#30027 [Com]: segmentation fault in ftp_get/memchr()

cfield at affinitysolutions dot com Tue, 21 Sep 2004 14:32:53 -0700

 ID:               30027
 Comment by:       cfield at affinitysolutions dot com
 Reported By:      sbrown at truckstuffusa dot com
 Status:           Open
 Bug Type:         FTP related
 Operating System: Redhat 9
 PHP Version:      4.3.8
 New Comment:


I have the same problem on an SMP redhat 9 system, i can get it to stop
the segmentation faults by adding "((e-ptr)>0) &&" to the while loop
condition on line 732 of ftp.c, however now i am getting sporadic extra
newlines (always in the same places in the file,see below for line
numbers etc. ) however, if i slowly step through the interaction it
does not put the extra new line in....

line number     written bytes   total bytes
504     126475  126475
689     46333   172808
2589    474698  647506
3088    105999  753505
3766    145320  898825
5005    304503  1203328
5163    40804   1244132
5221    12232   1256364
5587    91208   1347572
7454    424119  1771691
7790    80126   1851817
10501   686879  2538696
10680   42243   2580939
12103   361663  2942602
13382   311479  3254081
13921   137267  3391348
16803   724748  4116096
18468   414953  4531049
18654   43412   4574461
18934   63798   4638259
18988   13696   4651955
20429   349357  5001312
21981   390490  5391802
25524   906947  6298749
27445   448641  6747390
29239   497920  7245310
30083   220342  7465652
30274   46327   7511979
31340   270732  7782711
32882   353352  8136063
33421   123803  8259866
34365   224338  8484204
36254   449849  8934053


Previous Comments:
------------------------------------------------------------------------

[2004-09-17 16:25:50] sbrown at truckstuffusa dot com

Downloaded CVS last night, still get the seg fault:

# php --version
PHP 4.3.9RC4-dev (cgi) (built: Sep 17 2004 09:19:39) (DEBUG)
Copyright (c) 1997-2004 The PHP Group
Zend Engine v1.3.0, Copyright (c) 1998-2004 Zend Technologies

# gdb php
(gdb) run script-backup
Starting program: /usr/local/bin/php script-backup
...
 
Program received signal SIGSEGV, Segmentation fault.
0x4207bb01 in memchr () from /lib/tls/libc.so.6
(gdb) bt
#0  0x4207bb01 in memchr () from /lib/tls/libc.so.6
#1  0x0805eaa8 in ftp_get (ftp=0x81828ac, outstream=0x81a6afc,
path=0x81a6604 "/x-stuff/php/dashboard_projectmgmt.php",
type=FTPTYPE_ASCII, resumepos=0)
    at /usr/local/src/php-src/ext/ftp/ftp.c:730
#2  0x0805c141 in zif_ftp_get (ht=4, return_value=0x81a6184,
this_ptr=0x0, return_value_used=1) at
/usr/local/src/php-src/ext/ftp/php_ftp.c:637
#3  0x0811cb8f in execute (op_array=0x81885b8) at
/usr/local/src/php-src/Zend/zend_execute.c:1640
#4  0x0811cdbb in execute (op_array=0x8189310) at
/usr/local/src/php-src/Zend/zend_execute.c:1684
#5  0x0811cdbb in execute (op_array=0x81827d4) at
/usr/local/src/php-src/Zend/zend_execute.c:1684
#6  0x0810ac19 in zend_execute_scripts (type=8, retval=0x0,
file_count=3) at /usr/local/src/php-src/Zend/zend.c:891
#7  0x080d6795 in php_execute_script (primary_file=0xbffff0e0) at
/usr/local/src/php-src/main/main.c:1735
#8  0x081238cc in main (argc=2, argv=0xbffff184) at
/usr/local/src/php-src/sapi/cgi/cgi_main.c:1592
(gdb) up
#1  0x0805eaa8 in ftp_get (ftp=0x81828ac, outstream=0x81a6afc,
path=0x81a6604 "/x-stuff/php/dashboard_projectmgmt.php",
type=FTPTYPE_ASCII, resumepos=0)
    at /usr/local/src/php-src/ext/ftp/ftp.c:730
730                             while ((s = memchr(ptr, '\r', (e -
ptr)))) {
(gdb) p s
$1 = 0x81a6e57 "\n var contacts_win = "
(gdb) p ptr
$2 = 0x81a6e58 " var contacts_win = "
(gdb) p e
$3 = 0x81a6c4a "\n<tcus();\r\n}\r\n-->\r\n</script>\r\n<?\r\nif
(isset($_GET['publisher']))\r\n   echo '<form name=\"frm_deleteprj\"
action=\"'.$_SERVER['PHP_SELF'].'?publisher='.$publisher.'\"
method=POST>';\r\n elseif (isset($_GET['s"...
(gdb)

------------------------------------------------------------------------

[2004-09-16 10:48:10] [EMAIL PROTECTED]

Get the latest stable CVS snapshot of PHP 4 and configure it with this
line:

# ./configure --disable-all --enable-ftp --enable-debug

Run your script in command line instead and try to generate the gdb
backtrace with it.


------------------------------------------------------------------------

[2004-09-08 18:11:30] sbrown at truckstuffusa dot com

And just in case, here's the bt:

(gdb) bt
#0  0x4207bae0 in memchr () from /lib/tls/libc.so.6
#1  0x0807ebb0 in ftp_get (ftp=0x8366c4c, outstream=0x83a0fdc,
path=0x83991cc "/x-stuff/mir_libraries/lib-htmlMimeMail.php",
type=FTPTYPE_ASCII, resumepos=0)
    at /usr/local/src/php-4.3.8/ext/ftp/ftp.c:730
#2  0x0807bf69 in zif_ftp_get (ht=4, return_value=0x83a0f9c,
this_ptr=0x0, return_value_used=1) at
/usr/local/src/php-4.3.8/ext/ftp/php_ftp.c:637
#3  0x081ecfb0 in execute (op_array=0x836c920) at
/usr/local/src/php-4.3.8/Zend/zend_execute.c:1635
#4  0x081ed22b in execute (op_array=0x836d648) at
/usr/local/src/php-4.3.8/Zend/zend_execute.c:1679
#5  0x081ed22b in execute (op_array=0x8366b74) at
/usr/local/src/php-4.3.8/Zend/zend_execute.c:1679
#6  0x081d9783 in zend_execute_scripts (type=8, retval=0x0,
file_count=3) at /usr/local/src/php-4.3.8/Zend/zend.c:891
#7  0x0819e9b7 in php_execute_script (primary_file=0xbffffad0) at
/usr/local/src/php-4.3.8/main/main.c:1734
#8  0x081f3e3d in main (argc=2, argv=0xbffffb64) at
/usr/local/src/php-4.3.8/sapi/cli/php_cli.c:822
(gdb)

------------------------------------------------------------------------

[2004-09-08 18:10:00] sbrown at truckstuffusa dot com

Program received signal SIGSEGV, Segmentation fault.
0x4207bae0 in memchr () from /lib/tls/libc.so.6
(gdb) up
#1  0x0807ebb0 in ftp_get (ftp=0x8366c4c, outstream=0x83a0fdc,
path=0x83991cc "/x-stuff/mir_libraries/lib-htmlMimeMail.php",
type=FTPTYPE_ASCII, resumepos=0)
    at /usr/local/src/php-4.3.8/ext/ftp/ftp.c:730
730                             while ((s = memchr(ptr, '\r', (e -
ptr)))) {
(gdb) p s
$1 = 0x83a0ea9 "\r:\bÐ\016:\b\f"
(gdb) p ptr
$2 = 0x83a0eaa ":\bÐ\016:\b\f"
(gdb) p e
$3 = 0x838be9c "\n\t\t\t\t\t$content_type =
$this->image_types[strtolower($ext)];\r\n\t\t\t\t\t$this->addHtmlImage($image,
basename($html_images[$i]),
$content_type);\r\n\t\t\t\t}\r\n\t\t\t}\r\n\t\t}\r\n\t}\r\n\r\n/**\r\n*
Adds an image to the list of e"...
(gdb)

------------------------------------------------------------------------

[2004-09-08 17:37:47] [EMAIL PROTECTED]

In gdb for that core, could you type:
  up
  p s
  p ptr
  p e
and add the output to this bug please.

------------------------------------------------------------------------

The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
    http://bugs.php.net/30027

-- 
Edit this bug report at http://bugs.php.net/?id=30027&edit=1

#30027 [Com]: segmentation fault in ftp_get/memchr()

Reply via email to