[PHP-DEV] Crash in php_fopen_with_path

Mon, 16 Jul 2001 04:47:15 -0700 

I'm not sure what I've done to cause this...I ran "../php -f Config.php"
from "<srcdir>/pear". I have an old PEAR install under
/usr/local/lib/php, and my include path is ".:/usr/local/lib/php".

Here's the back trace.
#0  0x40369567 in memcpy (dstpp=0x8505bb9, srcpp=0x8505a64,
len=4294967295) at ../sysdeps/generic/memcpy.c:55
#1  0x80998e0 in php_fopen_with_path (filename=0x8505ae4 "PEAR.php",
mode=0x8336563 "rb", path=0x8335f95 ".:/usr/local/lib/php",
    opened_path=0xbfffea0c) at fopen_wrappers.c:486
#2  0x8099ca8 in php_fopen_url_wrapper (path=0x8505ae4 "PEAR.php",
mode=0x8336563 "rb", options=1, issock=0xbfffe940,
    socketd=0xbfffe93c, opened_path=0xbfffea0c) at fopen_wrappers.c:585
#3  0x80990e2 in php_fopen_wrapper (path=0x8505ae4 "PEAR.php",
mode=0x8336563 "rb", options=1, issock=0xbfffe940,
    socketd=0xbfffe93c, opened_path=0xbfffea0c) at fopen_wrappers.c:278
#4  0x809762f in php_fopen_wrapper_for_zend (filename=0x8505ae4
"PEAR.php", opened_path=0xbfffea0c) at main.c:508
#5  0x81c7016 in execute (op_array=0x8507424) at ./zend_execute.c:2062
#6  0x8198074 in zend_execute_scripts (type=8, file_count=3) at
zend.c:752
#7  0x809893f in php_execute_script (primary_file=0xbffffb7c) at
main.c:1282
#8  0x80966bc in main (argc=3, argv=0xbffffc0c) at cgi_main.c:741


The attached patch turns it from a crash to a leak, as below:

[Mon Jul 16 06:06:48 2001]  Script:  'Config.php'
---------------------------------------
fopen_wrappers.c(530) : Block 0x08505B00 status:
Beginning:      OK (allocated on fopen_wrappers.c:479, 21 bytes)
      End:      Overflown (magic=0x666E6F43 instead of 0x2A8FCC84)
                At least 4 bytes overflown
---------------------------------------
fopen_wrappers.c(479) :  Freeing 0x08505B24 (21 bytes),
script=Config.php

Perhaps someone who better understands the fopen magic could take a look
at this one?

Index: fopen_wrappers.c
===================================================================
RCS file: /repository/php4/main/fopen_wrappers.c,v
retrieving revision 1.123
diff -u -r1.123 fopen_wrappers.c
--- fopen_wrappers.c    15 Jul 2001 12:24:06 -0000      1.123
+++ fopen_wrappers.c    16 Jul 2001 12:08:54 -0000
@@ -483,6 +483,7 @@
 #else
                pathbuf[path_length] = ':';
 #endif
+               if (exec_fname_length < 0) { exec_fname_length = strlen(exec_fname); }
                memcpy(pathbuf+path_length+1, exec_fname, exec_fname_length);
                pathbuf[path_length + exec_fname_length +1] = '\0';
        } else {

-- 
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to