php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #61106 Segfault when using header_register_callback
Submitted: 2012-02-16 16:53 UTC Modified: 2012-03-02 08:07 UTC
From: nikic@php.net Assigned: nikic (profile)
Status: Closed Package: Reproducible crash
PHP Version: 5.4.0RC7 OS:
Private report: No CVE-ID: None
View Add Comment Developer Edit
 [2012-02-16 16:53 UTC] nikic@php.net 
Description:
------------
Using header_register_callback may cause crashes due to a double zval_ptr_dtor.

The double zval_ptr_dtor occurs in 
http://lxr.php.net/xref/PHP_TRUNK/main/SAPI.c#sapi_deactivate in lines 
http://lxr.php.net/xref/PHP_TRUNK/main/SAPI.c#498 and 
http://lxr.php.net/xref/PHP_TRUNK/main/SAPI.c#546.

For me the issue is quite hard to reproduce reliably (especially after 
accidentally removing my only non-random reproduce script ^^), but I think it 
should be obvious that the double dtoring can cause a segfault if you try hard.

The issue can be fixed by removing one of the two calls.

Patches

headerCallback.patch (last revision 2012-02-16 16:53 UTC by nikic)

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-02-16 17:07 UTC] nikic@php.net
-PHP Version: Irrelevant +PHP Version: 5.4.0RC7
 [2012-03-02 08:04 UTC] nikic@php.net 
Automatic comment from SVN on behalf of nikic
Revision: http://svn.php.net/viewvc/?view=revision&revision=323803
Log: Fix bug #61106 Segfault when using header_register_callback

The callback was double dtored
 [2012-03-02 08:07 UTC] nikic@php.net 
This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.

 For Windows:

http://windows.php.net/snapshots/
 
Thank you for the report, and for helping us make PHP better.
 [2012-03-02 08:07 UTC] nikic@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: nikic
 [2012-04-18 09:45 UTC] laruence@php.net 
Automatic comment on behalf of nikic
Revision: http://git.php.net/?p=php-src.git;a=commit;h=f465b219b5c686d0e6d84be234fc8129bdab3246
Log: Fix bug #61106 Segfault when using header_register_callback
 [2012-07-24 23:36 UTC] rasmus@php.net 
Automatic comment on behalf of nikic
Revision: http://git.php.net/?p=php-src.git;a=commit;h=f465b219b5c686d0e6d84be234fc8129bdab3246
Log: Fix bug #61106 Segfault when using header_register_callback
 [2013-11-17 09:33 UTC] laruence@php.net 
Automatic comment on behalf of nikic
Revision: http://git.php.net/?p=php-src.git;a=commit;h=f465b219b5c686d0e6d84be234fc8129bdab3246
Log: Fix bug #61106 Segfault when using header_register_callback
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Apr 18 15:01:28 2024 UTC