From: pablomh at gmail dot com
Operating system: OpenBSD 3.8 -current sparc64
PHP version: 5.0.5
PHP Bug Type: Reproducible crash
Bug description: Crash during gallery2 configuration
Description:
------------
I'm trying to install new gallery2 in a Sun Ultra10 with OpenBSD 3.8
-current and PHP 5.0.5 installed from OpenBSD packages. Apache/1.3.29 from
OpenBSD and chroot'd.
During the authentication phase, it requires I fill a file called
login.txt with randomly generated characters. When I click in
"Authenticate me" buttom, httpd dies with:
[Fri Sep 30 19:01:04 2005] [notice] child pid 22245 exit signal
Segmentation fault (11)
Reproduce code:
---------------
This is the failing class:
<?php
/*
* $RCSfile: AuthenticateStep.class,v $
*
* Gallery - a web based photo album viewer and editor
* Copyright (C) 2000-2005 Bharat Mediratta
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or (at
* your option) any later version.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA
02110-1301, USA.
*/
class AuthenticateStep extends InstallStep {
var $_uniqueKey;
var $_firstTime;
function AuthenticateStep() {
for ($len=64, $rand='';
strlen($rand) < $len;
$rand .= chr(!mt_rand(0,2) ? mt_rand(48,57) :
(!mt_rand(0,1) ? mt_rand(65,90) :
mt_rand(97,122))));
$this->_uniqueKey = md5($rand);
$this->_firstTime = true;
}
function stepName() {
return _('Authenticate');
}
function processRequest() {
if (!empty($_GET['downloadLogin'])) {
header("Content-Type: text/plain");
header("Content-Length: " . strlen($this->_uniqueKey));
header("Content-Description: Download login.txt to your
computer.");
header("Content-Disposition: attachment;
filename=login.txt");
print $this->_uniqueKey;
return false;
}
return true;
}
function loadTemplateData(&$templateData) {
$authenticationDir = dirname(dirname(dirname(__FILE__)));
if (isset($_SERVER['DOCUMENT_ROOT'])
&& preg_match('#^' . $_SERVER['DOCUMENT_ROOT'] .
'/(.*)#',
$authenticationDir, $matches)) {
$authenticationDir = $matches[1];
}
if (!$this->isComplete()) {
/* Authenticate */
$authenticated = false;
$authFile = dirname(__FILE__) . '/../../login.txt';
if (!file_exists($authFile)) {
if (!$this->_firstTime) {
$templateData['errors'][] =
sprintf(_('<b>Error:</b> could not locate
<b>login.txt</b>. ' .
'Please place it in your <tt>%s/</tt>
directory.'),
$authenticationDir);
}
} else if (!is_readable($authFile)) {
$templateData['errors'][] =
_('<b>Error:</b> your <b>login.txt</b> file is not
readable. ' .
'Please give Gallery read permissions on the
file.');
} else {
$fileAuth = trim(join("", file($authFile)));
if ($fileAuth == $this->_uniqueKey) {
$this->setComplete(true);
} else {
$templateData['errors'][] =
_('<b>Error:</b> your <b>login.txt</b> key does
not match correctly. ' .
'Please download a new authentication string
from below and try again.');
}
}
}
$this->_firstTime = false;
$templateData['authenticationDir'] = $authenticationDir;
if ($this->isComplete()) {
$templateData['bodyFile'] = 'AuthenticateSuccessful.html';
} else {
$templateData['bodyFile'] = 'AuthenticateRequest.html';
}
}
function getUniqueKey() {
return $this->_uniqueKey;
}
}
?>
Actual result:
--------------
Running httpd in debug mode under gdb:
# gdb httpd
GNU gdb 6.3
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you
are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for
details.
This GDB was configured as "sparc64-unknown-openbsd3.8"...(no debugging
symbols found)
(gdb) run -X
Starting program: /usr/sbin/httpd -X
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
Program received signal SIGSEGV, Segmentation fault.
0x00000000429033e4 in memcpy () from /usr/lib/libc.so.38.2
(gdb) backtrace
#0 0x00000000429033e4 in memcpy () from /usr/lib/libc.so.38.2
#1 0x0000000046bce770 in php_var_serialize_class_name () from
/usr/lib/apache/modules/libphp5.so
#2 0x0000000046bcd13c in php_var_serialize_intern () from
/usr/lib/apache/modules/libphp5.so
#3 0x0000000046bcd308 in php_var_serialize_intern () from
/usr/lib/apache/modules/libphp5.so
#4 0x0000000046bcdb74 in php_var_serialize () from
/usr/lib/apache/modules/libphp5.so
#5 0x0000000046bcdc1c in zif_serialize () from
/usr/lib/apache/modules/libphp5.so
#6 0x0000000046c63c88 in zend_do_fcall_common_helper () from
/usr/lib/apache/modules/libphp5.so
#7 0x0000000046c5ffd8 in execute () from
/usr/lib/apache/modules/libphp5.so
#8 0x0000000046c3bf70 in zend_execute_scripts () from
/usr/lib/apache/modules/libphp5.so
#9 0x0000000046bfb11c in php_execute_script () from
/usr/lib/apache/modules/libphp5.so
#10 0x0000000046c6bca4 in apache_php_module_main () from
/usr/lib/apache/modules/libphp5.so
#11 0x0000000046c6c97c in send_php () from
/usr/lib/apache/modules/libphp5.so
#12 0x0000000046c6ccb4 in send_parsed_php () from
/usr/lib/apache/modules/libphp5.so
#13 0x0000000000146014 in ap_invoke_handler ()
#14 0x000000000015e76c in ap_some_auth_required ()
#15 0x000000000015e96c in ap_process_request ()
#16 0x0000000000154344 in ap_child_terminate ()
#17 0x0000000000154344 in ap_child_terminate ()
Previous frame identical to this frame (corrupt stack?)
(gdb)
--
Edit bug report at http://bugs.php.net/?id=34692&edit=1
--
Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=34692&r=trysnapshot4
Try a CVS snapshot (php5.0):
http://bugs.php.net/fix.php?id=34692&r=trysnapshot50
Try a CVS snapshot (php5.1):
http://bugs.php.net/fix.php?id=34692&r=trysnapshot51
Fixed in CVS: http://bugs.php.net/fix.php?id=34692&r=fixedcvs
Fixed in release: http://bugs.php.net/fix.php?id=34692&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=34692&r=needtrace
Need Reproduce Script: http://bugs.php.net/fix.php?id=34692&r=needscript
Try newer version: http://bugs.php.net/fix.php?id=34692&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=34692&r=support
Expected behavior: http://bugs.php.net/fix.php?id=34692&r=notwrong
Not enough info:
http://bugs.php.net/fix.php?id=34692&r=notenoughinfo
Submitted twice:
http://bugs.php.net/fix.php?id=34692&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=34692&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=34692&r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=34692&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=34692&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=34692&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=34692&r=float
No Zend Extensions: http://bugs.php.net/fix.php?id=34692&r=nozend
MySQL Configuration Error: http://bugs.php.net/fix.php?id=34692&r=mysqlcfg
