Bug #60928 [Fbk->Opn]: php crash after http post without content type header set

bardobakker at gmail dot com Sun, 29 Jan 2012 22:47:01 -0800

Edit report at https://bugs.php.net/bug.php?id=60928&edit=1


 ID:                 60928
 User updated by:    bardobakker at gmail dot com
 Reported by:        bardobakker at gmail dot com
 Summary:            php crash after http post without content type
                     header set
-Status:             Feedback
+Status:             Open
 Type:               Bug
 Package:            Apache2 related
 Operating System:   Linux
 PHP Version:        5.3.9
 Block user comment: N
 Private report:     N

 New Comment:

I already posted the c++ code (Qt) I use to do the post without content type 
header. I do not know a second way to do a similar post.
One can use a empty php file to post to, even than it will crash:

<?php
?>

But the lines i use to read the raw post data:

<?php
//load raw post
$data = file_get_contents("php://input");
//(current dir is writable) 
$handle = fopen("./file.jpg", "w");
fwrite($handle, $data);
fclose($handle);
?>


Previous Comments:
------------------------------------------------------------------------
[2012-01-29 23:48:34] paj...@php.net

Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves. 

A proper reproducing script starts with <?php and ends with ?>,
is max. 10-20 lines long and does not require any external 
resources such as databases, etc. If the script requires a 
database to demonstrate the issue, please make sure it creates 
all necessary tables, stored procedures etc.

Please avoid embedding huge scripts into the report.



------------------------------------------------------------------------
[2012-01-29 22:31:10] bardobakker at gmail dot com

Description:
------------
I wrote some software which post a binary (image) to our server.
phplib crashes at the end of a http post without the content type header set.




Version apache:
[root@www ~]# /usr/sbin/httpd -V
Server version: Apache/2.2.3
Server built:   Oct 20 2011 17:00:12
Server's Module Magic Number: 20051115:3
Server loaded:  APR 1.2.7, APR-Util 1.2.7
Compiled using: APR 1.2.7, APR-Util 1.2.7
Architecture:   64-bit
Server MPM:     Prefork
  threaded:     no
    forked:     yes (variable process count)
Server compiled with....
 -D APACHE_MPM_DIR="server/mpm/prefork"
 -D APR_HAS_SENDFILE
 -D APR_HAS_MMAP
 -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
 -D APR_USE_SYSVSEM_SERIALIZE
 -D APR_USE_PTHREAD_SERIALIZE
 -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
 -D APR_HAS_OTHER_CHILD
 -D AP_HAVE_RELIABLE_PIPED_LOGS
 -D DYNAMIC_MODULE_LIMIT=128
 -D HTTPD_ROOT="/etc/httpd"
 -D SUEXEC_BIN="/usr/sbin/suexec"
 -D DEFAULT_PIDLOG="run/httpd.pid"
 -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
 -D DEFAULT_LOCKFILE="logs/accept.lock"
 -D DEFAULT_ERRORLOG="logs/error_log"
 -D AP_TYPES_CONFIG_FILE="conf/mime.types"
 -D SERVER_CONFIG_FILE="conf/httpd.conf"

On kill/error/fault I found in error_log:

Sat Jan 28 12:56:09 2012] [notice] child pid 17077 exit signal Segmentation 
fault (11), possible coredump in /tmp

So made a coredump: gdb: bt all:
[sorry, no debug mode, its commercial server, can't recompile etc]

Core was generated by `/usr/sbin/httpd -k start'.
Program terminated with signal 11, Segmentation fault.
#0  0x00007fe25c5696c0 in zend_hash_num_elements () from 
/etc/httpd/modules/libphp5.so
(gdb) bt full
#0  0x00007fe25c5696c0 in zend_hash_num_elements () from 
/etc/httpd/modules/libphp5.so
No symbol table info available.
#1  0x00007fe25c519606 in php_register_variable_ex () from 
/etc/httpd/modules/libphp5.so
No symbol table info available.
#2  0x00007fe25c432625 in ?? () from /etc/httpd/modules/libphp5.so
No symbol table info available.
#3  0x00007fe25c51a0e9 in php_std_post_handler () from 
/etc/httpd/modules/libphp5.so
No symbol table info available.
#4  0x00007fe25c513dd3 in sapi_handle_post () from /etc/httpd/modules/libphp5.so
No symbol table info available.
#5  0x00007fe25c519d2b in php_default_treat_data () from 
/etc/httpd/modules/libphp5.so
No symbol table info available.
#6  0x00007fe257248134 in mbstr_treat_data () from 
/usr/lib64/php/modules/mbstring.so
No symbol table info available.
#7  0x00007fe25c51a2a1 in ?? () from /etc/httpd/modules/libphp5.so
No symbol table info available.
#8  0x00007fe25c50ab65 in php_request_startup () from 
/etc/httpd/modules/libphp5.so
No symbol table info available.
#9  0x00007fe25c5e66d8 in ?? () from /etc/httpd/modules/libphp5.so
No symbol table info available.
#10 0x00007fe268e89aca in ap_run_handler ()
No symbol table info available.
#11 0x00007fe268e8cf58 in ap_invoke_handler ()
No symbol table info available.
#12 0x00007fe268e97a18 in ap_process_request ()
No symbol table info available.
#13 0x00007fe268e94c50 in ?? ()
No symbol table info available.
#14 0x00007fe268e90d52 in ap_run_process_connection ()
No symbol table info available.
#15 0x00007fe268e9be49 in ?? ()
No symbol table info available.
#16 0x00007fe268e9c0da in ?? ()
No symbol table info available.
#17 0x00007fe268e9c190 in ?? ()
No symbol table info available.
#18 0x00007fe268e9ce7b in ap_mpm_run ()
No symbol table info available.
#19 0x00007fe268e76e48 in main ()
No symbol table info available.

Test script:
---------------
Qt source for posting binary without content type set:

QString filename = QFileDialog::getOpenFileName(this);

QFile* f = new QFile(filename);
f->open(QFile::ReadOnly);

QNetworkAccessManager* manager = new QNetworkAccessManager(this);

QNetworkRequest req(QUrl("http://www.server.com/post.php";));

// uncomment line below for bypassing error
// req.setHeader(QNetworkRequest::ContentTypeHeader,"image/jpeg");

QNetworkReply* rep = manager->post(req,f);
f->setParent(rep);



------------------------------------------------------------------------



-- 
Edit this bug report at https://bugs.php.net/bug.php?id=60928&edit=1

Bug #60928 [Fbk->Opn]: php crash after http post without content type header set

Reply via email to