ID: 31048 Updated by: php-bugs@lists.php.net Reported By: john dot wellesz at teaser dot fr -Status: Feedback +Status: No Feedback Bug Type: Reproducible crash Operating System: FreeBSD 4.9 STABLE and WINXPSP2 PHP Version: 5.0.2 New Comment:
No feedback was provided for this bug for over a week, so it is being suspended automatically. If you are able to provide the information that was originally requested, please do so and change the status of the bug back to "Open". Previous Comments: ------------------------------------------------------------------------ [2004-12-16 09:51:27] [EMAIL PROTECTED] You can actually, type "bt" on the GDB prompt after it crashed. That will make a backtrace which is very useful for us. Thanks ------------------------------------------------------------------------ [2004-12-16 00:02:19] john dot wellesz at teaser dot fr OK, The bug doesn't happen in php 5.0.3 (at least on windows XP sp2). I've been able to generate a core dump but without the --enable-debug parameter, plus I've made a kdump. First the kdump (I've called ob_start() just before the call to fpassthru() since it didn't change anything and make the trace shorter): ktrace is launched just before the line: "$handle = fopen($loginfo, "rb");" ------------Kdump Result: 67985 php RET read 0 67985 php CALL close(0x3) 67985 php RET close 0 67985 php CALL wait4(0x10994,0xbfbfd9dc,0,0) 67985 php RET wait4 67988/0x10994 67985 php CALL nanosleep(0xbfbfdab8,0xbfbfdab0) 67985 php RET nanosleep 0 67985 php CALL __getcwd(0xbfbfd5d0,0x400) 67985 php RET __getcwd 0 67985 php CALL lstat(0xbfbfd180,0xbfbfd0d0) 67985 php NAMI "/home" 67985 php RET lstat 0 67985 php CALL lstat(0xbfbfd180,0xbfbfd0d0) 67985 php NAMI "/home/_j2" 67985 php RET lstat 0 67985 php CALL lstat(0xbfbfd180,0xbfbfd0d0) 67985 php NAMI "/home/_j2/j2072" 67985 php RET lstat 0 67985 php CALL lstat(0xbfbfd180,0xbfbfd0d0) 67985 php NAMI "/home/_j2/j2072/pub" 67985 php RET lstat 0 67985 php CALL lstat(0xbfbfd180,0xbfbfd0d0) 67985 php NAMI "/home/_j2/j2072/pub/www.2072productions.com" 67985 php RET lstat 0 67985 php CALL lstat(0xbfbfd180,0xbfbfd0d0) 67985 php NAMI "/home/ _j2/j2072/pub/www.2072productions.com/fpassthru_crash_test_file" 67985 php RET lstat 0 67985 php CALL open(0x8205e8c,0,0x1b6) 67985 php NAMI "/home/ _j2/j2072/pub/www.2072productions.com/fpassthru_crash_test_file" 67985 php RET open 3 67985 php CALL fstat(0x3,0x817892c) 67985 php RET fstat 0 67985 php CALL lseek(0x3,0,0,0,0x1) 67985 php RET lseek 0 67985 php CALL lseek(0x3,0,0x30d40,0,0) 67985 php RET lseek 200000/0x30d40 67985 php CALL break(0x8222000) 67985 php RET break 0 67985 php CALL fstat(0x3,0x817892c) 67985 php RET fstat 0 67985 php CALL mmap(0,0x493e3,0x1,0x1,0x3,0,0x30d40,0) 67985 php RET mmap 677834048/0x2866ed40 67985 php CALL break(0x826e000) 67985 php RET break 0 67985 php PSIG SIGBUS SIG_DFL 67985 php NAMI "/var/cores/php" ------------Now the result of GDB: #0 0x284212a6 in memcpy () from /usr/lib/libc.so.4 (gdb) #0 0x284212a6 in memcpy () from /usr/lib/libc.so.4 Cannot access memory at address 0xbfbfba2c. (gdb) I can't do better, I hope this will be sufficient :-) ------------------------------------------------------------------------ [2004-12-14 02:18:24] [EMAIL PROTECTED] Thank you for this bug report. To properly diagnose the problem, we need a backtrace to see what is happening behind the scenes. To find out how to generate a backtrace, please read http://bugs.php.net/bugs-generating-backtrace.php Once you have generated a backtrace, please submit it to this bug report and change the status back to "Open". Thank you for helping us make PHP better. Read the link; it tells you how to make a backtrace; without one we can't fix the bug. ------------------------------------------------------------------------ [2004-12-13 20:21:27] john dot wellesz at teaser dot fr Your Bug Report script split lines so the code I provided will only make syntax errors (commented lines are split). So here is the uncommented code: <?php $loginfo="fpassthru_crash_test_file"; touch($loginfo); $handle=fopen($loginfo, "r+b"); ftruncate($handle,0); fseek($handle, 300000, SEEK_END); fwrite($handle,"END"); fclose($handle); $handle=fopen($loginfo, "rb"); fseek($handle, 200000, SEEK_SET); fpassthru($handle); ?> I hope you'll be able to reproduce it :-) ------------------------------------------------------------------------ [2004-12-10 18:36:05] john dot wellesz at teaser dot fr Do you mean that the code provided doesn't make your PHP 5.0.2 to crash? If yes, then try to increase the size of the test file ("fpassthru_crash_test_file") to 2Mb. You can also try to increase the position of the file pointer. The problem looks like a buffer overflow... I'm not a PHP developper, I don't have the tools needed to make the backtrace, I don't have admin access to the machine running under FreeBSD 4.9... And doing it under winXPSP2 will take hours of my time (if ever it is possible), whereas it would take at most 15 minutes for a PHP developper who already have have all the tools needed. Thank you. ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/31048 -- Edit this bug report at http://bugs.php.net/?id=31048&edit=1