php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #68637 Segmentation fault in function php_strlcpy
Submitted: 2014-12-23 12:20 UTC Modified: 2014-12-23 15:04 UTC
Votes:3
Avg. Score:3.0 ± 0.0
Reproduced:2 of 2 (100.0%)
Same Version:2 (100.0%)
Same OS:1 (50.0%)
From: xoJIog at inbox dot lv Assigned:
Status: Open Package: Reproducible crash
PHP Version: 5.5.20 OS: gentoo
Private report: No CVE-ID: None
View Add Comment Developer Edit
Have you experienced this issue?
Rate the importance of this bug to you:

 [2014-12-23 12:20 UTC] xoJIog at inbox dot lv 
Description:
------------
PHP segfaults when src is null in function php_strlcpy

Expected result:
----------------
expected to check src

Actual result:
--------------
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x084e4795 in php_strlcpy (dst=0xbd55f35c "", src=0x0, siz=1024) at /var/tmp/portage/dev-lang/php-5.5.19/work/sapis-build/fpm/main/strlcpy.c:78
78      /var/tmp/portage/dev-lang/php-5.5.19/work/sapis-build/fpm/main/strlcpy.c: No such file or directory.
(gdb) bt
#0  0x084e4795 in php_strlcpy (dst=0xbd55f35c "", src=0x0, siz=1024) at /var/tmp/portage/dev-lang/php-5.5.19/work/sapis-build/fpm/main/strlcpy.c:78
#1  0x082085a0 in mm_login (mb=0xbd55efbc, user=0xbd55f35c "", pwd=0xbd55f75c "", trial=0) at /var/tmp/portage/dev-lang/php-5.5.19/work/sapis-build/fpm/ext/imap/php_imap.c:5098
#2  0xa69a2e0b in imap_login () from /usr/lib/libc-client.so.1
#3  0xa69a1a17 in imap_open () from /usr/lib/libc-client.so.1
#4  0xa696dfd0 in mail_open_work () from /usr/lib/libc-client.so.1
#5  0xa696d943 in mail_open () from /usr/lib/libc-client.so.1
#6  0x081f82a2 in zif_imap_reopen (ht=3, return_value=0xce1ea48, return_value_ptr=0x0, this_ptr=0x0, return_value_used=1) at /var/tmp/portage/dev-lang/php-5.5.19/work/sapis-build/fpm/ext/imap/php_imap.c:1327
#7  0x085a75db in zend_do_fcall_common_helper_SPEC (execute_data=0xa42d4194) at /var/tmp/portage/dev-lang/php-5.5.19/work/sapis-build/fpm/Zend/zend_vm_execute.h:550
#8  0x085a7d4f in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0xa42d4194) at /var/tmp/portage/dev-lang/php-5.5.19/work/sapis-build/fpm/Zend/zend_vm_execute.h:685
#9  0x085a6d2b in execute_ex (execute_data=0xa42d4194) at /var/tmp/portage/dev-lang/php-5.5.19/work/sapis-build/fpm/Zend/zend_vm_execute.h:363
#10 0x085a6db9 in zend_execute (op_array=0xce00274) at /var/tmp/portage/dev-lang/php-5.5.19/work/sapis-build/fpm/Zend/zend_vm_execute.h:388
#11 0x08554b6d in zend_call_function (fci=0xbd560d74, fci_cache=0xbd560d60) at /var/tmp/portage/dev-lang/php-5.5.19/work/sapis-build/fpm/Zend/zend_execute_API.c:937
#12 0x0839a748 in zif_call_user_func_array (ht=2, return_value=0xce24148, return_value_ptr=0x0, this_ptr=0x0, return_value_used=1) at /var/tmp/portage/dev-lang/php-5.5.19/work/sapis-build/fpm/ext/standard/basic_functions.c:4806
#13 0x085a75db in zend_do_fcall_common_helper_SPEC (execute_data=0xa42d409c) at /var/tmp/portage/dev-lang/php-5.5.19/work/sapis-build/fpm/Zend/zend_vm_execute.h:550
#14 0x085a7d4f in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0xa42d409c) at /var/tmp/portage/dev-lang/php-5.5.19/work/sapis-build/fpm/Zend/zend_vm_execute.h:685
#15 0x085a6d2b in execute_ex (execute_data=0xa42d409c) at /var/tmp/portage/dev-lang/php-5.5.19/work/sapis-build/fpm/Zend/zend_vm_execute.h:363
#16 0x085a6db9 in zend_execute (op_array=0xccddd4c) at /var/tmp/portage/dev-lang/php-5.5.19/work/sapis-build/fpm/Zend/zend_vm_execute.h:388
#17 0x08554b6d in zend_call_function (fci=0xbd560f94, fci_cache=0xbd560f80) at /var/tmp/portage/dev-lang/php-5.5.19/work/sapis-build/fpm/Zend/zend_execute_API.c:937
#18 0x0839a748 in zif_call_user_func_array (ht=2, return_value=0xccfaff0, return_value_ptr=0x0, this_ptr=0x0, return_value_used=1) at /var/tmp/portage/dev-lang/php-5.5.19/work/sapis-build/fpm/ext/standard/basic_functions.c:4806
#19 0x085a75db in zend_do_fcall_common_helper_SPEC (execute_data=0xa42d3b08) at /var/tmp/portage/dev-lang/php-5.5.19/work/sapis-build/fpm/Zend/zend_vm_execute.h:550
#20 0x085a7d4f in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0xa42d3b08) at /var/tmp/portage/dev-lang/php-5.5.19/work/sapis-build/fpm/Zend/zend_vm_execute.h:685
#21 0x085a6d2b in execute_ex (execute_data=0xa42d3b08) at /var/tmp/portage/dev-lang/php-5.5.19/work/sapis-build/fpm/Zend/zend_vm_execute.h:363
#22 0x085a6db9 in zend_execute (op_array=0xa42ef25c) at /var/tmp/portage/dev-lang/php-5.5.19/work/sapis-build/fpm/Zend/zend_vm_execute.h:388
#23 0x08568228 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /var/tmp/portage/dev-lang/php-5.5.19/work/sapis-build/fpm/Zend/zend.c:1330
#24 0x084d4ece in php_execute_script (primary_file=0xbd565464) at /var/tmp/portage/dev-lang/php-5.5.19/work/sapis-build/fpm/main/main.c:2506
#25 0x08626668 in main (argc=5, argv=0xbd5655b4) at /var/tmp/portage/dev-lang/php-5.5.19/work/sapis-build/fpm/sapi/fpm/fpm/fpm_main.c:1949

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2014-12-23 15:04 UTC] xoJIog at inbox dot lv 
--- main/strlcpy.c.orig 2014-12-23 14:23:25.451809947 +0200
+++ main/strlcpy.c      2014-12-23 14:25:13.439982613 +0200
@@ -73,7 +73,7 @@
        register size_t n = siz;
 
        /* Copy as many bytes as will fit */
-       if (n != 0 && --n != 0) {
+       if (n != 0 && --n != 0 && src) {
                do {
                        if ((*d++ = *s++) == 0)
                                break;
 
PHP Copyright © 2001-2020 The PHP Group
All rights reserved. 		Last updated: Wed Sep 23 04:01:25 2020 UTC