|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #62481 xdebug openssl_encrypt crash
Submitted: 2012-07-04 13:53 UTC Modified: 2013-05-29 04:53 UTC
From: bronze1man at gmail dot com Assigned:
Status: Closed Package: OpenSSL related
PHP Version: 5.3.10 OS: ubuntu 1204
Private report: No CVE-ID: None
 [2012-07-04 13:53 UTC] bronze1man at gmail dot com
start xdebug openssl_encrypt an empty string ,then it will crash.

php version:
PHP 5.3.10-1ubuntu3.2 with Suhosin-Patch (cli) (built: Jun 13 2012 17:20:55) 
Copyright (c) 1997-2012 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2012 Zend Technologies
    with Xdebug v2.1.0, Copyright (c) 2002-2010, by Derick Rethans

Test script:
xdebug_start_code_coverage(XDEBUG_CC_UNUSED | XDEBUG_CC_DEAD_CODE);
$d1 = openssl_encrypt('', 'AES-256-CBC', str_repeat('b',32), true,str_repeat('a', 16));

Expected result:
string(32) "60aed1d68451e752108a0ddc3390be92"

Actual result:
not output anything.


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2012-07-04 15:08 UTC]
You wrote 5.3.14 in the ticket, but 5.3.10 in the description ... what is 

On 5.3.10-dotdeb it segfaults for me without xdebug too. With the 5.3.15-dev 
there are no issues with or without xdebug for me. Can you confirm that?
 [2012-07-05 01:10 UTC] bronze1man at gmail dot com
sorry,php version is 5.3.10
 [2012-07-05 01:10 UTC] bronze1man at gmail dot com
-PHP Version: 5.3.14 +PHP Version: 5.3.10
 [2012-07-05 09:51 UTC]
-Status: Open +Status: Feedback
 [2012-07-05 09:51 UTC]
I'd to ask to try your code with a vanilla PHP version, either latest 5.3 or 
latest 5.4, without suhosin patch, as we can't reproduce this issue.
 [2013-02-18 00:35 UTC] php-bugs at lists dot php dot net
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Open". Thank you.
 [2013-05-22 13:57 UTC] beporter at gmail dot com
I've verified the same results. It seems specific to 5.3.10 and does not require 
xdebug to trigger: Passing an empty $data string to openssl_encrypt will cause a 
segmentation fault.

[me@host:~]$ php --version
PHP 5.3.10 (cli) (built: Feb  4 2012 07:16:03) 
Copyright (c) 1997-2012 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2012 Zend Technologies
    with the ionCube PHP Loader v4.0.10, Copyright (c) 2002-2011, by ionCube 

[me@host:~]$ php -r 'var_dump(bin2hex(openssl_encrypt("", "AES-256-CBC", 
str_repeat("b",32), true,str_repeat("a", 16))));'
Segmentation fault

With a different PHP version, openssl_encrypt behaves normally even with xdebug 
and suhosin:

[me@otherhost:~]$ php --version
PHP 5.3.23 (cli) (built: Apr  9 2013 18:07:12) 
Copyright (c) 1997-2013 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2013 Zend Technologies
    with Xdebug v2.2.2, Copyright (c) 2002-2013, by Derick Rethans
    with Suhosin v0.9.33, Copyright (c) 2007-2012, by SektionEins GmbH

[me@otherhost:~]$ php -r 'var_dump(bin2hex(openssl_encrypt("", "AES-256-CBC", 
str_repeat("b",32), true,str_repeat("a", 16))));'
string(32) "60aed1d68451e752108a0ddc3390be92"
 [2013-05-29 04:53 UTC] bronze1man at gmail dot com
-Status: No Feedback +Status: Closed
 [2013-05-29 04:53 UTC] bronze1man at gmail dot com
I can not reproduce this issue on php 5.4.9
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Thu Jan 21 16:01:23 2021 UTC