From: derek at battams dot ca
Operating system: Linux 2.4
PHP version: 5.0.0RC3
PHP Bug Type: Reproducible crash
Bug description: Destructor Segfaults PHP5RC3
Description:
------------
PHP segfaults when trying to use the result of md5 or sha1 (tried md5
initally, then tried sha1 when code kept segfaulting) as a file name in my
destructor. Unfortunately, I can't reproduce the crash with a small script
(the class in question is part of a much larger system), but I know how to
elimite the segfault within the project's codebase. If I remove the call
to md5 in the sample code then there's no segfault (no matter how hard I
try). Once I put the md5 (or sha1) call back into the destructor then the
segfault returns immediately.
Reproduce code:
---------------
public function __destruct()
{
$cacheFile1 = BP_CACHE . "/" . md5($this->getDN());
$cacheFile2 = BP_CACHE . "/" . md5($this->findAttribute("mail"));
if(!file_exists($cacheFile1) || !file_exists($cacheFile2) ||
!(is_link($cacheFile1) xor is_link($cacheFile2)))
if(file_exists($cacheFile1) && !is_link($cacheFile1))
{
if(file_exists($cacheFile2))
@unlink($cacheFile2);
@symlink(basename($cacheFile1), $cacheFile2);
}
else if(file_exists($cacheFile2) && !is_link($cacheFile2))
{
if(file_exists($cacheFile1))
@unlink($cacheFile1);
@symlink(basename($cacheFile2), $cacheFile1);
}
else
{
if(file_exists($cacheFile1))
@unlink($cacheFile1);
if(file_exists($cacheFile2))
@unlink($cacheFile2);
}
return;
}
Expected result:
----------------
Destructor returns with no segfault.
Actual result:
--------------
(gdb) bt
#0 0x081a3c99 in zend_hash_find (ht=0x4042cc5c,
arKey=0x4042c734 "cacheFile1", nKeyLength=11, pData=0x33303934)
at /tmp/php-5.0.0RC3/Zend/zend_hash.c:846
#1 0x081b74b6 in zend_fetch_var_address (opline=0x404323b8,
Ts=0xbfffe030,
type=0) at /tmp/php-5.0.0RC3/Zend/zend_execute.c:762
#2 0x081b9c5f in zend_fetch_r_handler (execute_data=0xbfffe6d0,
opline=0x404323b8, op_array=0x4042c25c)
at /tmp/php-5.0.0RC3/Zend/zend_execute.c:1994
#3 0x081b8a77 in execute (op_array=0x4042c25c)
at /tmp/php-5.0.0RC3/Zend/zend_execute.c:1389
#4 0x08194fa6 in zend_call_function (fci=0xbfffe850,
fci_cache=0xbfffe830)
at /tmp/php-5.0.0RC3/Zend/zend_execute_API.c:835
#5 0x081aa0c2 in zend_call_method (object_pp=0xbfffe8dc,
obj_ce=0x4042b824,
fn_proxy=0x0, function_name=0x81f9c04 "__destruct",
function_name_len=10,
retval_ptr_ptr=0x0, param_count=1078141880, arg1=0x0, arg2=0x0)
at /tmp/php-5.0.0RC3/Zend/zend_interfaces.c:79
#6 0x081ac3e1 in zend_objects_destroy_object (object=0x4043bf54,
handle=1078141880) at /tmp/php-5.0.0RC3/Zend/zend_objects.c:78
#7 0x081ae106 in zend_objects_store_call_destructors (objects=0x82521d4)
at /tmp/php-5.0.0RC3/Zend/zend_objects_API.c:54
#8 0x0819428c in shutdown_executor ()
at /tmp/php-5.0.0RC3/Zend/zend_execute_API.c:209
#9 0x0819db09 in zend_deactivate () at /tmp/php-5.0.0RC3/Zend/zend.c:819
#10 0x0816cdb5 in php_request_shutdown (dummy=0x0)
at /tmp/php-5.0.0RC3/main/main.c:1212
#11 0x081c3e8e in main (argc=2, argv=0xbffff6a4)
at /tmp/php-5.0.0RC3/sapi/cli/php_cli.c:1046
#12 0x42015574 in __libc_start_main () from /lib/tls/libc.so.6
Also, this from the debug enabled PHP binary:
[EMAIL PROTECTED] public_html]$ $R/php test.person.php
Warning: String is not zero-terminated
(ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ
ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ�̏*̏*D) (source:
/tmp/php-5.0.0RC3/Zend/zend_execute_API.c:391) in Unknown on line 0
[Sat Jul 10 23:41:43 2004] Script: 'test.person.php'
---------------------------------------
/tmp/php-5.0.0RC3/Zend/zend_execute_API.c(391) : Block 0x4140E9D4
status:
/tmp/php-5.0.0RC3/Zend/zend_variables.c(45) : Actual location (location
was relayed)
Beginning: Cached (allocated on
/tmp/php-5.0.0RC3/main/streams/streams.c:1529, 69 bytes)
End: OK
---------------------------------------
--
Edit bug report at http://bugs.php.net/?id=29090&edit=1
--
Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=29090&r=trysnapshot4
Try a CVS snapshot (php5): http://bugs.php.net/fix.php?id=29090&r=trysnapshot5
Fixed in CVS: http://bugs.php.net/fix.php?id=29090&r=fixedcvs
Fixed in release: http://bugs.php.net/fix.php?id=29090&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=29090&r=needtrace
Need Reproduce Script: http://bugs.php.net/fix.php?id=29090&r=needscript
Try newer version: http://bugs.php.net/fix.php?id=29090&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=29090&r=support
Expected behavior: http://bugs.php.net/fix.php?id=29090&r=notwrong
Not enough info: http://bugs.php.net/fix.php?id=29090&r=notenoughinfo
Submitted twice: http://bugs.php.net/fix.php?id=29090&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=29090&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=29090&r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=29090&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=29090&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=29090&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=29090&r=float
