PHP :: Bug #59600 :: OAuth::fetch causes segfault

Bug #59600	OAuth::fetch causes segfault
Submitted:	2011-02-01 10:28 UTC	Modified:	2011-02-04 02:51 UTC
From:	peter at havekes dot eu	Assigned:	jawed (profile)
Status:	Closed	Package:	oauth (PECL)
PHP Version:	5.3.2	OS:	Ubuntu 10.04
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

[2011-02-01 10:28 UTC] peter at havekes dot eu

Description:
------------
This code below causes a segfault

Some relevant info:

compiled from http://svn.php.net/repository/pecl/oauth/trunk/

PHP Version => 5.3.2-1ubuntu4.7
cURL support => enabled
cURL Information => 7.19.7
Host => x86_64-pc-linux-gnu
OAuth version 1.0-dev


This is my first bugreport. please let me know is you need more details.



Reproduce code:
---------------
$oauth_client = new Oauth("key","secret");
//$oauth_client->enableDebug();
$oauth_client->setToken("testkey","testsecret");
$oauth_client->fetch("http://myhost.tld/oauth/api/user");

Expected result:
----------------
Anything other than crashing php / apache

Actual result:
--------------
# strace php blaat.php
ends with:

open("blaat.php", O_RDONLY)             = 4
fstat(4, {st_mode=S_IFREG|0644, st_size=419, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7664282000
read(4, "<?\n\n$oauth_client = new Oauth(\"k"..., 4096) = 419
lseek(4, 0, SEEK_SET)                   = 0
mmap(NULL, 528384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f766411b000
rt_sigaction(SIGPROF, {0x68a480, [PROF], SA_RESTORER|SA_RESTART, 0x7f7661544af0}, {SIG_DFL, [], 0}, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [PROF], NULL, 8) = 0
fstat(0, {st_mode=S_IFCHR|0600, st_rdev=makedev(136, 0), ...}) = 0
fstat(0, {st_mode=S_IFCHR|0600, st_rdev=makedev(136, 0), ...}) = 0
fstat(0, {st_mode=S_IFCHR|0600, st_rdev=makedev(136, 0), ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7664281000
lseek(0, 0, SEEK_CUR)                   = -1 ESPIPE (Illegal seek)
fstat(1, {st_mode=S_IFCHR|0600, st_rdev=makedev(136, 0), ...}) = 0
fstat(1, {st_mode=S_IFCHR|0600, st_rdev=makedev(136, 0), ...}) = 0
fstat(1, {st_mode=S_IFCHR|0600, st_rdev=makedev(136, 0), ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7664280000
lseek(1, 0, SEEK_CUR)                   = -1 ESPIPE (Illegal seek)
fstat(2, {st_mode=S_IFCHR|0600, st_rdev=makedev(136, 0), ...}) = 0
fstat(2, {st_mode=S_IFCHR|0600, st_rdev=makedev(136, 0), ...}) = 0
lseek(2, 0, SEEK_CUR)                   = -1 ESPIPE (Illegal seek)
getcwd("/var/www/oauth", 4096)          = 15
lstat("/var/www/oauth/blaat.php", {st_mode=S_IFREG|0644, st_size=419, ...}) = 0
lstat("/var/www/oauth", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
lstat("/var/www", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
lstat("/var", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
ioctl(4, SNDCTL_TMR_TIMEBASE or TCGETS, 0x7fff6dde67f0) = -1 ENOTTY (Inappropriate ioctl for device)
fstat(4, {st_mode=S_IFREG|0644, st_size=419, ...}) = 0
mmap(NULL, 451, PROT_READ, MAP_PRIVATE, 4, 0) = 0x7f766427f000
munmap(0x7f766427f000, 419)             = 0
close(4)                                = 0
munmap(0x7f7664282000, 4096)            = 0
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
+++ killed by SIGSEGV +++
Segmentation fault

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2011-02-01 11:00 UTC] peter at havekes dot eu

gdb backtrace:

Core was generated by `php blaat.php'.
Program terminated with signal 11, Segmentation fault.
#0  oauth_fetch (soo=0x22712f8, url=<value optimized out>, method=<value optimized out>, request_params=<value optimized out>,
    request_headers=<value optimized out>, init_oauth_args=<value optimized out>, fetch_flags=<value optimized out>) at /root/oauthsvn/trunk/oauth.c:1676
1676                    if (!strcmp(final_http_method, OAUTH_HTTP_METHOD_GET)) {
(gdb) bt
#0  oauth_fetch (soo=0x22712f8, url=<value optimized out>, method=<value optimized out>, request_params=<value optimized out>,
    request_headers=<value optimized out>, init_oauth_args=<value optimized out>, fetch_flags=<value optimized out>) at /root/oauthsvn/trunk/oauth.c:1676
#1  0x00007fc84afd25db in zim_oauth_fetch (ht=<value optimized out>, return_value=0x2271900, return_value_ptr=<value optimized out>, this_ptr=0x226f9d0,
    return_value_used=<value optimized out>) at /root/oauthsvn/trunk/oauth.c:2571
#2  0x00000000006e7caa in ?? ()
#3  0x00000000006bef90 in execute ()
#4  0x0000000000696bad in zend_execute_scripts ()
#5  0x00000000006427a8 in php_execute_script ()
#6  0x0000000000727dc6 in ?? ()
#7  0x00007fc84ffdfc4d in __libc_start_main () from /lib/libc.so.6
#8  0x000000000042c6a9 in _start ()

[2011-02-01 21:17 UTC] jawed@php.net

Thanks for the bug report. I'll look into this.

- JJ

[2011-02-03 20:28 UTC] tom at tomkarpik dot com

I'm also getting segfaults on fetch. FreeBSD 8.1, 64-bit, PHP 
5.3.4.

I'm using an oauth build compiled from trunk from about a week 
ago.

[2011-02-03 22:43 UTC] jawed@php.net

This bug has been fixed in SVN.

In case this was a documentation problem, the fix will show up at the
end of next Sunday (CET) on pecl.php.net.

In case this was a pecl.php.net website problem, the change will show
up on the website in short time.
 
Thank you for the report, and for helping us make PECL better.

- JJ

[2011-02-04 02:51 UTC] peter at havekes dot eu

Thanks for the fix. It works fine now.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Apr 25 23:01:29 2024 UTC