php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #70337 coredump of 5.6.11/12
Submitted: 2015-08-24 10:32 UTC Modified: 2015-08-26 06:17 UTC
From: yiliaofan at gmail dot com Assigned:
Status: Open Package: geoip (PECL)
PHP Version: 5.6.12 OS: linux
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2015-08-24 10:32 UTC] yiliaofan at gmail dot com
Description:
------------
(gdb) bt full
#0  _get_record_gl (gi=0x0, ipnum=2976376787, gl=0x7fff69cd0ad0) at GeoIPCity.c:185
        seek_record = <value optimized out>
        r = <value optimized out>
#1  0x00007f292359acf5 in _get_record (gi=0x0, name=<value optimized out>) at GeoIPCity.c:206
        gl = {netmask = 1132003024}
#2  GeoIP_record_by_name (gi=0x0, name=<value optimized out>) at GeoIPCity.c:282
        ipnum = <value optimized out>
#3  0x00007f29237c83dc in zif_geoip_record_by_name (ht=1, return_value=0x7f291d8aad60, return_value_ptr=0x7f29243a7be8,
    this_ptr=0x0, return_value_used=1) at /home/zhangfan/php/modules/geoip-1.1.0/geoip.c:560
        gi = 0x0
        hostname = 0x7f291d8a5958 "177.103.231.211"
        arglen = 15
        gir = 0x7f291e7af850
#4  0x00007f2922aaead8 in phalcon_execute_internal (execute_data_ptr=0x7f29243a7c00, fci=0x0, return_value_used=1)
    at /home/zhangfan/php/modules/cphalcon-phalcon-v1.3.4/ext/phalcon.c:57
        return_value_ptr = 0x7f29243a7be8
#5  0x0000000000ab1f39 in zend_do_fcall_common_helper_SPEC (execute_data=0x7f29243a7c00)
    at /home/zhangfan/env-trunk/php/php-5.6.11/Zend/zend_vm_execute.h:560
        ret = 0x7f29243a7be0
        opline = 0x7f291e7b18b8
        should_change_scope = 0 '\000'
        fbc = 0x1b56100
        num_args = 1
#6  0x0000000000ab790b in ZEND_DO_FCALL_SPEC_CONST_HANDLER (execute_data=0x7f29243a7c00)
    at /home/zhangfan/env-trunk/php/php-5.6.11/Zend/zend_vm_execute.h:2599
        opline = 0x7f291e7b18b8
        fname = 0x7f291e7afc38
        call = 0x7f29243a7d68
#7  0x0000000000ab156f in execute_ex (execute_data=0x7f29243a7c00)
    at /home/zhangfan/env-trunk/php/php-5.6.11/Zend/zend_vm_execute.h:363

Test script:
---------------
(gdb) bt full
#0  _get_record_gl (gi=0x0, ipnum=2976376787, gl=0x7fff69cd0ad0) at GeoIPCity.c:185
        seek_record = <value optimized out>
        r = <value optimized out>
#1  0x00007f292359acf5 in _get_record (gi=0x0, name=<value optimized out>) at GeoIPCity.c:206
        gl = {netmask = 1132003024}
#2  GeoIP_record_by_name (gi=0x0, name=<value optimized out>) at GeoIPCity.c:282
        ipnum = <value optimized out>
#3  0x00007f29237c83dc in zif_geoip_record_by_name (ht=1, return_value=0x7f291d8aad60, return_value_ptr=0x7f29243a7be8,
    this_ptr=0x0, return_value_used=1) at /home/zhangfan/php/modules/geoip-1.1.0/geoip.c:560
        gi = 0x0
        hostname = 0x7f291d8a5958 "177.103.231.211"
        arglen = 15
        gir = 0x7f291e7af850
#4  0x00007f2922aaead8 in phalcon_execute_internal (execute_data_ptr=0x7f29243a7c00, fci=0x0, return_value_used=1)
    at /home/zhangfan/php/modules/cphalcon-phalcon-v1.3.4/ext/phalcon.c:57
        return_value_ptr = 0x7f29243a7be8
#5  0x0000000000ab1f39 in zend_do_fcall_common_helper_SPEC (execute_data=0x7f29243a7c00)
    at /home/zhangfan/env-trunk/php/php-5.6.11/Zend/zend_vm_execute.h:560
        ret = 0x7f29243a7be0
        opline = 0x7f291e7b18b8
        should_change_scope = 0 '\000'
        fbc = 0x1b56100
        num_args = 1
#6  0x0000000000ab790b in ZEND_DO_FCALL_SPEC_CONST_HANDLER (execute_data=0x7f29243a7c00)
    at /home/zhangfan/env-trunk/php/php-5.6.11/Zend/zend_vm_execute.h:2599
        opline = 0x7f291e7b18b8
        fname = 0x7f291e7afc38
        call = 0x7f29243a7d68
#7  0x0000000000ab156f in execute_ex (execute_data=0x7f29243a7c00)
    at /home/zhangfan/env-trunk/php/php-5.6.11/Zend/zend_vm_execute.h:363

Expected result:
----------------
(gdb) bt full
#0  _get_record_gl (gi=0x0, ipnum=2976376787, gl=0x7fff69cd0ad0) at GeoIPCity.c:185
        seek_record = <value optimized out>
        r = <value optimized out>
#1  0x00007f292359acf5 in _get_record (gi=0x0, name=<value optimized out>) at GeoIPCity.c:206
        gl = {netmask = 1132003024}
#2  GeoIP_record_by_name (gi=0x0, name=<value optimized out>) at GeoIPCity.c:282
        ipnum = <value optimized out>
#3  0x00007f29237c83dc in zif_geoip_record_by_name (ht=1, return_value=0x7f291d8aad60, return_value_ptr=0x7f29243a7be8,
    this_ptr=0x0, return_value_used=1) at /home/zhangfan/php/modules/geoip-1.1.0/geoip.c:560
        gi = 0x0
        hostname = 0x7f291d8a5958 "177.103.231.211"
        arglen = 15
        gir = 0x7f291e7af850
#4  0x00007f2922aaead8 in phalcon_execute_internal (execute_data_ptr=0x7f29243a7c00, fci=0x0, return_value_used=1)
    at /home/zhangfan/php/modules/cphalcon-phalcon-v1.3.4/ext/phalcon.c:57
        return_value_ptr = 0x7f29243a7be8
#5  0x0000000000ab1f39 in zend_do_fcall_common_helper_SPEC (execute_data=0x7f29243a7c00)
    at /home/zhangfan/env-trunk/php/php-5.6.11/Zend/zend_vm_execute.h:560
        ret = 0x7f29243a7be0
        opline = 0x7f291e7b18b8
        should_change_scope = 0 '\000'
        fbc = 0x1b56100
        num_args = 1
#6  0x0000000000ab790b in ZEND_DO_FCALL_SPEC_CONST_HANDLER (execute_data=0x7f29243a7c00)
    at /home/zhangfan/env-trunk/php/php-5.6.11/Zend/zend_vm_execute.h:2599
        opline = 0x7f291e7b18b8
        fname = 0x7f291e7afc38
        call = 0x7f29243a7d68
#7  0x0000000000ab156f in execute_ex (execute_data=0x7f29243a7c00)
    at /home/zhangfan/env-trunk/php/php-5.6.11/Zend/zend_vm_execute.h:363

Actual result:
--------------
(gdb) bt full
#0  _get_record_gl (gi=0x0, ipnum=2976376787, gl=0x7fff69cd0ad0) at GeoIPCity.c:185
        seek_record = <value optimized out>
        r = <value optimized out>
#1  0x00007f292359acf5 in _get_record (gi=0x0, name=<value optimized out>) at GeoIPCity.c:206
        gl = {netmask = 1132003024}
#2  GeoIP_record_by_name (gi=0x0, name=<value optimized out>) at GeoIPCity.c:282
        ipnum = <value optimized out>
#3  0x00007f29237c83dc in zif_geoip_record_by_name (ht=1, return_value=0x7f291d8aad60, return_value_ptr=0x7f29243a7be8,
    this_ptr=0x0, return_value_used=1) at /home/zhangfan/php/modules/geoip-1.1.0/geoip.c:560
        gi = 0x0
        hostname = 0x7f291d8a5958 "177.103.231.211"
        arglen = 15
        gir = 0x7f291e7af850
#4  0x00007f2922aaead8 in phalcon_execute_internal (execute_data_ptr=0x7f29243a7c00, fci=0x0, return_value_used=1)
    at /home/zhangfan/php/modules/cphalcon-phalcon-v1.3.4/ext/phalcon.c:57
        return_value_ptr = 0x7f29243a7be8
#5  0x0000000000ab1f39 in zend_do_fcall_common_helper_SPEC (execute_data=0x7f29243a7c00)
    at /home/zhangfan/env-trunk/php/php-5.6.11/Zend/zend_vm_execute.h:560
        ret = 0x7f29243a7be0
        opline = 0x7f291e7b18b8
        should_change_scope = 0 '\000'
        fbc = 0x1b56100
        num_args = 1
#6  0x0000000000ab790b in ZEND_DO_FCALL_SPEC_CONST_HANDLER (execute_data=0x7f29243a7c00)
    at /home/zhangfan/env-trunk/php/php-5.6.11/Zend/zend_vm_execute.h:2599
        opline = 0x7f291e7b18b8
        fname = 0x7f291e7afc38
        call = 0x7f29243a7d68
#7  0x0000000000ab156f in execute_ex (execute_data=0x7f29243a7c00)
    at /home/zhangfan/env-trunk/php/php-5.6.11/Zend/zend_vm_execute.h:363

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-08-26 06:15 UTC] laruence@php.net
I don't  see why this is security bug?
 [2015-08-26 06:17 UTC] stas@php.net
-Type: Security +Type: Bug
 
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Fri Feb 28 03:01:27 2020 UTC