php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #60282 Segfault when using ob_gzhandler() with open buffers
Submitted: 2011-11-13 02:30 UTC Modified: 2011-11-13 04:15 UTC
From: mark at mark-story dot com Assigned: laruence
Status: Closed Package: Output Control
PHP Version: 5.4.0RC1 OS: MacOS
Private report: No CVE-ID:
 [2011-11-13 02:30 UTC] mark at mark-story dot com
Description:
------------
When creating multiple output buffers, and then switching the output callback, 
PHP5.4RC1 segfaults.  The same code works without any problems in PHP5.3.8.

zlib version: 1.2.5

Test script and gdb trace included below.


Test script:
---------------
--Test script--
<?php
ob_start();
ob_start();
echo "here\n";

ob_start('ob_gzhandler');

--gdb backtrace--
#0  0x000000010043cf24 in php_output_handler_started (name=0x10063c343 "zlib output compression", name_len=23) at /Users/markstory/Sites/php/php-src/main/output.c:518
518				if (name_len == handlers[i]->name_len && !memcmp(handlers[i]->name, name, name_len)) {
(gdb) bt
#0  0x000000010043cf24 in php_output_handler_started (name=0x10063c343 "zlib output compression", name_len=23) at /Users/markstory/Sites/php/php-src/main/output.c:518
#1  0x000000010043cf97 in php_output_handler_conflict (handler_new=0x1012d12d0 "ob_gzhandler", handler_new_len=12, handler_set=0x10063c343 "zlib output compression", handler_set_len=23) at /Users/markstory/Sites/php/php-src/main/output.c:532
#2  0x0000000100167c9a in php_zlib_output_conflict_check (handler_name=0x1012d12d0 "ob_gzhandler", handler_name_len=12) at /Users/markstory/Sites/php/php-src/ext/zlib/zlib.c:56
#3  0x000000010043ce05 in php_output_handler_start (handler=0x1012d04e8) at /Users/markstory/Sites/php/php-src/main/output.c:484
#4  0x000000010043ca25 in php_output_start_user (output_handler=0x1012cda68, chunk_size=0, flags=112) at /Users/markstory/Sites/php/php-src/main/output.c:382
#5  0x000000010043ec2b in zif_ob_start (ht=1, return_value=0x1012cd9f0, return_value_ptr=0x0, this_ptr=0x0, return_value_used=0) at /Users/markstory/Sites/php/php-src/main/output.c:1252
#6  0x00000001004fcb30 in zend_do_fcall_common_helper_SPEC (execute_data=0x1012980d8) at zend_vm_execute.h:642
#7  0x0000000100504658 in ZEND_DO_FCALL_SPEC_CONST_HANDLER (execute_data=0x1012980d8) at zend_vm_execute.h:2215
#8  0x00000001004fb282 in execute (op_array=0x1012cf938) at zend_vm_execute.h:410
#9  0x00000001004bd643 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /Users/markstory/Sites/php/php-src/Zend/zend.c:1272
#10 0x00000001004246c2 in php_execute_script (primary_file=0x7fff5fbff3b0) at /Users/markstory/Sites/php/php-src/main/main.c:2414
#11 0x0000000100608d13 in do_cli (argc=2, argv=0x7fff5fbff690) at /Users/markstory/Sites/php/php-src/sapi/cli/php_cli.c:983
#12 0x000000010060a069 in main (argc=2, argv=0x7fff5fbff690) at /Users/markstory/Sites/php/php-src/sapi/cli/php_cli.c:1356


Expected result:
----------------
here should be output.

Actual result:
--------------
Segmentation Fault

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-11-13 03:57 UTC] laruence@php.net
-Assigned To: +Assigned To: laruence
 [2011-11-13 04:11 UTC] laruence@php.net
Automatic comment from SVN on behalf of laruence
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=319117
Log: Fixed bug #60282 (Segfault when using ob_gzhandler() with open buffers)
 [2011-11-13 04:15 UTC] laruence@php.net
-Status: Assigned +Status: Closed
 [2011-11-13 04:15 UTC] laruence@php.net
This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.

 For Windows:

http://windows.php.net/snapshots/
 
Thank you for the report, and for helping us make PHP better.


 [2012-04-18 09:47 UTC] laruence@php.net
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=efd3e69511b985428151bdef78d0cefa69f082c5
Log: Fixed bug #60282 (Segfault when using ob_gzhandler() with open buffers)
 [2012-07-24 23:38 UTC] rasmus@php.net
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=efd3e69511b985428151bdef78d0cefa69f082c5
Log: Fixed bug #60282 (Segfault when using ob_gzhandler() with open buffers)
 [2013-11-17 09:35 UTC] laruence@php.net
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=efd3e69511b985428151bdef78d0cefa69f082c5
Log: Fixed bug #60282 (Segfault when using ob_gzhandler() with open buffers)
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Fri Apr 25 07:02:14 2014 UTC