php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #71397 mb_send_mail segmentation fault
Submitted: 2016-01-17 14:29 UTC Modified: 2016-01-18 00:29 UTC
Votes:4
Avg. Score:4.8 ± 0.4
Reproduced:4 of 4 (100.0%)
Same Version:4 (100.0%)
Same OS:4 (100.0%)
From: public+php dot net at bastelstu dot be Assigned: yohgaki
Status: Closed Package: Reproducible crash
PHP Version: 7.0.2 OS: Debian Jessie
Private report: No CVE-ID:
 [2016-01-17 14:29 UTC] public+php dot net at bastelstu dot be
Description:
------------
PHP 7.0.2 built by the following Dockerfile (https://github.com/docker-library/php/blob/cd075c9d4e53b255b4af6691a7ee10354d7fbb8d/7.0/fpm/Dockerfile) crashes in mb_send_mail when the Content-Transfer-Encoding-Header is set. The issue basically is the same as #71066.

Test script:
---------------
<?php
var_dump(mb_send_mail("mail@example.com", "subject", "body", "Content-Transfer-Encoding: base64"));

Actual result:
--------------
(gdb) bt
#0  __strcasecmp_l_sse42 () at ../sysdeps/x86_64/multiarch/strcmp-sse42.S:165
#1  0x00000000005a7709 in mbfl_name2encoding (
    name=0x600000019 <error: Cannot access memory at address 0x600000019>)
    at /root/php-7.0.2/ext/mbstring/libmbfl/mbfl/mbfl_encoding.c:237
#2  0x00000000005a78a4 in mbfl_name2no_encoding (
    name=0x600000019 <error: Cannot access memory at address 0x600000019>)
    at /root/php-7.0.2/ext/mbstring/libmbfl/mbfl/mbfl_encoding.c:290
#3  0x00000000005b1d4e in zif_mb_send_mail (execute_data=0x7fede20149a0,
    return_value=0x7fede2014970)
    at /root/php-7.0.2/ext/mbstring/mbstring.c:4151
#4  0x00000000007f3a8a in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER ()
    at /root/php-7.0.2/Zend/zend_vm_execute.h:714
#5  0x00000000007f2f1c in execute_ex (ex=0x7fede2014030)
    at /root/php-7.0.2/Zend/zend_vm_execute.h:414
#6  0x00000000007f3031 in zend_execute (op_array=0x7fede2070000,
    return_value=0x0) at /root/php-7.0.2/Zend/zend_vm_execute.h:458
#7  0x0000000000798df6 in zend_execute_scripts (type=8, retval=0x0,
    file_count=3) at /root/php-7.0.2/Zend/zend.c:1427
#8  0x000000000070bf40 in php_execute_script (primary_file=0x7fff015c1290)
    at /root/php-7.0.2/main/main.c:2471
#9  0x000000000085e50a in main (argc=3, argv=0x7fff015c1518)
    at /root/php-7.0.2/sapi/cgi/cgi_main.c:2453
(gdb)

Patches

0001-Fixed-bug-71397-mb_send_mail-segmentation-fault.patch (last revision 2016-01-17 14:31 UTC) by public+php dot net at bastelstu dot be)

Add a Patch

Pull Requests

Pull requests:

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-01-18 00:24 UTC] yohgaki@php.net
Automatic comment on behalf of yohgaki
Revision: http://git.php.net/?p=php-src.git;a=commit;h=ff10dceff87f4c94c55e6bc2e962f4bb3d66feb4
Log: Fixed bug #71397 (mb_send_mail segmentation fault)
 [2016-01-18 00:24 UTC] yohgaki@php.net
-Status: Open +Status: Closed
 [2016-01-18 00:29 UTC] yohgaki@php.net
-Assigned To: +Assigned To: yohgaki
 [2016-01-18 00:29 UTC] yohgaki@php.net
I didn't notice PR. I'll merge assert part. Thank you for report and PR.
 [2016-01-18 01:13 UTC] public+php dot net at bastelstu dot be
Thanks for the quick merge! One small note: You typoed the name of the extension in `NEWS`: https://github.com/php/php-src/commit/ff10dceff87f4c94c55e6bc2e962f4bb3d66feb4#diff-ff4e2dc4962dc25a1512353299992c8dR37
 [2016-07-20 11:34 UTC] davey@php.net
Automatic comment on behalf of yohgaki
Revision: http://git.php.net/?p=php-src.git;a=commit;h=ff10dceff87f4c94c55e6bc2e962f4bb3d66feb4
Log: Fixed bug #71397 (mb_send_mail segmentation fault)
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Sun Apr 30 18:01:35 2017 UTC