php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #61418 Segmentation foult using FiltesystemIterator & RegexIterator
Submitted: 2012-03-16 17:47 UTC Modified: 2012-03-23 11:57 UTC
From: melkorm at gmail dot com Assigned: cataphract
Status: Closed Package: SPL related
PHP Version: 5.3.10 OS: Linux Mint 12
Private report: No CVE-ID:
 [2012-03-16 17:47 UTC] melkorm at gmail dot com
Description:
------------
melkorm@bibiop ~/htdocs/test.dev $ php -v
PHP 5.3.10-1~dotdeb.1 with Suhosin-Patch (cli) (built: Feb  2 2012 23:28:08) 
Copyright (c) 1997-2012 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2012 Zend Technologies
    with Xdebug v2.1.0, Copyright (c) 2002-2010, by Derick Rethans
    with Suhosin v0.9.33, Copyright (c) 2007-2012, by SektionEins GmbH


Test script:
---------------
$fileIterator = new FilesystemIterator(__DIR__, FilesystemIterator::KEY_AS_FILENAME);
$regexpIterator = new RegexIterator($fileIterator,
$regexpIterator = new RegexIterator($fileIterator,
        '#.*#',
        '#.*#',
        \RegexIterator::MATCH,
        \RegexIterator::MATCH,
        \RegexIterator::USE_KEY
        \RegexIterator::USE_KEY
);
);
foreach ($fileIterator as $key => $file)
foreach ($fileIterator as $key => $file)
{
}

Actual result:
--------------
Segemntation foult

strace output can be found here : http://pastebin.com/CFV6qepj

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-03-16 17:52 UTC] melkorm at gmail dot com
It also fails at :
melkorm@bibiop ~ $ php -v
PHP 5.3.6-13ubuntu3.6 with Suhosin-Patch (cli) (built: Feb 11 2012 03:26:01) 
Copyright (c) 1997-2011 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2011 Zend Technologies
    with Xdebug v2.1.0, Copyright (c) 2002-2010, by Derick Rethans
 [2012-03-17 18:50 UTC] melkorm at gmail dot com
There is a typo
 [2012-03-17 18:52 UTC] melkorm at gmail dot com
Sorry for this, but I am not used to this bugtrucker yet, anywho proper script should look like that:
$fileIterator = new FilesystemIterator(__DIR__, FilesystemIterator::KEY_AS_FILENAME);
$regexpIterator = new RegexIterator($fileIterator,
        '#.*#',
        \RegexIterator::MATCH,
        \RegexIterator::USE_KEY
);
foreach ($fileIterator as $key => $file)
{
}

No idea why this `doubled`.
 [2012-03-17 23:27 UTC] cataphract@php.net
Verified.

The zend_object_iterator_funcs.dtor function (implementation: spl_filesystem_tree_it_dtor) seems faulty. In the reproduce script here, the zend_object_iterator is requested twice: first by the RegexIterator constructor, and then by foreach. The zend_object_iterator returned is the same in both cases -- that owned by the FilesystemIterator and its destructor gets called twice. But obviously the destructor is not prepared to be called twice as it unconditionally calls zval_ptr_dtor (for some reason, twice) and zeroes the reference to the owning object.
 [2012-03-17 23:27 UTC] cataphract@php.net
-Status: Open +Status: Verified
 [2012-03-18 13:18 UTC] cataphract@php.net
-Status: Verified +Status: Assigned -Assigned To: +Assigned To: cataphract
 [2012-03-18 15:07 UTC] cataphract@php.net
Automatic comment from SVN on behalf of cataphract
Revision: http://svn.php.net/viewvc/?view=revision&revision=324327
Log: - Fixed bug #61418 (Segmentation fault when DirectoryIterator's or
  FilesystemIterator's iterators are requested more than once without
  having had its dtor callback called in between).
 [2012-03-18 15:07 UTC] cataphract@php.net
-Status: Assigned +Status: Closed
 [2012-03-23 05:31 UTC] stas@php.net
Automatic comment on behalf of stas
Revision: http://git.php.net/?p=php-src.git;a=commit;h=a89c4a34ee55686ab1430a5060e1460335fc5203
Log: Revert "- Fixed bug #61418 (Segmentation fault when DirectoryIterator's or" - causes bug #61482
 [2012-03-23 05:31 UTC] stas@php.net
Automatic comment on behalf of stas
Revision: http://git.php.net/?p=php-src.git;a=commit;h=a89c4a34ee55686ab1430a5060e1460335fc5203
Log: Revert "- Fixed bug #61418 (Segmentation fault when DirectoryIterator's or" - causes bug #61482
 [2012-03-23 05:32 UTC] stas@php.net
Automatic comment on behalf of stas
Revision: http://git.php.net/?p=php-src.git;a=commit;h=a89c4a34ee55686ab1430a5060e1460335fc5203
Log: Revert "- Fixed bug #61418 (Segmentation fault when DirectoryIterator's or" - causes bug #61482
 [2012-03-23 05:32 UTC] stas@php.net
-Status: Closed +Status: Re-Opened
 [2012-03-23 05:32 UTC] stas@php.net
Had to revert the fix, reopening the bug.
 [2012-03-23 11:35 UTC] cataphract@php.net
Automatic comment on behalf of cataphract
Revision: http://git.php.net/?p=php-src.git;a=commit;h=3960def881c5e29daa18c914cf95e1e978db053b
Log: Fixed bug #61482, caused by the fix to bug #61418.
 [2012-03-23 11:35 UTC] cataphract@php.net
Automatic comment on behalf of cataphract
Revision: http://git.php.net/?p=php-src.git;a=commit;h=85725337d5aa7d6cbe69be8c4ce83656f0aca885
Log: Revert "Revert "- Fixed bug #61418 (Segmentation fault when DirectoryIterator's or" - causes bug #61482"
 [2012-03-23 11:57 UTC] cataphract@php.net
-Status: Re-Opened +Status: Closed
 [2012-03-29 04:23 UTC] cataphract@php.net
Automatic comment on behalf of cataphract
Revision: http://git.php.net/?p=php-src.git;a=commit;h=3960def881c5e29daa18c914cf95e1e978db053b
Log: Fixed bug #61482, caused by the fix to bug #61418.
 [2012-03-29 04:23 UTC] cataphract@php.net
Automatic comment on behalf of cataphract
Revision: http://git.php.net/?p=php-src.git;a=commit;h=85725337d5aa7d6cbe69be8c4ce83656f0aca885
Log: Revert "Revert "- Fixed bug #61418 (Segmentation fault when DirectoryIterator's or" - causes bug #61482"
 [2012-03-29 04:23 UTC] stas@php.net
Automatic comment on behalf of stas
Revision: http://git.php.net/?p=php-src.git;a=commit;h=a89c4a34ee55686ab1430a5060e1460335fc5203
Log: Revert "- Fixed bug #61418 (Segmentation fault when DirectoryIterator's or" - causes bug #61482
 [2012-04-18 09:45 UTC] laruence@php.net
Automatic comment on behalf of cataphract
Revision: http://git.php.net/?p=php-src.git;a=commit;h=a3699726f9f3aa622daefe23831032838c52b28f
Log: - Fixed bug #61418 (Segmentation fault when DirectoryIterator's or   FilesystemIterator's iterators are requested more than once without   having had its dtor callback called in between).
 [2012-07-24 23:36 UTC] rasmus@php.net
Automatic comment on behalf of cataphract
Revision: http://git.php.net/?p=php-src.git;a=commit;h=a3699726f9f3aa622daefe23831032838c52b28f
Log: - Fixed bug #61418 (Segmentation fault when DirectoryIterator's or   FilesystemIterator's iterators are requested more than once without   having had its dtor callback called in between).
 [2013-11-17 09:33 UTC] laruence@php.net
Automatic comment on behalf of cataphract
Revision: http://git.php.net/?p=php-src.git;a=commit;h=a3699726f9f3aa622daefe23831032838c52b28f
Log: - Fixed bug #61418 (Segmentation fault when DirectoryIterator's or   FilesystemIterator's iterators are requested more than once without   having had its dtor callback called in between).
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Fri Apr 18 08:02:55 2014 UTC