php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #68441 segmentation fault in svn_diff() on PHP 5.5
Submitted: 2014-11-18 03:23 UTC Modified: -
Votes:4
Avg. Score:4.8 ± 0.4
Reproduced:4 of 4 (100.0%)
Same Version:3 (75.0%)
Same OS:3 (75.0%)
From: ashish dot is at lostca dot se Assigned:
Status: Open Package: svn (PECL)
PHP Version: Irrelevant OS: Debian GNU/Linux
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2014-11-18 03:23 UTC] ashish dot is at lostca dot se
Description:
------------
Output of `php -v':

-----8<------------8<--------------
PHP 5.5.17 (cli) (built: Sep 27 2014 03:44:19) 
Copyright (c) 1997-2014 The PHP Group
Zend Engine v2.5.0, Copyright (c) 1998-2014 Zend Technologies
    with Zend OPcache v7.0.4-dev, Copyright (c) 1999-2014, by Zend Technologies
-----8<------------8<--------------

The parsing of parameters is broken in this function, i.e. different from what is mentioned in the documentation.

Test script:
---------------
<?php

var_dump( svn_diff( 'https://core.svn.wordpress.org/trunk/index.php', 19710, 'https://core.svn.wordpress.org/trunk/index.php', 30000 ) );

Expected result:
----------------
array(2) {
  [0] =>
  resource(4) of type (stream)
  [1] =>
  resource(5) of type (stream)
}


Actual result:
--------------
(gdb) bt
#0  0x00007ffff5bbe052 in ?? () from /usr/local/php5.5/lib/libc.so.6
#1  0x00007fffece72152 in ?? () from /usr/lib/libsvn_subr-1.so.1
#2  0x00007fffece72643 in svn_utf_cstring_to_utf8 () from /usr/lib/libsvn_subr-1.so.1
#3  0x00007fffed758398 in zif_svn_diff (ht=<value optimized out>, return_value=0x7ffff7fe4818, return_value_ptr=<value optimized out>, this_ptr=<value optimized out>, return_value_used=<value optimized out>)
    at /buildroot/php5-extensions/svn-1.0.2/svn.c:1275
#4  0x000000000076e7cb in ?? ()
#5  0x000000000075fc60 in execute_ex ()
#6  0x00000000006ea089 in zend_execute_scripts ()
#7  0x000000000068b2f9 in php_execute_script ()
#8  0x000000000079d00e in ?? ()
#9  0x000000000079d7c8 in ?? ()
#10 0x00007ffff5ad4c8d in __libc_start_main () from /usr/local/php5.5/lib/libc.so.6
#11 0x0000000000429529 in _start ()

Patches

svn.c.diff (last revision 2014-11-18 03:23 UTC by ashish dot is at lostca dot se)

Add a Patch

Pull Requests

Add a Pull Request

 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Fri Mar 22 01:01:26 2019 UTC