php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #61243 php-5.3.10 segfaults on imap
Submitted: 2012-03-02 11:40 UTC Modified: 2020-10-18 04:22 UTC
From: slim at inbox dot lv Assigned: cmb (profile)
Status: No Feedback Package: IMAP related
PHP Version: 5.3.10 OS: linux
Private report: No CVE-ID: None
View Developer Edit
 [2012-03-02 11:40 UTC] slim at inbox dot lv 
Description:
------------
php segfaults on unknown issues with imap. 
have no script to reproduce, conditions are unknown.

Mar  1 20:00:27 kernel: php-fpm[18747]: segfault at 63474590 ip 08468266 sp bfb12cc0 error 4 in php-fpm[8048000+97e000]
Mar  1 20:00:27 kernel: grsec: From 10.20.1.7: Segmentation fault occurred at 63474590 in /usr/lib/php5.3/bin/php-fpm[php-fpm:18747] uid/euid:103/103 gid/egid:442/442, parent /usr/lib/php5.3/bin/php-fpm[php-fpm:6808] uid/euid:0/0 gid/egid:0/0


php build as:
./configure --prefix=/usr --build=i686-pc-linux-gnu --host=i686-pc-linux-gnu --mandir=/usr/share/man --infodir=/usr/share/info --datadir=/usr/share --sysconfdir=/etc --localstatedir=/var/lib --prefix=/usr/lib/php5.3 --mandir=/usr/lib/php5.3/man --infodir=/usr/lib/php5.3/info --libdir=/usr/lib/php5.3/lib --with-libdir=lib --without-pear --disable-maintainer-zts --disable-bcmath --with-bz2 --disable-calendar --enable-ctype --with-curl --without-curlwrappers --enable-dom --without-enchant --enable-exif --enable-fileinfo --enable-filter --disable-ftp --with-gettext --without-gmp --enable-hash --with-mhash --with-iconv --enable-intl --disable-ipv6 --enable-json --without-kerberos --enable-libxml --enable-mbstring --with-mcrypt --without-mssql --with-onig=/usr --with-openssl --with-openssl-dir=/usr --enable-pcntl --enable-phar --enable-pdo --without-pgsql --enable-posix --with-pspell --without-recode --enable-simplexml --enable-shmop --without-snmp --disable-soap --enable-sockets --without-sqlite --without-sqlite3 --without-sybase-ct --enable-sysvmsg --enable-sysvsem --enable-sysvshm --with-tidy --enable-tokenizer --disable-wddx --enable-xml --disable-xmlreader --disable-xmlwriter --with-xmlrpc --without-xsl --enable-zip --with-zlib --disable-debug --enable-dba --without-cdb --with-db4 --disable-flatfile --without-gdbm --disable-inifile --without-qdbm --without-freetype-dir --without-t1lib --disable-gd-jis-conv --with-jpeg-dir=/usr --with-png-dir=/usr --without-xpm-dir --with-gd --with-imap --with-imap-ssl --with-mysql=/usr --with-mysql-sock=/var/run/mysqld/mysqld.sock --with-mysqli=/usr/bin/mysql_config --without-pdo-dblib --with-pdo-mysql=/usr --without-pdo-pgsql --without-pdo-sqlite --without-pdo-odbc --with-readline --without-libedit --with-mm --with-pic --with-pcre-regex=/usr --with-pcre-dir=/usr --with-config-file-path=/etc/php/cli-php5.3 --with-config-file-scan-dir=/etc/php/cli-php5.3/ext-active --disable-embed --enable-cli --disable-cgi --disable-fpm --without-apxs2

Core was generated by `php-fpm: pool www'.
Program terminated with signal 11, Segmentation fault.
#0  0x08468266 in zend_mm_check_ptr (heap=0x8a41d80, ptr=0x8eceb58, silent=1, 
    __zend_filename=0x87c26f4 "/var/tmp/portage/dev-lang/php-5.3.10/work/sapis-build/fpm/ext/imap/php_imap.c", __zend_lineno=611, 
    __zend_orig_filename=0x0, __zend_orig_lineno=0) at /var/tmp/portage/dev-lang/php-5.3.10/work/sapis-build/fpm/Zend/zend_alloc.c:1357
1357    /var/tmp/portage/dev-lang/php-5.3.10/work/sapis-build/fpm/Zend/zend_alloc.c: No such file or directory.
        in /var/tmp/portage/dev-lang/php-5.3.10/work/sapis-build/fpm/Zend/zend_alloc.c
(gdb) bt
#0  0x08468266 in zend_mm_check_ptr (heap=0x8a41d80, ptr=0x8eceb58, silent=1, 
    __zend_filename=0x87c26f4 "/var/tmp/portage/dev-lang/php-5.3.10/work/sapis-build/fpm/ext/imap/php_imap.c", __zend_lineno=611, 
    __zend_orig_filename=0x0, __zend_orig_lineno=0) at /var/tmp/portage/dev-lang/php-5.3.10/work/sapis-build/fpm/Zend/zend_alloc.c:1357
#1  0x08469c25 in _zend_mm_free_int (heap=0x8a41d80, p=0x8eceb58, 
    __zend_filename=0x87c26f4 "/var/tmp/portage/dev-lang/php-5.3.10/work/sapis-build/fpm/ext/imap/php_imap.c", __zend_lineno=611, 
    __zend_orig_filename=0x0, __zend_orig_lineno=0) at /var/tmp/portage/dev-lang/php-5.3.10/work/sapis-build/fpm/Zend/zend_alloc.c:1993
#2  0x0846b0dc in _efree (ptr=0x8eceb58, 
    __zend_filename=0x87c26f4 "/var/tmp/portage/dev-lang/php-5.3.10/work/sapis-build/fpm/ext/imap/php_imap.c", __zend_lineno=611, 
    __zend_orig_filename=0x0, __zend_orig_lineno=0) at /var/tmp/portage/dev-lang/php-5.3.10/work/sapis-build/fpm/Zend/zend_alloc.c:2361
#3  0x081eb52a in mail_close_it (rsrc=0xa20ca98) at /var/tmp/portage/dev-lang/php-5.3.10/work/sapis-build/fpm/ext/imap/php_imap.c:611
#4  0x084a65d9 in list_entry_destructor (ptr=0xa20ca98) at /var/tmp/portage/dev-lang/php-5.3.10/work/sapis-build/fpm/Zend/zend_list.c:184
#5  0x084a34d1 in zend_hash_del_key_or_index (ht=0x8a36a2c, arKey=0x0, nKeyLength=0, h=33, flag=1)
    at /var/tmp/portage/dev-lang/php-5.3.10/work/sapis-build/fpm/Zend/zend_hash.c:500
#6  0x084a6227 in _zend_list_delete (id=33) at /var/tmp/portage/dev-lang/php-5.3.10/work/sapis-build/fpm/Zend/zend_list.c:58
#7  0x0848fe66 in _zval_dtor_func (zvalue=0x8cf8d18, 
    __zend_filename=0x89b8d18 "/var/tmp/portage/dev-lang/php-5.3.10/work/sapis-build/fpm/Zend/zend_execute_API.c", __zend_lineno=447)
    at /var/tmp/portage/dev-lang/php-5.3.10/work/sapis-build/fpm/Zend/zend_variables.c:60
#8  0x0847f08f in _zval_dtor (zvalue=0x8cf8d18, 
    __zend_filename=0x89b8d18 "/var/tmp/portage/dev-lang/php-5.3.10/work/sapis-build/fpm/Zend/zend_execute_API.c", __zend_lineno=447)
    at /var/tmp/portage/dev-lang/php-5.3.10/work/sapis-build/fpm/Zend/zend_variables.h:35
#9  0x084804a6 in _zval_ptr_dtor (zval_ptr=0x8cfb890, 
    __zend_filename=0x89b9f64 "/var/tmp/portage/dev-lang/php-5.3.10/work/sapis-build/fpm/Zend/zend_variables.c", __zend_lineno=189)
    at /var/tmp/portage/dev-lang/php-5.3.10/work/sapis-build/fpm/Zend/zend_execute_API.c:447
#10 0x08490308 in _zval_ptr_dtor_wrapper (zval_ptr=0x8cfb890)
    at /var/tmp/portage/dev-lang/php-5.3.10/work/sapis-build/fpm/Zend/zend_variables.c:189
#11 0x084a3640 in zend_hash_destroy (ht=0x8d0a070) at /var/tmp/portage/dev-lang/php-5.3.10/work/sapis-build/fpm/Zend/zend_hash.c:529
#12 0x084bcfac in zend_object_std_dtor (object=0x8d08fc4)
    at /var/tmp/portage/dev-lang/php-5.3.10/work/sapis-build/fpm/Zend/zend_objects.c:45
#13 0x084bd3aa in zend_objects_free_object_storage (object=0x8d08fc4)
    at /var/tmp/portage/dev-lang/php-5.3.10/work/sapis-build/fpm/Zend/zend_objects.c:126
#14 0x084c3200 in zend_objects_store_del_ref_by_handle_ex (handle=10, handlers=0x8a18880)
    at /var/tmp/portage/dev-lang/php-5.3.10/work/sapis-build/fpm/Zend/zend_objects_API.c:220
#15 0x084c2ef6 in zend_objects_store_del_ref (zobject=0x8d09a48)
    at /var/tmp/portage/dev-lang/php-5.3.10/work/sapis-build/fpm/Zend/zend_objects_API.c:172
#16 0x0848fe56 in _zval_dtor_func (zvalue=0x8d09a48, 
    __zend_filename=0x89b8d18 "/var/tmp/portage/dev-lang/php-5.3.10/work/sapis-build/fpm/Zend/zend_execute_API.c", __zend_lineno=447)
    at /var/tmp/portage/dev-lang/php-5.3.10/work/sapis-build/fpm/Zend/zend_variables.c:52
#17 0x0847f08f in _zval_dtor (zvalue=0x8d09a48, 
    __zend_filename=0x89b8d18 "/var/tmp/portage/dev-lang/php-5.3.10/work/sapis-build/fpm/Zend/zend_execute_API.c", __zend_lineno=447)
    at /var/tmp/portage/dev-lang/php-5.3.10/work/sapis-build/fpm/Zend/zend_variables.h:35
#18 0x084804a6 in _zval_ptr_dtor (zval_ptr=0x8d03dbc, 
    __zend_filename=0x89b9f64 "/var/tmp/portage/dev-lang/php-5.3.10/work/sapis-build/fpm/Zend/zend_variables.c", __zend_lineno=189)
    at /var/tmp/portage/dev-lang/php-5.3.10/work/sapis-build/fpm/Zend/zend_execute_API.c:447
#19 0x08490308 in _zval_ptr_dtor_wrapper (zval_ptr=0x8d03dbc)
    at /var/tmp/portage/dev-lang/php-5.3.10/work/sapis-build/fpm/Zend/zend_variables.c:189
#20 0x084a3640 in zend_hash_destroy (ht=0x8d09bdc) at /var/tmp/portage/dev-lang/php-5.3.10/work/sapis-build/fpm/Zend/zend_hash.c:529
#21 0x084bcfac in zend_object_std_dtor (object=0xa22e9e0)
    at /var/tmp/portage/dev-lang/php-5.3.10/work/sapis-build/fpm/Zend/zend_objects.c:45
#22 0x084bd3aa in zend_objects_free_object_storage (object=0xa22e9e0)
    at /var/tmp/portage/dev-lang/php-5.3.10/work/sapis-build/fpm/Zend/zend_objects.c:126
#23 0x084c3200 in zend_objects_store_del_ref_by_handle_ex (handle=11, handlers=0x8a18880)
    at /var/tmp/portage/dev-lang/php-5.3.10/work/sapis-build/fpm/Zend/zend_objects_API.c:220
#24 0x084c2ef6 in zend_objects_store_del_ref (zobject=0x8d0a1e4)
    at /var/tmp/portage/dev-lang/php-5.3.10/work/sapis-build/fpm/Zend/zend_objects_API.c:172
#25 0x0848fe56 in _zval_dtor_func (zvalue=0x8d0a1e4, 
    __zend_filename=0x89b8d18 "/var/tmp/portage/dev-lang/php-5.3.10/work/sapis-build/fpm/Zend/zend_execute_API.c", __zend_lineno=447)
    at /var/tmp/portage/dev-lang/php-5.3.10/work/sapis-build/fpm/Zend/zend_variables.c:52
#26 0x0847f08f in _zval_dtor (zvalue=0x8d0a1e4, 
    __zend_filename=0x89b8d18 "/var/tmp/portage/dev-lang/php-5.3.10/work/sapis-build/fpm/Zend/zend_execute_API.c", __zend_lineno=447)
    at /var/tmp/portage/dev-lang/php-5.3.10/work/sapis-build/fpm/Zend/zend_variables.h:35
---Type <return> to continue, or q <return> to quit---
#27 0x084804a6 in _zval_ptr_dtor (zval_ptr=0x8d7e818, 
    __zend_filename=0x89b9f64 "/var/tmp/portage/dev-lang/php-5.3.10/work/sapis-build/fpm/Zend/zend_variables.c", __zend_lineno=189)
    at /var/tmp/portage/dev-lang/php-5.3.10/work/sapis-build/fpm/Zend/zend_execute_API.c:447
#28 0x08490308 in _zval_ptr_dtor_wrapper (zval_ptr=0x8d7e818)
    at /var/tmp/portage/dev-lang/php-5.3.10/work/sapis-build/fpm/Zend/zend_variables.c:189
#29 0x084a381e in zend_hash_clean (ht=0x8d7e2d8) at /var/tmp/portage/dev-lang/php-5.3.10/work/sapis-build/fpm/Zend/zend_hash.c:561
#30 0x08485ed7 in zend_cleanup_class_data (pce=0x8d5a59c)
    at /var/tmp/portage/dev-lang/php-5.3.10/work/sapis-build/fpm/Zend/zend_opcode.c:163
#31 0x084a3cd2 in zend_hash_apply (ht=0x8a42058, apply_func=0x8485e78 <zend_cleanup_class_data>)
    at /var/tmp/portage/dev-lang/php-5.3.10/work/sapis-build/fpm/Zend/zend_hash.c:674
#32 0x0847feda in shutdown_executor () at /var/tmp/portage/dev-lang/php-5.3.10/work/sapis-build/fpm/Zend/zend_execute_API.c:298
#33 0x084920a5 in zend_deactivate () at /var/tmp/portage/dev-lang/php-5.3.10/work/sapis-build/fpm/Zend/zend.c:891
#34 0x08410ba2 in php_request_shutdown (dummy=0x0) at /var/tmp/portage/dev-lang/php-5.3.10/work/sapis-build/fpm/main/main.c:1661
#35 0x08585e04 in main (argc=5, argv=0xbfb15a64) at /var/tmp/portage/dev-lang/php-5.3.10/work/sapis-build/fpm/sapi/fpm/fpm/fpm_main.c:1886

Program terminated with signal 11, Segmentation fault.
#0  0x08468266 in zend_mm_check_ptr (heap=0x8a41d80, ptr=0x8c8b9f4, silent=1, 
    __zend_filename=0x87c26f4 "/var/tmp/portage/dev-lang/php-5.3.10/work/sapis-build/fpm/ext/imap/php_imap.c", __zend_lineno=1217, 
    __zend_orig_filename=0x0, __zend_orig_lineno=0) at /var/tmp/portage/dev-lang/php-5.3.10/work/sapis-build/fpm/Zend/zend_alloc.c:1357
1357    /var/tmp/portage/dev-lang/php-5.3.10/work/sapis-build/fpm/Zend/zend_alloc.c: No such file or directory.
        in /var/tmp/portage/dev-lang/php-5.3.10/work/sapis-build/fpm/Zend/zend_alloc.c
(gdb) bt
#0  0x08468266 in zend_mm_check_ptr (heap=0x8a41d80, ptr=0x8c8b9f4, silent=1, 
    __zend_filename=0x87c26f4 "/var/tmp/portage/dev-lang/php-5.3.10/work/sapis-build/fpm/ext/imap/php_imap.c", __zend_lineno=1217, 
    __zend_orig_filename=0x0, __zend_orig_lineno=0) at /var/tmp/portage/dev-lang/php-5.3.10/work/sapis-build/fpm/Zend/zend_alloc.c:1357
#1  0x08469c25 in _zend_mm_free_int (heap=0x8a41d80, p=0x8c8b9f4, 
    __zend_filename=0x87c26f4 "/var/tmp/portage/dev-lang/php-5.3.10/work/sapis-build/fpm/ext/imap/php_imap.c", __zend_lineno=1217, 
    __zend_orig_filename=0x0, __zend_orig_lineno=0) at /var/tmp/portage/dev-lang/php-5.3.10/work/sapis-build/fpm/Zend/zend_alloc.c:1993
#2  0x0846b0dc in _efree (ptr=0x8c8b9f4, 
    __zend_filename=0x87c26f4 "/var/tmp/portage/dev-lang/php-5.3.10/work/sapis-build/fpm/ext/imap/php_imap.c", __zend_lineno=1217, 
    __zend_orig_filename=0x0, __zend_orig_lineno=0) at /var/tmp/portage/dev-lang/php-5.3.10/work/sapis-build/fpm/Zend/zend_alloc.c:2361
#3  0x081ece88 in php_imap_do_open (ht=4, return_value=0x8eb2610, return_value_ptr=0x0, this_ptr=0x0, return_value_used=1, persistent=0)
    at /var/tmp/portage/dev-lang/php-5.3.10/work/sapis-build/fpm/ext/imap/php_imap.c:1217
#4  0x081ed194 in zif_imap_open (ht=4, return_value=0x8eb2610, return_value_ptr=0x0, this_ptr=0x0, return_value_used=1)
    at /var/tmp/portage/dev-lang/php-5.3.10/work/sapis-build/fpm/ext/imap/php_imap.c:1266
#5  0x084c9be4 in zend_do_fcall_common_helper_SPEC (execute_data=0x8f6ce98)
    at /var/tmp/portage/dev-lang/php-5.3.10/work/sapis-build/fpm/Zend/zend_vm_execute.h:320
#6  0x084ca2e1 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0x8f6ce98)
    at /var/tmp/portage/dev-lang/php-5.3.10/work/sapis-build/fpm/Zend/zend_vm_execute.h:425
#7  0x084c9043 in execute (op_array=0x91aaba4) at /var/tmp/portage/dev-lang/php-5.3.10/work/sapis-build/fpm/Zend/zend_vm_execute.h:107
#8  0x0849325a in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at /var/tmp/portage/dev-lang/php-5.3.10/work/sapis-build/fpm/Zend/zend.c:1236
#9  0x08411e11 in php_execute_script (primary_file=0xbfb15910)
    at /var/tmp/portage/dev-lang/php-5.3.10/work/sapis-build/fpm/main/main.c:2308
#10 0x08585cb2 in main (argc=5, argv=0xbfb15a64) at /var/tmp/portage/dev-lang/php-5.3.10/work/sapis-build/fpm/sapi/fpm/fpm/fpm_main.c:1858

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2020-10-09 14:40 UTC] cmb@php.net
-Status: Open +Status: Feedback -Assigned To: +Assigned To: cmb
 [2020-10-09 14:40 UTC] cmb@php.net 
Does that still happen to you with any of the actively supported
PHP versions[1]?

[1] <https://www.php.net/supported-versions.php>
 [2020-10-18 04:22 UTC] php-bugs at lists dot php dot net 
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Re-Opened". Thank you.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Fri Nov 01 01:01:28 2024 UTC