php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #67049 Segfault in ps_begin_page()
Submitted: 2014-04-09 12:56 UTC Modified: 2021-11-19 14:15 UTC
From: daverandom@php.net Assigned:
Status: Verified Package: ps (PECL)
PHP Version: 5.6.0alpha3 OS: CentOS 6.5
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: daverandom@php.net
New email:
PHP Version: OS:

 

 [2014-04-09 12:56 UTC] daverandom@php.net
Description:
------------
ps_begin_page() segfaults.

The same behaviour with the same trace has also been observed on CentOS 6.4 with PHP 5.4.26.

In both instances, the extension was installed via PECL and pslib was installed via yum.

Test script:
---------------
<?php

error_reporting(-1);
ini_set('display_errors', 1);

$ps = ps_new();
ps_begin_page($ps, 100, 100);
ps_show($ps, 'This is some text!');
ps_open_file($ps, '/app/test.ps');
ps_close($ps);


Actual result:
--------------
Valgrind output:

==19852== Memcheck, a memory error detector
==19852== Copyright (C) 2002-2012, and GNU GPL'd, by Julian Seward et al.
==19852== Using Valgrind-3.8.1 and LibVEX; rerun with -h for copyright info
==19852== Command: php ps.php
==19852==
==19852== Jump to the invalid address stated on the next line
==19852==    at 0x0: ???
==19852==    by 0xEA5FADA: ps_printf (in /usr/lib64/libps.so.0.4.5)
==19852==    by 0xEA4B01C: ??? (in /usr/lib64/libps.so.0.4.5)
==19852==    by 0xEA53F07: PS_begin_page (in /usr/lib64/libps.so.0.4.5)
==19852==    by 0xE83891C: zif_ps_begin_page (ps.c:374)
==19852==    by 0x90201A: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:558)
==19852==    by 0x8F074A: execute_ex (zend_vm_execute.h:363)
==19852==    by 0x878D26: zend_execute_scripts (zend.c:1330)
==19852==    by 0x80BD9A: php_execute_script (main.c:2584)
==19852==    by 0x92AF93: do_cli (php_cli.c:994)
==19852==    by 0x92B81C: main (php_cli.c:1378)
==19852==  Address 0x0 is not stack'd, malloc'd or (recently) free'd
==19852==
==19852==
==19852== Process terminating with default action of signal 11 (SIGSEGV)
==19852==  Bad permissions for mapped region at address 0x0
==19852==    at 0x0: ???
==19852==    by 0xEA5FADA: ps_printf (in /usr/lib64/libps.so.0.4.5)
==19852==    by 0xEA4B01C: ??? (in /usr/lib64/libps.so.0.4.5)
==19852==    by 0xEA53F07: PS_begin_page (in /usr/lib64/libps.so.0.4.5)
==19852==    by 0xE83891C: zif_ps_begin_page (ps.c:374)
==19852==    by 0x90201A: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:558)
==19852==    by 0x8F074A: execute_ex (zend_vm_execute.h:363)
==19852==    by 0x878D26: zend_execute_scripts (zend.c:1330)
==19852==    by 0x80BD9A: php_execute_script (main.c:2584)
==19852==    by 0x92AF93: do_cli (php_cli.c:994)
==19852==    by 0x92B81C: main (php_cli.c:1378)
==19852==
==19852== HEAP SUMMARY:
==19852==     in use at exit: 5,695,812 bytes in 52,170 blocks
==19852==   total heap usage: 71,898 allocs, 19,728 frees, 7,083,242 bytes allocated
==19852==
==19852== LEAK SUMMARY:
==19852==    definitely lost: 0 bytes in 0 blocks
==19852==    indirectly lost: 0 bytes in 0 blocks
==19852==      possibly lost: 0 bytes in 0 blocks
==19852==    still reachable: 5,695,812 bytes in 52,170 blocks
==19852==         suppressed: 0 bytes in 0 blocks
==19852== Rerun with --leak-check=full to see details of leaked memory
==19852==
==19852== For counts of detected and suppressed errors, rerun with: -v
==19852== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 8 from 6)
Segmentation fault


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2021-11-19 14:15 UTC] cmb@php.net
-Status: Open +Status: Verified
 [2021-11-19 14:15 UTC] cmb@php.net
You need to call ps_open_file() before calling ps_begin_page() to
avoid that segfault.  Only ps_open_file() will initialize the
proper output handler of pslib.  Read also the fine documentation
on ps_new()[1].

In my opinion, this script shouldn't segfault, though, but rather
the API misuse should be handled, and reported to the user.

[1] <https://www.php.net/ps_new>
 
PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Mon Aug 15 12:05:44 2022 UTC