From: judas dot iscariote at gmail dot com
Operating system: linux
PHP version: 5CVS-2006-09-25 (CVS)
PHP Bug Type: Zip Related
Bug description: ZipArchive exits with SEGV
Description:
------------
the following code segfaults.
Reproduce code:
---------------
<?php
class zipper {
public $zip_handler;
public function __construct( )
{
$this->zip_handler = new ZipArchive;
}
public function Myopen($filename)
{
return $this->zip_handler->open($filename, ZIPARCHIVE::CREATE);
}
}
$foo = new zipper();
$foo->Myopen('/tmp/foo.zip');
var_dump($foo);
?>
Expected result:
----------------
$foo var_dump'ed
Actual result:
--------------
Program received signal SIGSEGV, Segmentation fault.
0x0000000000623d88 in zip_get_archive_comment (za=0xa74b50,
lenp=0x7fffaeae4534, flags=0)
at /home/cristian/php-src/ext/zip/lib/zip_get_archive_comment.c:49
49 *lenp = za->cdir->comment_len;
(gdb) bt full
#0 0x0000000000623d88 in zip_get_archive_comment (za=0xa74b50,
lenp=0x7fffaeae4534, flags=0)
at /home/cristian/php-src/ext/zip/lib/zip_get_archive_comment.c:49
No locals.
#1 0x00000000006181a5 in php_zipobj_get_zip_comment (za=0xa74b50,
len=0x7fffaeae4534)
at /home/cristian/php-src/ext/zip/php_zip.c:255
No locals.
#2 0x00000000006182c3 in php_zip_property_reader (obj=0x2b0afc0a57b0,
hnd=0x99b000, retval=0x7fffaeae45c8, newzval=0)
at /home/cristian/php-src/ext/zip/php_zip.c:322
retchar = 0x0
retint = 0
len = 0
#3 0x00000000006187f6 in php_zip_get_properties (object=0x2b0afc0a5638)
at /home/cristian/php-src/ext/zip/php_zip.c:467
obj = (ze_zip_object *) 0x2b0afc0a57b0
hnd = (zip_prop_handler *) 0x99b000
props = (HashTable *) 0x2b0afc0a5840
val = (zval *) 0x2b0afc0a5ee8
ret = 0
key = 0x99afe0 "comment"
key_len = 8
pos = (HashPosition) 0x99afa0
num_key = 5
#4 0x00000000005e082e in php_var_dump (struc=0x2b0afc0a5498, level=3) at
/home/cristian/php-src/ext/standard/var.c:140
myht = (HashTable *) 0x0
class_name = 0x7fffaeae4700 " G\177"
class_name_len = 5
php_element_dump_func = (int (*)(zval **, int, struct
__va_list_tag *, zend_hash_key *)) 0x5aeae4770
#5 0x00000000005e04bf in php_object_property_dump (zv=0x2b0afc0a5498,
num_args=1, args=0x7fffaeae47d0,
hash_key=0x7fffaeae47b0) at
/home/cristian/php-src/ext/standard/var.c:96
level = 1
prop_name = 0x2b0afc0a54c0 "zip_handler"
class_name = 0x0
#6 0x000000000068f27e in zend_hash_apply_with_arguments
(ht=0x2b0afc0a5368, destruct=0x5e034b <php_object_property_dump>,
num_args=1) at /home/cristian/php-src/Zend/zend_hash.c:710
p = (Bucket *) 0x2b0afc0a5480
args = {{gp_offset = 32, fp_offset = 48, overflow_arg_area =
0x7fffaeae48b0, reg_save_area = 0x7fffaeae47f0}}
hash_key = {arKey = 0x2b0afc0a54c0 "zip_handler", nKeyLength = 12,
h = 16128149184387123093}
#7 0x00000000005e099b in php_var_dump (struc=0x2b0afc0803b8, level=1) at
/home/cristian/php-src/ext/standard/var.c:152
myht = (HashTable *) 0x2b0afc0a5368
class_name = 0x2b0afc0a5318 ""
class_name_len = 6
php_element_dump_func = (int (*)(zval **, int, struct
__va_list_tag *,
zend_hash_key *)) 0x5e034b <php_object_property_dump>
#8 0x00000000005e0b5f in zif_var_dump (ht=1, return_value=0x2b0afc0a5958,
return_value_ptr=0x0, this_ptr=0x0,
return_value_used=0) at /home/cristian/php-src/ext/standard/var.c:193
args = (zval ***) 0x2b0afc0a51c0
argc = 1
i = 0
#9 0x00000000006a7cf6 in zend_do_fcall_common_helper_SPEC
(execute_data=0x7fffaeae4cd0)
at /home/cristian/php-src/Zend/zend_vm_execute.h:200
return_reference = 0 '\0'
opline = (zend_op *) 0x2b0afc0a2058
original_return_value = (zval **) 0x2b0afc0a52c0
current_scope = (zend_class_entry *) 0x0
current_this = (zval *) 0x0
return_value_used = 0
should_change_scope = 0 '\0'
ctor_opline = (zend_op *) 0x9006e8ddf
#10 0x00000000006add96 in ZEND_DO_FCALL_SPEC_CONST_HANDLER
(execute_data=0x7fffaeae4cd0)
at /home/cristian/php-src/Zend/zend_vm_execute.h:1681
opline = (zend_op *) 0x2b0afc0a2058
fname = (zval *) 0x2b0afc0a2088
#11 0x00000000006a7797 in execute (op_array=0x2b0afc0a18d8) at
/home/cristian/php-src/Zend/zend_vm_execute.h:92
execute_data = {opline = 0x2b0afc0a2058, function_state =
{function_symbol_table = 0x2b0afc0a5520,
function = 0x96e050, reserved = {0x2b0afc0a1a08, 0x7fffaeae4d30,
0x67505e, 0x0}}, fbc = 0x0, op_array = 0x2b0afc0a18d8,
object = 0x0, Ts = 0x7fffaeae4b60, CVs = 0x7fffaeae4b40,
original_in_execution = 0 '\0', symbol_table = 0x93e168,
prev_execute_data = 0x0, old_error_reporting = 0x0}
#12 0x00000000006817b2 in zend_execute_scripts (type=8, retval=0x0,
file_count=3) at /home/cristian/php-src/Zend/zend.c:1096
files = {{gp_offset = 40, fp_offset = 48, overflow_arg_area =
0x7fffaeae4f60, reg_save_area = 0x7fffaeae4ea0}}
i = 1
file_handle = (zend_file_handle *) 0x7fffaeae7360
orig_op_array = (zend_op_array *) 0x0
local_retval = (zval *) 0x0
#13 0x0000000000629426 in php_execute_script (primary_file=0x7fffaeae7360)
at /home/cristian/php-src/main/main.c:1759
realfile =
"/srv/www/htdocs/class.zipper.php\000\006\000\000\177\000\000-\210h\000\000\000\000\000�203\237\n+\000\000�216\n+\000\000\006\000\000\177\000\000�\220",
'\0' <repeats 13 times>, "\200u\177", '\0' <repeats 26 times>,
"�\n+\000\000\001\000\000\000\177\000\000\000\000\000\000\000\000\000\000str_pad\000HY{\000\000\000\000\000�203\237\n+\000\000\000\r\n+\000\000�\177\000\000B\005\n+\000\000�o\000\000\000\000\000\000\177y\000\000\000\000\000\224\000\000\000\000\000�h"...
__orig_bailout = (jmp_buf *) 0x7fffaeae71e0
__bailout = {{__jmpbuf = {47326178421760, -69763556646008843, 0,
140736124056960, 0, 0, -69763556645996091,
-69707295103899789}, __mask_was_saved = 0, __saved_mask = {__val =
{6749112, 140736124055616, 6693656,
47321949667651, 2930667632, 0, 2186138353664, 8135640,
47326178184376, 140736124055888, 7341490, 8135640, 474, 0,
0, 3}}}}
prepend_file_p = (zend_file_handle *) 0x0
append_file_p = (zend_file_handle *) 0x0
prepend_file = {type = 0 '\0', filename = 0x0, opened_path = 0x0,
handle = {fd = 0, fp = 0x0, stream = {
handle = 0x0, reader = 0, closer = 0, fteller = 0, interactive =
0}}, free_filename = 0 '\0'}
append_file = {type = 0 '\0', filename = 0x0, opened_path = 0x0,
handle = {fd = 0, fp = 0x0, stream = {
handle = 0x0, reader = 0, closer = 0, fteller = 0, interactive =
0}}, free_filename = 0 '\0'}
old_cwd = 0x7fffaeae4f80 ""
retval = 0
#14 0x00000000007015ec in main (argc=2, argv=0x7fffaeae7588) at
/home/cristian/php-src/sapi/cli/php_cli.c:1108
__orig_bailout = (jmp_buf *) 0x0
__bailout = {{__jmpbuf = {47326178421760, -69763556646010363, 0,
140736124056960, 0, 0, -69763556646008891,
-69707295104778918}, __mask_was_saved = 0, __saved_mask = {__val =
{0, 0, 0, 0, 0, 140736124056288, 0, 0, 0, 0,
2641803917, 47326178424384, 47326178426208, 281474976710656, 0,
0}}}}
exit_status = 0
c = -1
file_handle = {type = 2 '\002', filename = 0x7fffaeae8ef1
"class.zipper.php",
opened_path = 0x2b0afc0a1868 'Z' <repeats 33 times>, "\204�217*",
handle = {fd = 10963600, fp = 0xa74a90, stream = {
handle = 0xa74a90, reader = 0x69a350 <zend_stream_stdio_reader>,
closer = 0x69a37c <zend_stream_stdio_closer>,
fteller = 0x69a3a3 <zend_stream_stdio_fteller>, interactive = 0}},
free_filename = 0 '\0'}
behavior = 1
reflection_what = 0x0
orig_optind = 1
orig_optarg = 0x0
arg_free = 0x7fffaeae8ef1 "class.zipper.php"
arg_excp = (char **) 0x7fffaeae7590
script_file = 0x7fffaeae8ef1 "class.zipper.php"
interactive = 0
module_started = 1
request_started = 1
lineno = 1
exec_direct = 0x0
exec_run = 0x0
exec_begin = 0x0
exec_end = 0x0
param_error = 0x0
hide_argv = 0
ini_entries_len = 110
--
Edit bug report at http://bugs.php.net/?id=38944&edit=1
--
Try a CVS snapshot (PHP 4.4):
http://bugs.php.net/fix.php?id=38944&r=trysnapshot44
Try a CVS snapshot (PHP 5.2):
http://bugs.php.net/fix.php?id=38944&r=trysnapshot52
Try a CVS snapshot (PHP 6.0):
http://bugs.php.net/fix.php?id=38944&r=trysnapshot60
Fixed in CVS: http://bugs.php.net/fix.php?id=38944&r=fixedcvs
Fixed in release:
http://bugs.php.net/fix.php?id=38944&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=38944&r=needtrace
Need Reproduce Script: http://bugs.php.net/fix.php?id=38944&r=needscript
Try newer version: http://bugs.php.net/fix.php?id=38944&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=38944&r=support
Expected behavior: http://bugs.php.net/fix.php?id=38944&r=notwrong
Not enough info:
http://bugs.php.net/fix.php?id=38944&r=notenoughinfo
Submitted twice:
http://bugs.php.net/fix.php?id=38944&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=38944&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=38944&r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=38944&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=38944&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=38944&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=38944&r=float
No Zend Extensions: http://bugs.php.net/fix.php?id=38944&r=nozend
MySQL Configuration Error: http://bugs.php.net/fix.php?id=38944&r=mysqlcfg
