|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
[2015-04-07 15:15 UTC] come dot bernigaud at opensides dot be
Description:
------------
Hello, running Debian Jessie which includes php 5.6.7+dfsg-1, I get a segfault while using FusionDirectory, the same code does not segfault on Debian Wheezy which has an older version of PHP.
Expected result:
----------------
No segfault
Actual result:
--------------
#0 0xb7d9ea77 in _int_malloc (av=av@entry=0xb7ed1420 <main_arena>, bytes=bytes@entry=4060) at malloc.c:3302
#1 0xb7da0b31 in __GI___libc_malloc (bytes=4060) at malloc.c:2891
#2 0xb7243971 in ber_memalloc_x () from /usr/lib/i386-linux-gnu/liblber-2.4.so.2
#3 0xb7243aea in ber_memrealloc_x () from /usr/lib/i386-linux-gnu/liblber-2.4.so.2
#4 0xb72420ad in ber_realloc () from /usr/lib/i386-linux-gnu/liblber-2.4.so.2
#5 0xb72411f6 in ?? () from /usr/lib/i386-linux-gnu/liblber-2.4.so.2
#6 0xb7241ccc in ber_printf () from /usr/lib/i386-linux-gnu/liblber-2.4.so.2
#7 0xb6f4e66d in ldap_build_search_req () from /usr/lib/i386-linux-gnu/libldap_r-2.4.so.2
#8 0xb6f4ec8f in ldap_search () from /usr/lib/i386-linux-gnu/libldap_r-2.4.so.2
#9 0xb6f4ee39 in ldap_search_s () from /usr/lib/i386-linux-gnu/libldap_r-2.4.so.2
#10 0xb5186bed in php_ldap_do_search (ht=-2144099600, return_value=0xfdc, scope=1, return_value_used=<optimized out>, this_ptr=<optimized out>,
return_value_ptr=<optimized out>) at /build/php5-truQYy/php5-5.6.7+dfsg/ext/ldap/ldap.c:798
#11 0xb6314340 in execute_internal (execute_data_ptr=0x83fff508, fci=0x0, return_value_used=1) at /build/php5-truQYy/php5-5.6.7+dfsg/Zend/zend_execute.c:1527
#12 0xb624d51e in dtrace_execute_internal (execute_data_ptr=0x83fff508, fci=0x0, return_value_used=1) at /build/php5-truQYy/php5-5.6.7+dfsg/Zend/zend_dtrace.c:97
#13 0xb6318414 in zend_do_fcall_common_helper_SPEC (execute_data=0x83fff508) at /build/php5-truQYy/php5-5.6.7+dfsg/Zend/zend_vm_execute.h:560
#14 0xb629e267 in execute_ex (execute_data=0x83fff508) at /build/php5-truQYy/php5-5.6.7+dfsg/Zend/zend_vm_execute.h:363
#15 0xb624d37f in dtrace_execute_ex (execute_data=0x83fff508) at /build/php5-truQYy/php5-5.6.7+dfsg/Zend/zend_dtrace.c:73
#16 0xb6316164 in zend_execute (op_array=0x803a0bb8) at /build/php5-truQYy/php5-5.6.7+dfsg/Zend/zend_vm_execute.h:388
#17 0xb624f3db in zend_call_function (fci=0xbf802648, fci_cache=0xbf802634) at /build/php5-truQYy/php5-5.6.7+dfsg/Zend/zend_execute_API.c:829
#18 0xb60dab04 in zim_reflection_method_invokeArgs (ht=2, return_value=0x8406a2a4, return_value_ptr=0x83fff434, this_ptr=0x8039fbb0, return_value_used=1)
at /build/php5-truQYy/php5-5.6.7+dfsg/ext/reflection/php_reflection.c:3045
#19 0xb6314340 in execute_internal (execute_data_ptr=0x83fff440, fci=0x0, return_value_used=1) at /build/php5-truQYy/php5-5.6.7+dfsg/Zend/zend_execute.c:1527
#20 0xb624d51e in dtrace_execute_internal (execute_data_ptr=0x83fff440, fci=0x0, return_value_used=1) at /build/php5-truQYy/php5-5.6.7+dfsg/Zend/zend_dtrace.c:97
#21 0xb6318414 in zend_do_fcall_common_helper_SPEC (execute_data=0x83fff440) at /build/php5-truQYy/php5-5.6.7+dfsg/Zend/zend_vm_execute.h:560
#22 0xb629e267 in execute_ex (execute_data=0x83fff440) at /build/php5-truQYy/php5-5.6.7+dfsg/Zend/zend_vm_execute.h:363
#23 0xb624d37f in dtrace_execute_ex (execute_data=0x83fff440) at /build/php5-truQYy/php5-5.6.7+dfsg/Zend/zend_dtrace.c:73
#24 0xb6316164 in zend_execute (op_array=0x803a7aac) at /build/php5-truQYy/php5-5.6.7+dfsg/Zend/zend_vm_execute.h:388
#25 0xb624f3db in zend_call_function (fci=0xbf802978, fci_cache=0xbf802964) at /build/php5-truQYy/php5-5.6.7+dfsg/Zend/zend_execute_API.c:829
#26 0xb627793f in zend_call_method (object_pp=0xbf8029f8, obj_ce=<optimized out>, fn_proxy=0x803a7a2c, function_name=0xb66a3943 "__call", function_name_len=6,
retval_ptr_ptr=0xbf802a08, param_count=2, arg1=0x8406982c, arg2=0x84069d8c) at /build/php5-truQYy/php5-5.6.7+dfsg/Zend/zend_interfaces.c:97
#27 0xb6287a74 in zend_std_call_user_call (ht=3, return_value=0x8406a01c, return_value_ptr=0x83fff360, this_ptr=0x84069aec, return_value_used=0)
at /build/php5-truQYy/php5-5.6.7+dfsg/Zend/zend_object_handlers.c:931
#28 0xb6314340 in execute_internal (execute_data_ptr=0x83fff36c, fci=0x0, return_value_used=0) at /build/php5-truQYy/php5-5.6.7+dfsg/Zend/zend_execute.c:1527
#29 0xb624d51e in dtrace_execute_internal (execute_data_ptr=0x83fff36c, fci=0x0, return_value_used=0) at /build/php5-truQYy/php5-5.6.7+dfsg/Zend/zend_dtrace.c:97
#30 0xb6318414 in zend_do_fcall_common_helper_SPEC (execute_data=0x83fff36c) at /build/php5-truQYy/php5-5.6.7+dfsg/Zend/zend_vm_execute.h:560
#31 0xb629e267 in execute_ex (execute_data=0x83fff36c) at /build/php5-truQYy/php5-5.6.7+dfsg/Zend/zend_vm_execute.h:363
#32 0xb624d37f in dtrace_execute_ex (execute_data=0x83fff36c) at /build/php5-truQYy/php5-5.6.7+dfsg/Zend/zend_dtrace.c:73
#33 0xb6316164 in zend_execute (op_array=0x8033ae7c) at /build/php5-truQYy/php5-5.6.7+dfsg/Zend/zend_vm_execute.h:388
#34 0xb6318902 in zend_do_fcall_common_helper_SPEC (execute_data=0x83fff288) at /build/php5-truQYy/php5-5.6.7+dfsg/Zend/zend_vm_execute.h:592
#35 0xb629e267 in execute_ex (execute_data=0x83fff288) at /build/php5-truQYy/php5-5.6.7+dfsg/Zend/zend_vm_execute.h:363
#36 0xb624d37f in dtrace_execute_ex (execute_data=0x83fff288) at /build/php5-truQYy/php5-5.6.7+dfsg/Zend/zend_dtrace.c:73
#37 0xb6316164 in zend_execute (op_array=0x8033ae7c) at /build/php5-truQYy/php5-5.6.7+dfsg/Zend/zend_vm_execute.h:388
#38 0xb6318902 in zend_do_fcall_common_helper_SPEC (execute_data=0x83fff1a4) at /build/php5-truQYy/php5-5.6.7+dfsg/Zend/zend_vm_execute.h:592
#39 0xb629e267 in execute_ex (execute_data=0x83fff1a4) at /build/php5-truQYy/php5-5.6.7+dfsg/Zend/zend_vm_execute.h:363
#40 0xb624d37f in dtrace_execute_ex (execute_data=0x83fff1a4) at /build/php5-truQYy/php5-5.6.7+dfsg/Zend/zend_dtrace.c:73
#41 0xb6316164 in zend_execute (op_array=0x8033ae7c) at /build/php5-truQYy/php5-5.6.7+dfsg/Zend/zend_vm_execute.h:388
#42 0xb6318902 in zend_do_fcall_common_helper_SPEC (execute_data=0x83fff0c0) at /build/php5-truQYy/php5-5.6.7+dfsg/Zend/zend_vm_execute.h:592
#43 0xb629e267 in execute_ex (execute_data=0x83fff0c0) at /build/php5-truQYy/php5-5.6.7+dfsg/Zend/zend_vm_execute.h:363
#44 0xb624d37f in dtrace_execute_ex (execute_data=0x83fff0c0) at /build/php5-truQYy/php5-5.6.7+dfsg/Zend/zend_dtrace.c:73
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
|
|||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Tue Oct 28 04:00:01 2025 UTC |
The problem seems linked to an infinite loop caused by ldap_list returning its search base in the results. This should not be possible as ldap_list is supposed to «Performs the search for a specified filter on the directory with the scope LDAP_SCOPE_ONELEVEL» and the search base is not in the ONELEVEL scope. I checked with this minimal code. <?php $host = 'localhost'; $port = '389'; $binddn = 'cn=admin,dc=mcmic,dc=test'; $bindpw = 'pwd'; $cid = ldap_connect($host, $port); ldap_set_option($cid, LDAP_OPT_PROTOCOL_VERSION, 3); ldap_bind($cid, $binddn, $bindpw); $res = ldap_list($cid, 'ou=wheezy,ou=debian,ou=fai,ou=configs,ou=systems,dc=mcmic,dc=test', '(objectClass=FAIbranch)', array('dn')); print_r(ldap_error($cid)."\n"); echo "\nResults:\n"; print_r(ldap_count_entries($cid, $res)."\n"); $entry = ldap_first_entry($cid, $res); if ($entry) { print_r(ldap_get_dn($cid, $entry)); } I get: Success Results: 1 ou=wheezy,ou=debian,ou=fai,ou=configs,ou=systems,dc=mcmic,dc=test But with the same request by ldap search: # ldapsearch -xLLL -s one -b ou=wheezy,ou=debian,ou=fai,ou=configs,ou=systems,dc=mcmic,dc=test objectClass=FAIBranch I get nothing. The weird thing is I do not get the same behaviour with other bases.