Bug #60477 [Opn]: Segfault after two multipart/form-data POST requestes, one 200 RQ and one 404

reeze dot xia at gmail dot com Thu, 08 Dec 2011 20:19:28 -0800

Edit report at https://bugs.php.net/bug.php?id=60477&edit=1


 ID:                 60477
 User updated by:    reeze dot xia at gmail dot com
 Reported by:        reeze dot xia at gmail dot com
 Summary:            Segfault after two multipart/form-data POST
                     requestes, one 200 RQ and one 404
 Status:             Open
 Type:               Bug
 Package:            Built-in web server
 Operating System:   Mac OS X 10.6.7
 PHP Version:        trunk-SVN-2011-12-09 (SVN)
 Block user comment: N
 Private report:     N

 New Comment:

Hi, the 5.4RC3 and the trunk have this bug. 
After trace the core.
I found the SG(rfc1867_uploaded_files) did't set to NULL when sapi deactive.
when trying to free the SG(rfc1867_uploaded_files), server will core dumped on 
the next form-data post request.
So It's a simple oneline-fix.
I have attached a patch for this, patch tested on Mac OS X 10.6.7 & Redhat 
Linux.

thx.


Previous Comments:
------------------------------------------------------------------------
[2011-12-09 04:05:38] reeze dot xia at gmail dot com

Description:
------------
Post two multipart/form-data to the cli-server, one 200 request and one 404 
request will cause the cli-server segfault. if enabled debug, the server exit 
with 
a message: "in-consist hashtable".

Test script:
---------------
1.Start the cli-server
2.Touch a simple empty php script
3.Make the requestes
  $ curl --form a=b  "http://localhost:8000/file.php";
  $ curl --form a=b  "http://localhost:8000/file-non-exist.php";

Expected result:
----------------
Server response correctly. one 200 and one 404 reponse.

Actual result:
--------------
Correctly response the first request. but segfault after the second 404 request.

(gdb) bt
#0  0x0000000100250da5 in _zend_mm_free_int (heap=0x101000000, p=0x100670b60) 
at 
zend_alloc.c:2097
#1  0x0000000100224e4f in destroy_uploaded_files_hash () at rfc1867.c:199
#2  0x00000001002219f2 in sapi_deactivate () at SAPI.c:535
#3  0x0000000100306b5e in php_cli_server_send_error_page 
(server=0x7fff5fbfa560, 
client=0x100b51170, status=404) at php_cli_server.c:1755
#4  0x00000001003046ad in php_cli_server_dispatch [inlined] () at 
/Volumes/Dev/Opensources/php-src-5.4/sapi/cli/php_cli_server.c:1851
#5  0x00000001003046ad in php_cli_server_recv_event_read_request 
(server=0x7fff5fbfe790, client=0x100670b60) at php_cli_server.c:2180
#6  0x0000000100305ef5 in php_cli_server_do_event_for_each_fd_callback 
[inlined] 
() at /Volumes/Dev/Opensources/php-src-5.4/sapi/cli/php_cli_server.c:2271
#7  php_cli_server_do_event_for_each_fd [inlined] () at php_cli_server.c:767
#8  php_cli_server_poller_iter_on_active [inlined] () at 
/Volumes/Dev/Opensources/php-src-5.4/sapi/cli/php_cli_server.c:2302
#9  php_cli_server_do_event_loop [inlined] () at /Volumes/Dev/Opensources/php-
src-5.4/sapi/cli/php_cli_server.c:2292
#10 0x0000000100305ef5 in do_cli_server (argc=4, argv=0x10) at 
php_cli_server.c:2403
#11 0x00000001002ffb94 in main (argc=1606414960, argv=0x7fff5fbff298) at 
php_cli.c:1359



------------------------------------------------------------------------



-- 
Edit this bug report at https://bugs.php.net/bug.php?id=60477&edit=1

Bug #60477 [Opn]: Segfault after two multipart/form-data POST requestes, one 200 RQ and one 404

Reply via email to