php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #60477 Segfault after two multipart/form-data POST requests, one 200 RQ and one 404
Submitted: 2011-12-09 04:05 UTC Modified: 2011-12-09 05:55 UTC
From: reeze dot xia at gmail dot com Assigned: laruence (profile)
Status: Closed Package: Built-in web server
PHP Version: trunk-SVN-2011-12-09 (SVN) OS: Mac OS X 10.6.7
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: reeze dot xia at gmail dot com
New email:
PHP Version: OS:

 

 [2011-12-09 04:05 UTC] reeze dot xia at gmail dot com
Description:
------------
Post two multipart/form-data to the cli-server, one 200 request and one 404 
request will cause the cli-server segfault. if enabled debug, the server exit with 
a message: "in-consist hashtable".

Test script:
---------------
1.Start the cli-server
2.Touch a simple empty php script
3.Make the requestes
  $ curl --form a=b  "http://localhost:8000/file.php"
  $ curl --form a=b  "http://localhost:8000/file-non-exist.php"

Expected result:
----------------
Server response correctly. one 200 and one 404 reponse.

Actual result:
--------------
Correctly response the first request. but segfault after the second 404 request.

(gdb) bt
#0  0x0000000100250da5 in _zend_mm_free_int (heap=0x101000000, p=0x100670b60) at 
zend_alloc.c:2097
#1  0x0000000100224e4f in destroy_uploaded_files_hash () at rfc1867.c:199
#2  0x00000001002219f2 in sapi_deactivate () at SAPI.c:535
#3  0x0000000100306b5e in php_cli_server_send_error_page (server=0x7fff5fbfa560, 
client=0x100b51170, status=404) at php_cli_server.c:1755
#4  0x00000001003046ad in php_cli_server_dispatch [inlined] () at 
/Volumes/Dev/Opensources/php-src-5.4/sapi/cli/php_cli_server.c:1851
#5  0x00000001003046ad in php_cli_server_recv_event_read_request 
(server=0x7fff5fbfe790, client=0x100670b60) at php_cli_server.c:2180
#6  0x0000000100305ef5 in php_cli_server_do_event_for_each_fd_callback [inlined] 
() at /Volumes/Dev/Opensources/php-src-5.4/sapi/cli/php_cli_server.c:2271
#7  php_cli_server_do_event_for_each_fd [inlined] () at php_cli_server.c:767
#8  php_cli_server_poller_iter_on_active [inlined] () at 
/Volumes/Dev/Opensources/php-src-5.4/sapi/cli/php_cli_server.c:2302
#9  php_cli_server_do_event_loop [inlined] () at /Volumes/Dev/Opensources/php-
src-5.4/sapi/cli/php_cli_server.c:2292
#10 0x0000000100305ef5 in do_cli_server (argc=4, argv=0x10) at 
php_cli_server.c:2403
#11 0x00000001002ffb94 in main (argc=1606414960, argv=0x7fff5fbff298) at 
php_cli.c:1359


Patches

Fix-segfault-after-two-multipart-form-data-POST-and-404-request (last revision 2011-12-09 04:08 UTC by reeze dot xia at gmail dot com)

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-12-09 04:18 UTC] reeze dot xia at gmail dot com
Hi, the 5.4RC3 and the trunk have this bug. 
After trace the core.
I found the SG(rfc1867_uploaded_files) did't set to NULL when sapi deactive.
when trying to free the SG(rfc1867_uploaded_files), server will core dumped on 
the next form-data post request.
So It's a simple oneline-fix.
I have attached a patch for this, patch tested on Mac OS X 10.6.7 & Redhat 
Linux.

thx.
 [2011-12-09 04:20 UTC] laruence@php.net
-Assigned To: +Assigned To: laruence
 [2011-12-09 05:37 UTC] laruence@php.net
Automatic comment from SVN on behalf of laruence
Revision: http://svn.php.net/viewvc/?view=revision&revision=320716
Log: Fixed bug #60477 (Segfault after two multipart/form-data POST requests)
 [2011-12-09 05:39 UTC] laruence@php.net
This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.

 For Windows:

http://windows.php.net/snapshots/
 
Thank you for the report, and for helping us make PHP better.

I made a different patch,  since the main/SAPI.c is used by many other sapis, and 
this bug should fixed in built-in server.

thanks for your work .
 [2011-12-09 05:39 UTC] laruence@php.net
-Summary: Segfault after two multipart/form-data POST requestes, one 200 RQ and one 404 +Summary: Segfault after two multipart/form-data POST requestes -Status: Assigned +Status: Open
 [2011-12-09 05:47 UTC] laruence@php.net
-Status: Assigned +Status: Closed
 [2011-12-09 05:55 UTC] laruence@php.net
-Summary: Segfault after two multipart/form-data POST requestes +Summary: Segfault after two multipart/form-data POST requests, one 200 RQ and one 404
 [2012-04-18 09:47 UTC] laruence@php.net
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=3f60731a097f7e0e737c0ac5ff519f4b1d137ee2
Log: Fixed bug #60477 (Segfault after two multipart/form-data POST requests)
 [2012-07-24 23:38 UTC] rasmus@php.net
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=3f60731a097f7e0e737c0ac5ff519f4b1d137ee2
Log: Fixed bug #60477 (Segfault after two multipart/form-data POST requests)
 [2013-11-17 09:34 UTC] laruence@php.net
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=3f60731a097f7e0e737c0ac5ff519f4b1d137ee2
Log: Fixed bug #60477 (Segfault after two multipart/form-data POST requests)
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Dec 12 21:01:28 2024 UTC