php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #66412 readline_clear_history() with libedit causes segfault after #65714
Submitted: 2014-01-04 19:27 UTC Modified: 2014-01-20 07:32 UTC
From: php at 0x7f dot us Assigned: remi (profile)
Status: Closed Package: Readline related
PHP Version: 5.5.7 OS: OS X 10.9.1
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: php at 0x7f dot us
New email:
PHP Version: OS:

 

 [2014-01-04 19:27 UTC] php at 0x7f dot us
Description:
------------
Since PHP 5.5.7, calling `readline_clear_history()` segfaults.

PHP 5.5.7 (installed via Homebrew)
OS X 10.9

And whatever libedit version ships with OS X 10.9 (Mavericks). From the readline.h file:

    /* $NetBSD: readline.h,v 1.33 2012/05/15 17:30:04 christos Exp $ */

Note that this is over 11 years newer than the header comment in the SourceForge project linked from the readline ext readme (http://sourceforge.net/projects/libedit/)

    /* $NetBSD: readline.h,v 1.1 2001/01/05 21:15:50 jdolecek Exp $ */

This version of libedit seems to actually be maintained, I imagine it is more like what is available on OS X:

    http://www.thrysoee.dk/editline

Reverting b8d88bf (a fix for #65714) fixes the segfault.

Configure command: ./configure --prefix=/usr/local/Cellar/php55/5.5.7 --localstatedir=/usr/local/var --sysconfdir=/usr/local/etc/php/5.5 --with-config-file-path=/usr/local/etc/php/5.5 --with-config-file-scan-dir=/usr/local/etc/php/5.5/conf.d --with-iconv-dir=/usr --enable-dba --with-ndbm=/usr --enable-exif --enable-soap --enable-wddx --enable-ftp --enable-sockets --enable-zip --enable-shmop --enable-sysvsem --enable-sysvshm --enable-sysvmsg --enable-mbstring --enable-mbregex --enable-bcmath --enable-calendar --with-zlib=/usr/local/opt/zlib --with-ldap --with-ldap-sasl=/usr --with-xmlrpc --with-kerberos=/usr --with-gd --enable-gd-native-ttf --with-freetype-dir=/usr/local/opt/freetype --with-jpeg-dir=/usr/local/opt/jpeg --with-png-dir=/usr/local/opt/libpng --with-gettext=/usr/local/opt/gettext --with-snmp=/usr --with-libedit --with-unixODBC=/usr/local/opt/unixodbc --with-pdo-odbc=unixODBC,/usr/local/opt/unixodbc --mandir=/usr/local/Cellar/php55/5.5.7/share/man --with-mhash --with-curl --with-bz2=/usr --disable-debug --with-openssl=/usr --with-xsl=/usr --with-apxs2=/usr/sbin/apxs --libexecdir=/usr/local/Cellar/php55/5.5.7/libexec --with-mysql-sock=/tmp/mysql.sock --with-mysqli=mysqlnd --with-mysql=mysqlnd --with-pdo-mysql=mysqlnd --enable-pcntl --enable-zend-signals --enable-dtrace --enable-opcache

Test script:
---------------
<?php readline_clear_history();

Expected result:
----------------
Expected nothing to happen.

Actual result:
--------------
'php test.php ' terminated by signal SIGSEGV (Address boundary error)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2014-01-19 14:49 UTC] felipe@php.net
-Status: Open +Status: Assigned -Assigned To: +Assigned To: remi
 [2014-01-20 07:32 UTC] remi@php.net
The patch for bug #65714 drop the call to using_history in module init.

Checking all libedit functions, this check is done in each functions (add_history, rad_history, write_history, ...) but is missing in clear_history.

Calling it before clear_history solves the segfault (and avoid having to revert the fix, which is still useful).
 [2014-01-20 07:41 UTC] remi@php.net
Automatic comment on behalf of remi
Revision: http://git.php.net/?p=php-src.git;a=commit;h=31d67bd35362c1ab570caccedfec3e24257b55c5
Log: Fixed Bug #66412 readline_clear_history() with libedit causes segfault after #65714
 [2014-01-20 07:41 UTC] remi@php.net
-Status: Assigned +Status: Closed
 [2014-01-20 17:07 UTC] ab@php.net
Automatic comment on behalf of remi
Revision: http://git.php.net/?p=php-src.git;a=commit;h=31d67bd35362c1ab570caccedfec3e24257b55c5
Log: Fixed Bug #66412 readline_clear_history() with libedit causes segfault after #65714
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Wed Oct 09 06:01:26 2024 UTC