From: tstarling at wikimedia dot org Operating system: Linux PHP version: 5.3.0RC2 PHP Bug Type: Readline related Bug description: Crash due to double-linking of history.o
Description: ------------ The readline extension links both libreadline and libhistory. This is unnecessary, and inspection of the readline example programs since version 2.0 implies that it has always been unnecessary. Both libraries include history.o, so linking to both gives you two copies of that module. The bug occurs when, due to operating system vagaries, libhistory loads before libreadline. This causes PHP's readline_add_history() to add history entries to libhistory's copy of the_history. Then when readline() is called, libreadline attempts to read the other copy of the_history. The result is a null pointer dereference in libreadline's previous_history() function. The libraries are loaded in the problematic order in Ubuntu 9.04, previous versions of Ubuntu appeared to work. The solution is to remove all references to libhistory in ext/readline/config.m4. I have patched this in and tested it. http://tstarling.com/stuff/fix-php-readline.patch Reproduce code: --------------- <?php readline_add_history('test'); readline( '> ' ); ?> Note that you can reproduce the problematic link order using: LD_PRELOAD=/lib/libhistory.so.5 php bug-demo.php It demonstrates the bug, but it will not give a successful resolution after the patch is applied. Expected result: ---------------- Press the up arrow, it shows "test". Actual result: -------------- After pressing the up arrow: Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0xb741a6e0 (LWP 27236)] 0xb7e87c18 in previous_history () at /home/tstarling/src/readline/readline5-5.2/history.c:186 186 return history_offset ? the_history[--history_offset] : (HIST_ENTRY *)NULL; (gdb) bt #0 0xb7e87c18 in previous_history () at /home/tstarling/src/readline/readline5-5.2/history.c:186 #1 0xb7e8727d in rl_get_previous_history (count=1, key=65) at /home/tstarling/src/readline/readline5-5.2/misc.c:526 #2 0xb7e6e057 in _rl_dispatch_subseq (key=65, map=0x90ff478, got_subseq=0) at /home/tstarling/src/readline/readline5-5.2/readline.c:742 #3 0xb7e6e2d8 in _rl_dispatch_subseq (key=91, map=0xb7e909e0, got_subseq=0) at /home/tstarling/src/readline/readline5-5.2/readline.c:831 #4 0xb7e6e2d8 in _rl_dispatch_subseq (key=27, map=0xb7e901c0, got_subseq=0) at /home/tstarling/src/readline/readline5-5.2/readline.c:831 #5 0xb7e6e484 in _rl_dispatch (key=27, map=0xb7e901c0) at /home/tstarling/src/readline/readline5-5.2/readline.c:692 #6 0xb7e6e8bd in readline_internal_char () at /home/tstarling/src/readline/readline5-5.2/readline.c:519 #7 0xb7e6ed3d in readline (prompt=0x8bc02b0 "> ") at /home/tstarling/src/readline/readline5-5.2/readline.c:545 #8 0x082bcd6d in zif_readline (ht=1, return_value=0xb71b5488, return_value_ptr=0x0, this_ptr=0x0, return_value_used=1) ... -- Edit bug report at http://bugs.php.net/?id=48256&edit=1 -- Try a CVS snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=48256&r=trysnapshot52 Try a CVS snapshot (PHP 5.3): http://bugs.php.net/fix.php?id=48256&r=trysnapshot53 Try a CVS snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=48256&r=trysnapshot60 Fixed in CVS: http://bugs.php.net/fix.php?id=48256&r=fixedcvs Fixed in CVS and need be documented: http://bugs.php.net/fix.php?id=48256&r=needdocs Fixed in release: http://bugs.php.net/fix.php?id=48256&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=48256&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=48256&r=needscript Try newer version: http://bugs.php.net/fix.php?id=48256&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=48256&r=support Expected behavior: http://bugs.php.net/fix.php?id=48256&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=48256&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=48256&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=48256&r=globals PHP 4 support discontinued: http://bugs.php.net/fix.php?id=48256&r=php4 Daylight Savings: http://bugs.php.net/fix.php?id=48256&r=dst IIS Stability: http://bugs.php.net/fix.php?id=48256&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=48256&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=48256&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=48256&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=48256&r=mysqlcfg
