From: frode at coretrek dot no Operating system: FreeBSD 4.10 PHP version: 4.3.10 PHP Bug Type: Unknown/Other Function Bug description: pointer error in var_unserializer.c?
Description: ------------ I've been having problems with php segfaulting randomly when using the FreeBSD ports-build of php, with errors that do not appear to occur when using the "php-4.3.10.tar.bz" vanilla tarball. While browsing FreeBSD's patches for php-4.3.10, I noticed the following file: http://www.freebsd.org/cgi/cvsweb.cgi/ports/lang/php4/files/patch-ext%3a%3astandard%3a%3avar_unserializer.c http://www.freebsd.org/cgi/cvsweb.cgi/~checkout~/ports/lang/php4/files/patch-ext%3a%3astandard%3a%3avar_unserializer.c?rev=1.1&content-type=text/plain which appears to be based on, among other patches, the following commit: http://cvs.php.net/diff.php/php-src/ext/standard/var_unserializer.c?r1=1.48&r2=1.49&ty=u Notice that "old_data" is changed from a "zval*" to a "zval**". Looking at the "full picture" in the latest version of this file at: http://cvs.php.net/co.php/php-src/ext/standard/var_unserializer.c?r=1.18.4.18 I can see that "(void**)&old_data" is passed to zend_hash_index_find. My C knowledge is rusty at best, but doesn't this result in an "zval***" being cast into a "void**", i.e. wrong number of indirections? I'd appreciate it if someone more familiar with the PHP sourcecode could have a look at this and determine if there is a bug here. Reproduce code: --------------- N/A Expected result: ---------------- N/A Actual result: -------------- N/A -- Edit bug report at http://bugs.php.net/?id=31704&edit=1 -- Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=31704&r=trysnapshot4 Try a CVS snapshot (php5.0): http://bugs.php.net/fix.php?id=31704&r=trysnapshot50 Try a CVS snapshot (php5.1): http://bugs.php.net/fix.php?id=31704&r=trysnapshot51 Fixed in CVS: http://bugs.php.net/fix.php?id=31704&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=31704&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=31704&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=31704&r=needscript Try newer version: http://bugs.php.net/fix.php?id=31704&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=31704&r=support Expected behavior: http://bugs.php.net/fix.php?id=31704&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=31704&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=31704&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=31704&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=31704&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=31704&r=dst IIS Stability: http://bugs.php.net/fix.php?id=31704&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=31704&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=31704&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=31704&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=31704&r=mysqlcfg
