php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #66412 readline_clear_history() with libedit causes segfault after #65714
Submitted: 2014-01-04 19:27 UTC Modified: 2014-01-20 07:32 UTC
From: php at 0x7f dot us Assigned: remi
Status: Closed Package: Readline related
PHP Version: 5.5.7 OS: OS X 10.9.1
Private report: No CVE-ID:
 [2014-01-04 19:27 UTC] php at 0x7f dot us
Description:
------------
Since PHP 5.5.7, calling `readline_clear_history()` segfaults.

PHP 5.5.7 (installed via Homebrew)
OS X 10.9

And whatever libedit version ships with OS X 10.9 (Mavericks). From the readline.h file:

    /* $NetBSD: readline.h,v 1.33 2012/05/15 17:30:04 christos Exp $ */

Note that this is over 11 years newer than the header comment in the SourceForge project linked from the readline ext readme (http://sourceforge.net/projects/libedit/)

    /* $NetBSD: readline.h,v 1.1 2001/01/05 21:15:50 jdolecek Exp $ */

This version of libedit seems to actually be maintained, I imagine it is more like what is available on OS X:

    http://www.thrysoee.dk/editline

Reverting b8d88bf (a fix for #65714) fixes the segfault.

Configure command: ./configure --prefix=/usr/local/Cellar/php55/5.5.7 --localstatedir=/usr/local/var --sysconfdir=/usr/local/etc/php/5.5 --with-config-file-path=/usr/local/etc/php/5.5 --with-config-file-scan-dir=/usr/local/etc/php/5.5/conf.d --with-iconv-dir=/usr --enable-dba --with-ndbm=/usr --enable-exif --enable-soap --enable-wddx --enable-ftp --enable-sockets --enable-zip --enable-shmop --enable-sysvsem --enable-sysvshm --enable-sysvmsg --enable-mbstring --enable-mbregex --enable-bcmath --enable-calendar --with-zlib=/usr/local/opt/zlib --with-ldap --with-ldap-sasl=/usr --with-xmlrpc --with-kerberos=/usr --with-gd --enable-gd-native-ttf --with-freetype-dir=/usr/local/opt/freetype --with-jpeg-dir=/usr/local/opt/jpeg --with-png-dir=/usr/local/opt/libpng --with-gettext=/usr/local/opt/gettext --with-snmp=/usr --with-libedit --with-unixODBC=/usr/local/opt/unixodbc --with-pdo-odbc=unixODBC,/usr/local/opt/unixodbc --mandir=/usr/local/Cellar/php55/5.5.7/share/man --with-mhash --with-curl --with-bz2=/usr --disable-debug --with-openssl=/usr --with-xsl=/usr --with-apxs2=/usr/sbin/apxs --libexecdir=/usr/local/Cellar/php55/5.5.7/libexec --with-mysql-sock=/tmp/mysql.sock --with-mysqli=mysqlnd --with-mysql=mysqlnd --with-pdo-mysql=mysqlnd --enable-pcntl --enable-zend-signals --enable-dtrace --enable-opcache

Test script:
---------------
<?php readline_clear_history();

Expected result:
----------------
Expected nothing to happen.

Actual result:
--------------
'php test.php ' terminated by signal SIGSEGV (Address boundary error)

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2014-01-19 14:49 UTC] felipe@php.net
-Status: Open +Status: Assigned -Assigned To: +Assigned To: remi
 [2014-01-20 07:32 UTC] remi@php.net
The patch for bug #65714 drop the call to using_history in module init.

Checking all libedit functions, this check is done in each functions (add_history, rad_history, write_history, ...) but is missing in clear_history.

Calling it before clear_history solves the segfault (and avoid having to revert the fix, which is still useful).
 [2014-01-20 07:41 UTC] remi@php.net
Automatic comment on behalf of remi
Revision: http://git.php.net/?p=php-src.git;a=commit;h=31d67bd35362c1ab570caccedfec3e24257b55c5
Log: Fixed Bug #66412 readline_clear_history() with libedit causes segfault after #65714
 [2014-01-20 07:41 UTC] remi@php.net
-Status: Assigned +Status: Closed
 [2014-01-20 17:07 UTC] ab@php.net
Automatic comment on behalf of remi
Revision: http://git.php.net/?p=php-src.git;a=commit;h=31d67bd35362c1ab570caccedfec3e24257b55c5
Log: Fixed Bug #66412 readline_clear_history() with libedit causes segfault after #65714
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Wed Apr 23 14:02:33 2014 UTC