php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #65470 Segmentation fault in zend_error() with --enable-dtrace
Submitted: 2013-08-18 04:40 UTC Modified: 2013-08-18 06:02 UTC
From: sixd@php.net Assigned:
Status: Closed Package: Reproducible crash
PHP Version: 5.4Git-2013-08-18 (Git) OS: Linux
Private report: No CVE-ID:
 [2013-08-18 04:40 UTC] sixd@php.net
Description:
------------
A segmentation fault can occur in zend_error() with --enable-dtrace.
The zend_vspprintf() call in the DTRACE_ERROR_ENABLED() block leaves
args undefined:

  "If ap is passed to a function that uses va_arg(ap,type) then the
  value of ap is undefined after the return of that function."

When args is used again later in zend_error(), a seg fault can occur.

Test script:
---------------
As root:
-------------------
# dtrace -Z -s error.d 
dtrace: script 'error.d' matched 0 probes
CPU     ID                    FUNCTION:NAME
  0      6                 zend_error:error PHP error
--------------------


As a normal user:
--------------------
$ php error.php 
Segmentation fault (core dumped)
--------------------

Where error.d is:

php*:::error { printf("PHP error\n"); }

and error.php is:

<?php trigger_error('This is an error', E_USER_ERROR); ?>



Patches

bug65470 (last revision 2013-08-18 05:05 UTC) by sixd@php.net)

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2013-08-18 04:40 UTC] sixd@php.net
-Assigned To: +Assigned To: sixd
 [2013-08-18 04:41 UTC] sixd@php.net
I'm currently testing a patch.
 [2013-08-18 05:05 UTC] sixd@php.net
The following patch has been added/updated:

Patch Name: bug65470
Revision:   1376802312
URL:        https://bugs.php.net/patch-display.php?bug=65470&patch=bug65470&revision=1376802312
 [2013-08-18 06:02 UTC] sixd@php.net
-Status: Assigned +Status: Open -Assigned To: sixd +Assigned To:
 [2013-08-18 06:02 UTC] sixd@php.net
The patch tested OK and can be applied to PHP 5.4, 5.5 and master.  This requires 
zend karma, which I don't have.
 [2013-08-19 00:23 UTC] stas@php.net
Automatic comment on behalf of stas
Revision: http://git.php.net/?p=php-src.git;a=commit;h=14f5732096575f3c4ff0438e6650238370cb465c
Log: Fix bug #65470	Segmentation fault in zend_error() with --enable-dtrace
 [2013-08-19 00:23 UTC] stas@php.net
-Status: Open +Status: Closed
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Sat Apr 19 19:02:15 2014 UTC