php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #64455 Using PDFlib causes a segfault
Submitted: 2013-03-19 14:16 UTC Modified: 2013-04-08 15:00 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: marcel at webdisplay dot nl Assigned: rjs (profile)
Status: Closed Package: pdflib (PECL)
PHP Version: 5.4.13 OS: Mac OS X + CentOS
Private report: No CVE-ID: None
 [2013-03-19 14:16 UTC] marcel at webdisplay dot nl
Description:
------------
Using PDFlib causes a segfault in certain situations.

Platforms tested:
CentOS 6.4 with PHP 5.4.11
Mac OS X 10.8.3 with PHP 5.4.13
PDFLib 8.0.5 and PDFlib 9.0.0


Test script:
---------------
class Pdf extends PDFLib {

    /** Just some public variable */
    public $someVar;
}

$pdf = new Pdf();

//print_r($pdf);


Expected result:
----------------
The script should return normally

Actual result:
--------------
A segmentation fault occurs

Backtrace:
Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_INVALID_ADDRESS at address: 0x0000000000000020
0x00000001001ebb2d in zend_hash_destroy ()
(gdb) bt
#0  0x00000001001ebb2d in zend_hash_destroy ()
#1  0x0000000101ad3677 in pdflib_object_dtor ()
#2  0x0000000100203b71 in zend_objects_store_del_ref_by_handle_ex ()
#3  0x0000000100203c2a in zend_objects_store_del_ref ()
#4  0x00000001001d2ac1 in _zval_ptr_dtor ()
#5  0x00000001001eb854 in zend_hash_apply_deleter ()
#6  0x00000001001eb910 in zend_hash_reverse_apply ()
#7  0x00000001001d5ac7 in shutdown_destructors ()
#8  0x00000001001df958 in zend_call_destructors ()
#9  0x0000000100182247 in php_request_shutdown ()
#10 0x000000010026bdd8 in main ()
(gdb)

Please note that the segfault does not occur if either:
a) the public variable is removed from the class
b) print_r($pdf) is uncommented


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2013-03-19 17:02 UTC] aharvey@php.net
-Package: PDF related +Package: pdflib
 [2013-04-08 15:00 UTC] rjs@php.net
The wrapper for PDFlib uses some old code construct to ....


    zend_hash_init(intern->std.properties, 0, NULL, ZVAL_PTR_DTOR, 0);
    zend_hash_copy(intern->std.properties,

and 

    zend_hash_destroy(intern->std.properties);
    FREE_HASHTABLE(intern->std.properties);

as destructor.

PHP has introduced new API's for this with PHP 5.2:

    zend_object_std_init((zend_object *) tobj, class_type TSRMLS_CC);

with
    zend_object_std_dtor(&intern->std TSRMLS_CC);
as destructor.

In PHP 5.2 and PHP  5.3 the old code worked fine. With PHP 5.4  some internals 
must have been changed so that now the old code crashes PHP.

This will be fixed in PDFlib 9.0.1 and 8.0.6. The PECL package 2.1.10 already 
contains the bugfix.
 [2013-04-08 15:00 UTC] rjs@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: rjs
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Dec 26 01:01:29 2024 UTC