From: michaelw at webcentral dot com dot au Operating system: Solaris 9 / PHP version: 4.4.2 PHP Bug Type: Reproducible crash Bug description: error_log with invalid arguments crashes PHP
Description: ------------ This was noticed by a developer making a typo ( , instead of . ) when attempting to concat strings within the parameters of error_log. It is reported as a bug because it causes a segfault in PHP which causes the webserver to crash. Reproduce code: --------------- <html> <body> <?php error_log("commas can crash ",($_SERVER['HTTPS'] != 'off')); ?> <p> Test..</p> </body> </html> Expected result: ---------------- Presumably an error indicating that the 2nd parameter passed to error_log is invalid. Actual result: -------------- Program received signal SIGSEGV, Segmentation fault. (gdb) bt #0 0xfedb451c in strlen () from /usr/lib/libc.so.1 #1 0xfee06f88 in _doprnt () from /usr/lib/libc.so.1 #2 0xfee089e4 in fprintf () from /usr/lib/libc.so.1 #3 0x000d0970 in php_mail (to=0x0, subject=0x193868 "To: %s\n", message=0x0, headers=0x0, extra_cmd=0x0, tsrm_ls=0x0) at /opt/admin/build/php-4.4.2/ext/standard/mail.c:228 Presumably the variable should be sanity checked both in php_mail and the error_log function.. -- Edit bug report at http://bugs.php.net/?id=36928&edit=1 -- Try a CVS snapshot (PHP 4.4): http://bugs.php.net/fix.php?id=36928&r=trysnapshot44 Try a CVS snapshot (PHP 5.1): http://bugs.php.net/fix.php?id=36928&r=trysnapshot51 Try a CVS snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=36928&r=trysnapshot60 Fixed in CVS: http://bugs.php.net/fix.php?id=36928&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=36928&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=36928&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=36928&r=needscript Try newer version: http://bugs.php.net/fix.php?id=36928&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=36928&r=support Expected behavior: http://bugs.php.net/fix.php?id=36928&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=36928&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=36928&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=36928&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=36928&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=36928&r=dst IIS Stability: http://bugs.php.net/fix.php?id=36928&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=36928&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=36928&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=36928&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=36928&r=mysqlcfg