#44058 [NEW]: Fresh Install of PHP w/ Extensions Crashes
From: Paul-PHPBug at Czarnik dot com Operating system: FreeBSD 6.2-PRERELEASE PHP version: 5.2.5 PHP Bug Type: Reproducible crash Bug description: Fresh Install of PHP w/ Extensions Crashes Description: fresh install of php5 & php5-extensions. run php -v = seg fault. Built all w/ debug. Ran gdb bt, results are: (gdb) bt #0 0x28b44a16 in hash_lookup (hashtab=0x8435dc0, key=0xbfbfe8d0 "Î]B)Hé¿¿)\033&(") at misc.c:349 #1 0x29362fd7 in find_alias () from /usr/local/lib/librecode.so.3 #2 0x29364ea0 in recode_new_outer () from /usr/local/lib/librecode.so.3 #3 0x29319d76 in zm_startup_recode () from /usr/local/lib/php/20060613-debug/recode.so #4 0x081713ff in zend_startup_module_ex (module=0x8359100) at /z/ports/tmp/usr/ports/lang/php5/work/php-5.2.5/Zend/zend_API.c:1466 #5 0x081779d4 in zend_hash_apply (ht=0x8274d40, apply_func=0x8171298 ) at /z/ports/tmp/usr/ports/lang/php5/work/php-5.2.5/Zend/zend_hash.c:867 #6 0x08171592 in zend_startup_modules () at /z/ports/tmp/usr/ports/lang/php5/work/php-5.2.5/Zend/zend_API.c:1513 #7 0x081240b1 in php_module_startup (sf=0x82705a0, additional_modules=0x0, num_additional_modules=0) at /z/ports/tmp/usr/ports/lang/php5/work/php-5.2.5/main/main.c:1840 #8 0x081d2d5d in php_cli_startup (sapi_module=0x82705a0) at /z/ports/tmp/usr/ports/lang/php5/work/php-5.2.5/sapi/cli/php_cli.c:358 #9 0x081d389a in main (argc=2, argv=0xbfbfec4c) at /z/ports/tmp/usr/ports/lang/php5/work/php-5.2.5/sapi/cli/php_cli.c:717 Reproduce code: --- php -v Expected result: the version info Actual result: -- Segmentation fault (core dumped) -- Edit bug report at http://bugs.php.net/?id=44058&edit=1 -- Try a CVS snapshot (PHP 4.4): http://bugs.php.net/fix.php?id=44058&r=trysnapshot44 Try a CVS snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=44058&r=trysnapshot52 Try a CVS snapshot (PHP 5.3): http://bugs.php.net/fix.php?id=44058&r=trysnapshot53 Try a CVS snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=44058&r=trysnapshot60 Fixed in CVS: http://bugs.php.net/fix.php?id=44058&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=44058&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=44058&r=needtrace Need Reproduce Script:http://bugs.php.net/fix.php?id=44058&r=needscript Try newer version:http://bugs.php.net/fix.php?id=44058&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=44058&r=support Expected behavior:http://bugs.php.net/fix.php?id=44058&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=44058&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=44058&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=44058&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=44058&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=44058&r=dst IIS Stability:http://bugs.php.net/fix.php?id=44058&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=44058&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=44058&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=44058&r=nozend MySQL Configuration Error:http://bugs.php.net/fix.php?id=44058&r=mysqlcfg
#42167 [Opn->Csd]: fgetcsv gives different output on php6 compared to php5
ID: 42167 Updated by: [EMAIL PROTECTED] Reported By: nikhil dot gupta at in dot ibm dot com -Status: Open +Status: Closed Bug Type: Filesystem function related Operating System: Linux PHP Version: 6CVS-2007-08-01 (snap) New Comment: This bug has been fixed in CVS. Snapshots of the sources are packaged every three hours; this change will be in the next snapshot. You can grab the snapshot at http://snaps.php.net/. Thank you for the report, and for helping us make PHP better. Previous Comments: [2008-02-05 15:44:22] [EMAIL PROTECTED] I have reproduced the code in PHP 6 and PHP 5.2.5, got the same behavior as you got. [2007-08-06 13:14:47] nikhil dot gupta at in dot ibm dot com There is a typo in the Description. Here is the correct one: fgetcsv() gives different output on php6 compared to php5 on linux. The output on php5 is correct. [2007-08-01 14:35:23] nikhil dot gupta at in dot ibm dot com The same difference is observed on Windows also. [2007-08-01 14:32:07] nikhil dot gupta at in dot ibm dot com Description: fgetcsv() gives different output on php6 compared to php6 on linux. Reproduce code: --- Expected result: according to php5 the output is: array(3) { [0]=> string(5) "water" [1]=> string(5) "fruit" [2]=> string(3) "air" } Actual result: -- Output on php6 is: array(1) { [0]=> string(19) "water\"fruit"\"air"" } -- Edit this bug report at http://bugs.php.net/?id=42167&edit=1
#42219 [Opn->Csd]: length argument of fgetcsv() is not effective/working in PHP6
ID: 42219 Updated by: [EMAIL PROTECTED] Reported By: nikhil dot gupta at in dot ibm dot com -Status: Open +Status: Closed Bug Type: Filesystem function related Operating System: Linux PHP Version: 6CVS-2007-08-06 (CVS) New Comment: This bug has been fixed in CVS. Snapshots of the sources are packaged every three hours; this change will be in the next snapshot. You can grab the snapshot at http://snaps.php.net/. Thank you for the report, and for helping us make PHP better. Previous Comments: [2007-08-06 12:01:48] nikhil dot gupta at in dot ibm dot com Description: while using length argument value less than the line size to be read, fgetcsv() outputs result without considering the length value that is passed and assumes the maximum length always. This behaviour is correct in PHP5. Reproduce code: --- Expected result: array(2) { [0]=> string(5) "water" [1]=> string(3) "fru" } array(1) { [0]=> string(2) "it" } Actual result: -- array(2) { [0]=> string(5) "water" [1]=> string(5) "fruit" } bool(false) -- Edit this bug report at http://bugs.php.net/?id=42219&edit=1
#43819 [Opn]: -
ID: 43819 User updated by: fxbois at gmail dot com Reported By: fxbois at gmail dot com Status: Open Bug Type: Session related Operating System: RHEL3 PHP Version: 5.2.5 New Comment: It is so strange that such a big security issue is not dealt serioulsy by a core php developer. Manuel thanx for your patch. Previous Comments: [2008-02-05 13:17:24] manuel at mausz dot at Same as Bug 43677 :) [2008-02-05 08:44:20] fxbois at gmail dot com I must confess that I changed all my servers because, as I said it was a serious security problem for me, and I had no feedback. The configuration I used to have was : 1/ session.save_path in the php.ini 2/ php_admin_value session.save_path in the virtualhost 3/ use off the function session_save_path() in a script. The script is loaded for every action but set a different path according to the URI. [2008-02-05 00:26:06] [EMAIL PROTECTED] Are you by any chance using php_admin_value / php_value anywhere in your httpd.conf / .htaccess files? And if so, are you using those to set different session.save_path? [2008-01-12 17:49:05] fxbois at gmail dot com I have in my php.ini file the value : session.save_path = "/tmp" When I try to change this value in a php script with session_save_path() the new value is not kept and the session.save_path still contains "/tmp". session_save_path("2;0777;web/tmp"); error_log(session_save_path()); // /tmp appears instead of 2;0777;web/tmp What is strange is that this bad behaviour only appears a few minutes after an apache restart. I tried many night build (5.2.6) with no success. I am sure that this behaviour appeared with 5.2.5. I can try patches if you want. Hope this new comment will help. This bug is very very annoying on a shared server. tia [2008-01-11 14:14:01] fxbois at gmail dot com Description: Hi, I want to report that PHP 5.2.5 loose the local session.save_path. I set it with session_save_path() but just after, when I look at its value, it contains the master value instead of the value just setted. This happens after a short period of time. (Just after restrating apache everything works fine). It is a big security problem in my opinion. System : - Red Hat Enterprise Linux ES release 3 (Taroon Update 8) - PHP 5.2.5 - Apache/2.0.46 Reproduce code: --- // master value is /home/.tmp $new = '2;0777;web/tmp'; session_save_path($new); echo session_save_path(); Expected result: 2;0777;web/tmp Actual result: -- /home/.tmp -- Edit this bug report at http://bugs.php.net/?id=43819&edit=1
#44057 [NEW]: Session vars weird behavior
From: galaxy dot mipt at gmail dot com Operating system: Linux 2.6.9 PHP version: 5.2.5 PHP Bug Type: Session related Bug description: Session vars weird behavior Description: Looks like session data gets corrupted at serialization step if one attempts to store certain variables in session, namely HTTP_SESSION_VARS. As far as I understand it is a desired behavior that var with that name doesn't get saved in session (still it is *really* worth mentioning that in documentation on sessions), but it seems to have some side effects on successive variables passed to the session. Reproduce code: --- session_start(); print ''; print_r($_SESSION); print ''; $_SESSION['qwerty'] = 1; $_SESSION['HTTP_SESSION_VARS'] = 2; $_SESSION['ABC'] = 'qqq'; Expected result: First call: Array ( ) Later calls: Array ( [qwerty] => 1 [ABC] => qqq ) Actual result: -- First call: Array ( ) Later calls: Array ( [qwerty] => 1 [i:2;ABC] => qqq ) -- Edit bug report at http://bugs.php.net/?id=44057&edit=1 -- Try a CVS snapshot (PHP 4.4): http://bugs.php.net/fix.php?id=44057&r=trysnapshot44 Try a CVS snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=44057&r=trysnapshot52 Try a CVS snapshot (PHP 5.3): http://bugs.php.net/fix.php?id=44057&r=trysnapshot53 Try a CVS snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=44057&r=trysnapshot60 Fixed in CVS: http://bugs.php.net/fix.php?id=44057&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=44057&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=44057&r=needtrace Need Reproduce Script:http://bugs.php.net/fix.php?id=44057&r=needscript Try newer version:http://bugs.php.net/fix.php?id=44057&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=44057&r=support Expected behavior:http://bugs.php.net/fix.php?id=44057&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=44057&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=44057&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=44057&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=44057&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=44057&r=dst IIS Stability:http://bugs.php.net/fix.php?id=44057&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=44057&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=44057&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=44057&r=nozend MySQL Configuration Error:http://bugs.php.net/fix.php?id=44057&r=mysqlcfg
#44055 [Opn->Bgs]: wrong default cast for offset used in fseek
ID: 44055 Updated by: [EMAIL PROTECTED] Reported By: vadim at vadiaz dot com -Status: Open +Status: Bogus Bug Type: Zip Related Operating System: Linux x86_64 PHP Version: 5.2.5 -Assigned To: +Assigned To: pajoye New Comment: Duplicated, it is already reported in pecl: http://pecl.php.net/bugs/bug.php?id=12965 no need to duplicate it here. Previous Comments: [2008-02-05 21:32:10] vadim at vadiaz dot com Description: zip extention failed to open zip files with thousands of files in root directory on 64 bit Linux systems. From strace I seen than fseek get value close to max_long. After reviewing code I figured out that it caused by wrong default type cast in php-5.2.5/ext/zip/lib/zip_open.c:313 fseek(fp, -(cd->size+cd->comment_len+EOCDLEN), SEEK_END); which should be: fseek(fp, -((long)(cd->size+cd->comment_len+EOCDLEN)), SEEK_END); because on 64 bit systems long is 8 byte. I aaplied following path and rebuild rpms for my CentOS 5 from scratch which solves the problem --- php-5.2.5/ext/zip/lib/zip_open.c.seek_error 2008-02-05 22:05:03.0 +0200 +++ php-5.2.5/ext/zip/lib/zip_open.c2008-02-05 23:17:05.0 +0200 @@ -313,7 +313,7 @@ /* go to start of cdir and read it entry by entry */ bufp = NULL; clearerr(fp); - fseek(fp, -(cd->size+cd->comment_len+EOCDLEN), SEEK_END); + fseek(fp, -((long)(cd->size+cd->comment_len+EOCDLEN)), SEEK_END); if (ferror(fp) || ((unsigned int)ftell(fp) != cd->offset)) { /* seek error or offset of cdir wrong */ if (ferror(fp)) Reproduce code: --- Test of ZipArchive Expected result: Test of ZipArchive ZipArchive works Ok Actual result: -- can not open stream 'zip0://testSite.zip/f1/tst.php' -- Edit this bug report at http://bugs.php.net/?id=44055&edit=1
#43922 [Com]: CURL HEAD command problem
ID: 43922 Comment by: daniel at haxx dot se Reported By: dragos dot matachescu at dna dot ro Status: Open Bug Type: cURL related Operating System: Windows XP SP2 PHP Version: 5.2.5 New Comment: Correct, this is the expected and designed behaviour as you're doing a GET request but changes the method keyword to "HEAD" which doesn't make libcurl act differently. It will still act like it does a GET. You get what you ask for. The NOBODY option is for changing a GET to HEAD and make libcurl treat it as such. So: thisisnotabug Previous Comments: [2008-01-23 17:59:44] dragos dot matachescu at dna dot ro Description: This bug is not solved: Bug #27341 CURLOPT_CUSTOMREQUEST 'HEAD' misbehaves? I checked with latest CVS version I dont know what you have solved, but the real issus is this: when calling using CURL IIS servers, those servers will return (correctly) in the HEAD method reply the Content-Length field. This is OK because the HTTP protocol says HEAD should be identical with GET, only the body of the response should not be sent in case of HEAD. Apache in case of a HEAD command will NOT return Content-Length in response, so dont test against Apache and say it works. So, if Content-Length is present in a HEAD response, CURL will block waiting to receive o response body of the given length, and this will never come. See below script to reproduce the problem (is the script you proposed at Bug #27341 resolution, only URL is modified to call an IIS server) Reproduce code: --- http://www.robertoswinds.com/store/p.asp?c=126'); //MAKE SURE URL HERE IS FROM A IIS SERVER. THIS IS, I KNOW IT BECAUSE IS MY SERVER. curl_setopt($ch, CURLOPT_HEADER, true); curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'HEAD'); var_dump(curl_exec($ch)); ?> Expected result: return the page content Actual result: -- HTTP/1.1 200 OK Date: Wed, 23 Jan 2008 17:49:20 GMT Server: Microsoft-IIS/6.0 Content-Length: 16914 Content-Type: text/html Set-Cookie: ASPSESSIONIDSSCDDQSS=NFLPAACDIBKLHIGINKELONCJ; path=/ Cache-control: private Fatal error: Maximum execution time of 30 seconds exceeded in C:\wamp\www\hub\p.php on line 5 -- Edit this bug report at http://bugs.php.net/?id=43922&edit=1
#44056 [NEW]: Get file content
From: raphpell at cario dot fr Operating system: Windows Vista PHP version: 5.2.5 PHP Bug Type: Performance problem Bug description: Get file content Description: I handle my filesy stem : - 2000 files - 2000 folders With PHP 4.3.3 my scripts take 5 secondes With PHP 5.2.5 35 secondes... I use fopen, file_get_contents ( ob_start + include ) I zip my site, create my db with my filesystem,... -- Edit bug report at http://bugs.php.net/?id=44056&edit=1 -- Try a CVS snapshot (PHP 4.4): http://bugs.php.net/fix.php?id=44056&r=trysnapshot44 Try a CVS snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=44056&r=trysnapshot52 Try a CVS snapshot (PHP 5.3): http://bugs.php.net/fix.php?id=44056&r=trysnapshot53 Try a CVS snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=44056&r=trysnapshot60 Fixed in CVS: http://bugs.php.net/fix.php?id=44056&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=44056&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=44056&r=needtrace Need Reproduce Script:http://bugs.php.net/fix.php?id=44056&r=needscript Try newer version:http://bugs.php.net/fix.php?id=44056&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=44056&r=support Expected behavior:http://bugs.php.net/fix.php?id=44056&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=44056&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=44056&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=44056&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=44056&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=44056&r=dst IIS Stability:http://bugs.php.net/fix.php?id=44056&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=44056&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=44056&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=44056&r=nozend MySQL Configuration Error:http://bugs.php.net/fix.php?id=44056&r=mysqlcfg
#44050 [Com]: Multiple 'Cookie: ' headers incorrectly parsed
ID: 44050 Comment by: pfx-bugs dot php dot net at goeswhere dot com Reported By: a dot candle at gmail dot com Status: Open Bug Type: Unknown/Other Function Operating System: slackware/debian PHP Version: 5.2.5 New Comment: This can be reproduced by, for example (with the above test-case as http://localhost/pro.php): [EMAIL PROTECTED]:~% echo -e 'GET /pro.php HTTP/1.1\r\nHost: localhost\r\nCookie: $Version=0; a=\r\nCookie: $Version=0; b=\r\nCookie: $Version=0; c=\r\nConnection: close\r\n' | nc localhost 80 HTTP/1.1 200 OK Date: Tue, 05 Feb 2008 21:51:41 GMT Server: Apache/2.2.3 (Debian) PHP/5.2.0-8+etch10 X-Powered-By: PHP/5.2.0-8+etch10 Set-Cookie: a= Set-Cookie: b= Set-Cookie: c= Content-Length: 160 Connection: close Content-Type: text/html; charset=UTF-8 array(4) { ["$Version"]=> string(1) "0" ["a"]=> string(16) ", $Version=0" ["b"]=> string(16) ", $Version=0" ["c"]=> string(4) "" } [EMAIL PROTECTED]:~% Previous Comments: [2008-02-05 20:31:59] [EMAIL PROTECTED] Hello, I have not been able to reproduce your issue. Can you please give us more feedback about that? [2008-02-05 17:37:48] a dot candle at gmail dot com Description: When a client sends multiple 'Cookie' headers they appear to be parsed incorrectly. What I believe is happening is that the value part of the cookie headers (after the ': ') are being concaternated with a comma rather then a semicolon. Then (as per the cookie spec: http://wp.netscape.com/newsref/std/cookie_spec.html) the resulting string is being split on semicolon, resulting in the broken cookie values. Reproduce code: --- php code: headers sent by client: (on the second request) "Cookie: $Version=0; a=\r\n" "Cookie: $Version=0; b=\r\n" "Cookie: $Version=0; c=\r\n" Expected result: array(4) { ["$Version"]=> string(1) "0" ["a"]=> string(4) "" ["b"]=> string(4) "" ["c"]=> string(4) "" } Actual result: -- resulting output: array(4) { ["$Version"]=> string(1) "0" ["a"]=> string(16) ", $Version=0" ["b"]=> string(16) ", $Version=0" ["c"]=> string(4) "" } -- Edit this bug report at http://bugs.php.net/?id=44050&edit=1
#44055 [NEW]: wrong default cast for offset used in fseek
From: vadim at vadiaz dot com Operating system: Linux x86_64 PHP version: 5.2.5 PHP Bug Type: Zip Related Bug description: wrong default cast for offset used in fseek Description: zip extention failed to open zip files with thousands of files in root directory on 64 bit Linux systems. From strace I seen than fseek get value close to max_long. After reviewing code I figured out that it caused by wrong default type cast in php-5.2.5/ext/zip/lib/zip_open.c:313 fseek(fp, -(cd->size+cd->comment_len+EOCDLEN), SEEK_END); which should be: fseek(fp, -((long)(cd->size+cd->comment_len+EOCDLEN)), SEEK_END); because on 64 bit systems long is 8 byte. I aaplied following path and rebuild rpms for my CentOS 5 from scratch which solves the problem --- php-5.2.5/ext/zip/lib/zip_open.c.seek_error 2008-02-05 22:05:03.0 +0200 +++ php-5.2.5/ext/zip/lib/zip_open.c2008-02-05 23:17:05.0 +0200 @@ -313,7 +313,7 @@ /* go to start of cdir and read it entry by entry */ bufp = NULL; clearerr(fp); - fseek(fp, -(cd->size+cd->comment_len+EOCDLEN), SEEK_END); + fseek(fp, -((long)(cd->size+cd->comment_len+EOCDLEN)), SEEK_END); if (ferror(fp) || ((unsigned int)ftell(fp) != cd->offset)) { /* seek error or offset of cdir wrong */ if (ferror(fp)) Reproduce code: --- Test of ZipArchive Expected result: Test of ZipArchive ZipArchive works Ok Actual result: -- can not open stream 'zip0://testSite.zip/f1/tst.php' -- Edit bug report at http://bugs.php.net/?id=44055&edit=1 -- Try a CVS snapshot (PHP 4.4): http://bugs.php.net/fix.php?id=44055&r=trysnapshot44 Try a CVS snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=44055&r=trysnapshot52 Try a CVS snapshot (PHP 5.3): http://bugs.php.net/fix.php?id=44055&r=trysnapshot53 Try a CVS snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=44055&r=trysnapshot60 Fixed in CVS: http://bugs.php.net/fix.php?id=44055&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=44055&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=44055&r=needtrace Need Reproduce Script:http://bugs.php.net/fix.php?id=44055&r=needscript Try newer version:http://bugs.php.net/fix.php?id=44055&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=44055&r=support Expected behavior:http://bugs.php.net/fix.php?id=44055&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=44055&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=44055&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=44055&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=44055&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=44055&r=dst IIS Stability:http://bugs.php.net/fix.php?id=44055&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=44055&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=44055&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=44055&r=nozend MySQL Configuration Error:http://bugs.php.net/fix.php?id=44055&r=mysqlcfg
#44050 [Opn]: Multiple 'Cookie: ' headers incorrectly parsed
ID: 44050 Updated by: [EMAIL PROTECTED] Reported By: a dot candle at gmail dot com Status: Open Bug Type: Unknown/Other Function Operating System: slackware/debian PHP Version: 5.2.5 New Comment: Hello, I have not been able to reproduce your issue. Can you please give us more feedback about that? Previous Comments: [2008-02-05 17:37:48] a dot candle at gmail dot com Description: When a client sends multiple 'Cookie' headers they appear to be parsed incorrectly. What I believe is happening is that the value part of the cookie headers (after the ': ') are being concaternated with a comma rather then a semicolon. Then (as per the cookie spec: http://wp.netscape.com/newsref/std/cookie_spec.html) the resulting string is being split on semicolon, resulting in the broken cookie values. Reproduce code: --- php code: headers sent by client: (on the second request) "Cookie: $Version=0; a=\r\n" "Cookie: $Version=0; b=\r\n" "Cookie: $Version=0; c=\r\n" Expected result: array(4) { ["$Version"]=> string(1) "0" ["a"]=> string(4) "" ["b"]=> string(4) "" ["c"]=> string(4) "" } Actual result: -- resulting output: array(4) { ["$Version"]=> string(1) "0" ["a"]=> string(16) ", $Version=0" ["b"]=> string(16) ", $Version=0" ["c"]=> string(4) "" } -- Edit this bug report at http://bugs.php.net/?id=44050&edit=1
#44051 [Opn->Bgs]: Bug report for sprintf
ID: 44051 Updated by: [EMAIL PROTECTED] Reported By: andyhaslam at hotmail dot com -Status: Open +Status: Bogus Bug Type: *General Issues Operating System: WHM/Apache/Linux PHP Version: 5.2.5 New Comment: Hello, It works fine here (PHP 5.2.5, PHP 5.3-snap and PHP 6). Previous Comments: [2008-02-05 17:59:22] andyhaslam at hotmail dot com Description: An interesting bug, if you do the following: $val = 2345.35; $val = sprintf("%01.2f", $val); echo $val; Output is "2.00", instead of "2345.35". The solution is to use an intermediate variable: $val = 2345.35; $val2 = sprintf("%01.2f", $val); $val = $val2; echo $val; Reproduce code: --- $val = 2345.35; $val = sprintf("%01.2f", $val); echo $val; Expected result: 2345.35 Actual result: -- 2.00 -- Edit this bug report at http://bugs.php.net/?id=44051&edit=1
#44053 [Opn]: Core exceptions are actually E_WARNINGs first
ID: 44053 User updated by: mark at metrofindings dot com Reported By: mark at metrofindings dot com Status: Open Bug Type: Scripting Engine problem Operating System: linux PHP Version: 5.2.5 New Comment: Although, at first glace, this bug appears to be the same as 43377 (http://bugs.php.net/bug.php?id=43377), it is not. Bug 43377 is referring to a crash and was later reopened because all exceptions are caught be the user defined error handler. I feel that the core problem is not reflected clearly enough in 43377 and it warrants a new bug since the original problem of that bug was fixed. Previous Comments: [2008-02-05 19:33:14] mark at metrofindings dot com Description: Core exceptions, those generated by core classes in the PHP engine itself and not user defined PHP code, are treated exactly as E_WARNING errors before any exception related routines are called when a custom error handler is being used. This is a problem on 2 fronts: 1. It is different than user generated exceptions (throw new Exception()) 2. It is impossible to distinguish a core exception and a true E_WARNING in a custom error handler (set_error_handler()). The zend engine portion of the error handling code does not respect PG(error_handling) settings, like EH_THROW. The Zend engine portion of error handling (zend_error) calls any user defined error handlers, *then* it calls php_error_cb (which properly checks for throwable exceptions). Here is a patch to php-5.2.5/main/main.c to check for exceptions before calling zend's "PG(error_handling) unaware" error routine. --- orig-5.2.5/main/main.c 2008-02-05 14:14:51.0 -0500 +++ php-5.2.5/main/main.c 2008-02-05 14:09:05.0 -0500 @@ -717,9 +715,35 @@ ZVAL_STRINGL(tmp, buffer, buffer_len, 1); zend_hash_update(EG(active_symbol_table), "php_errormsg", sizeof("php_errormsg"), (void **) &tmp, sizeof(zval *), NULL); } - efree(buffer); - php_error(type, "%s", message); + //throw exceptions first before nomal zend_error + if (PG(error_handling) == EH_THROW && !EG(exception)) { + switch (type) { + case E_ERROR: + case E_CORE_ERROR: + case E_COMPILE_ERROR: + case E_USER_ERROR: + case E_PARSE: +/* fatal errors are real errors and cannot be made exceptions */ +break; + case E_STRICT: +/* for the sake of BC to old damaged code */ +break; + case E_NOTICE: + case E_USER_NOTICE: +/* notices are no errors and are not treated as such like E_WARNINGS */ +break; + default: +/* throw an exception if we are in EH_THROW mode + * but DO NOT overwrite a pending exception + */ + zend_throw_error_exception(PG(exception_class), buffer, 0, type TSRMLS_CC); + } + } else { + php_error(type, "%s", message); + } + + efree(buffer); efree(message); } /* }}} */ --end of patch-- Reproduce code: --- http://bugs.php.net/?id=44053&edit=1
#44053 [NEW]: Core exceptions are actually E_WARNINGs first
From: mark at metrofindings dot com Operating system: linux PHP version: 5.2.5 PHP Bug Type: Scripting Engine problem Bug description: Core exceptions are actually E_WARNINGs first Description: Core exceptions, those generated by core classes in the PHP engine itself and not user defined PHP code, are treated exactly as E_WARNING errors before any exception related routines are called when a custom error handler is being used. This is a problem on 2 fronts: 1. It is different than user generated exceptions (throw new Exception()) 2. It is impossible to distinguish a core exception and a true E_WARNING in a custom error handler (set_error_handler()). The zend engine portion of the error handling code does not respect PG(error_handling) settings, like EH_THROW. The Zend engine portion of error handling (zend_error) calls any user defined error handlers, *then* it calls php_error_cb (which properly checks for throwable exceptions). Here is a patch to php-5.2.5/main/main.c to check for exceptions before calling zend's "PG(error_handling) unaware" error routine. --- orig-5.2.5/main/main.c 2008-02-05 14:14:51.0 -0500 +++ php-5.2.5/main/main.c 2008-02-05 14:09:05.0 -0500 @@ -717,9 +715,35 @@ ZVAL_STRINGL(tmp, buffer, buffer_len, 1); zend_hash_update(EG(active_symbol_table), "php_errormsg", sizeof("php_errormsg"), (void **) &tmp, sizeof(zval *), NULL); } - efree(buffer); - php_error(type, "%s", message); + //throw exceptions first before nomal zend_error + if (PG(error_handling) == EH_THROW && !EG(exception)) { + switch (type) { + case E_ERROR: + case E_CORE_ERROR: + case E_COMPILE_ERROR: + case E_USER_ERROR: + case E_PARSE: +/* fatal errors are real errors and cannot be made exceptions */ +break; + case E_STRICT: +/* for the sake of BC to old damaged code */ +break; + case E_NOTICE: + case E_USER_NOTICE: +/* notices are no errors and are not treated as such like E_WARNINGS */ +break; + default: +/* throw an exception if we are in EH_THROW mode + * but DO NOT overwrite a pending exception + */ + zend_throw_error_exception(PG(exception_class), buffer, 0, type TSRMLS_CC); + } + } else { + php_error(type, "%s", message); + } + + efree(buffer); efree(message); } /* }}} */ --end of patch-- Reproduce code: --- http://bugs.php.net/?id=44053&edit=1 -- Try a CVS snapshot (PHP 4.4): http://bugs.php.net/fix.php?id=44053&r=trysnapshot44 Try a CVS snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=44053&r=trysnapshot52 Try a CVS snapshot (PHP 5.3): http://bugs.php.net/fix.php?id=44053&r=trysnapshot53 Try a CVS snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=44053&r=trysnapshot60 Fixed in CVS: http://bugs.php.net/fix.php?id=44053&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=44053&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=44053&r=needtrace Need Reproduce Script:http://bugs.php.net/fix.php?id=44053&r=needscript Try newer version:http://bugs.php.net/fix.php?id=44053&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=44053&r=support Expected behavior:http://bugs.php.net/fix.php?id=44053&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=44053&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=44053&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=44053&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=44053&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=44053&r=dst IIS Stability:http://bugs.php.net/fix.php?id=44053&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=44053&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=44053&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=44053&r=nozend MySQL Configuration Error:http://bugs.php.net/fix.php?id=44053&r=mysqlcfg
#44052 [NEW]: seg fault when compile php with sybase-ct
From: amonterosr at gmail dot com Operating system: linux PHP version: 5.2.5 PHP Bug Type: Sybase-ct (ctlib) related Bug description: seg fault when compile php with sybase-ct Description: Hi i have a problem when i compile php with sybasect support, the apache's error log display after execute a php script: [Mon Feb 4 17:35:35 2008] [notice] child pid 3035 exit signal Segmentation fault (11) [Mon Feb 4 17:35:36 2008] [notice] child pid 3302 exit signal Segmentation fault (11) [Mon Feb 4 17:35:38 2008] [notice] child pid 3303 exit signal Segmentation fault (11) [Mon Feb 4 17:36:04 2008] [notice] child pid 3304 exit signal Segmentation fault (11) [Mon Feb 4 17:36:06 2008] [notice] child pid 3305 exit signal Segmentation fault (11) [Mon Feb 4 17:36:07 2008] [notice] child pid 3306 exit signal Segmentation fault (11) [Mon Feb 4 17:36:08 2008] [notice] child pid 3307 exit signal Segmentation fault (11) [Mon Feb 4 17:36:09 2008] [notice] child pid 3308 exit signal Segmentation fault (11) [Mon Feb 4 17:36:11 2008] [notice] child pid 3309 exit signal Segmentation fault (11) [Mon Feb 4 17:39:18 2008] [notice] child pid 3310 exit signal Segmentation fault (11) [Mon Feb 4 17:39:19 2008] [notice] child pid 3311 exit signal Segmentation fault (11) [Mon Feb 4 17:39:42 2008] [notice] child pid 3312 exit signal Segmentation fault (11) [Mon Feb 4 17:39:44 2008] [notice] child pid 3313 exit signal Segmentation fault (11) [Mon Feb 4 17:39:45 2008] [notice] child pid 3314 exit signal Segmentation fault (11) [Mon Feb 4 17:39:46 2008] [notice] child pid 3095 exit signal Segmentation fault (11) by that i investigate the error adding --enable-debug to compilation, the error fixed but now the error is: [Tue Feb 5 11:35:52 2008] Script: '/usr/local/apache13/htdocs/prosixonline/POL3.2/prosixonline/prxweb/source/php/controladores/prxcard.php' /home/installuser/toolset/php-5.1.2-working/Zend/zend_variables.h(45) : Freeing 0x08D069A4 (6 bytes), script=/usr/local/apache13/htdocs/prosixonline/POL3.2/prosixonline/prxweb/source/php/controladores/prxcard.php /home/installuser/toolset/php-5.1.2-working/Zend/zend_variables.c(120) : Actual location (location was relayed) Last leak repeated 23 times === Total 53 memory leaks detected === /home/installuser/toolset/php-5.1.2-working/Zend/zend_variables.c(120) : Actual location (location was relayed) Last leak repeated 27 times === Total 62 memory leaks detected === please someone can help me with that thanks Alberto -- Edit bug report at http://bugs.php.net/?id=44052&edit=1 -- Try a CVS snapshot (PHP 4.4): http://bugs.php.net/fix.php?id=44052&r=trysnapshot44 Try a CVS snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=44052&r=trysnapshot52 Try a CVS snapshot (PHP 5.3): http://bugs.php.net/fix.php?id=44052&r=trysnapshot53 Try a CVS snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=44052&r=trysnapshot60 Fixed in CVS: http://bugs.php.net/fix.php?id=44052&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=44052&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=44052&r=needtrace Need Reproduce Script:http://bugs.php.net/fix.php?id=44052&r=needscript Try newer version:http://bugs.php.net/fix.php?id=44052&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=44052&r=support Expected behavior:http://bugs.php.net/fix.php?id=44052&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=44052&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=44052&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=44052&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=44052&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=44052&r=dst IIS Stability:http://bugs.php.net/fix.php?id=44052&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=44052&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=44052&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=44052&r=nozend MySQL Configuration Error:http://bugs.php.net/fix.php?id=44052&r=mysqlcfg
#44051 [NEW]: Bug report for sprintf
From: andyhaslam at hotmail dot com Operating system: WHM/Apache/Linux PHP version: 5.2.5 PHP Bug Type: *General Issues Bug description: Bug report for sprintf Description: An interesting bug, if you do the following: $val = 2345.35; $val = sprintf("%01.2f", $val); echo $val; Output is "2.00", instead of "2345.35". The solution is to use an intermediate variable: $val = 2345.35; $val2 = sprintf("%01.2f", $val); $val = $val2; echo $val; Reproduce code: --- $val = 2345.35; $val = sprintf("%01.2f", $val); echo $val; Expected result: 2345.35 Actual result: -- 2.00 -- Edit bug report at http://bugs.php.net/?id=44051&edit=1 -- Try a CVS snapshot (PHP 4.4): http://bugs.php.net/fix.php?id=44051&r=trysnapshot44 Try a CVS snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=44051&r=trysnapshot52 Try a CVS snapshot (PHP 5.3): http://bugs.php.net/fix.php?id=44051&r=trysnapshot53 Try a CVS snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=44051&r=trysnapshot60 Fixed in CVS: http://bugs.php.net/fix.php?id=44051&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=44051&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=44051&r=needtrace Need Reproduce Script:http://bugs.php.net/fix.php?id=44051&r=needscript Try newer version:http://bugs.php.net/fix.php?id=44051&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=44051&r=support Expected behavior:http://bugs.php.net/fix.php?id=44051&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=44051&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=44051&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=44051&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=44051&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=44051&r=dst IIS Stability:http://bugs.php.net/fix.php?id=44051&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=44051&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=44051&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=44051&r=nozend MySQL Configuration Error:http://bugs.php.net/fix.php?id=44051&r=mysqlcfg
#44050 [NEW]: Multiple 'Cookie: ' headers incorrectly parsed
From: a dot candle at gmail dot com Operating system: slackware/debian PHP version: 5.2.5 PHP Bug Type: Unknown/Other Function Bug description: Multiple 'Cookie: ' headers incorrectly parsed Description: When a client sends multiple 'Cookie' headers they appear to be parsed incorrectly. What I believe is happening is that the value part of the cookie headers (after the ': ') are being concaternated with a comma rather then a semicolon. Then (as per the cookie spec: http://wp.netscape.com/newsref/std/cookie_spec.html) the resulting string is being split on semicolon, resulting in the broken cookie values. Reproduce code: --- php code: headers sent by client: (on the second request) "Cookie: $Version=0; a=\r\n" "Cookie: $Version=0; b=\r\n" "Cookie: $Version=0; c=\r\n" Expected result: array(4) { ["$Version"]=> string(1) "0" ["a"]=> string(4) "" ["b"]=> string(4) "" ["c"]=> string(4) "" } Actual result: -- resulting output: array(4) { ["$Version"]=> string(1) "0" ["a"]=> string(16) ", $Version=0" ["b"]=> string(16) ", $Version=0" ["c"]=> string(4) "" } -- Edit bug report at http://bugs.php.net/?id=44050&edit=1 -- Try a CVS snapshot (PHP 4.4): http://bugs.php.net/fix.php?id=44050&r=trysnapshot44 Try a CVS snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=44050&r=trysnapshot52 Try a CVS snapshot (PHP 5.3): http://bugs.php.net/fix.php?id=44050&r=trysnapshot53 Try a CVS snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=44050&r=trysnapshot60 Fixed in CVS: http://bugs.php.net/fix.php?id=44050&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=44050&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=44050&r=needtrace Need Reproduce Script:http://bugs.php.net/fix.php?id=44050&r=needscript Try newer version:http://bugs.php.net/fix.php?id=44050&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=44050&r=support Expected behavior:http://bugs.php.net/fix.php?id=44050&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=44050&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=44050&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=44050&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=44050&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=44050&r=dst IIS Stability:http://bugs.php.net/fix.php?id=44050&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=44050&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=44050&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=44050&r=nozend MySQL Configuration Error:http://bugs.php.net/fix.php?id=44050&r=mysqlcfg
#42689 [Asn]: Cannot bind parameter to a dimensional value within a foreach loop
ID: 42689 User updated by: evangun2001 at yahoo dot fr Reported By: evangun2001 at yahoo dot fr Status: Assigned Bug Type: MySQLi related Operating System: windows PHP Version: 5CVS-2007-09-17 (CVS) Assigned To: andrey New Comment: About the 2 last comments : please read the details I gave in the link I provided. You'll understand something goes wrong indeed, the function works half the way it should. Call it a bug or not, as you wish. Previous Comments: [2008-02-05 01:21:27] cool_lim_lp at yahoo dot com dot sg there is a problem with your code. you're binding to a $value array that does not exist outside the foreach loop. so in reality, you're binding to a NULL value. and of course, when you executed the statement, no result will match, hence output nothing. it 's not a bug. [2007-10-26 12:21:16] c dot glaab at web dot de Hi there, i don't think it's a bug. you're foreach creates a new array ($value), so the reference from bind_result will be lost. [2007-09-19 14:37:22] evangun2001 at yahoo dot fr Hello, I've run the tests on 5.2.0, 5.2.4 and CVS, MySQL 5.0.27. Same results each time. By the way, just to let you know, the CVS version seems unstable with my full MySQLi script (more complex than what I've shown you), whereas it works with 5.2.4. Thanks [2007-09-19 11:04:09] uwendel at mysql dot com Can you tell me what MySQL and PHP versions you're using? Is it really a CVS version/development snapshot that you're using? Thanks! Ulf [2007-09-17 22:26:39] evangun2001 at yahoo dot fr Description: Hello, As you can see in the code below, binding to $value['id'] will not work because $value is a variable generated by the foreach loop. Using a dimensional variable as a parameter causes no bugs outside a foreach loop, so I'm pretty sure it really is a bug. $arr = array(array('id' => 1)); $stmt = $dbh -> prepare('SELECT member_login FROM members WHERE member_id = ?;'); $stmt -> bind_param('i', $value['id']); foreach($arr as $value){ echo $value['id']; //this will output 1 as expected $stmt -> execute(); $stmt -> bind_result($login); while($stmt -> fetch()){ echo $login;//this will output nothing } } Reproduce code: --- The code I've given in description pretty much says it all ! For a quick and global understanding of the situation, I've also put a summary of what works, what does not work, and the workaround I've been using so far. Check it here : http://trombiaudencia2.free.fr/bug.txt Actual result: -- Just to let you know, in my application, the real bind_param line looked like : $stmt -> bind_param('si', $_POST['members'][$value['id']]['login'], $value['id']); and in that case, php told me : Fatal error: Only variables can be passed by reference in E:\Program Files\EasyPHP\www\create_quiz_ajaxrequests.php on line 368 which is due to the second parameter, the first one does not create any warning at all. Strange, because you'll see that in the simplified example I've given above, no error message is displayed at all. I use loops all the time so to me, it's reeaaally a down side for MySQLi not to be able to bind parameters. I have been using PDO for a while and heard MySQLi had better performances, but this kinda cools me down :( Maybe I'll wait a bit until this bug is fixed before I migrate to MySQLi. Thank you very much !! Evangun -- Edit this bug report at http://bugs.php.net/?id=42689&edit=1
#44047 [Fbk->Opn]: IIS Worker Process stopped working
ID: 44047 User updated by: matthew dot horner at redprairie dot com Reported By: matthew dot horner at redprairie dot com -Status: Feedback +Status: Open Bug Type: Reproducible crash Operating System: Windows Vista PHP Version: 5.2.5 New Comment: I removed all extensions and re-tested with the same results. Previous Comments: [2008-02-05 15:01:16] [EMAIL PROTECTED] Do you have any extensions loaded via php.ini or this is purely whats statically built into PHP? If you do have extensions can you disable them all and see if you can reproduce the problem. [2008-02-05 14:17:23] matthew dot horner at redprairie dot com I have tested with the latest and the crash is still occurring with the exact same stack trace. The build date of the current installation is Feb 5 2008 08:04:21. [2008-02-05 05:07:30] [EMAIL PROTECTED] Please try using this CVS snapshot: http://snaps.php.net/php5.2-latest.tar.gz For Windows (zip): http://snaps.php.net/win32/php5.2-win32-latest.zip For Windows (installer): http://snaps.php.net/win32/php5.2-win32-installer-latest.msi [2008-02-04 23:42:22] matthew dot horner at redprairie dot com Description: I am able to reproduce this issue as others have seen reported in other bug reports with no solution. If you simply run the following script, the error should reproduce itself. I have done several different tests using IIS7 and have concluded that there are no issues with PHP4 but 5.1.6 and 5.2.5 both cause the crash. I am using Vista Businesss and confirmed with several other developers in our organization the same issues with IIS7 on Vista. Those reporting this issue to our group reported that the problem was also seen but not limited to 5.2.3. I have slightly altered my configuration of IIS to accelerate the crash. Using the IIS Manager, I clicked Application Pools, selected DefaultAppPool and clicked Advanced Settings. In settings configuration screen, I changed the Idle Timeout (minutes) under Process Model to 1. Do an iisreset, execute the example script above in the brower and wait. Within one minute you should see a message stating the 'IIS Worker Process has stopped working.' I downloaded the DebugDiag tool from http://www.microsoft.com/downloads/details.aspx?FamilyID=28bd5941-c458-4 6f1-b24d-f60151d875a3&DisplayLang=en If you would like the complete log of the crash as reported by the DebugDiag tool, I would be more than happy to pass it along. If any assistance is required, please feel free to contact me and I will do everything I can. Thanks, Matt Reproduce code: --- Expected result: The phpinfo page, shows as expected. However, after the Idle Timeout specified in IIS has been reached, a crash message is displayed. Expect this message not be display after the offending code is fixed. Actual result: -- The crash results in the following: --- In w3wp__PID__4852__Date__02_02_2008__Time_09_57_40AM__660__First chance exception 0XC374.dmp the assembly instruction at ntdll!RtlReportCriticalFailure+5b in C:\Windows\System32\ntdll.dll from Microsoft Corporation has caused an unknown exception (0xc374) on thread 11 >From the DebugDiag tool, I have gathered a stack trace which identifies that faulting dll, php5ts.dll. -- Function Arg 1 Arg 2 Arg 3 Source ntdll!RtlReportCriticalFailure+5b c374 77d1cf50 01c1f838 ntdll!RtlpReportHeapFailure+21 0002 01c1a15c ntdll!RtlpLogHeapFailure+a1 0008 0011 037d7148 ntdll!RtlFreeHeap+60 0011 037d7150 kernel32!HeapFree+14 0011 037d7150 msvcrt!free+cd 037d7150 0143aa70 0313978a php5ts!zend_hash_graceful_reverse_destroy+2e 1000 ntdll!LdrpCallInitRoutine+14 1000263d 1000 ntdll!LdrpUnloadDll+3ba 1000 01c1fa28 01c1a32c ntdll!LdrUnloadDll+46 1000 027fffe4 01c1fa7c kernel32!FreeLibrary+15 1000 009b07c8 isapi!ISAPI_DLL::Unload+38 009b07c8 696aa82d 009b07c8 isapi!ISAPI_DLL::~ISAPI_DLL+10 009b07c8 01c1fa94 696aa93f isapi!ISAPI_DLL::`scalar deleting destructor'+d 0001 027fffc4 00f56578 isapi!ISAPI_DLL::DereferenceIsapiDll+37 01c1fac0 732a6bdc 009b07c8 isapi!ISAPI_DLL_HASH::AddRefRecord+23 009b07c8 00f56590 iisutil!CLKRLinearH
#44018 [Fbk->Csd]: RecursiveDirectoryIterator options inconsistancy
ID: 44018 User updated by: jordan dot raub at dataxltd dot com Reported By: jordan dot raub at dataxltd dot com -Status: Feedback +Status: Closed Bug Type: SPL related Operating System: * PHP Version: 5.2.5 Assigned To: helly New Comment: works fine now... Previous Comments: [2008-02-05 09:49:27] [EMAIL PROTECTED] Please try using this CVS snapshot: http://snaps.php.net/php5.2-latest.tar.gz For Windows (zip): http://snaps.php.net/win32/php5.2-win32-latest.zip For Windows (installer): http://snaps.php.net/win32/php5.2-win32-installer-latest.msi Can you './cvsclean' and rebuild 5.2 or at least 'touch ext/spl/spl_directory.c && make' ? The last fix for 5.2 was only in the headers and in my checks it worked correct. [2008-02-04 22:08:20] jordan dot raub at dataxltd dot com had to reopen it. php5.3cvs works fine but php5.2cvs fixed the error but put added a bug.. php5.3cvs works fine. the test script I ran now give the appropriate output: $options not passed string(21) "/virtualhosts/tmp/dir" object(RecursiveDirectoryIterator)#1 (4) { ["pathName":"SplFileInfo":private]=> string(17) "/virtualhosts/tmp" ["fileName":"SplFileInfo":private]=> string(21) "/virtualhosts/tmp/dir" ["glob":"DirectoryIterator":private]=> bool(false) ["subPathName":"RecursiveDirectoryIterator":private]=> string(0) "" } string(52) "/virtualhosts/tmp/RecursiveDirectoryIteratorTest.php" object(RecursiveDirectoryIterator)#1 (4) { ["pathName":"SplFileInfo":private]=> string(17) "/virtualhosts/tmp" ["fileName":"SplFileInfo":private]=> string(52) "/virtualhosts/tmp/RecursiveDirectoryIteratorTest.php" ["glob":"DirectoryIterator":private]=> bool(false) ["subPathName":"RecursiveDirectoryIterator":private]=> string(0) "" } $options = 0 string(21) "/virtualhosts/tmp/dir" object(RecursiveDirectoryIterator)#2 (4) { ["pathName":"SplFileInfo":private]=> string(17) "/virtualhosts/tmp" ["fileName":"SplFileInfo":private]=> string(21) "/virtualhosts/tmp/dir" ["glob":"DirectoryIterator":private]=> bool(false) ["subPathName":"RecursiveDirectoryIterator":private]=> string(0) "" } string(52) "/virtualhosts/tmp/RecursiveDirectoryIteratorTest.php" object(RecursiveDirectoryIterator)#2 (4) { ["pathName":"SplFileInfo":private]=> string(17) "/virtualhosts/tmp" ["fileName":"SplFileInfo":private]=> string(52) "/virtualhosts/tmp/RecursiveDirectoryIteratorTest.php" ["glob":"DirectoryIterator":private]=> bool(false) ["subPathName":"RecursiveDirectoryIterator":private]=> string(0) "" } $options = 10 string(21) "/virtualhosts/tmp/dir" object(SplFileInfo)#4 (2) { ["pathName":"SplFileInfo":private]=> string(17) "/virtualhosts/tmp" ["fileName":"SplFileInfo":private]=> string(21) "/virtualhosts/tmp/dir" } string(52) "/virtualhosts/tmp/RecursiveDirectoryIteratorTest.php" object(SplFileInfo)#2 (2) { ["pathName":"SplFileInfo":private]=> string(17) "/virtualhosts/tmp" ["fileName":"SplFileInfo":private]=> string(52) "/virtualhosts/tmp/RecursiveDirectoryIteratorTest.php" } $options = 100 string(3) "dir" object(RecursiveDirectoryIterator)#1 (3) { ["pathName":"SplFileInfo":private]=> string(17) "/virtualhosts/tmp" ["glob":"DirectoryIterator":private]=> bool(false) ["subPathName":"RecursiveDirectoryIterator":private]=> string(0) "" } string(34) "RecursiveDirectoryIteratorTest.php" object(RecursiveDirectoryIterator)#1 (3) { ["pathName":"SplFileInfo":private]=> string(17) "/virtualhosts/tmp" ["glob":"DirectoryIterator":private]=> bool(false) ["subPathName":"RecursiveDirectoryIterator":private]=> string(0) "" } $options = 110 string(3) "dir" object(SplFileInfo)#4 (2) { ["pathName":"SplFileInfo":private]=> string(17) "/virtualhosts/tmp" ["fileName":"SplFileInfo":private]=> string(21) "/virtualhosts/tmp/dir" } string(34) "RecursiveDirectoryIteratorTest.php" object(SplFileInfo)#1 (2) { ["pathName":"SplFileInfo":private]=> string(17) "/virtualhosts/tmp" ["fileName":"SplFileInfo":private]=> string(52) "/virtualhosts/tmp/RecursiveDirectoryIteratorTest.php" } but php5.2cvs gives me: $options not passed string(3) "dir" object(RecursiveDirectoryIterator)#1 (0) { } string(34) "RecursiveDirectoryIteratorTest.php" object(RecursiveDirectoryIterator)#1 (0) { } $options = 0 string(3) "dir" object(RecursiveDirectoryIterator)#2 (0) { } string(34) "RecursiveDirectoryIteratorTest.php" object(RecursiveDirectoryIterator)#2 (0) { } $options = 10 string(3) "dir" object(SplFileInfo)#4 (0) { } string(34) "RecursiveDirectoryIteratorTest.php" object(SplFileInfo)#2 (0) { } $options = 0 string(3) "dir" object(RecursiveDirectoryIterator)#1 (0) { } string(34) "RecursiveDirectoryIteratorTest.php" object(RecursiveDirectoryIterator)#1 (0) { } $options = 10 string(3) "dir"
#44046 [Opn->Csd]: array_slice(&$offset, $offset) crash
ID: 44046 Updated by: [EMAIL PROTECTED] Reported By: victor dot stinner at haypocalc dot com -Status: Open +Status: Closed Bug Type: Arrays related Operating System: Linux (Ubuntu Gutsy) on i386 PHP Version: 5.2.5 New Comment: This bug has been fixed in CVS. Snapshots of the sources are packaged every three hours; this change will be in the next snapshot. You can grab the snapshot at http://snaps.php.net/. Thank you for the report, and for helping us make PHP better. Previous Comments: [2008-02-05 00:45:57] [EMAIL PROTECTED] My suggestion: http://ecl.mediain.com.br/diff/bug44046.diff In .phpt for array_slice, the expected result treats 0 as NULL. Then, i guess that using long rather than zval could be used... [2008-02-04 22:53:28] victor dot stinner at haypocalc dot com gdb session: * $input type in array_slice() entry: (gdb) print (**input).type $1 = 4 '\004'# IS_ARRAY * $input type after execution of convert_to_long_ex() or convert_to_boolean_ex() : (gdb) print (**input).type $4 = 1 '\001'# IS_LONG * Execution of « num_in = zend_hash_num_elements(Z_ARRVAL_PP(input)) » : Program received signal SIGSEGV, Segmentation fault. (gdb) where #0 0x083281ad in _zend_is_inconsistent (ht=0x1, file=0x8451248 "/home/haypo/php-5.2.5/Zend/zend_hash.c", line=1015) at /home/haypo/php-5.2.5/Zend/zend_hash.c:53 #1 0x0832ae37 in zend_hash_num_elements (ht=0x1) at /home/haypo/php-5.2.5/Zend/zend_hash.c:1015 #2 0x08226ff2 in zif_array_slice (ht=3, return_value=0x853e928, return_value_ptr=0x0, this_ptr=0x0, return_value_used=0) at /home/haypo/php-5.2.5/ext/standard/array.c:2253 (...) (gdb) frame 2 #2 0x08226ff2 in zif_array_slice (ht=3, return_value=0x853e928, return_value_ptr=0x0, this_ptr=0x0, return_value_used=0) at /home/haypo/php-5.2.5/ext/standard/array.c:2253 2253num_in = zend_hash_num_elements(Z_ARRVAL_PP(input)); (gdb) print (**input).type $2 = 1 '\001' [2008-02-04 22:31:23] victor dot stinner at haypocalc dot com Description: Code to crash PHP5 : * « $input = Array("array"); array_slice(&$input, &$input); » * « $input = Array("array"); array_slice(&$input, 0, &$input); » * « $input = Array("array"); array_slice(&$input, 0, 0, &$input); » array_slice() first checks first argument ($input) and then converts other arguments ($offset to long, $length to long, $preverse_keys to boolean). If arguments are shared as reference, $input type can change (to long or boolean). Crash occurs in instruction « num_in = zend_hash_num_elements(Z_ARRVAL_PP(input)) » : it reads ((HashTable*)input)->inconsistent. If input is 0 or 1, input read does crash with segmentation fault. -- Edit this bug report at http://bugs.php.net/?id=44046&edit=1
#41712 [Com]: [PATCH] Add CURL Progress Function Callback
ID: 41712 Comment by: renatobraga at gmail dot com Reported By: sdteffen at gmail dot com Status: Assigned Bug Type: Feature/Change Request Operating System: SuSE Linux 10.2 PHP Version: 5CVS-2007-06-16 (CVS) Assigned To: iliaa New Comment: Hi, this patch isn't working for return values as you can see: "Returning a non-zero nonzero value from this callback will cause libcurl to abort the transfer and return CURLE_ABORTED_BY_CALLBACK." Nothing happens if i return a nonzero value. Can you fix it? Regards, Renato Previous Comments: [2007-09-25 09:22:29] top dot quack at freenet dot de Thanks to Steffen, the patch is now working properly and displays the upload progress as expected: curl_progress_callback Download: 0 / 0 bytes, Upload: 636 / 1179391 bytes curl_progress_callback Download: 0 / 0 bytes, Upload: 17020 / 1179391 bytes curl_progress_callback Download: 0 / 0 bytes, Upload: 33404 / 1179391 bytes Please include that bugfix as soon as possible into the new php versions. [2007-09-24 21:26:20] sdteffen at gmail dot com The progress function only returned 3 values instead of 4. The following revised patch fixes this problem (it completely replaces the previous patch): diff -u php-5.2.3/ext/curl/interface.c php-5.2.3.patched/ext/curl/interface.c --- php-5.2.3/ext/curl/interface.c 2007-05-22 10:39:20.0 +0200 +++ php-5.2.3.patched/ext/curl/interface.c 2007-06-16 13:30:05.0 +0200 @@ -368,6 +368,7 @@ REGISTER_CURL_CONSTANT(CURLOPT_HEADER); REGISTER_CURL_CONSTANT(CURLOPT_HTTPHEADER); REGISTER_CURL_CONSTANT(CURLOPT_NOPROGRESS); + REGISTER_CURL_CONSTANT(CURLOPT_PROGRESSFUNCTION); REGISTER_CURL_CONSTANT(CURLOPT_NOBODY); REGISTER_CURL_CONSTANT(CURLOPT_FAILONERROR); REGISTER_CURL_CONSTANT(CURLOPT_UPLOAD); @@ -777,6 +778,80 @@ } /* }}} */ +/* {{{ curl_progress + */ +static size_t curl_progress(void *clientp, +double dltotal, +double dlnow, +double ultotal, +double ulnow) +{ + php_curl *ch = (php_curl *) clientp; + php_curl_progress *t = ch->handlers->progress; + int length = -1; + +#if PHP_CURL_DEBUG + fprintf(stderr, "curl_progress() called\n"); + fprintf(stderr, "clientp = %x, dltotal = %f, dlnow = %f, ultotal = %f, ulnow = %f\n", clientp, dltotal, dlnow, ultotal, ulnow); +#endif + + switch (t->method) { + case PHP_CURL_USER: { + zval **argv[4]; + zval *zdltotal = NULL; + zval *zdlnow = NULL; + zval *zultotal = NULL; + zval *zulnow = NULL; + zval *retval_ptr; + int error; + zend_fcall_info fci; + TSRMLS_FETCH_FROM_CTX(ch->thread_ctx); + + MAKE_STD_ZVAL(zdltotal); + MAKE_STD_ZVAL(zdlnow); + MAKE_STD_ZVAL(zultotal); + MAKE_STD_ZVAL(zulnow); + + ZVAL_LONG(zdltotal, dltotal); + ZVAL_LONG(zdlnow, dlnow); + ZVAL_LONG(zultotal, ultotal); + ZVAL_LONG(zulnow, ulnow); + + argv[0] = &zdltotal; + argv[1] = &zdlnow; + argv[2] = &zultotal; + argv[3] = &zulnow; + + fci.size = sizeof(fci); + fci.function_table = EG(function_table); + fci.function_name = t->func_name; + fci.object_pp = NULL; + fci.retval_ptr_ptr = &retval_ptr; + fci.param_count = 4; + fci.params = argv; + fci.no_separation = 0; + fci.symbol_table = NULL; + + ch->in_callback = 1; + error = zend_call_function(&fci, &t->fci_cache TSRMLS_CC); + ch->in_callback = 0; + if (error == FAILURE) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Cannot call the CURLOPT_READFUNCTION"); + length = -1; + } + + zval_ptr_dtor(argv[0]); + zval_ptr_dtor(argv[1]); + zval_ptr_dtor(argv[2]); + zval_ptr_dtor(argv[3]); + break; + } + } + return 0; +} +/* }}} */ + + /* {{{ curl_read */ static size_t curl_read(char *data, size_t size, size_
#42167 [Opn]: fgetcsv gives different output on php6 compared to php5
ID: 42167 Updated by: [EMAIL PROTECTED] Reported By: nikhil dot gupta at in dot ibm dot com Status: Open Bug Type: Filesystem function related Operating System: Linux PHP Version: 6CVS-2007-08-01 (snap) New Comment: I have reproduced the code in PHP 6 and PHP 5.2.5, got the same behavior as you got. Previous Comments: [2007-08-06 13:14:47] nikhil dot gupta at in dot ibm dot com There is a typo in the Description. Here is the correct one: fgetcsv() gives different output on php6 compared to php5 on linux. The output on php5 is correct. [2007-08-01 14:35:23] nikhil dot gupta at in dot ibm dot com The same difference is observed on Windows also. [2007-08-01 14:32:07] nikhil dot gupta at in dot ibm dot com Description: fgetcsv() gives different output on php6 compared to php6 on linux. Reproduce code: --- Expected result: according to php5 the output is: array(3) { [0]=> string(5) "water" [1]=> string(5) "fruit" [2]=> string(3) "air" } Actual result: -- Output on php6 is: array(1) { [0]=> string(19) "water\"fruit"\"air"" } -- Edit this bug report at http://bugs.php.net/?id=42167&edit=1
#44047 [Opn->Fbk]: IIS Worker Process stopped working
ID: 44047 Updated by: [EMAIL PROTECTED] Reported By: matthew dot horner at redprairie dot com -Status: Open +Status: Feedback Bug Type: Reproducible crash Operating System: Windows Vista PHP Version: 5.2.5 New Comment: Do you have any extensions loaded via php.ini or this is purely whats statically built into PHP? If you do have extensions can you disable them all and see if you can reproduce the problem. Previous Comments: [2008-02-05 14:17:23] matthew dot horner at redprairie dot com I have tested with the latest and the crash is still occurring with the exact same stack trace. The build date of the current installation is Feb 5 2008 08:04:21. [2008-02-05 05:07:30] [EMAIL PROTECTED] Please try using this CVS snapshot: http://snaps.php.net/php5.2-latest.tar.gz For Windows (zip): http://snaps.php.net/win32/php5.2-win32-latest.zip For Windows (installer): http://snaps.php.net/win32/php5.2-win32-installer-latest.msi [2008-02-04 23:42:22] matthew dot horner at redprairie dot com Description: I am able to reproduce this issue as others have seen reported in other bug reports with no solution. If you simply run the following script, the error should reproduce itself. I have done several different tests using IIS7 and have concluded that there are no issues with PHP4 but 5.1.6 and 5.2.5 both cause the crash. I am using Vista Businesss and confirmed with several other developers in our organization the same issues with IIS7 on Vista. Those reporting this issue to our group reported that the problem was also seen but not limited to 5.2.3. I have slightly altered my configuration of IIS to accelerate the crash. Using the IIS Manager, I clicked Application Pools, selected DefaultAppPool and clicked Advanced Settings. In settings configuration screen, I changed the Idle Timeout (minutes) under Process Model to 1. Do an iisreset, execute the example script above in the brower and wait. Within one minute you should see a message stating the 'IIS Worker Process has stopped working.' I downloaded the DebugDiag tool from http://www.microsoft.com/downloads/details.aspx?FamilyID=28bd5941-c458-4 6f1-b24d-f60151d875a3&DisplayLang=en If you would like the complete log of the crash as reported by the DebugDiag tool, I would be more than happy to pass it along. If any assistance is required, please feel free to contact me and I will do everything I can. Thanks, Matt Reproduce code: --- Expected result: The phpinfo page, shows as expected. However, after the Idle Timeout specified in IIS has been reached, a crash message is displayed. Expect this message not be display after the offending code is fixed. Actual result: -- The crash results in the following: --- In w3wp__PID__4852__Date__02_02_2008__Time_09_57_40AM__660__First chance exception 0XC374.dmp the assembly instruction at ntdll!RtlReportCriticalFailure+5b in C:\Windows\System32\ntdll.dll from Microsoft Corporation has caused an unknown exception (0xc374) on thread 11 >From the DebugDiag tool, I have gathered a stack trace which identifies that faulting dll, php5ts.dll. -- Function Arg 1 Arg 2 Arg 3 Source ntdll!RtlReportCriticalFailure+5b c374 77d1cf50 01c1f838 ntdll!RtlpReportHeapFailure+21 0002 01c1a15c ntdll!RtlpLogHeapFailure+a1 0008 0011 037d7148 ntdll!RtlFreeHeap+60 0011 037d7150 kernel32!HeapFree+14 0011 037d7150 msvcrt!free+cd 037d7150 0143aa70 0313978a php5ts!zend_hash_graceful_reverse_destroy+2e 1000 ntdll!LdrpCallInitRoutine+14 1000263d 1000 ntdll!LdrpUnloadDll+3ba 1000 01c1fa28 01c1a32c ntdll!LdrUnloadDll+46 1000 027fffe4 01c1fa7c kernel32!FreeLibrary+15 1000 009b07c8 isapi!ISAPI_DLL::Unload+38 009b07c8 696aa82d 009b07c8 isapi!ISAPI_DLL::~ISAPI_DLL+10 009b07c8 01c1fa94 696aa93f isapi!ISAPI_DLL::`scalar deleting destructor'+d 0001 027fffc4 00f56578 isapi!ISAPI_DLL::DereferenceIsapiDll+37 01c1fac0 732a6bdc 009b07c8 isapi!ISAPI_DLL_HASH::AddRefRecord+23 009b07c8 00f56590 iisutil!CLKRLinearHashTable::_Clear+6f 0003 00f56578 iisutil!CLKRLinearHashTable::~CLKRLinearHashTable+19 0011d898 01c1fae8 732a6e75 iisutil!CLKRLinearHashTable::`scalar delet
#44047 [Fbk->Opn]: IIS Worker Process stopped working
ID: 44047 User updated by: matthew dot horner at redprairie dot com Reported By: matthew dot horner at redprairie dot com -Status: Feedback +Status: Open Bug Type: Reproducible crash Operating System: Windows Vista PHP Version: 5.2.5 New Comment: I have tested with the latest and the crash is still occurring with the exact same stack trace. The build date of the current installation is Feb 5 2008 08:04:21. Previous Comments: [2008-02-05 05:07:30] [EMAIL PROTECTED] Please try using this CVS snapshot: http://snaps.php.net/php5.2-latest.tar.gz For Windows (zip): http://snaps.php.net/win32/php5.2-win32-latest.zip For Windows (installer): http://snaps.php.net/win32/php5.2-win32-installer-latest.msi [2008-02-04 23:42:22] matthew dot horner at redprairie dot com Description: I am able to reproduce this issue as others have seen reported in other bug reports with no solution. If you simply run the following script, the error should reproduce itself. I have done several different tests using IIS7 and have concluded that there are no issues with PHP4 but 5.1.6 and 5.2.5 both cause the crash. I am using Vista Businesss and confirmed with several other developers in our organization the same issues with IIS7 on Vista. Those reporting this issue to our group reported that the problem was also seen but not limited to 5.2.3. I have slightly altered my configuration of IIS to accelerate the crash. Using the IIS Manager, I clicked Application Pools, selected DefaultAppPool and clicked Advanced Settings. In settings configuration screen, I changed the Idle Timeout (minutes) under Process Model to 1. Do an iisreset, execute the example script above in the brower and wait. Within one minute you should see a message stating the 'IIS Worker Process has stopped working.' I downloaded the DebugDiag tool from http://www.microsoft.com/downloads/details.aspx?FamilyID=28bd5941-c458-4 6f1-b24d-f60151d875a3&DisplayLang=en If you would like the complete log of the crash as reported by the DebugDiag tool, I would be more than happy to pass it along. If any assistance is required, please feel free to contact me and I will do everything I can. Thanks, Matt Reproduce code: --- Expected result: The phpinfo page, shows as expected. However, after the Idle Timeout specified in IIS has been reached, a crash message is displayed. Expect this message not be display after the offending code is fixed. Actual result: -- The crash results in the following: --- In w3wp__PID__4852__Date__02_02_2008__Time_09_57_40AM__660__First chance exception 0XC374.dmp the assembly instruction at ntdll!RtlReportCriticalFailure+5b in C:\Windows\System32\ntdll.dll from Microsoft Corporation has caused an unknown exception (0xc374) on thread 11 >From the DebugDiag tool, I have gathered a stack trace which identifies that faulting dll, php5ts.dll. -- Function Arg 1 Arg 2 Arg 3 Source ntdll!RtlReportCriticalFailure+5b c374 77d1cf50 01c1f838 ntdll!RtlpReportHeapFailure+21 0002 01c1a15c ntdll!RtlpLogHeapFailure+a1 0008 0011 037d7148 ntdll!RtlFreeHeap+60 0011 037d7150 kernel32!HeapFree+14 0011 037d7150 msvcrt!free+cd 037d7150 0143aa70 0313978a php5ts!zend_hash_graceful_reverse_destroy+2e 1000 ntdll!LdrpCallInitRoutine+14 1000263d 1000 ntdll!LdrpUnloadDll+3ba 1000 01c1fa28 01c1a32c ntdll!LdrUnloadDll+46 1000 027fffe4 01c1fa7c kernel32!FreeLibrary+15 1000 009b07c8 isapi!ISAPI_DLL::Unload+38 009b07c8 696aa82d 009b07c8 isapi!ISAPI_DLL::~ISAPI_DLL+10 009b07c8 01c1fa94 696aa93f isapi!ISAPI_DLL::`scalar deleting destructor'+d 0001 027fffc4 00f56578 isapi!ISAPI_DLL::DereferenceIsapiDll+37 01c1fac0 732a6bdc 009b07c8 isapi!ISAPI_DLL_HASH::AddRefRecord+23 009b07c8 00f56590 iisutil!CLKRLinearHashTable::_Clear+6f 0003 00f56578 iisutil!CLKRLinearHashTable::~CLKRLinearHashTable+19 0011d898 01c1fae8 732a6e75 iisutil!CLKRLinearHashTable::`scalar deleting destructor'+d 0001 01c1fb04 732a6fe4 iisutil!CLKRHashTable::_FreeSubTable+13 00f56578 01413938 0011d898 iisutil!CLKRHashTable::~CLKRHashTable+18 014052b0 01c1fb28 696aaee6 isapi!W3_RESTRICTION_LIST::`scalar deleting destructor'+e 0001 696a
#43819 [Com]: -
ID: 43819 Comment by: manuel at mausz dot at Reported By: fxbois at gmail dot com Status: Open Bug Type: Session related Operating System: RHEL3 PHP Version: 5.2.5 New Comment: Same as Bug 43677 :) Previous Comments: [2008-02-05 08:44:20] fxbois at gmail dot com I must confess that I changed all my servers because, as I said it was a serious security problem for me, and I had no feedback. The configuration I used to have was : 1/ session.save_path in the php.ini 2/ php_admin_value session.save_path in the virtualhost 3/ use off the function session_save_path() in a script. The script is loaded for every action but set a different path according to the URI. [2008-02-05 00:26:06] [EMAIL PROTECTED] Are you by any chance using php_admin_value / php_value anywhere in your httpd.conf / .htaccess files? And if so, are you using those to set different session.save_path? [2008-01-12 17:49:05] fxbois at gmail dot com I have in my php.ini file the value : session.save_path = "/tmp" When I try to change this value in a php script with session_save_path() the new value is not kept and the session.save_path still contains "/tmp". session_save_path("2;0777;web/tmp"); error_log(session_save_path()); // /tmp appears instead of 2;0777;web/tmp What is strange is that this bad behaviour only appears a few minutes after an apache restart. I tried many night build (5.2.6) with no success. I am sure that this behaviour appeared with 5.2.5. I can try patches if you want. Hope this new comment will help. This bug is very very annoying on a shared server. tia [2008-01-11 14:14:01] fxbois at gmail dot com Description: Hi, I want to report that PHP 5.2.5 loose the local session.save_path. I set it with session_save_path() but just after, when I look at its value, it contains the master value instead of the value just setted. This happens after a short period of time. (Just after restrating apache everything works fine). It is a big security problem in my opinion. System : - Red Hat Enterprise Linux ES release 3 (Taroon Update 8) - PHP 5.2.5 - Apache/2.0.46 Reproduce code: --- // master value is /home/.tmp $new = '2;0777;web/tmp'; session_save_path($new); echo session_save_path(); Expected result: 2;0777;web/tmp Actual result: -- /home/.tmp -- Edit this bug report at http://bugs.php.net/?id=43819&edit=1
#43677 [Com]: Inconsistent behaviour of include_path set with php_value
ID: 43677 Comment by: manuel at mausz dot at Reported By: root at net1 dot cc Status: Open Bug Type: Safe Mode/open_basedir Operating System: FreeBSD 6.2 PHP Version: 5.2.5 New Comment: Can someone please assign this bug to some dev or commit my first patch for 5.3 and HEAD. This bug is annoying and I don't want to see it in 5.3 again. Previous Comments: [2008-01-22 10:32:59] phpbugs at afilas dot nl I have the same problem here with Apache 1.3 and FreeBSD 6.2. I am wondering why there is no response from the PHP dev team on this issue, as this a fairly serious issue IMHO. I chose to downgrade to 5.2.4 for the time being, hoping that this issue is fixed in 5.2.6. [2008-01-21 18:37:21] manuel at mausz dot at As I said before, my patch breaks the ini settings abi resulting in segfaults if "old" extensions are loaded. Due to the fact that one of my customers is using a proprietary extension I have implemented an alternate, dirty but hopefully non-breaking patch. The patch stores the original value 3 bits to the left of the new value. This method won't break any php or pecl extensions (all checked). Only ext/reflection needs to be recompiled. http://manuel.mausz.at/coding/patches/php/5.2.5/php5.2.5-restore-ini-level2.patch [2008-01-20 11:22:55] thorvath at fullnet dot hu I have the same problem on FreeBSD 6.1 with php5-5.2.5, tried to patch with the FreeBSD patch above, recompiled all modules, when I load php5_module apache sigfaults with 11 and core dumps, I use the apache22 port. [2008-01-19 15:56:00] scott at atomicrocketturtle dot com Testing this patch against 5.2.5, ioncube-loader and zend-optimizer will cause segmentation faults. Similar result with eaccelerator, which was resolved with a rebuild. [2008-01-17 16:52:48] d at tpyo dot net Thanks Manuel. Patch works perfectly. But I agree, it is a fairly serious issue that undoubtedly affects a lot of users. The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/43677 -- Edit this bug report at http://bugs.php.net/?id=43677&edit=1
#44049 [NEW]: Stored proc query fails on NULL input
From: morne dot olderwagen at lexisnexis dot co dot za Operating system: windows 2003 server PHP version: 5.2.5 PHP Bug Type: MSSQL related Bug description: Stored proc query fails on NULL input Description: I have a Stored Procedure that returns 4 result sets. The proc selects data and inserts into a temp table and then reads back, etc. The temp table is set up to allow null values, but I get this: PHP Warning: mssql_query() [function.mssql-query]: message: Cannot insert the value NULL into column 'PhysAddressLine2', table 'tempdb.dbo.#TempRandom_0003'; column does not allow nulls. INSERT fails. (severity 16) in ... I have tested the proc in MSSQL Query Analyser and also tested the script in ASP.NET, both worked fine. Reproduce code: --- $sql = "exec sp_dosearch 0,2,7,2,5"; if($qsql = mssql_query($sql, $link)) { echo "OK"; /*do { while($row = mssql_fetch_row($qsql)) { } } while (mssql_next_result($qsql)); */ } else { echo"OWNED"; } /* also tried */ $query = mssql_init("sp_dosearch", $link); $SortOrder = 0; $PASelectType = 2; $PASelectID = 7; $GeoSelectType = 2; $GeoSelectID= 5; mssql_bind($query, "@SortOrder", $SortOrder, SQLINT2); mssql_bind($query, "@PASelectType", $PASelectType, SQLINT2); mssql_bind($query, "@PASelectID", $PASelectID, SQLINT2); mssql_bind($query, "@GeoSelectType", $GeoSelectType, SQLINT2); mssql_bind($query, "@GeoSelectID", $GeoSelectID, SQLINT2); if($res = mssql_execute($query)) { echo "OK"; } else { echo "OWNED"; } Expected result: OK Actual result: -- OWNED -- Edit bug report at http://bugs.php.net/?id=44049&edit=1 -- Try a CVS snapshot (PHP 4.4): http://bugs.php.net/fix.php?id=44049&r=trysnapshot44 Try a CVS snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=44049&r=trysnapshot52 Try a CVS snapshot (PHP 5.3): http://bugs.php.net/fix.php?id=44049&r=trysnapshot53 Try a CVS snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=44049&r=trysnapshot60 Fixed in CVS: http://bugs.php.net/fix.php?id=44049&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=44049&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=44049&r=needtrace Need Reproduce Script:http://bugs.php.net/fix.php?id=44049&r=needscript Try newer version:http://bugs.php.net/fix.php?id=44049&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=44049&r=support Expected behavior:http://bugs.php.net/fix.php?id=44049&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=44049&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=44049&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=44049&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=44049&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=44049&r=dst IIS Stability:http://bugs.php.net/fix.php?id=44049&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=44049&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=44049&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=44049&r=nozend MySQL Configuration Error:http://bugs.php.net/fix.php?id=44049&r=mysqlcfg
#42262 [Opn->Bgs]: get_magic_quotes_gpc() should be there and return false
ID: 42262 Updated by: [EMAIL PROTECTED] Reported By: spam2 at rhsoft dot net -Status: Open +Status: Bogus Bug Type: *Configuration Issues Operating System: All PHP Version: 6CVS-2007-08-09 (snap) New Comment: Hi Philip, see the "Remove magic_quotes and register global" thread two years ago. The functions (there is more than the getter) can't exist anymore as the underlying features do not exist anymore. Using them (in all bad possible bad ways) can end in a rather unexpected result if they don't check return values (setter). A simple if (php_version >= 6) does the job and makes it clear in your code. Still no bug sorry (that means bogus here). Previous Comments: [2008-02-05 04:02:18] [EMAIL PROTECTED] As the reporter mentioned outside this report, NEWS indicates this function should exist whereas various bug reports say it shouldn't, and I cannot find the decision on internals... For now we must consider NEWS as the authority in which case this function should exist so please update NEWS if this has changed and regardless it will then be documented. And since it (php5) returns 0 or 1, I reckon if it exists it should return 0 and not false. [2008-02-04 13:41:01] [EMAIL PROTECTED] > still not bug, please see php.internals archive for the discussion about this change. [2008-02-04 13:17:35] [EMAIL PROTECTED] Hello, The behavior of get_magic_quotes_gpc has changed. Check the NEWS file: "Changed get_magic_quotes_gpc(), get_magic_quotes_runtime to always return false and set_magic_quotes_runtime() to raise an E_CORE_ERROR." [2007-08-09 22:39:12] spam2 at rhsoft dot net Description: [10-Aug-2007 00:30:56] PHP Fatal error: Call to undefined function get_magic_quotes_gpc() in /mnt/data/www/sql.rhsoft.net/libraries/common.lib.php on line 2606 The function "get_magic_quotes_gpc()" should available in PHP6 and return always false, so you dont break applications that check the setting and make a "stripslashes" if it is on. Reproduce code: --- if(function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc()) { @$akt_temp_str_name = stripslashes(@$akt_temp_str_name); } Expected result: if(get_magic_quotes_gpc()) { @$akt_temp_str_name = stripslashes(@$akt_temp_str_name); } should work also Actual result: -- A fatal error -- Edit this bug report at http://bugs.php.net/?id=42262&edit=1
#44039 [Opn]: Throwing an exception results in Access Violation on Win32 ISAPI.
ID: 44039 User updated by: RQuadling at GMail dot com -Summary: Throwing an exception with an undefined variable results in Access Violation. Reported By: RQuadling at GMail dot com Status: Open Bug Type: Reproducible crash Operating System: Windows XP SP2 PHP Version: 5.3CVS-2008-02-04 (snap) New Comment: Results in "PHP has encountered an Access Violation at ". Nothing to do with the undefined variable. Also, different output at the command line (this may be me not getting something quite right). php -n unk.php [No output] php -n -r "throw new exception('Broken exceptions', 0);" Fatal error: Uncaught exception 'Exception' with message 'Broken exceptions' in Command line code:1 Stack trace: #0 {main} thrown in Command line code on line 1 So, we have 3 different outputs for the same line of code. Nothing if using PHP as CLI interpreter. Fatal error when using PHP with STDIN (correct output). Access Violation when using PHP via ISAPI interface (Sambar Server). Previous Comments: [2008-02-04 14:03:45] RQuadling at GMail dot com Description: The following code worked on a snapshot in January. The code only seems to go wrong in ISAPI (Using Sambar Server). Works fine in CLI mode. php -n -derror_reporting=-1 -ddisplay_errors=1 -r "throw new exception('foo' . $bar, 0);" produces ... Notice: Undefined variable: bar in Command line code on line 1 Fatal error: Uncaught exception 'Exception' with message 'foo' in Command line code:1 Stack trace: #0 {main} thrown in Command line code on line 1 Reproduce code: --- Expected result: Notice: Undefined variable: unknown in C:\unk.php on line 4 Fatal error: Uncaught exception 'Exception' with message 'Missing variable ' in C:\unk.php:4 Stack trace: #0 {main} thrown in C:\unk.php on line 4 Actual result: -- PHP has encountered an Access Violation at -- Edit this bug report at http://bugs.php.net/?id=44039&edit=1
#44018 [Opn->Fbk]: RecursiveDirectoryIterator options inconsistancy
ID: 44018 Updated by: [EMAIL PROTECTED] Reported By: jordan dot raub at dataxltd dot com -Status: Open +Status: Feedback Bug Type: SPL related Operating System: * PHP Version: 5.2.5 Assigned To: helly New Comment: Please try using this CVS snapshot: http://snaps.php.net/php5.2-latest.tar.gz For Windows (zip): http://snaps.php.net/win32/php5.2-win32-latest.zip For Windows (installer): http://snaps.php.net/win32/php5.2-win32-installer-latest.msi Can you './cvsclean' and rebuild 5.2 or at least 'touch ext/spl/spl_directory.c && make' ? The last fix for 5.2 was only in the headers and in my checks it worked correct. Previous Comments: [2008-02-04 22:08:20] jordan dot raub at dataxltd dot com had to reopen it. php5.3cvs works fine but php5.2cvs fixed the error but put added a bug.. php5.3cvs works fine. the test script I ran now give the appropriate output: $options not passed string(21) "/virtualhosts/tmp/dir" object(RecursiveDirectoryIterator)#1 (4) { ["pathName":"SplFileInfo":private]=> string(17) "/virtualhosts/tmp" ["fileName":"SplFileInfo":private]=> string(21) "/virtualhosts/tmp/dir" ["glob":"DirectoryIterator":private]=> bool(false) ["subPathName":"RecursiveDirectoryIterator":private]=> string(0) "" } string(52) "/virtualhosts/tmp/RecursiveDirectoryIteratorTest.php" object(RecursiveDirectoryIterator)#1 (4) { ["pathName":"SplFileInfo":private]=> string(17) "/virtualhosts/tmp" ["fileName":"SplFileInfo":private]=> string(52) "/virtualhosts/tmp/RecursiveDirectoryIteratorTest.php" ["glob":"DirectoryIterator":private]=> bool(false) ["subPathName":"RecursiveDirectoryIterator":private]=> string(0) "" } $options = 0 string(21) "/virtualhosts/tmp/dir" object(RecursiveDirectoryIterator)#2 (4) { ["pathName":"SplFileInfo":private]=> string(17) "/virtualhosts/tmp" ["fileName":"SplFileInfo":private]=> string(21) "/virtualhosts/tmp/dir" ["glob":"DirectoryIterator":private]=> bool(false) ["subPathName":"RecursiveDirectoryIterator":private]=> string(0) "" } string(52) "/virtualhosts/tmp/RecursiveDirectoryIteratorTest.php" object(RecursiveDirectoryIterator)#2 (4) { ["pathName":"SplFileInfo":private]=> string(17) "/virtualhosts/tmp" ["fileName":"SplFileInfo":private]=> string(52) "/virtualhosts/tmp/RecursiveDirectoryIteratorTest.php" ["glob":"DirectoryIterator":private]=> bool(false) ["subPathName":"RecursiveDirectoryIterator":private]=> string(0) "" } $options = 10 string(21) "/virtualhosts/tmp/dir" object(SplFileInfo)#4 (2) { ["pathName":"SplFileInfo":private]=> string(17) "/virtualhosts/tmp" ["fileName":"SplFileInfo":private]=> string(21) "/virtualhosts/tmp/dir" } string(52) "/virtualhosts/tmp/RecursiveDirectoryIteratorTest.php" object(SplFileInfo)#2 (2) { ["pathName":"SplFileInfo":private]=> string(17) "/virtualhosts/tmp" ["fileName":"SplFileInfo":private]=> string(52) "/virtualhosts/tmp/RecursiveDirectoryIteratorTest.php" } $options = 100 string(3) "dir" object(RecursiveDirectoryIterator)#1 (3) { ["pathName":"SplFileInfo":private]=> string(17) "/virtualhosts/tmp" ["glob":"DirectoryIterator":private]=> bool(false) ["subPathName":"RecursiveDirectoryIterator":private]=> string(0) "" } string(34) "RecursiveDirectoryIteratorTest.php" object(RecursiveDirectoryIterator)#1 (3) { ["pathName":"SplFileInfo":private]=> string(17) "/virtualhosts/tmp" ["glob":"DirectoryIterator":private]=> bool(false) ["subPathName":"RecursiveDirectoryIterator":private]=> string(0) "" } $options = 110 string(3) "dir" object(SplFileInfo)#4 (2) { ["pathName":"SplFileInfo":private]=> string(17) "/virtualhosts/tmp" ["fileName":"SplFileInfo":private]=> string(21) "/virtualhosts/tmp/dir" } string(34) "RecursiveDirectoryIteratorTest.php" object(SplFileInfo)#1 (2) { ["pathName":"SplFileInfo":private]=> string(17) "/virtualhosts/tmp" ["fileName":"SplFileInfo":private]=> string(52) "/virtualhosts/tmp/RecursiveDirectoryIteratorTest.php" } but php5.2cvs gives me: $options not passed string(3) "dir" object(RecursiveDirectoryIterator)#1 (0) { } string(34) "RecursiveDirectoryIteratorTest.php" object(RecursiveDirectoryIterator)#1 (0) { } $options = 0 string(3) "dir" object(RecursiveDirectoryIterator)#2 (0) { } string(34) "RecursiveDirectoryIteratorTest.php" object(RecursiveDirectoryIterator)#2 (0) { } $options = 10 string(3) "dir" object(SplFileInfo)#4 (0) { } string(34) "RecursiveDirectoryIteratorTest.php" object(SplFileInfo)#2 (0) { } $options = 0 string(3) "dir" object(RecursiveDirectoryIterator)#1 (0) { } string(34) "RecursiveDirectoryIteratorTest.php" object(RecursiveDirectoryIterator)#1 (0) { } $options = 10 string(3) "dir" object(SplFileInfo)#4 (0) { } string(34) "RecursiveDirectoryIteratorTest.php" object(SplFileInfo)#1 (0) { } notice the KEY_AS_FILENAME constant isn't wo
#43819 [Fbk->Opn]: -
ID: 43819 User updated by: fxbois at gmail dot com -Summary: php loosing local session.save_path Reported By: fxbois at gmail dot com -Status: Feedback +Status: Open Bug Type: Session related Operating System: RHEL3 PHP Version: 5.2.5 New Comment: I must confess that I changed all my servers because, as I said it was a serious security problem for me, and I had no feedback. The configuration I used to have was : 1/ session.save_path in the php.ini 2/ php_admin_value session.save_path in the virtualhost 3/ use off the function session_save_path() in a script. The script is loaded for every action but set a different path according to the URI. Previous Comments: [2008-02-05 00:26:06] [EMAIL PROTECTED] Are you by any chance using php_admin_value / php_value anywhere in your httpd.conf / .htaccess files? And if so, are you using those to set different session.save_path? [2008-01-12 17:49:05] fxbois at gmail dot com I have in my php.ini file the value : session.save_path = "/tmp" When I try to change this value in a php script with session_save_path() the new value is not kept and the session.save_path still contains "/tmp". session_save_path("2;0777;web/tmp"); error_log(session_save_path()); // /tmp appears instead of 2;0777;web/tmp What is strange is that this bad behaviour only appears a few minutes after an apache restart. I tried many night build (5.2.6) with no success. I am sure that this behaviour appeared with 5.2.5. I can try patches if you want. Hope this new comment will help. This bug is very very annoying on a shared server. tia [2008-01-11 14:14:01] fxbois at gmail dot com Description: Hi, I want to report that PHP 5.2.5 loose the local session.save_path. I set it with session_save_path() but just after, when I look at its value, it contains the master value instead of the value just setted. This happens after a short period of time. (Just after restrating apache everything works fine). It is a big security problem in my opinion. System : - Red Hat Enterprise Linux ES release 3 (Taroon Update 8) - PHP 5.2.5 - Apache/2.0.46 Reproduce code: --- // master value is /home/.tmp $new = '2;0777;web/tmp'; session_save_path($new); echo session_save_path(); Expected result: 2;0777;web/tmp Actual result: -- /home/.tmp -- Edit this bug report at http://bugs.php.net/?id=43819&edit=1
#43579 [Com]: sessions time out on 5.2.5
ID: 43579 Comment by: poil at quake dot fr Reported By: assid at assid dot com Status: No Feedback Bug Type: Session related Operating System: Debian etch PHP Version: 5.2.5 New Comment: I got the same issue; I have a variable $_SESSION['S_num_content'] who got reseted randomly. I have a small navigation div who is refresh by ajax. I increment or decrement the value of $_SESSION['S_num_content'] for limiting my SQL request to "x, x+10". This browsing work correctly. When choosing link in this menu for displaying the news (not ajax, full webpage refresh), sometime session is lost value (1 clic of 5). If I navigate very slowly, the session is less lost (1 clic of 10 or 20) My english isn't very good for explain it; I go to try to create a small parts of code who do the same things. You can see it on http://www.teewars.net Clic on "<< Précédent" one time, Select an article in the same menu sometime the list of menu stay where it should be sometime not. Before changing to php 5.2.5 I don't have this issue. I was in php 4.x before my webhoster upgrade my hosting. Best regards Previous Comments: [2007-12-21 01:00:00] php-bugs at lists dot php dot net No feedback was provided for this bug for over a week, so it is being suspended automatically. If you are able to provide the information that was originally requested, please do so and change the status of the bug back to "Open". [2007-12-13 09:19:31] [EMAIL PROTECTED] Not enough information was provided for us to be able to handle this bug. Please re-read the instructions at http://bugs.php.net/how-to-report.php If you can provide more information, feel free to add it to this bug and change the status back to "Open". Thank you for your interest in PHP. [2007-12-12 11:01:14] assid at assid dot com btw: thats not the reproduce code, its the phpinfo just incase needed [2007-12-12 10:53:02] assid at assid dot com Description: I tried upgrading to php 5.2.5 from 5.2.4 and ever since i did that my sessions have been acting strange. It seems most noticable using squirrelmail. Downgrading back to 5.2.4 seems to have fixed this issue, so its definitely something on how 5.2.5 handles sessions Reproduce code: --- http://spherelinx.com/phpinfo.php http://assid.pastebin.com/f7ba83639 <-- yes i know certain configure options have been deprecated. but using the same config.nice for both Expected result: session management similar to 5.2.4 where it doesnt just timeout for no apparent reason. -- Edit this bug report at http://bugs.php.net/?id=43579&edit=1