php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #61581 taint causes 'segfault'with phpMyAdmin-3.4.9
Submitted: 2012-03-31 13:38 UTC Modified: 2012-06-24 10:12 UTC
Votes:3
Avg. Score:4.7 ± 0.5
Reproduced:2 of 2 (100.0%)
Same Version:1 (50.0%)
Same OS:1 (50.0%)
From: support at pbcomp dot com dot au Assigned: laruence (profile)
Status: No Feedback Package: taint (PECL)
PHP Version: 5.4.0 OS: Fedora 16
Private report: No CVE-ID: None
 [2012-03-31 13:38 UTC] support at pbcomp dot com dot au
Description:
------------
Fedora 'message' log:
Mar 31 23:58:00 server1 kernel: [   78.751185] php-fpm2[2055]: segfault at 601222178 ip 0000000000798ba3 sp 00007fff476af8a0 error 4 in php-fpm2[400000+827000]
Mar 31 23:58:00 server1 kernel: [   78.759779] php-fpm2[2053]: segfault at 7f08bebc57d8 ip 0000000000798ba3 sp 00007fff476af8a0 error 4 in php-fpm2[400000+827000]
Mar 31 23:58:00 server1 kernel: [   78.799557] php-fpm2[2050]: segfault at 7f08bebc3b28 ip 0000000000798ba3 sp 00007fff476af8a0 error 4 in php-fpm2[400000+827000]
Mar 31 23:58:00 server1 kernel: [   78.808101] php-fpm2[2056]: segfault at 7f08bebc5940 ip 0000000000798ba3 sp 00007fff476af8a0 error 4 in php-fpm2[400000+827000]

php-fpm error log:
[31-Mar-2012 23:58:00] WARNING: [pool www] child 2055 exited on signal 11 (SIGSEGV) after 65.266146 seconds from start
[31-Mar-2012 23:58:00] NOTICE: [pool www] child 2495 started
[31-Mar-2012 23:58:00] WARNING: [pool www] child 2053 exited on signal 11 (SIGSEGV) after 65.272231 seconds from start
[31-Mar-2012 23:58:00] NOTICE: [pool www] child 2496 started
[31-Mar-2012 23:58:00] WARNING: [pool www] child 2050 exited on signal 11 (SIGSEGV) after 65.315537 seconds from start
[31-Mar-2012 23:58:00] NOTICE: [pool www] child 2497 started
[31-Mar-2012 23:58:00] WARNING: [pool www] child 2056 exited on signal 11 (SIGSEGV) after 65.320088 seconds from start
[31-Mar-2012 23:58:00] NOTICE: [pool www] child 2498 started




Test script:
---------------
Try to access phpMyAdmin with 'taint' active - via php.in
you get the problem above!

Disble 'taint' in PHP.INI,
and all is fine!

Expected result:
----------------
Normal operation of phpMyAdmininder under php-fpm [php 5.40]


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-03-31 14:24 UTC] laruence@php.net
Thank you for taking the time to report a problem with PHP.
Unfortunately you are not using a current version of PHP -- 
the problem might already be fixed. Please download a new
PHP version from http://www.php.net/downloads.php

If you are able to reproduce the bug with one of the latest
versions of PHP, please change the PHP version on this bug report
to the version you tested and change the status back to "Open".
Again, thank you for your continued support of PHP.

what's the taint's version?  plz try a newer version. thanks :)
 [2012-03-31 14:24 UTC] laruence@php.net
-Status: Open +Status: Feedback
 [2012-03-31 14:24 UTC] laruence@php.net
-Assigned To: +Assigned To: laruence
 [2012-03-31 22:44 UTC] support at pbcomp dot com dot au
Using the very latest PHP 5.4.0 (Current stable)
 [2012-03-31 22:44 UTC] support at pbcomp dot com dot au
-Status: Feedback +Status: Assigned
 [2012-03-31 22:49 UTC] support at pbcomp dot com dot au
The 'taint' version is the latest from SVN
PHP_TAINT_VERSION "0.5.0"
 [2012-04-01 03:20 UTC] laruence@php.net
-Status: Assigned +Status: Feedback
 [2012-04-01 03:20 UTC] laruence@php.net
Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read
http://bugs.php.net/bugs-generating-backtrace.php for *NIX and
http://bugs.php.net/bugs-generating-backtrace-win32.php for Win32

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.

I can not reproduce this with php-5.5-trunk. could you plz provide a backtrace?
 [2012-06-24 10:12 UTC] laruence@php.net
-Status: Feedback +Status: No Feedback
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Dec 21 14:01:32 2024 UTC