ID: 46082 Updated by: [EMAIL PROTECTED] Reported By: shaunspiller at gmail dot com -Status: Open +Status: Assigned Bug Type: Streams related Operating System: Windows PHP Version: 5.2.6 -Assigned To: +Assigned To: pajoye
Previous Comments: ------------------------------------------------------------------------ [2008-09-15 00:06:20] [EMAIL PROTECTED] Probably that will fix the crash: http://felipe.ath.cx/diff/bug46082.diff (untested) ------------------------------------------------------------------------ [2008-09-14 23:19:38] shaunspiller at gmail dot com Description: ------------ Hello developers! I found what looks like a reproducible crash in the stream/sockets/thingy. I think... Code to reproduce: ------------------ <?php var_dump($s = stream_socket_server('tcp://0.0.0.0:1234', $errno, $errstr, 0)); var_dump(stream_set_blocking($s, false)); echo 'hello'; ?> The var_dumps and echo are not necessary to cause the problem, but just to show the tracing of the code. Expected result: ---------------- resource(5) of type (stream) bool(true) hello Actual result: -------------- resource(5) of type (stream) ...And then the darn thing just implodes -- doesn't even say goodbye, nevermind hello. If STREAM_SERVER_BIND is specified for the flags to stream_socket_server() then it works fine. Tested on all the PHP versions I had installed (using the CLI interface): 6.0.0-dev (Windows): crashes 5.2.6 (Windows): crashes 5.2.5 (Windows): crashes 5.2.3 (Windows): crashes 5.2.4-2ubuntu5.3 (Linux): no crash (typicial of Linux to be different huh? :) Backtrace what-cha-ma-call-it: ------------------------------ (This was generated with PHP 5.2.6.) Thread 0 - System ID 2864 Entry point php!mainCRTStartup Create time 2008-09-13 23:00:03 Time spent in user mode 0 Days 0:0:0.46 Time spent in kernel mode 0 Days 0:0:0.31 Function Arg 1 Arg 2 Arg 3 Source php5ts!xbuf_format_converter+68a 00c0f978 102c178d 00c0fa04 php5ts!vspprintf+29 00c0f9b0 00000000 102c178c php5ts!php_verror+4d 00000000 102c169c 00000002 php5ts!php_error_docref0+23 00000000 00f11d10 00000002 php5ts!php_set_sock_blocking+45 ffffffff 00000001 00f11d10 php5ts!php_sockop_set_option+121 011ee248 00000001 00000000 php5ts!php_tcp_sockop_set_option+56e 011ee248 00000001 00000000 php5ts!_php_stream_set_option+2c 011ee248 00000001 00000000 php5ts!zif_stream_set_blocking+10c 011e28f8 011ee1a0 00000000 php5ts!zend_do_fcall_common_helper_SPEC+7d9 00c0fbd0 00f11d10 011ed67f php5ts!ZEND_DO_FCALL_SPEC_CONST_HANDLER+e5 00000000 00f11d10 00f11d10 php5ts!execute+1c5 011ed6e0 00f11d10 00000000 php5ts!zend_execute_scripts+107 00000008 00f11d10 00000000 php5ts!php_execute_script+20d 00c0fec8 00f11d10 00000000 php!main+c07 00000003 00f11d80 00f10c10 php!mainCRTStartup+e3 00000000 00000000 7ffde000 kernel32!IsProcessorFeaturePresent+9e 00402fc2 00000000 000000c1 PHP5TS!XBUF_FORMAT_CONVERTER+68AIn php__PID__2860__Date__09_13_2008__Time_11_00_07PM__202__Second_Chance_Exception_C0000005.dmp the assembly instruction at php5ts!xbuf_format_converter+68a in c:\Server\php\php5ts.dll from The PHP Group has caused an access violation exception (0xC0000005) when trying to read from memory location 0x00002736 on thread 0 (Actually, all I wanted to do was use SSL with the sockets extension. But it doesn't seem to support that so I switched my program to the stream_socket functions instead. But that doesn't seem to support raw sockets, except under stream_socket_pair() (What's the point of that function anyway? It doesn't let you connect to anything!). So I tried to use the context/options/params thing to set up a notification function so I could let stream_sockets notifications be sent directly to the handler functions while socket_select handles ordinary Berkeley sockets events, because I need them both, but I couldn't get the notification thing working at all, so I tried specifying the context directly when the listener socket was created, and that requires specifying the errno, errstr, and flags values as well, so I tried that. Well it was a real rollercoaster. It still didn't call the notifier, but it did crash, and that's how I found this muddle. If I was clever I would have tried to fix it myself but I couldn't find out where the actual the problem was. /end of rant) Anyway, I figured even though the problem only happens with incorrect values for the flags parameter, that I should report it anyway, just in case it's exploitable. I would have reported it yesterday but the bug reporting page seemed to be broken for hours, even though I kept trying again. Then I discovered that actually you just need cookies enabled for it to work. Ah well. Hope this stuff makes sense to someone. Bye!~ ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=46082&edit=1
