php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #65470 Segmentation fault in zend_error() with --enable-dtrace
Submitted: 2013-08-18 04:40 UTC Modified: 2013-08-18 06:02 UTC
From: sixd@php.net Assigned:
Status: Closed Package: Reproducible crash
PHP Version: 5.4Git-2013-08-18 (Git) OS: Linux
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: sixd@php.net
New email:
PHP Version: OS:

 

 [2013-08-18 04:40 UTC] sixd@php.net
Description:
------------
A segmentation fault can occur in zend_error() with --enable-dtrace.
The zend_vspprintf() call in the DTRACE_ERROR_ENABLED() block leaves
args undefined:

  "If ap is passed to a function that uses va_arg(ap,type) then the
  value of ap is undefined after the return of that function."

When args is used again later in zend_error(), a seg fault can occur.

Test script:
---------------
As root:
-------------------
# dtrace -Z -s error.d 
dtrace: script 'error.d' matched 0 probes
CPU     ID                    FUNCTION:NAME
  0      6                 zend_error:error PHP error
--------------------


As a normal user:
--------------------
$ php error.php 
Segmentation fault (core dumped)
--------------------

Where error.d is:

php*:::error { printf("PHP error\n"); }

and error.php is:

<?php trigger_error('This is an error', E_USER_ERROR); ?>



Patches

bug65470 (last revision 2013-08-18 05:05 UTC by sixd@php.net)

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2013-08-18 04:40 UTC] sixd@php.net
-Assigned To: +Assigned To: sixd
 [2013-08-18 04:41 UTC] sixd@php.net
I'm currently testing a patch.
 [2013-08-18 05:05 UTC] sixd@php.net
The following patch has been added/updated:

Patch Name: bug65470
Revision:   1376802312
URL:        https://bugs.php.net/patch-display.php?bug=65470&patch=bug65470&revision=1376802312
 [2013-08-18 06:02 UTC] sixd@php.net
-Status: Assigned +Status: Open -Assigned To: sixd +Assigned To:
 [2013-08-18 06:02 UTC] sixd@php.net
The patch tested OK and can be applied to PHP 5.4, 5.5 and master.  This requires 
zend karma, which I don't have.
 [2013-08-19 00:23 UTC] stas@php.net
Automatic comment on behalf of stas
Revision: http://git.php.net/?p=php-src.git;a=commit;h=14f5732096575f3c4ff0438e6650238370cb465c
Log: Fix bug #65470	Segmentation fault in zend_error() with --enable-dtrace
 [2013-08-19 00:23 UTC] stas@php.net
-Status: Open +Status: Closed
 [2014-10-07 23:17 UTC] stas@php.net
Automatic comment on behalf of stas
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=14f5732096575f3c4ff0438e6650238370cb465c
Log: Fix bug #65470	Segmentation fault in zend_error() with --enable-dtrace
 [2014-10-07 23:28 UTC] stas@php.net
Automatic comment on behalf of stas
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=14f5732096575f3c4ff0438e6650238370cb465c
Log: Fix bug #65470	Segmentation fault in zend_error() with --enable-dtrace
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Dec 03 11:01:29 2024 UTC