-28 03:42 UTC] james at digitalfusion dot co dot nz
Thanks all fixed!
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Mon Sep 20 05:03:36 2021 UTC