PHP :: Bug #64636 :: Segfault in scan from parse

Bug #64636	Segfault in scan from parse_date.c
Submitted:	2013-04-11 20:36 UTC	Modified:	2015-06-28 04:22 UTC
From:	shakaran at gmail dot com	Assigned:	cmb (profile)
Status:	No Feedback	Package:	Apache2 related
PHP Version:	5.3.24	OS:	Centos 5.9
Private report:	No	CVE-ID:	None

View Developer Edit

[2013-04-11 20:36 UTC] shakaran at gmail dot com

Description:
------------
I am using cPanel with cpeasyapache and php 5.3.23.

I get a apache core file when parse_date.c: is used in scan.

I start gdb in the core file showing this:

# gdb /usr/local/apache/bin/httpd core.5886 
GNU gdb (GDB) CentOS (7.0.1-45.el5.centos)
Copyright (C) 2009 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /usr/local/apache/bin/httpd...(no debugging symbols 
found)...done.
[New Thread 5886]

warning: .dynamic section for "/usr/lib64/libldap-2.3.so.0" is not at the 
expected address

warning: difference appears to be caused by prelink, adjusting expectations

warning: .dynamic section for "/usr/lib64/liblber-2.3.so.0" is not at the 
expected address

warning: difference appears to be caused by prelink, adjusting expectations

warning: .dynamic section for "/lib64/libssl.so.6" is not at the expected 
address

warning: difference appears to be caused by prelink, adjusting expectations

warning: .dynamic section for "/lib64/libcrypto.so.6" is not at the expected 
address

warning: difference appears to be caused by prelink, adjusting expectations

warning: .dynamic section for "/usr/lib64/libz.so.1" is not at the expected 
address

warning: difference appears to be caused by prelink, adjusting expectations

warning: .dynamic section for "/usr/lib64/libdistcache.so.1" is not at the 
expected address

warning: difference appears to be caused by prelink, adjusting expectations

warning: .dynamic section for "/usr/lib64/libnal.so.1" is not at the expected 
address

warning: difference appears to be caused by prelink, adjusting expectations

warning: .dynamic section for "/lib64/libnsl.so.1" is not at the expected 
address

warning: difference appears to be caused by prelink, adjusting expectations

warning: .dynamic section for "/lib64/libm.so.6" is not at the expected address

warning: difference appears to be caused by prelink, adjusting expectations

warning: .dynamic section for "/lib64/libexpat.so.0" is not at the expected 
address

warning: difference appears to be caused by prelink, adjusting expectations

warning: .dynamic section for "/lib64/libuuid.so.1" is not at the expected 
address

warning: difference appears to be caused by prelink, adjusting expectations

warning: .dynamic section for "/lib64/librt.so.1" is not at the expected address

warning: difference appears to be caused by prelink, adjusting expectations

warning: .dynamic section for "/lib64/libcrypt.so.1" is not at the expected 
address

warning: difference appears to be caused by prelink, adjusting expectations

warning: .dynamic section for "/lib64/libpthread.so.0" is not at the expected 
address

warning: difference appears to be caused by prelink, adjusting expectations

warning: .dynamic section for "/lib64/libdl.so.2" is not at the expected address

warning: difference appears to be caused by prelink, adjusting expectations

warning: .dynamic section for "/lib64/libc.so.6" is not at the expected address

warning: difference appears to be caused by prelink, adjusting expectations

warning: .dynamic section for "/lib64/libresolv.so.2" is not at the expected 
address

warning: difference appears to be caused by prelink, adjusting expectations

warning: .dynamic section for "/usr/lib64/libsasl2.so.2" is not at the expected 
address

warning: difference appears to be caused by prelink, adjusting expectations

warning: .dynamic section for "/usr/lib64/libgssapi_krb5.so.2" is not at the 
expected address

warning: difference appears to be caused by prelink, adjusting expectations

warning: .dynamic section for "/usr/lib64/libkrb5.so.3" is not at the expected 
address

warning: difference appears to be caused by prelink, adjusting expectations

warning: .dynamic section for "/lib64/libcom_err.so.2" is not at the expected 
address

warning: difference appears to be caused by prelink, adjusting expectations

warning: .dynamic section for "/usr/lib64/libk5crypto.so.3" is not at the 
expected address

warning: difference appears to be caused by prelink, adjusting expectations

warning: .dynamic section for "/usr/lib64/libdb-4.3.so" is not at the expected 
address

warning: difference appears to be caused by prelink, adjusting expectations

warning: .dynamic section for "/lib64/ld-linux-x86-64.so.2" is not at the 
expected address

warning: difference appears to be caused by prelink, adjusting expectations

warning: .dynamic section for "/usr/lib64/libkrb5support.so.0" is not at the 
expected address

warning: difference appears to be caused by prelink, adjusting expectations

warning: .dynamic section for "/lib64/libkeyutils.so.1" is not at the expected 
address

warning: difference appears to be caused by prelink, adjusting expectations

warning: .dynamic section for "/lib64/libselinux.so.1" is not at the expected 
address

warning: difference appears to be caused by prelink, adjusting expectations

warning: .dynamic section for "/lib64/libsepol.so.1" is not at the expected 
address

warning: difference appears to be caused by prelink, adjusting expectations

warning: .dynamic section for "/usr/local/apache/modules/libphp5.so" is not at 
the expected address (wrong library or version mismatch?)

warning: .dynamic section for "/usr/lib64/libaspell.so.15" is not at the 
expected address

warning: difference appears to be caused by prelink, adjusting expectations

warning: .dynamic section for "/usr/lib64/libpspell.so.15" is not at the 
expected address

warning: difference appears to be caused by prelink, adjusting expectations

warning: .dynamic section for "/usr/lib64/libmysqlclient.so.18" is not at the 
expected address

warning: difference appears to be caused by prelink, adjusting expectations

warning: .dynamic section for "/usr/lib64/libltdl.so.3" is not at the expected 
address

warning: difference appears to be caused by prelink, adjusting expectations

warning: .dynamic section for "/lib64/libpam.so.0" is not at the expected 
address

warning: difference appears to be caused by prelink, adjusting expectations

warning: .dynamic section for "/usr/lib64/libfreetype.so.6" is not at the 
expected address

warning: difference appears to be caused by prelink, adjusting expectations

warning: .dynamic section for "/usr/lib64/libX11.so.6" is not at the expected 
address

warning: difference appears to be caused by prelink, adjusting expectations

warning: .dynamic section for "/usr/lib64/libXpm.so.4" is not at the expected 
address

warning: difference appears to be caused by prelink, adjusting expectations

warning: .dynamic section for "/usr/lib64/libpng12.so.0" is not at the expected 
address

warning: difference appears to be caused by prelink, adjusting expectations

warning: .dynamic section for "/usr/lib64/libjpeg.so.62" is not at the expected 
address

warning: difference appears to be caused by prelink, adjusting expectations

warning: .dynamic section for "/usr/lib64/libenchant.so.1" is not at the 
expected address

warning: difference appears to be caused by prelink, adjusting expectations

warning: .dynamic section for "/usr/lib64/libbz2.so.1" is not at the expected 
address

warning: difference appears to be caused by prelink, adjusting expectations

warning: .dynamic section for "/usr/lib64/libidn.so.11" is not at the expected 
address

warning: difference appears to be caused by prelink, adjusting expectations

warning: .dynamic section for "/usr/lib64/libicui18n.so.36" is not at the 
expected address

warning: difference appears to be caused by prelink, adjusting expectations

warning: .dynamic section for "/usr/lib64/libicuuc.so.36" is not at the expected 
address

warning: difference appears to be caused by prelink, adjusting expectations

warning: .dynamic section for "/usr/lib64/libicudata.so.36" is not at the 
expected address

warning: difference appears to be caused by prelink, adjusting expectations

warning: .dynamic section for "/usr/lib64/libicuio.so.36" is not at the expected 
address

warning: difference appears to be caused by prelink, adjusting expectations

warning: .dynamic section for "/lib/libgcc_s.so.1" is not at the expected 
address

warning: difference appears to be caused by prelink, adjusting expectations

warning: .dynamic section for "/usr/lib64/libstdc++.so.6" is not at the expected 
address

warning: difference appears to be caused by prelink, adjusting expectations

warning: .dynamic section for "/lib64/libaudit.so.0" is not at the expected 
address

warning: difference appears to be caused by prelink, adjusting expectations

warning: .dynamic section for "/usr/lib64/libXau.so.6" is not at the expected 
address

warning: difference appears to be caused by prelink, adjusting expectations

warning: .dynamic section for "/usr/lib64/libXdmcp.so.6" is not at the expected 
address

warning: difference appears to be caused by prelink, adjusting expectations

warning: .dynamic section for "/lib64/libgmodule-2.0.so.0" is not at the 
expected address

warning: difference appears to be caused by prelink, adjusting expectations

warning: .dynamic section for "/lib64/libglib-2.0.so.0" is not at the expected 
address

warning: difference appears to be caused by prelink, adjusting expectations

warning: .dynamic section for "/lib/libpython2.7.so.1.0" is not at the expected 
address

warning: difference appears to be caused by prelink, adjusting expectations

warning: .dynamic section for "/lib64/libutil.so.1" is not at the expected 
address

warning: difference appears to be caused by prelink, adjusting expectations
Reading symbols from /usr/lib64/libldap-2.3.so.0...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/libldap-2.3.so.0
Reading symbols from /usr/lib64/liblber-2.3.so.0...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/liblber-2.3.so.0
Reading symbols from /lib64/libssl.so.6...(no debugging symbols found)...done.
Loaded symbols for /lib64/libssl.so.6
Reading symbols from /lib64/libcrypto.so.6...(no debugging symbols 
found)...done.
Loaded symbols for /lib64/libcrypto.so.6
Reading symbols from /usr/lib64/libz.so.1...(no debugging symbols found)...done.
Loaded symbols for /usr/lib64/libz.so.1
Reading symbols from /usr/lib64/libdistcache.so.1...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/libdistcache.so.1
Reading symbols from /usr/lib64/libnal.so.1...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/libnal.so.1
Reading symbols from /lib64/libnsl.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib64/libnsl.so.1
Reading symbols from /opt/pcre/lib/libpcre.so.0...(no debugging symbols 
found)...done.
Loaded symbols for /opt/pcre/lib/libpcre.so.0
Reading symbols from /lib64/libm.so.6...(no debugging symbols found)...done.
Loaded symbols for /lib64/libm.so.6
Reading symbols from /usr/lib64/libaprutil-1.so.0...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/libaprutil-1.so.0
Reading symbols from /lib64/libexpat.so.0...(no debugging symbols found)...done.
Loaded symbols for /lib64/libexpat.so.0
Reading symbols from /usr/lib64/libapr-1.so.0...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/libapr-1.so.0
Reading symbols from /lib64/libuuid.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib64/libuuid.so.1
Reading symbols from /lib64/librt.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib64/librt.so.1
Reading symbols from /lib64/libcrypt.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib64/libcrypt.so.1
Reading symbols from /lib64/libpthread.so.0...(no debugging symbols 
found)...done.
[Thread debugging using libthread_db enabled]
Loaded symbols for /lib64/libpthread.so.0
Reading symbols from /lib64/libdl.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib64/libdl.so.2
Reading symbols from /lib64/libc.so.6...(no debugging symbols found)...done.
Loaded symbols for /lib64/libc.so.6
Reading symbols from /lib64/libresolv.so.2...(no debugging symbols 
found)...done.
Loaded symbols for /lib64/libresolv.so.2
Reading symbols from /usr/lib64/libsasl2.so.2...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/libsasl2.so.2
Reading symbols from /usr/lib64/libgssapi_krb5.so.2...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/libgssapi_krb5.so.2
Reading symbols from /usr/lib64/libkrb5.so.3...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/libkrb5.so.3
Reading symbols from /lib64/libcom_err.so.2...(no debugging symbols 
found)...done.
Loaded symbols for /lib64/libcom_err.so.2
Reading symbols from /usr/lib64/libk5crypto.so.3...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/libk5crypto.so.3
Reading symbols from /usr/lib64/libdb-4.3.so...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/libdb-4.3.so
Reading symbols from /lib64/ld-linux-x86-64.so.2...(no debugging symbols 
found)...done.
Loaded symbols for /lib64/ld-linux-x86-64.so.2
Reading symbols from /usr/lib64/libkrb5support.so.0...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/libkrb5support.so.0
Reading symbols from /lib64/libkeyutils.so.1...(no debugging symbols 
found)...done.
Loaded symbols for /lib64/libkeyutils.so.1
Reading symbols from /lib64/libselinux.so.1...(no debugging symbols 
found)...done.
Loaded symbols for /lib64/libselinux.so.1
Reading symbols from /lib64/libsepol.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib64/libsepol.so.1
Reading symbols from /lib64/libnss_files.so.2...(no debugging symbols 
found)...done.
Loaded symbols for /lib64/libnss_files.so.2
Reading symbols from /usr/local/apache/modules/libphp5.so...done.
Loaded symbols for /usr/local/apache/modules/libphp5.so
Reading symbols from /opt/xslt/lib/libexslt.so.0...done.
Loaded symbols for /opt/xslt/lib/libexslt.so.0
Reading symbols from /opt/tidy/lib/libtidy-0.99.so.0...(no debugging symbols 
found)...done.
Loaded symbols for /opt/tidy/lib/libtidy-0.99.so.0
Reading symbols from /usr/lib64/libaspell.so.15...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/libaspell.so.15
Reading symbols from /usr/lib64/libpspell.so.15...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/libpspell.so.15
Reading symbols from /usr/lib64/libmysqlclient.so.18...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/libmysqlclient.so.18
Reading symbols from /opt/libmcrypt/lib/libmcrypt.so.4...done.
Loaded symbols for /opt/libmcrypt/lib/libmcrypt.so.4
Reading symbols from /usr/lib64/libltdl.so.3...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/libltdl.so.3
Reading symbols from /lib64/libpam.so.0...(no debugging symbols found)...done.
Loaded symbols for /lib64/libpam.so.0
Reading symbols from /usr/lib64/libfreetype.so.6...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/libfreetype.so.6
Reading symbols from /usr/lib64/libX11.so.6...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/libX11.so.6
Reading symbols from /usr/lib64/libXpm.so.4...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/libXpm.so.4
Reading symbols from /usr/lib64/libpng12.so.0...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/libpng12.so.0
Reading symbols from /usr/lib64/libjpeg.so.62...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/libjpeg.so.62
Reading symbols from /usr/lib64/libenchant.so.1...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/libenchant.so.1
Reading symbols from /usr/lib64/libbz2.so.1...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/libbz2.so.1
Reading symbols from /opt/curlssl/lib/libcurl.so.4...(no debugging symbols 
found)...done.
Loaded symbols for /opt/curlssl/lib/libcurl.so.4
Reading symbols from /usr/lib64/libidn.so.11...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/libidn.so.11
Reading symbols from /usr/lib64/libicui18n.so.36...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/libicui18n.so.36
Reading symbols from /usr/lib64/libicuuc.so.36...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/libicuuc.so.36
Reading symbols from /usr/lib64/libicudata.so.36...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/libicudata.so.36
Reading symbols from /usr/lib64/libicuio.so.36...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/libicuio.so.36
Reading symbols from /opt/xslt/lib/libxslt.so.1...done.
Loaded symbols for /opt/xslt/lib/libxslt.so.1
Reading symbols from /opt/xml2/lib/libxml2.so.2...done.
Loaded symbols for /opt/xml2/lib/libxml2.so.2
Reading symbols from /lib/libgcc_s.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib/libgcc_s.so.1
Reading symbols from /usr/lib64/libstdc++.so.6...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/libstdc++.so.6
Reading symbols from /lib64/libaudit.so.0...(no debugging symbols found)...done.
Loaded symbols for /lib64/libaudit.so.0
Reading symbols from /usr/lib64/libXau.so.6...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/libXau.so.6
Reading symbols from /usr/lib64/libXdmcp.so.6...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/libXdmcp.so.6
Reading symbols from /lib64/libgmodule-2.0.so.0...(no debugging symbols 
found)...done.
Loaded symbols for /lib64/libgmodule-2.0.so.0
Reading symbols from /lib64/libglib-2.0.so.0...(no debugging symbols 
found)...done.
Loaded symbols for /lib64/libglib-2.0.so.0
Reading symbols from /usr/local/lib/php/extensions/no-debug-non-zts-
20090626/suhosin.so...done.
Loaded symbols for /usr/local/lib/php/extensions/no-debug-non-zts-
20090626/suhosin.so
Reading symbols from /usr/local/apache/modules/mod_wsgi.so...(no debugging 
symbols found)...done.
Loaded symbols for /usr/local/apache/modules/mod_wsgi.so
Reading symbols from /lib/libpython2.7.so.1.0...done.
Loaded symbols for /lib/libpython2.7.so.1.0
Reading symbols from /lib64/libutil.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib64/libutil.so.1
Reading symbols from /usr/local/apache/modules/mod_rpaf-2.0.so...(no debugging 
symbols found)...done.
Loaded symbols for /usr/local/apache/modules/mod_rpaf-2.0.so
Reading symbols from /usr/local/lib/ruby/gems/1.9.1/gems/passenger-
3.0.12/ext/apache2/mod_passenger.so...done.
Loaded symbols for /usr/local/lib/ruby/gems/1.9.1/gems/passenger-
3.0.12/ext/apache2/mod_passenger.so
Reading symbols from /usr/local/apache/modules/mod_qos.so...(no debugging 
symbols found)...done.
Loaded symbols for /usr/local/apache/modules/mod_qos.so
Reading symbols from /usr/local/apache/modules/mod_perl.so...(no debugging 
symbols found)...done.
Loaded symbols for /usr/local/apache/modules/mod_perl.so
Reading symbols from /usr/local/lib/perl5/5.8.8/x86_64-linux/CORE/libperl.so...
(no debugging symbols found)...done.
Loaded symbols for /usr/local/lib/perl5/5.8.8/x86_64-linux/CORE/libperl.so
Reading symbols from /usr/local/apache/modules/mod_bw.so...(no debugging symbols 
found)...done.
Loaded symbols for /usr/local/apache/modules/mod_bw.so
Reading symbols from /usr/local/apache/modules/mod_bwlimited.so...(no debugging 
symbols found)...done.
Loaded symbols for /usr/local/apache/modules/mod_bwlimited.so
Reading symbols from /usr/local/apache/modules/mod_suphp.so...done.
Loaded symbols for /usr/local/apache/modules/mod_suphp.so
Reading symbols from /opt/lua/lib/liblua.so...done.
Loaded symbols for /opt/lua/lib/liblua.so
Reading symbols from /usr/local/apache/modules/mod_security2.so...done.
Loaded symbols for /usr/local/apache/modules/mod_security2.so
Reading symbols from /usr/local/IonCube/ioncube_loader_lin_5.3.so...(no 
debugging symbols found)...done.
Loaded symbols for /usr/local/IonCube/ioncube_loader_lin_5.3.so
Reading symbols from /usr/local/Zend/lib/Guard-5.5.0/php-
5.3.x/ZendGuardLoader.so...(no debugging symbols found)...done.
Loaded symbols for /usr/local/Zend/lib/Guard-5.5.0/php-5.3.x/ZendGuardLoader.so
Reading symbols from /usr/local/lib/php/extensions/no-debug-non-zts-
20090626/eaccelerator.so...done.
Loaded symbols for /usr/local/lib/php/extensions/no-debug-non-zts-
20090626/eaccelerator.so
Reading symbols from /usr/local/lib/php/extensions/no-debug-non-zts-
20090626/xcache.so...done.
Loaded symbols for /usr/local/lib/php/extensions/no-debug-non-zts-
20090626/xcache.so

warning: no loadable sections found in added symbol-file system-supplied DSO at 
0x7fff503fd000
Core was generated by `/usr/local/apache/bin/httpd -k graceful -DSSL'.
Program terminated with signal 11, Segmentation fault.
#0  0x00002b41cf4c9073 in scan (s=0x11e9cd20 "`\t\276\021", len=<value optimized 
out>, errors=0x11e9cd20, tzdb=0xd, tz_get_wrapper=0)
    at /home/cpeasyapache/src/php-5.3.23/ext/date/lib/parse_date.c:8374
8374					if (yych <= '`') goto yy194;
(gdb) thread apply all bt full

Thread 1 (Thread 0x2b41cf3a9b40 (LWP 5886)):
#0  0x00002b41cf4c9073 in scan (s=0x11e9cd20 "`\t\276\021", len=<value optimized 
out>, errors=0x11e9cd20, tzdb=0xd, tz_get_wrapper=0)
    at /home/cpeasyapache/src/php-5.3.23/ext/date/lib/parse_date.c:8374
        yych = <value optimized out>
        yyaccept = 0
        cursor = <value optimized out>
        str = 0x11e9cd20 "`\t\276\021"
        ptr = 0x11e76d70 ""
        yybm = "\000\000\000\000\000\000\000\000\000d", '\000' <repeats 22 
times>, 
"d\000\000\000\000\000\000\000\000\000\000\200@\240`\000\002\002\002\002\002\002
\002\002\002\002\000\000\000\000\000\000\000", '\b' <repeats 26 times>, 
"\000\000\000\000\000\000\030\030\030X\030\030\030X\030\030\030\030\030X\030\030
\030XXX\030\030\030\030\030\030", '\000' <repeats 132 times>
#1  timelib_strtotime (s=0x11e9cd20 "`\t\276\021", len=<value optimized out>, 
errors=0x11e9cd20, tzdb=0xd, tz_get_wrapper=0)
    at /home/cpeasyapache/src/php-5.3.23/ext/date/lib/parse_date.c:24730
        in = {fd = 0, lim = 0x0, str = 0x11e9cd20 "`\t\276\021", ptr = 
0x51661067 <Address 0x51661067 out of bounds>, 
          cur = 0xd <Address 0xd out of bounds>, tok = 0x2b41cfd1fe1c 
"dns_get_record", pos = 0x2b41d00c4320 "", line = 3477903920, len = 11073, 
          errors = 0x30ed950031, time = 0x7fff50364a10, tzdb = 0x0}
        e = <value optimized out>
#2  0x0000000000000000 in ?? ()
No symbol table info available.

Expected result:
----------------
Don't segfault when parse dates.

Actual result:
--------------
Segfault. Related:
(gdb) where
#0  0x00002b41cf4c9073 in scan (s=0x11e9cd20 "`\t\276\021", len=<value optimized 
out>, errors=0x11e9cd20, tzdb=0xd, tz_get_wrapper=0)
    at /home/cpeasyapache/src/php-5.3.23/ext/date/lib/parse_date.c:8374
#1  timelib_strtotime (s=0x11e9cd20 "`\t\276\021", len=<value optimized out>, 
errors=0x11e9cd20, tzdb=0xd, tz_get_wrapper=0)
    at /home/cpeasyapache/src/php-5.3.23/ext/date/lib/parse_date.c:24730
#2  0x0000000000000000 in ?? ()

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2013-04-11 20:39 UTC] shakaran at gmail dot com

Another more different in this stacktrace:

(gdb) where
#0  0x00002b657d1ed073 in scan (s=0x17560ea0 "imap_header", len=<value optimized 
out>, errors=0x17560ea0, tzdb=0xd, 
    tz_get_wrapper=0x7fffcff08628) at /home/cpeasyapache/src/php-
5.3.23/ext/date/lib/parse_date.c:8374
#1  timelib_strtotime (s=0x17560ea0 "imap_header", len=<value optimized out>, 
errors=0x17560ea0, tzdb=0xd, tz_get_wrapper=0x7fffcff08628)
    at /home/cpeasyapache/src/php-5.3.23/ext/date/lib/parse_date.c:24730
#2  0x0000000000000000 in ?? ()
(gdb) thread apply all bt full

Thread 1 (Thread 0x2b657d0cdb40 (LWP 2470)):
#0  0x00002b657d1ed073 in scan (s=0x17560ea0 "imap_header", len=<value optimized 
out>, errors=0x17560ea0, tzdb=0xd, 
    tz_get_wrapper=0x7fffcff08628) at /home/cpeasyapache/src/php-
5.3.23/ext/date/lib/parse_date.c:8374
        yych = <value optimized out>
        yyaccept = 0
        cursor = <value optimized out>
        str = 0x17560ea0 "imap_header"
        ptr = 0x17556590 ""
        yybm = "\000\000\000\000\000\000\000\000\000d", '\000' <repeats 22 
times>, 
"d\000\000\000\000\000\000\000\000\000\000\200@\240`\000\002\002\002\002\002\002
\002\002\002\002\000\000\000\000\000\000\000", '\b' <repeats 26 times>, 
"\000\000\000\000\000\000\030\030\030X\030\030\030X\030\030\030\030\030X\030\030
\030XXX\030\030\030\030\030\030", '\000' <repeats 132 times>
#1  timelib_strtotime (s=0x17560ea0 "imap_header", len=<value optimized out>, 
errors=0x17560ea0, tzdb=0xd, tz_get_wrapper=0x7fffcff08628)
    at /home/cpeasyapache/src/php-5.3.23/ext/date/lib/parse_date.c:24730
        in = {fd = 0, lim = 0x0, str = 0x17560ea0 "imap_header", ptr = 
0x51615639 <Address 0x51615639 out of bounds>, 
          cur = 0xd <Address 0xd out of bounds>, tok = 0x2b657da43e1c 
"dns_get_record", pos = 0x2b657dde8320 "", line = 2099173936, len = 11109, 
          errors = 0x30ed950031, time = 0x7fffcff08510, tzdb = 0x0}
        e = <value optimized out>
#2  0x0000000000000000 in ?? ()
No symbol table info available.

[2013-04-12 04:15 UTC] laruence@php.net

Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves. 

A proper reproducing script starts with <?php and ends with ?>,
is max. 10-20 lines long and does not require any external 
resources such as databases, etc. If the script requires a 
database to demonstrate the issue, please make sure it creates 
all necessary tables, stored procedures etc.

Please avoid embedding huge scripts into the report.

[2013-04-12 04:15 UTC] laruence@php.net

-Status: Open +Status: Feedback

[2013-04-12 13:15 UTC] johannes@php.net

Also please make sure this is not cpanel related (see also bug #64635)

[2013-04-12 14:18 UTC] shakaran at gmail dot com

-Status: Feedback +Status: Open

[2013-04-12 14:18 UTC] shakaran at gmail dot com

I cannot provide a code example of this bug, because it is a production server 
with hundred of shared users and I don't know what exact php code and moment 
trigger the bug.

Also I am afraid that it is a cPanel PHP bug since that lines in parse_date.c 
don't follow the stacktrace.

Sorry for the noise here, I learn the leason with cPanel PHP, next time I will 
check first for a cPanel PHP bug and try to report in his support (but I am 
afraid that the bug will be ignored by months). Thanks

[2015-06-14 22:54 UTC] cmb@php.net

-Status: Open +Status: Feedback -Assigned To: +Assigned To: cmb

[2015-06-14 22:54 UTC] cmb@php.net

Any news here? Has it turned out to have been a cPanel bug? Does
the issue still persist with current versions of PHP?

[2015-06-28 04:22 UTC] php-bugs at lists dot php dot net

No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Re-Opened". Thank you.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Dec 26 11:01:30 2024 UTC