Bug #51977 [Opn->Asn]: thttpd segfault on X86_64?

felipe Sun, 20 Jun 2010 10:54:40 -0700

Edit report at http://bugs.php.net/bug.php?id=51977&edit=1


 ID:               51977
 Updated by:       fel...@php.net
 Reported by:      znfwhy at 163 dot com
 Summary:          thttpd segfault on X86_64?
-Status:           Open
+Status:           Assigned
 Type:             Bug
 Package:          Other web server
 Operating System: Debian Squeeze
 PHP Version:      5.2.13
-Assigned To:      
+Assigned To:      sas



Previous Comments:
------------------------------------------------------------------------
[2010-06-03 05:08:56] znfwhy at 163 dot com

Recompiled php5 with --enable-debug, and backtrace info listed below.

But this issue is cased by line 1770, file sapi/thttpd/thttpd_patch of
php5.

Type miss match whiling convert pointer to int on X86_64.



(gdb) bt

#0  0x0000003d7d278d80 in strlen () from /lib/libc.so.6

#1  0x0000003d7d278ab6 in strdup () from /lib/libc.so.6

#2  0x000000000043b693 in thttpd_request_ctor () at php_thttpd.c:458

#3  0x000000000043b848 in thttpd_real_php_request (hc=0xa1f300,
show_source=0)

    at php_thttpd.c:671

#4  0x000000000043b938 in thttpd_php_request (hc=0xa1f300,
show_source=0)

    at php_thttpd.c:704

#5  0x0000000000432c44 in really_start_request (hc=0xa1f300,

    nowP=0x7fff4b0bba20) at libhttpd.c:3708

#6  0x0000000000433077 in httpd_start_request (hc=0xa1f300,

    nowP=0x7fff4b0bba20) at libhttpd.c:3801

#7  0x000000000042707c in boot_request (c=0x9fb880, tvP=0x7fff4b0bba20)

    at thttpd.c:1548

#8  0x00000000004277a3 in handle_read_body (c=0x9fb880,
tvP=0x7fff4b0bba20)

    at thttpd.c:1774

#9  0x0000000000424a7d in main (argc=3, argv=0x7fff4b0bcc68) at
thttpd.c:617

------------------------------------------------------------------------
[2010-06-02 17:26:22] johan...@php.net

The thttpd code isn't really maintained since 2005. I looked throught
code but couldn't find the relevant strdup call. Could you please
recompile PHP using --enable-debug and then generate a "bt full", maybe
the issue can be found then.

------------------------------------------------------------------------
[2010-06-02 17:18:29] znfwhy at 163 dot com

Description:
------------
HTTP POST with 16KB more content will cause thttpd segfault on X86_64.



here is the back trace result:

...

Program received signal SIGSEGV, Segmentation fault.

0x0000003d7d278d80 in strlen () from /lib/libc.so.6

(gdb) bt

#0  0x0000003d7d278d80 in strlen () from /lib/libc.so.6

#1  0x0000003d7d278ab6 in strdup () from /lib/libc.so.6

#2  0x0000000000432cf0 in thttpd_php_request ()

#3  0x000000000042d7bb in httpd_start_request ()

#4  0x0000000000423a84 in _start ()

Test script:
---------------
<html>

  <head>

    PHP5 test page

  </head>

  <body>



    <div id=main style="width: 130px; height: 130px;">

      <form  method="POST"  enctype="text/html" action="/test.php">

        <textarea name=test>

        </textarea>

        <input type="submit" value="submit">

      </form>

    </div>

  </body>

</html>

Expected result:
----------------
info of PHP5 printed by test.php.

Actual result:
--------------
nothing, but thttpd exit with segfault.


------------------------------------------------------------------------



-- 
Edit this bug report at http://bugs.php.net/bug.php?id=51977&edit=1

Bug #51977 [Opn->Asn]: thttpd segfault on X86_64?

Reply via email to