From: hairmare at gmail dot com
Operating system: Linux
PHP version: 6CVS-2006-11-18 (snap)
PHP Bug Type: Streams related
Bug description: Segfault with stream_bucket_new in user filter
Description:
------------
Using stream_bucket_new on a php://temp stream in a user filter leads to a
segfault.
'./configure' '--disable-cgi' '--enable-cli'
'--prefix=/usr/local/php6.0-200611181130' '--with-mysql' '--with-openssl'
'--with-pdo-mysql' '--enable-soap' '--with-xsl' '--enable-debug'
Reproduce code:
---------------
<?php
class bucketFilter {
public function filter($in, $out, &$consumed, $closing ){
$bucket = stream_bucket_new(fopen('php://temp', 'w+'), '');
stream_bucket_append($out, $bucket);
return PSFS_PASS_ON;
}
}
stream_filter_register('bucketfault', 'bucketFilter');
stream_filter_append($s = fopen('php://temp', 'r+'), 'bucketfault');
stream_get_contents($s);
?>
Expected result:
----------------
this should either output nothing or an error. it shouldn't crash.
Actual result:
--------------
Segmentation fault
Backtrace:
#0 0x08307d36 in php_stream_bucket_unlink (bucket=0xb6be7c78) at
/usr/local/src/php-6/php6.0-200611181130/main/streams/filter.c:285
#1 0x083075d8 in php_stream_bucket_make_writeable (bucket=0xb6be7c78) at
/usr/local/src/php-6/php6.0-200611181130/main/streams/filter.c:158
#2 0x082c114e in php_stream_bucket_attach (append=1, ht=2,
return_value=0xb6be5f9c, return_value_ptr=0x0, this_ptr=0x0,
return_value_used=0)
at
/usr/local/src/php-6/php6.0-200611181130/ext/standard/user_filters.c:430
#3 0x082c158a in zif_stream_bucket_append (ht=2, return_value=0xb6be5f9c,
return_value_ptr=0x0, this_ptr=0x0, return_value_used=0)
at
/usr/local/src/php-6/php6.0-200611181130/ext/standard/user_filters.c:484
#4 0x0836a654 in zend_do_fcall_common_helper_SPEC
(execute_data=0xbfa02020) at zend_vm_execute.h:209
#5 0x0836f1ba in ZEND_DO_FCALL_SPEC_CONST_HANDLER
(execute_data=0xbfa02020) at zend_vm_execute.h:1648
#6 0x0836a21c in execute (op_array=0xb6be7770) at zend_vm_execute.h:92
#7 0x083312e6 in zend_call_function (fci=0xbfa021a0, fci_cache=0x0) at
/usr/local/src/php-6/php6.0-200611181130/Zend/zend_execute_API.c:1036
#8 0x0832fd1d in call_user_function_ex (function_table=0x0,
object_pp=0xbfa02268, function_name=0xbfa02250, retval_ptr_ptr=0xbfa0224c,
param_count=4,
params=0xbfa02230, no_separation=0, symbol_table=0x0) at
/usr/local/src/php-6/php6.0-200611181130/Zend/zend_execute_API.c:636
#9 0x082c08bf in userfilter_filter (stream=0xb6be7034,
thisfilter=0xb6be7320, buckets_in=0xbfa022f0, buckets_out=0xbfa022e8,
consumed=0x0, flags=2)
at
/usr/local/src/php-6/php6.0-200611181130/ext/standard/user_filters.c:205
#10 0x0830047e in php_stream_fill_read_buffer (stream=0xb6be7034,
size=8192) at
/usr/local/src/php-6/php6.0-200611181130/main/streams/streams.c:465
#11 0x08300976 in _php_stream_read (stream=0xb6be7034, buf=0xb6be7f0c "",
size=8192) at
/usr/local/src/php-6/php6.0-200611181130/main/streams/streams.c:600
#12 0x08302fa4 in _php_stream_copy_to_mem_ex (src=0xb6be7034, rettype=6
'\006', buf=0xbfa02488, maxlen=0, maxchars=4294967295, persistent=0,
__php_stream_call_depth=0,
__zend_filename=0x844b110
"/usr/local/src/php-6/php6.0-200611181130/ext/standard/streamsfuncs.c",
__zend_lineno=422, __zend_orig_filename=0x0, __zend_orig_lineno=0)
at
/usr/local/src/php-6/php6.0-200611181130/main/streams/streams.c:1705
#13 0x082c9795 in zif_stream_get_contents (ht=1, return_value=0xb6be6d08,
return_value_ptr=0x0, this_ptr=0x0, return_value_used=0)
at
/usr/local/src/php-6/php6.0-200611181130/ext/standard/streamsfuncs.c:422
#14 0x0836a654 in zend_do_fcall_common_helper_SPEC
(execute_data=0xbfa02600) at zend_vm_execute.h:209
#15 0x0836f1ba in ZEND_DO_FCALL_SPEC_CONST_HANDLER
(execute_data=0xbfa02600) at zend_vm_execute.h:1648
#16 0x0836a21c in execute (op_array=0xb6be4af0) at zend_vm_execute.h:92
#17 0x08342a86 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
at /usr/local/src/php-6/php6.0-200611181130/Zend/zend.c:1587
#18 0x082ec330 in php_execute_script (primary_file=0xbfa04a50) at
/usr/local/src/php-6/php6.0-200611181130/main/main.c:1933
#19 0x083b3318 in main (argc=2, argv=0xbfa04ae4) at
/usr/local/src/php-6/php6.0-200611181130/sapi/cli/php_cli.c:1119
--
Edit bug report at http://bugs.php.net/?id=39551&edit=1
--
Try a CVS snapshot (PHP 4.4):
http://bugs.php.net/fix.php?id=39551&r=trysnapshot44
Try a CVS snapshot (PHP 5.2):
http://bugs.php.net/fix.php?id=39551&r=trysnapshot52
Try a CVS snapshot (PHP 6.0):
http://bugs.php.net/fix.php?id=39551&r=trysnapshot60
Fixed in CVS: http://bugs.php.net/fix.php?id=39551&r=fixedcvs
Fixed in release:
http://bugs.php.net/fix.php?id=39551&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=39551&r=needtrace
Need Reproduce Script: http://bugs.php.net/fix.php?id=39551&r=needscript
Try newer version: http://bugs.php.net/fix.php?id=39551&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=39551&r=support
Expected behavior: http://bugs.php.net/fix.php?id=39551&r=notwrong
Not enough info:
http://bugs.php.net/fix.php?id=39551&r=notenoughinfo
Submitted twice:
http://bugs.php.net/fix.php?id=39551&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=39551&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=39551&r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=39551&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=39551&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=39551&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=39551&r=float
No Zend Extensions: http://bugs.php.net/fix.php?id=39551&r=nozend
MySQL Configuration Error: http://bugs.php.net/fix.php?id=39551&r=mysqlcfg
