php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #66896 SIGSEGV when using unserialized OAuth instance
Submitted: 2014-03-13 09:50 UTC Modified: 2014-12-30 21:45 UTC
Votes:4
Avg. Score:4.5 ± 0.5
Reproduced:4 of 4 (100.0%)
Same Version:0 (0.0%)
Same OS:3 (75.0%)
From: paulhooijenga at gmail dot com Assigned:
Status: Closed Package: oauth (PECL)
PHP Version: Irrelevant OS: Linux
Private report: No CVE-ID: None
 [2014-03-13 09:50 UTC] paulhooijenga at gmail dot com
Description:
------------
The OAuth plugin causes a segmentation fault when trying to use an OAuth instance that has been serialized, due to an internal hashtable being uninitialized.

I'm using OAuth 1.2.3
PHP was configured with: './configure'  '--enable-debug' '--disable-short-tags' '--with-layout=GNU' '--enable-bcmath' '--enable-calendar' '--enable-exif' '--enable-ftp' '--enable-pcntl' '--enable-soap' '--enable-sockets' '--enable-wddx' '--enable-zip' '--with-zlib' '--with-gettext' '--with-mysql' '--with-mysqli' '--with-pdo-mysql' '--with-openssl' '--enable-mbstring' '--prefix=/opt/phpfarm/inst/php-5.5.10-debug' '--exec-prefix=/opt/phpfarm/inst/php-5.5.10-debug' '--with-pear=/opt/phpfarm/inst/php-5.5.10-debug/pear'

I've confirmed the problem exists in PHP versions 5.3.20, 5.4.10, 5.4.26 and 5.5.10.

Test script:
---------------
<?php

$oauth = new OAuth("an api key", "the api secret");
$oauth->setToken("oauth_token", "oauth_token_secret");

$ok = $oauth->fetch("http://requestb.in/13mvefd1");
var_dump($ok);

$s = serialize($oauth);
var_dump($s);

$oauth2 = unserialize($s);
$ok = $oauth2->fetch("http://requestb.in/13mvefd1");
var_dump($ok);


Expected result:
----------------
I expect both requests to complete sucessfully.

Actual result:
--------------
Program received signal SIGSEGV, Segmentation fault.
0x00000000009c5b81 in _zend_is_inconsistent (ht=0x0, file=0xef7b58 "/opt/phpfarm/src/php-5.5.10-debug/Zend/zend_hash.c", line=946) at /opt/phpfarm/src/php-5.5.10-debug/Zend/zend_hash.c:54
54		if (ht->inconsistent==HT_OK) {
(gdb) bt
#0  0x00000000009c5b81 in _zend_is_inconsistent (ht=0x0, file=0xef7b58 "/opt/phpfarm/src/php-5.5.10-debug/Zend/zend_hash.c", line=946) at /opt/phpfarm/src/php-5.5.10-debug/Zend/zend_hash.c:54
#1  0x00000000009c894a in zend_hash_quick_find (ht=0x0, arKey=0x7ffff5ed0ae5 "oauth_auth_method", nKeyLength=18, h=14655627377221078647, pData=0x7fffffffa648) at /opt/phpfarm/src/php-5.5.10-debug/Zend/zend_hash.c:946
#2  0x00007ffff5ebcd83 in soo_get_property (soo=0x7ffff7e01a68, prop_name=0x7ffff5ed0ae5 "oauth_auth_method") at /tmp/pear/temp/oauth/oauth.c:393
#3  0x00007ffff5ec5c68 in oauth_fetch (soo=0x7ffff7e01a68, url=0x7ffff7ec0328 "http://requestb.in/13mvefd1", method=0x0, request_params=0x0, request_headers=0x0, init_oauth_args=0x0, fetch_flags=9) at /tmp/pear/temp/oauth/oauth.c:1593
#4  0x00007ffff5eca2f9 in zim_oauth_fetch (ht=1, return_value=0x7ffff7fcd368, return_value_ptr=0x0, this_ptr=0x7ffff7dfd920, return_value_used=1) at /tmp/pear/temp/oauth/oauth.c:2627
#5  0x00000000009f4a17 in zend_do_fcall_common_helper_SPEC (execute_data=0x7ffff7f90348) at /opt/phpfarm/src/php-5.5.10-debug/Zend/zend_vm_execute.h:550
#6  0x00000000009f51ea in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0x7ffff7f90348) at /opt/phpfarm/src/php-5.5.10-debug/Zend/zend_vm_execute.h:685
#7  0x00000000009f410a in execute_ex (execute_data=0x7ffff7f90348) at /opt/phpfarm/src/php-5.5.10-debug/Zend/zend_vm_execute.h:363
#8  0x00000000009f4193 in zend_execute (op_array=0x7ffff7fc9a08) at /opt/phpfarm/src/php-5.5.10-debug/Zend/zend_vm_execute.h:388
#9  0x00000000009b5a69 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /opt/phpfarm/src/php-5.5.10-debug/Zend/zend.c:1316
#10 0x000000000091f212 in php_execute_script (primary_file=0x7fffffffcf20) at /opt/phpfarm/src/php-5.5.10-debug/main/main.c:2506
#11 0x0000000000a63e42 in do_cli (argc=5, argv=0x1262050) at /opt/phpfarm/src/php-5.5.10-debug/sapi/cli/php_cli.c:994
#12 0x0000000000a65170 in main (argc=5, argv=0x1262050) at /opt/phpfarm/src/php-5.5.10-debug/sapi/cli/php_cli.c:1378


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2014-05-09 10:24 UTC] indeyets@php.net
-Status: Open +Status: Feedback
 [2014-05-09 10:24 UTC] indeyets@php.net
Not enough information was provided for us to be able
to handle this bug. Please re-read the instructions at
http://bugs.php.net/how-to-report.php

If you can provide more information, feel free to add it
to this bug and change the status back to "Open".

Thank you for your interest in PHP.


The link you gave doesn't work anymore. Can you attach its contents to this report please?
 [2014-05-09 10:57 UTC] paulhooijenga at gmail dot com
The webservice I used is not part of the problem. I used a RequestBin to help illustrate the problem, but any webservice will do.

Just for arguments sake, here is one I created today: http://requestb.in/1g8fxwp1?inspect and a screenshot of its contents: http://i.imgur.com/Hrinvas.png

Regards,
-- Paul
 [2014-12-30 10:42 UTC] pecl-dev at lists dot php dot net
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Re-Opened". Thank you.
 [2014-12-30 21:45 UTC] paulhooijenga at gmail dot com
-Status: No Feedback +Status: Closed
 [2014-12-30 21:45 UTC] paulhooijenga at gmail dot com
Please re-open this ticket, or let me know what further information is needed.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri Mar 29 10:01:28 2024 UTC