From: ringu at mail dot ru
Operating system: CentOS 4.2, Mandriva Linux 2006
PHP version: 5.1.2
PHP Bug Type: Scripting Engine problem
Bug description: bug with stream_wrapper_register
Description:
------------
I tried to register my stream wrapper to use it in include. Everything was
OK until i have not parse error in code that i tried to include.
stream_wrapper_register cause Apache 1.3 segmentation fault.
Reproduce code:
---------------
class StrangeEval
{
var $position;
var $codeBit;
function stream_open($path, $mode, $options, &$opened_path)
{
$url = parse_url($path);
$this->codeBit = $url["host"];
$this->position = 0;
return true;
}
function stream_read($count)
{
$ret = substr($GLOBALS[$this->codeBit], $this->position, $count);
$this->position += strlen($ret);
return $ret;
}
function stream_eof()
{
return $this->position >= strlen($GLOBALS[$this->codeBit]);
}
function stream_write($data)
{
return 0;
}
function stream_tell()
{
return $this->position;
}
function stream_seek($offset, $whence)
{
switch ($whence) {
case SEEK_SET:
if ($offset < strlen($GLOBALS[$this->varname]) && $offset
>= 0) {
$this->position = $offset;
return true;
} else {
return false;
}
break;
case SEEK_CUR:
if ($offset >= 0) {
$this->position += $offset;
return true;
} else {
return false;
}
break;
case SEEK_END:
if (strlen($GLOBALS[$this->varname]) + $offset >= 0) {
$this->position = strlen($GLOBALS[$this->varname]) +
$offset;
return true;
} else {
return false;
}
break;
default:
return false;
}
}
}
$test="dfgsdfg<?php require 'Hello world'_; echo \$user['jjj']; ?>";
stream_wrapper_register('seval', 'StrangeEval');
include 'seval://test';
Expected result:
----------------
Error message like this:
"Parse error in line 1 of seval://test"
Actual result:
--------------
Apache segmentation fault
--
Edit bug report at http://bugs.php.net/?id=36677&edit=1
--
Try a CVS snapshot (PHP 4.4):
http://bugs.php.net/fix.php?id=36677&r=trysnapshot44
Try a CVS snapshot (PHP 5.1):
http://bugs.php.net/fix.php?id=36677&r=trysnapshot51
Try a CVS snapshot (PHP 6.0):
http://bugs.php.net/fix.php?id=36677&r=trysnapshot60
Fixed in CVS: http://bugs.php.net/fix.php?id=36677&r=fixedcvs
Fixed in release:
http://bugs.php.net/fix.php?id=36677&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=36677&r=needtrace
Need Reproduce Script: http://bugs.php.net/fix.php?id=36677&r=needscript
Try newer version: http://bugs.php.net/fix.php?id=36677&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=36677&r=support
Expected behavior: http://bugs.php.net/fix.php?id=36677&r=notwrong
Not enough info:
http://bugs.php.net/fix.php?id=36677&r=notenoughinfo
Submitted twice:
http://bugs.php.net/fix.php?id=36677&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=36677&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=36677&r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=36677&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=36677&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=36677&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=36677&r=float
No Zend Extensions: http://bugs.php.net/fix.php?id=36677&r=nozend
MySQL Configuration Error: http://bugs.php.net/fix.php?id=36677&r=mysqlcfg
