PHP :: Bug #71446 :: Segfault when calling getallheaders() after failed virtual call

Bug #71446

Segfault when calling getallheaders() after failed virtual call

Submitted:

2016-01-25 15:05 UTC

Modified:

Votes:	1
Avg. Score:	5.0 ± 0.0
Reproduced:	1 of 1 (100.0%)
Same Version:	1 (100.0%)
Same OS:	0 (0.0%)

From:

jussi dot nieminen at ruxit dot com

Assigned:

Status:

Open

Package:

Reproducible crash

PHP Version:

5.6.17

OS:

Ubuntu 15.10

Private report:

CVE-ID:

None

View Add Comment Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	jussi dot nieminen at ruxit dot com
New email:
PHP Version:		OS:

New Comment:

[2016-01-25 15:05 UTC] jussi dot nieminen at ruxit dot com

Description:
------------
I made a simple PHP script that calls another using the "virtual" function. If the second script fails to execute (my test script contains an invalid function call) and I then call "getallheaders()", the Apache worker will segfault:

AH00051: child pid 6094 exit signal Segmentation fault (11)

Test script:
---------------
first.php:
<html>
 <body>
 <?php virtual("/second.php"); ?><br>
 <?php print_r(getallheaders()); ?>
 </body>
</html>

second.php:
<?php foohaaa(); ?>

Expected result:
----------------
Expecting to see something like this on the page (works when I change "foohaa();" to something valid in second.php):

Array ( [Host] => 127.0.0.1:9110 [User-Agent] => Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:43.0) Gecko/20100101 Firefox/43.0 [Accept] => text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 [Accept-Language] => en-US,en;q=0.5 [Accept-Encoding] => gzip, deflate [Connection] => keep-alive [Cache-Control] => max-age=0 )

Actual result:
--------------
(gdb) bt
#0  zend_do_fcall_common_helper_SPEC (execute_data=0x7fd4eed070e0) at .../php-5.6.10/Zend/zend_vm_execute.h:488
#1  0x00007fd4e6a23ad8 in execute_ex (execute_data=0x7fd4eed070e0) at .../php-5.6.10/Zend/zend_vm_execute.h:363
#2  0x00007fd4e69eb2b0 in zend_execute_scripts (type=type@entry=8, retval=retval@entry=0x0, file_count=file_count@entry=3) at .../php-5.6.10/Zend/zend.c:1341
#3  0x00007fd4e6989a72 in php_execute_script (primary_file=primary_file@entry=0x7fff4d33e390) at .../php-5.6.10/main/main.c:2597
#4  0x00007fd4e6a8fc62 in php_handler (r=<optimised out>) at .../php-5.6.10/sapi/apache2handler/sapi_apache2.c:667
#5  0x0000000000457581 in ap_run_handler ()
#6  0x000000000045803a in ap_invoke_handler ()
#7  0x0000000000475b84 in ap_process_async_request ()
#8  0x0000000000475c69 in ap_process_request ()
#9  0x0000000000471bc4 in ap_process_http_sync_connection ()
#10 0x0000000000471cd8 in ap_process_http_connection ()
#11 0x00000000004661da in ap_run_process_connection ()
#12 0x0000000000466730 in ap_process_connection ()
#13 0x00000000004803dc in child_main ()
#14 0x00000000004805d2 in make_child ()
#15 0x00000000004809bd in perform_idle_server_maintenance ()
#16 0x00000000004810c9 in prefork_run ()
#17 0x0000000000434ad3 in ap_run_mpm ()
#18 0x000000000042c9a9 in main ()

Patches

Add a Patch

Pull Requests

Add a Pull Request

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2021 The PHP Group All rights reserved.	Last updated: Fri Mar 05 20:01:24 2021 UTC