php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #59852 OAuth::fetch crash
Submitted: 2011-07-16 14:25 UTC Modified: 2011-07-21 16:30 UTC
From: adam-peclbugs at adam dot gs Assigned:
Status: Closed Package: oauth (PECL)
PHP Version: 5.3.4 OS:
Private report: No CVE-ID: None
View Developer Edit
 [2011-07-16 14:25 UTC] adam-peclbugs at adam dot gs 
Description:
------------
OAuth::fetch method causes segfault

Reproduce code:
---------------
http://us3.php.net/manual/en/oauth.fetch.php

Vanilla code from the documentation triggers the issue.

Expected result:
----------------
Exception due to dns error or similar (photos.example.net 
doesn't exist)

(segfault still occurs even with a valid oauth request)

Actual result:
--------------
Program received signal EXC_BAD_ACCESS, Could not access 
memory.
Reason: KERN_INVALID_ADDRESS at address: 0x0000000000000000
0x00007fff8be07870 in strcmp ()
(gdb) bt full
#0  0x00007fff8be07870 in strcmp ()
No symbol table info available.
#1  0x00000001011ac1b6 in oauth_fetch ()
No symbol table info available.
#2  0x00000001011a79ed in zim_oauth_fetch ()
No symbol table info available.
#3  0x0000000100352bca in zend_do_fcall_common_helper_SPEC 
(execute_data=0x101400040) at zend_vm_execute.h:316
	opline = (zend_op *) 0x10112e4d0
	should_change_scope = 1 '\001'
#4  0x000000010034ef6b in execute (op_array=0x10112d9a8) at 
zend_vm_execute.h:107
	ret = <value temporarily unavailable, due to 
optimizations>
	execute_data = (zend_execute_data *) 0x101400040
	nested = 0 '\0'
	original_in_execution = 0 '\0'
#5  0x000000010032a50b in zend_execute_scripts (type=8, 
retval=0x0, file_count=3) at 
/Users/adam/Scripts/compile/php-5.3.4/Zend/zend.c:1194
	files = {{
    gp_offset = 40, 
    fp_offset = 1, 
    overflow_arg_area = 0x7fff5fbff090, 
    reg_save_area = 0x7fff5fbfefa0
  }}
	i = 1
	file_handle = (zend_file_handle *) 0x7fff5fbff9a0
	orig_op_array = (zend_op_array *) 0x0
	orig_retval_ptr_ptr = (zval **) 0x0
#6  0x00000001002d2762 in php_execute_script 
(primary_file=0x7fff5fbff9a0) at 
/Users/adam/Scripts/compile/php-5.3.4/main/main.c:2265
	realfile = "/Users/adam/Scripts/compile/php-
5.3.4/oatest.php\000?_?\000\000?H?_?\000\000 ??
\000\000\000\000\000 ?\022\001\001\000\000\000??_?\000\0000?
\022\001\001\000\000\000?u?
\000\001\000\000\000\020\000\000\000\000\000\000\000\003\000
\000\000\000\000\000\000\020\000\000\000\000\000\000\000@?_?
\000\000W?3\000\001\000\000\000\001", '\0' <repeats 15 
times>, "P?_?
\000\000\030\000\000\000\000\000\000\000cli\000embe\003\000\
000\000\000\000\000\000\000s?\000\001", '\0' <repeats 11 
times>...
	__orig_bailout = (sigjmp_buf *) 0x7fff5fbff800
	__bailout = {10384128, 1, 1606416000, 32767, 
1606414480, 32767, 1606417064, 32767, 1, 0, 0, 0, 0, 0, 
2958935, 1, 1606671704, 32767, 8096, 639, 1, 0, 10522615, 1, 
1606414688, 32767, 1606479556, 32767, 17991336, 1, 10522615, 
1, 1606635808, 32767, 1606635808, 32767, 1606663576, 32767}
	prepend_file_p = (zend_file_handle *) 0x0
	append_file_p = (zend_file_handle *) 0x0
	prepend_file = {
  type = ZEND_HANDLE_FILENAME, 
  filename = 0x0, 
  opened_path = 0x0, 
  handle = {
    fd = 0, 
    fp = 0x0, 
    stream = {
      handle = 0x0, 
      isatty = 0, 
      mmap = {
        len = 0, 
        pos = 0, 
        map = 0x0, 
        buf = 0x0, 
        old_handle = 0x0, 
        old_closer = 0
      }, 
      reader = 0, 
      fsizer = 0, 
      closer = 0
    }
  }, 
  free_filename = 0 '\0'
}
	append_file = {
  type = ZEND_HANDLE_FILENAME, 
  filename = 0x0, 
  opened_path = 0x0, 
  handle = {
    fd = 0, 
    fp = 0x0, 
    stream = {
      handle = 0x0, 
      isatty = 0, 
      mmap = {
        len = 0, 
        pos = 0, 
        map = 0x0, 
        buf = 0x0, 
        old_handle = 0x0, 
        old_closer = 0
      }, 
      reader = 0, 
      fsizer = 0, 
      closer = 0
    }
  }, 
  free_filename = 0 '\0'
}
	old_cwd = 0x10112c8a8 ""
	retval = <value temporarily unavailable, due to 
optimizations>
#7  0x00000001003bdc15 in main (argc=2, argv=0x7fff5fbffa98) 
at /Users/adam/Scripts/compile/php-
5.3.4/sapi/cli/php_cli.c:1193
	__bailout = {0, 0, 1606417008, 32767, 1606416016, 
32767, 0, 0, 0, 0, 0, 0, 110, 0, 3917312, 1, 0, 0, 8096, 
895, 0 <repeats 18 times>}
	exit_status = 0
	c = <value temporarily unavailable, due to 
optimizations>
	file_handle = {
  type = ZEND_HANDLE_MAPPED, 
  filename = 0x7fff5fbffbcb "oatest.php", 
  opened_path = 0x0, 
  handle = {
    fd = 18013400, 
    fp = 0x10112dcd8, 
    stream = {
      handle = 0x10112dcd8, 
      isatty = 0, 
      mmap = {
        len = 524, 
        pos = 0, 
        map = 0x1011ce000, 
        buf = 0x1011ce000 <Address 0x1011ce000 out of 
bounds>, 
        old_handle = 0x7fff7607dee0, 
        old_closer = 0x10033ff30 <zend_stream_stdio_closer>
      }, 
      reader = 0x1003400d0 <zend_stream_stdio_reader>, 
      fsizer = 0x100340000 <zend_stream_stdio_fsizer>, 
      closer = 0x100340050 <zend_stream_mmap_closer>
    }
  }, 
  free_filename = 0 '\0'
}
	behavior = <value temporarily unavailable, due to 
optimizations>
	reflection_what = 0x0
	orig_optind = 1
	orig_optarg = 0x0
	arg_free = 0x7fff5fbffbcb "oatest.php"
	script_file = 0x7fff5fbffbcb "oatest.php"
	interactive = 0
	module_started = 1
	request_started = 1
	lineno = 1
	exec_direct = 0x0
	exec_run = 0x0
	exec_begin = 0x0
	exec_end = 0x0
	param_error = <value temporarily unavailable, due to 
optimizations>
	hide_argv = 0
	ini_entries_len = <value temporarily unavailable, 
due to optimizations>
(gdb) The program is running.  Exit anyway? (y or n) y

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-07-21 16:30 UTC] jawed@php.net 
Thank you for your bug report. This issue has been fixed
in the latest released version of the package, which you can download at
http://pecl.php.net/get/oauth
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sat Dec 21 12:01:31 2024 UTC