Bug #60928 [Fbk->Opn]: php crash after http post without content type header set

bardobakker at gmail dot com Mon, 30 Jan 2012 12:04:15 -0800

Edit report at https://bugs.php.net/bug.php?id=60928&edit=1


 ID:                 60928
 User updated by:    bardobakker at gmail dot com
 Reported by:        bardobakker at gmail dot com
 Summary:            php crash after http post without content type
                     header set
-Status:             Feedback
+Status:             Open
 Type:               Bug
 Package:            Apache2 related
 Operating System:   Linux
 PHP Version:        5.3.9
 Block user comment: N
 Private report:     N

 New Comment:

1 - Forgot to mention, I need to post a big file. For example a image larger 
than 5MB. If I post for example a small xml file everything works fine.

2 - I tried to reproduce with the following php script, but everything seems to 
work here; strange. Maybe the feature is in Qt, which I can rule out since 
everything used to work, and after upgrade to php 5.3.9 the behaviour started.

<?php
// Get contents of a file into a string
$filename = "./image.jpg";
$handle = fopen($filename, "r");
$contents = fread($handle, filesize($filename));
fclose($handle);

// Make post request params
$params = array('http' => array(
        'method' => 'POST',
        'content' => $data
));

// Create a streams context
$ctx = stream_context_create($params);

// Do post
$url = "http://www.server.com/post.php";;
$fp = @fopen($url, 'rb', false, $ctx);
if(!$fp) echo "Problem with $url, $php_errormsg";

// Read response
$response = @stream_get_contents($fp);
if($response === false) echo "Problem reading data from $url, $php_errormsg";

// Echo response
echo $response;
?>


Previous Comments:
------------------------------------------------------------------------
[2012-01-30 12:46:07] [email protected]

hi

Could you post a link to the file you use to upload please? We connot reproduce 
this problem.

------------------------------------------------------------------------
[2012-01-30 08:31:22] [email protected]

That's what I mean by "reproduce script", what crashes is not the client (your 
QT 
app) but the server side (php), so we need a reproduce script to know how it 
crases :)

------------------------------------------------------------------------
[2012-01-30 06:46:45] bardobakker at gmail dot com

I already posted the c++ code (Qt) I use to do the post without content type 
header. I do not know a second way to do a similar post.
One can use a empty php file to post to, even than it will crash:

<?php
?>

But the lines i use to read the raw post data:

<?php
//load raw post
$data = file_get_contents("php://input");
//(current dir is writable) 
$handle = fopen("./file.jpg", "w");
fwrite($handle, $data);
fclose($handle);
?>

------------------------------------------------------------------------
[2012-01-29 23:48:34] [email protected]

Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves. 

A proper reproducing script starts with <?php and ends with ?>,
is max. 10-20 lines long and does not require any external 
resources such as databases, etc. If the script requires a 
database to demonstrate the issue, please make sure it creates 
all necessary tables, stored procedures etc.

Please avoid embedding huge scripts into the report.



------------------------------------------------------------------------
[2012-01-29 22:31:10] bardobakker at gmail dot com

Description:
------------
I wrote some software which post a binary (image) to our server.
phplib crashes at the end of a http post without the content type header set.




Version apache:
[root@www ~]# /usr/sbin/httpd -V
Server version: Apache/2.2.3
Server built:   Oct 20 2011 17:00:12
Server's Module Magic Number: 20051115:3
Server loaded:  APR 1.2.7, APR-Util 1.2.7
Compiled using: APR 1.2.7, APR-Util 1.2.7
Architecture:   64-bit
Server MPM:     Prefork
  threaded:     no
    forked:     yes (variable process count)
Server compiled with....
 -D APACHE_MPM_DIR="server/mpm/prefork"
 -D APR_HAS_SENDFILE
 -D APR_HAS_MMAP
 -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
 -D APR_USE_SYSVSEM_SERIALIZE
 -D APR_USE_PTHREAD_SERIALIZE
 -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
 -D APR_HAS_OTHER_CHILD
 -D AP_HAVE_RELIABLE_PIPED_LOGS
 -D DYNAMIC_MODULE_LIMIT=128
 -D HTTPD_ROOT="/etc/httpd"
 -D SUEXEC_BIN="/usr/sbin/suexec"
 -D DEFAULT_PIDLOG="run/httpd.pid"
 -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
 -D DEFAULT_LOCKFILE="logs/accept.lock"
 -D DEFAULT_ERRORLOG="logs/error_log"
 -D AP_TYPES_CONFIG_FILE="conf/mime.types"
 -D SERVER_CONFIG_FILE="conf/httpd.conf"

On kill/error/fault I found in error_log:

Sat Jan 28 12:56:09 2012] [notice] child pid 17077 exit signal Segmentation 
fault (11), possible coredump in /tmp

So made a coredump: gdb: bt all:
[sorry, no debug mode, its commercial server, can't recompile etc]

Core was generated by `/usr/sbin/httpd -k start'.
Program terminated with signal 11, Segmentation fault.
#0  0x00007fe25c5696c0 in zend_hash_num_elements () from 
/etc/httpd/modules/libphp5.so
(gdb) bt full
#0  0x00007fe25c5696c0 in zend_hash_num_elements () from 
/etc/httpd/modules/libphp5.so
No symbol table info available.
#1  0x00007fe25c519606 in php_register_variable_ex () from 
/etc/httpd/modules/libphp5.so
No symbol table info available.
#2  0x00007fe25c432625 in ?? () from /etc/httpd/modules/libphp5.so
No symbol table info available.
#3  0x00007fe25c51a0e9 in php_std_post_handler () from 
/etc/httpd/modules/libphp5.so
No symbol table info available.
#4  0x00007fe25c513dd3 in sapi_handle_post () from /etc/httpd/modules/libphp5.so
No symbol table info available.
#5  0x00007fe25c519d2b in php_default_treat_data () from 
/etc/httpd/modules/libphp5.so
No symbol table info available.
#6  0x00007fe257248134 in mbstr_treat_data () from 
/usr/lib64/php/modules/mbstring.so
No symbol table info available.
#7  0x00007fe25c51a2a1 in ?? () from /etc/httpd/modules/libphp5.so
No symbol table info available.
#8  0x00007fe25c50ab65 in php_request_startup () from 
/etc/httpd/modules/libphp5.so
No symbol table info available.
#9  0x00007fe25c5e66d8 in ?? () from /etc/httpd/modules/libphp5.so
No symbol table info available.
#10 0x00007fe268e89aca in ap_run_handler ()
No symbol table info available.
#11 0x00007fe268e8cf58 in ap_invoke_handler ()
No symbol table info available.
#12 0x00007fe268e97a18 in ap_process_request ()
No symbol table info available.
#13 0x00007fe268e94c50 in ?? ()
No symbol table info available.
#14 0x00007fe268e90d52 in ap_run_process_connection ()
No symbol table info available.
#15 0x00007fe268e9be49 in ?? ()
No symbol table info available.
#16 0x00007fe268e9c0da in ?? ()
No symbol table info available.
#17 0x00007fe268e9c190 in ?? ()
No symbol table info available.
#18 0x00007fe268e9ce7b in ap_mpm_run ()
No symbol table info available.
#19 0x00007fe268e76e48 in main ()
No symbol table info available.

Test script:
---------------
Qt source for posting binary without content type set:

QString filename = QFileDialog::getOpenFileName(this);

QFile* f = new QFile(filename);
f->open(QFile::ReadOnly);

QNetworkAccessManager* manager = new QNetworkAccessManager(this);

QNetworkRequest req(QUrl("http://www.server.com/post.php";));

// uncomment line below for bypassing error
// req.setHeader(QNetworkRequest::ContentTypeHeader,"image/jpeg");

QNetworkReply* rep = manager->post(req,f);
f->setParent(rep);



------------------------------------------------------------------------



-- 
Edit this bug report at https://bugs.php.net/bug.php?id=60928&edit=1

Bug #60928 [Fbk->Opn]: php crash after http post without content type header set

Reply via email to