|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull Requests |
|||||||||||||||||||||||||||||||||||||
Copyright © 2001-2020 The PHP GroupAll rights reserved. |
Last updated: Fri Feb 21 16:01:27 2020 UTC |
Description: ------------ When attempting to connect to a MySQL server using SSL, if one passes a non-existent CA path (using the PDO::MYSQL_ATTR_SSL_CAPATH parameter), PHP segfaults. Some debugging determined the cause of the crash to be that strlcpy gets called with src and dst being the same addresses, which according to the BSD manfile for strlcpy(3) is undefined behavior. This reliably happens in the err label of mysqlnd_conn_data::connect, when conn->error_info->error is not a null pointer. I have submitted a PR on Github to check that we're not copying a string into itself, PR #2682. Test script: --------------- <?php $pdo = new PDO("mysql:host=127.0.0.1;port=3306;dbname=db;", "foo", "bar", [PDO::MYSQL_ATTR_SSL_CAPATH => "nonexistant.pem"]); Expected result: ---------------- An exception, preferably one with a descriptive error message. Actual result: -------------- Process: php [87317] Path: /Users/USER/*/php Identifier: php Version: 0 Code Type: X86-64 (Native) Parent Process: fish [66965] Responsible: php [87317] User ID: 501 Date/Time: 2017-08-11 15:11:27.123 -0300 OS Version: Mac OS X 10.12.5 (16F73) Report Version: 12 Anonymous UUID: 74CFCBBC-0614-8396-9039-45B68BFF4E8A Sleep/Wake UUID: BD8913B7-3620-486A-8FA9-811E62511028 Time Awake Since Boot: 46000 seconds Time Since Wake: 7700 seconds System Integrity Protection: enabled Crashed Thread: 0 Dispatch queue: com.apple.main-thread Exception Type: EXC_CRASH (SIGABRT) Exception Codes: 0x0000000000000000, 0x0000000000000000 Exception Note: EXC_CORPSE_NOTIFY Application Specific Information: detected source and destination buffer overlap Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 libsystem_kernel.dylib 0x00007fff9684ed42 __pthread_kill + 10 1 libsystem_pthread.dylib 0x00007fff9693c457 pthread_kill + 90 2 libsystem_c.dylib 0x00007fff967b4420 abort + 129 3 libsystem_c.dylib 0x00007fff967b4592 abort_report_np + 181 4 libsystem_c.dylib 0x00007fff967daf28 __chk_fail + 48 5 libsystem_c.dylib 0x00007fff967daf38 __chk_fail_overlap + 16 6 libsystem_c.dylib 0x00007fff967daf69 __chk_overlap + 49 7 libsystem_c.dylib 0x00007fff967db132 __strcpy_chk + 64 8 php 0x000000010a8db545 mysqlnd_mysqlnd_error_info_set_client_error_pub + 645 (mysqlnd_connection.c:127) 9 php 0x000000010a8e1382 mysqlnd_mysqlnd_conn_data_connect_pub + 10690 (mysqlnd_connection.c:801) 10 php 0x000000010a8f60d3 mysqlnd_mysqlnd_conn_connect_pub + 915 (mysqlnd_connection.c:835) 11 php 0x000000010a8f9ac2 mysqlnd_connection_connect + 2210 (mysqlnd_connection.c:2721) 12 php 0x000000010a6b8cd4 pdo_mysql_handle_factory + 3892 (mysql_driver.c:789) 13 php 0x000000010a6a1962 zim_PDO_dbh_constructor + 4914 (pdo_dbh.c:358) 14 php 0x000000010ab2a5b1 ZEND_DO_FCALL_SPEC_RETVAL_UNUSED_HANDLER + 1169 (zend_vm_execute.h:908) 15 php 0x000000010aafab06 execute_ex + 134 (zend_vm_execute.h:59725) 16 php 0x000000010aafae3e zend_execute + 414 (zend_vm_execute.h:63763) 17 php 0x000000010aa89e8a zend_execute_scripts + 634 (zend.c:1491) 18 php 0x000000010a9b7c6d php_execute_script + 1901 (main.c:2552) 19 php 0x000000010abbfad6 do_cli + 3862 (php_cli.c:1012) 20 php 0x000000010abbe8ad main + 1901 (php_cli.c:1404) 21 libdyld.dylib 0x00007fff96720235 start + 1 Thread 0 crashed with X86 Thread State (64-bit): rax: 0x0000000000000000 rbx: 0x0000000000000006 rcx: 0x00007fff5589caa8 rdx: 0x0000000000000000 rdi: 0x0000000000000307 rsi: 0x0000000000000006 rbp: 0x00007fff5589cad0 rsp: 0x00007fff5589caa8 r8: 0x0000000000000000 r9: 0x0000000000000177 r10: 0x0000000008000000 r11: 0x0000000000000206 r12: 0x0000000000000021 r13: 0x0000000000000000 r14: 0x00007fff9f62d3c0 r15: 0x0000000000000201 rip: 0x00007fff9684ed42 rfl: 0x0000000000000206 cr2: 0x00007fff9693a31b Logical CPU: 0 Error Code: 0x02000148 Trap Number: 133 Binary Images: 0x10a360000 - 0x10b1d4ff7 +php (0) <6D973D4A-3F0A-339A-BDDB-18FE87D55AF2> /Users/USER/*/php 0x10b4ed000 - 0x10b65d727 +libcrypto.1.0.0.dylib (0) <11B495A9-782C-3FB0-9729-ACFCD9F4F53E> /usr/local/opt/openssl/lib/libcrypto.1.0.0.dylib 0x10b6dd000 - 0x10b71eff7 +libssl.1.0.0.dylib (0) <35C152E0-7168-3B99-94AB-ECA04D3B3DB5> /usr/local/opt/openssl/lib/libssl.1.0.0.dylib 0x11af55000 - 0x11af92dc7 dyld (433.5) <322C06B7-8878-311D-888C-C8FD2CA96FF3> /usr/lib/dyld 0x7fff95178000 - 0x7fff95179ffb libSystem.B.dylib (1238.60.2) <FC9E9F13-3B18-305C-BE0A-97C7843652B0> /usr/lib/libSystem.B.dylib 0x7fff952b2000 - 0x7fff95308ff7 libc++.1.dylib (307.5) <0B43BB5D-E6EB-3464-8DE9-B41AC8ED9D1C> /usr/lib/libc++.1.dylib 0x7fff95309000 - 0x7fff95333fff libc++abi.dylib (307.3) <30199352-88BF-30BD-8CFF-2A4FBE247523> /usr/lib/libc++abi.dylib 0x7fff9577f000 - 0x7fff95871ff7 libiconv.2.dylib (50) <42125B35-81D7-3FC4-9475-A26DBE10884D> /usr/lib/libiconv.2.dylib 0x7fff95872000 - 0x7fff95a97ffb libicucore.A.dylib (57165.0.1) <2931B842-2946-3576-AD1D-1CDA22FA1388> /usr/lib/libicucore.A.dylib 0x7fff95a9f000 - 0x7fff95ab8ffb liblzma.5.dylib (10) <44BD0279-99DD-36B5-8A6E-C11432E2098D> /usr/lib/liblzma.5.dylib 0x7fff95e26000 - 0x7fff961f8047 libobjc.A.dylib (709) <DC77AA6E-A4E4-326D-8D7F-82D63AA88F99> /usr/lib/libobjc.A.dylib 0x7fff9624e000 - 0x7fff9626affb libresolv.9.dylib (64) <A244AE4C-00B0-396C-98FF-97FE4DB3DA30> /usr/lib/libresolv.9.dylib 0x7fff9650a000 - 0x7fff965f9ffb libxml2.2.dylib (30.16) <D2A6861B-D9FA-3BFC-B664-830C3FCE6065> /usr/lib/libxml2.2.dylib 0x7fff96624000 - 0x7fff96635ff3 libz.1.dylib (67) <46E3FFA2-4328-327A-8D34-A03E20BFFB8E> /usr/lib/libz.1.dylib 0x7fff96644000 - 0x7fff96648ff7 libcache.dylib (79) <093A4DAB-8385-3D47-A350-E20CB7CCF7BF> /usr/lib/system/libcache.dylib 0x7fff96649000 - 0x7fff96653fff libcommonCrypto.dylib (60092.50.5) <8A64D1B0-C70E-385C-92F0-E669079FDA90> /usr/lib/system/libcommonCrypto.dylib 0x7fff96654000 - 0x7fff9665bfff libcompiler_rt.dylib (62) <55D47421-772A-32AB-B529-1A46C2F43B4D> /usr/lib/system/libcompiler_rt.dylib 0x7fff9665c000 - 0x7fff96664fff libcopyfile.dylib (138) <819BEA3C-DF11-3E3D-A1A1-5A51C5BF1961> /usr/lib/system/libcopyfile.dylib 0x7fff96665000 - 0x7fff966e8fdf libcorecrypto.dylib (442.50.19) <65D7165E-2E71-335D-A2D6-33F78E2DF0C1> /usr/lib/system/libcorecrypto.dylib 0x7fff966e9000 - 0x7fff9671afff libdispatch.dylib (703.50.37) <6582BAD6-ED27-3B30-B620-90B1C5A4AE3C> /usr/lib/system/libdispatch.dylib 0x7fff9671b000 - 0x7fff96720ffb libdyld.dylib (433.5) <EC3D88D2-3D40-3274-8E26-362C2D7352C8> /usr/lib/system/libdyld.dylib 0x7fff96721000 - 0x7fff96721ffb libkeymgr.dylib (28) <7AA011A9-DC21-3488-BF73-3B5B14D1FDD6> /usr/lib/system/libkeymgr.dylib 0x7fff9672f000 - 0x7fff9672ffff liblaunch.dylib (972.60.2) <D3306CFF-58AA-3C90-B06C-B70E80E60C5B> /usr/lib/system/liblaunch.dylib 0x7fff96730000 - 0x7fff96735ff3 libmacho.dylib (898) <17D5D855-F6C3-3B04-B680-E9BF02EF8AED> /usr/lib/system/libmacho.dylib 0x7fff96736000 - 0x7fff96738ff3 libquarantine.dylib (85.50.1) <12448CC2-378E-35F3-BE33-9DC395A5B970> /usr/lib/system/libquarantine.dylib 0x7fff96739000 - 0x7fff9673affb libremovefile.dylib (45) <38D4CB9C-10CD-30D3-8B7B-A515EC75FE85> /usr/lib/system/libremovefile.dylib 0x7fff9673b000 - 0x7fff96753ff7 libsystem_asl.dylib (349.50.5) <096E4228-3B7C-30A6-8B13-EC909A64499A> /usr/lib/system/libsystem_asl.dylib 0x7fff96754000 - 0x7fff96754ff7 libsystem_blocks.dylib (67) <10DC5404-73AB-35B3-A277-A8AFECB476EB> /usr/lib/system/libsystem_blocks.dylib 0x7fff96755000 - 0x7fff967e2fef libsystem_c.dylib (1158.50.2) <E5AE5244-7D0C-36AC-8BB6-C7AE7EA52A4B> /usr/lib/system/libsystem_c.dylib 0x7fff967e3000 - 0x7fff967e6ffb libsystem_configuration.dylib (888.60.2) <BECC01A2-CA8D-31E6-BCDF-D452965FA976> /usr/lib/system/libsystem_configuration.dylib 0x7fff967e7000 - 0x7fff967eafff libsystem_coreservices.dylib (41.4) <7D26DE79-B424-3450-85E1-F7FAB32714AB> /usr/lib/system/libsystem_coreservices.dylib 0x7fff967eb000 - 0x7fff96803fff libsystem_coretls.dylib (121.50.4) <EC6FCF07-DCFB-3A03-9CC9-6DD3709974C6> /usr/lib/system/libsystem_coretls.dylib 0x7fff96804000 - 0x7fff9680afff libsystem_dnssd.dylib (765.50.9) <CC960215-0B1B-3822-A13A-3DDE96FA796F> /usr/lib/system/libsystem_dnssd.dylib 0x7fff9680b000 - 0x7fff96834ff7 libsystem_info.dylib (503.50.4) <611DB84C-BF70-3F92-8702-B9F28A900920> /usr/lib/system/libsystem_info.dylib 0x7fff96835000 - 0x7fff96857ff7 libsystem_kernel.dylib (3789.60.24) <6E9E485F-91F6-36B7-A125-AE91DC978BCC> /usr/lib/system/libsystem_kernel.dylib 0x7fff96858000 - 0x7fff9689ffe7 libsystem_m.dylib (3121.6) <86D499B5-BBDC-3D3B-8A4E-97AE8E6672A4> /usr/lib/system/libsystem_m.dylib 0x7fff968a0000 - 0x7fff968beff7 libsystem_malloc.dylib (116.50.8) <A3D15F17-99A6-3367-8C7E-4280E8619C95> /usr/lib/system/libsystem_malloc.dylib 0x7fff968bf000 - 0x7fff96918ffb libsystem_network.dylib (856.60.1) <369D0221-56CA-3C3E-9EDE-94B41CAE77B7> /usr/lib/system/libsystem_network.dylib 0x7fff96919000 - 0x7fff96922ff3 libsystem_networkextension.dylib (563.60.2) <B021F2B3-8A75-3633-ABB0-FC012B8E9B0C> /usr/lib/system/libsystem_networkextension.dylib 0x7fff96923000 - 0x7fff9692cff3 libsystem_notify.dylib (165.20.1) <B8160190-A069-3B3A-BDF6-2AA408221FAE> /usr/lib/system/libsystem_notify.dylib 0x7fff9692d000 - 0x7fff96935fe7 libsystem_platform.dylib (126.50.8) <897462FD-B318-321B-A554-E61982630F7E> /usr/lib/system/libsystem_platform.dylib 0x7fff96936000 - 0x7fff96940ff7 libsystem_pthread.dylib (218.60.3) <B8FB5E20-3295-39E2-B5EB-B464D1D4B104> /usr/lib/system/libsystem_pthread.dylib 0x7fff96941000 - 0x7fff96944ff7 libsystem_sandbox.dylib (592.60.1) <DC780631-BD23-36B1-9376-668619E18D25> /usr/lib/system/libsystem_sandbox.dylib 0x7fff96945000 - 0x7fff96946ff3 libsystem_secinit.dylib (24.50.4) <F78B847B-3565-3E4B-98A6-F7AD40392E2D> /usr/lib/system/libsystem_secinit.dylib 0x7fff96947000 - 0x7fff9694effb libsystem_symptoms.dylib (532.50.47) <3390E07C-C1CE-348F-ADBD-2C5440B45EAA> /usr/lib/system/libsystem_symptoms.dylib 0x7fff9694f000 - 0x7fff96962ff7 libsystem_trace.dylib (518.60.2) <6B145B10-5874-3E89-90CD-D370DB475BA1> /usr/lib/system/libsystem_trace.dylib 0x7fff96963000 - 0x7fff96968ffb libunwind.dylib (35.3) <3D50D8A8-C460-334D-A519-2DA841102C6B> /usr/lib/system/libunwind.dylib 0x7fff96969000 - 0x7fff96992ff7 libxpc.dylib (972.60.2) <1C9AF716-69DF-359F-85E9-7DFDE362F9A2> /usr/lib/system/libxpc.dylib External Modification Summary: Calls made by other processes targeting this process: task_for_pid: 0 thread_create: 0 thread_set_state: 0 Calls made by this process: task_for_pid: 0 thread_create: 0 thread_set_state: 0 Calls made by all processes on this machine: task_for_pid: 461150 thread_create: 0 thread_set_state: 715 VM Region Summary: ReadOnly portion of Libraries: Total=145.2M resident=0K(0%) swapped_out_or_unallocated=145.2M(100%) Writable regions: Total=50.3M written=0K(0%) resident=0K(0%) swapped_out=0K(0%) unallocated=50.3M(100%) VIRTUAL REGION REGION TYPE SIZE COUNT (non-coalesced) =========== ======= ======= Activity Tracing 256K 2 Kernel Alloc Once 8K 2 MALLOC 39.3M 12 MALLOC guard page 16K 4 MALLOC_LARGE (reserved) 316K 2 reserved VM address space (unallocated) STACK GUARD 56.0M 2 Stack 8192K 2 VM_ALLOCATE 2052K 3 VM_ALLOCATE (reserved) 64K 2 reserved VM address space (unallocated) __DATA 2592K 53 __LINKEDIT 116.9M 6 __TEXT 28.3M 49 shared memory 12K 4 =========== ======= ======= TOTAL 253.7M 130 TOTAL, minus reserved VM space 253.3M 130 System Profile: Bluetooth: Version 5.0.4f18, 3 services, 27 devices, 1 incoming serial ports Memory Module: BANK 0/DIMM0, 8 GB, LPDDR3, 2133 MHz, 0x80CE, 0x4B3445424533303445422D45474347202020 Memory Module: BANK 1/DIMM0, 8 GB, LPDDR3, 2133 MHz, 0x80CE, 0x4B3445424533303445422D45474347202020 USB Device: USB 3.0 Bus USB Device: iBridge Thunderbolt Bus: MacBook Pro, Apple Inc., 19.6 Thunderbolt Bus: MacBook Pro, Apple Inc., 19.6 Model: MacBookPro13,3, BootROM MBP133.0226.B23, 4 processors, Intel Core i7, 2,9 GHz, 16 GB, SMC 2.38f7 Graphics: Intel HD Graphics 530, Intel HD Graphics 530, Built-In Graphics: Radeon Pro 460, AMD Radeon Pro 460, PCIe, 4096 MB Network Service: Wi-Fi, AirPort, en0 AirPort: spairport_wireless_card_type_airport_extreme (0x14E4, 0x15A), Broadcom BCM43xx 1.0 (7.21.171.126.1a2)