ID: 31048 Updated by: [EMAIL PROTECTED] Reported By: john dot wellesz at teaser dot fr -Status: Open +Status: Feedback Bug Type: Reproducible crash Operating System: FreeBSD 4.9 STABLE and WINXPSP2 PHP Version: 5.0.2 New Comment:
Thank you for this bug report. To properly diagnose the problem, we need a backtrace to see what is happening behind the scenes. To find out how to generate a backtrace, please read http://bugs.php.net/bugs-generating-backtrace.php Once you have generated a backtrace, please submit it to this bug report and change the status back to "Open". Thank you for helping us make PHP better. Read the link; it tells you how to make a backtrace; without one we can't fix the bug. Previous Comments: ------------------------------------------------------------------------ [2004-12-13 20:21:27] john dot wellesz at teaser dot fr Your Bug Report script split lines so the code I provided will only make syntax errors (commented lines are split). So here is the uncommented code: <?php $loginfo="fpassthru_crash_test_file"; touch($loginfo); $handle=fopen($loginfo, "r+b"); ftruncate($handle,0); fseek($handle, 300000, SEEK_END); fwrite($handle,"END"); fclose($handle); $handle=fopen($loginfo, "rb"); fseek($handle, 200000, SEEK_SET); fpassthru($handle); ?> I hope you'll be able to reproduce it :-) ------------------------------------------------------------------------ [2004-12-10 18:36:05] john dot wellesz at teaser dot fr Do you mean that the code provided doesn't make your PHP 5.0.2 to crash? If yes, then try to increase the size of the test file ("fpassthru_crash_test_file") to 2Mb. You can also try to increase the position of the file pointer. The problem looks like a buffer overflow... I'm not a PHP developper, I don't have the tools needed to make the backtrace, I don't have admin access to the machine running under FreeBSD 4.9... And doing it under winXPSP2 will take hours of my time (if ever it is possible), whereas it would take at most 15 minutes for a PHP developper who already have have all the tools needed. Thank you. ------------------------------------------------------------------------ [2004-12-10 09:13:10] [EMAIL PROTECTED] Thank you for this bug report. To properly diagnose the problem, we need a backtrace to see what is happening behind the scenes. To find out how to generate a backtrace, please read http://bugs.php.net/bugs-generating-backtrace.php Once you have generated a backtrace, please submit it to this bug report and change the status back to "Open". Thank you for helping us make PHP better. ------------------------------------------------------------------------ [2004-12-10 02:39:53] john dot wellesz at teaser dot fr Description: ------------ The bug I'm about to describe happens on Windows XP SP2 and freeBSD 4.9 STABLE and probably other platforms (I'm currently using PHP 5.0.2 on both). My 2 php (winXP and FreeBSD) run as CGI, the crashes also happens if I execute my script on command line. Modules used is probably irrelevant (and futile?), I use 2 PHP, one on FreeBSD and the other on winXP compiled on totally different way with not the same modules... (tell me if you can't reproduce the crash, i'll provide more info). ---------------- BUG REQUIREMENTS: --> You must have a file of at least 300Kb in size (200Kb won't make PHP to crash) --> You must have set the file pointer with fseek at 200,000 bytes (other values may not produce the bug) from the beginning of the file. --> You must call fpassthru() to print the rest of the file. Reproduce code: --------------- <?php //test file path $loginfo="fpassthru_crash_test_file"; //create the file; touch($loginfo); //allocate ~300000 bytes in the files (the file will make 300003 bytes) $handle=fopen($loginfo, "r+b"); ftruncate($handle,0); fseek($handle, 300000, SEEK_END); fwrite($handle,"END"); fclose($handle); //Open it for reading $handle=fopen($loginfo, "rb"); fseek($handle, 200000, SEEK_SET);//the 200000 is important, other values may not trigger the bug fpassthru($handle); ?> Expected result: ---------------- PHP should print the file till the end, we should see "END"... Actual result: -------------- PHP displays the file till the 98304th byte and crashes with a bus error (Signal 10). ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=31048&edit=1
