from:"bugs dot php dot net at chsc dot dk"

#41492 [NEW]: open_basedir bypass via readfile()

2007-05-24 Thread bugs dot php dot net at chsc dot dk

From: bugs dot php dot net at chsc dot dk
Operating system: Linux
PHP version:  5.2.2
PHP Bug Type: Safe Mode/open_basedir
Bug description:  open_basedir bypass via readfile()

Description:

file_exists() etc. does not allow checking the existence of files outside
the directories specified in open_basedir.

Appearently readfile() does *not* have this restriction and thus allows
checking the existence of files anywhere in the filesystem. If
realpath($filename) returns a string (i.e. not false), the file exists.
This is a circumvention of the open_basedir restriction in file_exists()
etc.


Reproduce code:
---
The following should always be true, but it isn't when $dir is outside the
directories specified in open_basedir:

var_dump(file_exists($dir) === (bool) realpath($dir));



-- 
Edit bug report at http://bugs.php.net/?id=41492edit=1
-- 
Try a CVS snapshot (PHP 4.4): 
http://bugs.php.net/fix.php?id=41492r=trysnapshot44
Try a CVS snapshot (PHP 5.2): 
http://bugs.php.net/fix.php?id=41492r=trysnapshot52
Try a CVS snapshot (PHP 6.0): 
http://bugs.php.net/fix.php?id=41492r=trysnapshot60
Fixed in CVS: http://bugs.php.net/fix.php?id=41492r=fixedcvs
Fixed in release: 
http://bugs.php.net/fix.php?id=41492r=alreadyfixed
Need backtrace:   http://bugs.php.net/fix.php?id=41492r=needtrace
Need Reproduce Script:http://bugs.php.net/fix.php?id=41492r=needscript
Try newer version:http://bugs.php.net/fix.php?id=41492r=oldversion
Not developer issue:  http://bugs.php.net/fix.php?id=41492r=support
Expected behavior:http://bugs.php.net/fix.php?id=41492r=notwrong
Not enough info:  
http://bugs.php.net/fix.php?id=41492r=notenoughinfo
Submitted twice:  
http://bugs.php.net/fix.php?id=41492r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=41492r=globals
PHP 3 support discontinued:   http://bugs.php.net/fix.php?id=41492r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=41492r=dst
IIS Stability:http://bugs.php.net/fix.php?id=41492r=isapi
Install GNU Sed:  http://bugs.php.net/fix.php?id=41492r=gnused
Floating point limitations:   http://bugs.php.net/fix.php?id=41492r=float
No Zend Extensions:   http://bugs.php.net/fix.php?id=41492r=nozend
MySQL Configuration Error:http://bugs.php.net/fix.php?id=41492r=mysqlcfg

#40009 [NEW]: http_build_query(array()) returns NULL, not empty string

2007-01-03 Thread bugs dot php dot net at chsc dot dk

From: bugs dot php dot net at chsc dot dk
Operating system: Windows
PHP version:  5.2.0
PHP Bug Type: URL related
Bug description:  http_build_query(array()) returns NULL, not empty string

Description:

http_build_query(array()) returns NULL. According to the documentation,
the return type of http_build_query is string.

This can be considered a documentation problem, but I think it would be
better to change the function so that it always returns a string.

Reproduce code:
---
./php.exe -r echo gettype(http_build_query(array()));



Expected result:

string


Actual result:
--
NULL

-- 
Edit bug report at http://bugs.php.net/?id=40009edit=1
-- 
Try a CVS snapshot (PHP 4.4): 
http://bugs.php.net/fix.php?id=40009r=trysnapshot44
Try a CVS snapshot (PHP 5.2): 
http://bugs.php.net/fix.php?id=40009r=trysnapshot52
Try a CVS snapshot (PHP 6.0): 
http://bugs.php.net/fix.php?id=40009r=trysnapshot60
Fixed in CVS: http://bugs.php.net/fix.php?id=40009r=fixedcvs
Fixed in release: 
http://bugs.php.net/fix.php?id=40009r=alreadyfixed
Need backtrace:   http://bugs.php.net/fix.php?id=40009r=needtrace
Need Reproduce Script:http://bugs.php.net/fix.php?id=40009r=needscript
Try newer version:http://bugs.php.net/fix.php?id=40009r=oldversion
Not developer issue:  http://bugs.php.net/fix.php?id=40009r=support
Expected behavior:http://bugs.php.net/fix.php?id=40009r=notwrong
Not enough info:  
http://bugs.php.net/fix.php?id=40009r=notenoughinfo
Submitted twice:  
http://bugs.php.net/fix.php?id=40009r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=40009r=globals
PHP 3 support discontinued:   http://bugs.php.net/fix.php?id=40009r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=40009r=dst
IIS Stability:http://bugs.php.net/fix.php?id=40009r=isapi
Install GNU Sed:  http://bugs.php.net/fix.php?id=40009r=gnused
Floating point limitations:   http://bugs.php.net/fix.php?id=40009r=float
No Zend Extensions:   http://bugs.php.net/fix.php?id=40009r=nozend
MySQL Configuration Error:http://bugs.php.net/fix.php?id=40009r=mysqlcfg

#35326 [Opn]: Concurrency issue with recursive mkdir

2006-10-10 Thread bugs dot php dot net at chsc dot dk

 ID:   35326
 User updated by:  bugs dot php dot net at chsc dot dk
 Reported By:  bugs dot php dot net at chsc dot dk
 Status:   Open
 Bug Type: Feature/Change Request
 Operating System: Linux
-PHP Version:  5.0.5
+PHP Version:  5.1.6
 New Comment:

Problem still exists in PHP 5.1.6.


Previous Comments:


[2005-11-22 13:52:24] bugs dot php dot net at chsc dot dk

Yes, it also occurs with the CVS snapshot (this time I tried with the
CGI version).

AFAICS the problem is in php_plain_files_mkdir in
main/streams/plain_wrapper.c. If php_mkdir() or VCWD_MKDIR() returns
false, the method gives up instead of checking whether directory exists
anyway, i.e. if it was created by another thread.



[2005-11-22 12:13:10] [EMAIL PROTECTED]

Please try using this CVS snapshot:

  http://snaps.php.net/php5-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5-win32-latest.zip





[2005-11-22 11:32:49] bugs dot php dot net at chsc dot dk

Description:

There appears to be a concurrency issue when mkdir is called on two
separate threads with the following parameters:

Thread 1:
mkdir('/tmp/foo/bar/1', 0777, true);

Thread 2:
mkdir('/tmp/foo/bar/2', 0777, true);

Sometimes one of the threads (e.g. thread 2) two fails with Warning:
mkdir(): File exists and the directory /tmp/foo/bar/2 does not exist
afterwards.

What I think is happening in thread 2 is is this:
PHP looks for /tmp/foo/bar/2 and sees that it does not exist. Neither
does /tmp/foo/bar and /tmp/foo. So it tries to create /tmp/foo, but
that directory was just created a millisecond second ago by another
thread, so mkdir gives instead of just moving on to create /tmp/foo/bar
and /tmp/foo/bar/2.

Reproduce code:
---
This code reproduces the problem in about every second attempt. It
consists of two files, index.php and iframe.php.


index.php:

?php
$fire = time() + 2;
?
h1Nr. 1/h1
iframe src=iframe.php?fire=?= $fire ?amp;no=1/iframe
h1Nr. 2/h1
iframe src=iframe.php?fire=?= $fire ?amp;no=2/iframe


iframe.php:

?php
$fire = $_GET['fire'];
$no = $_GET['no'];
// synchronize the two threads
while ($fire  time());
$dir = '/tmp/' . $fire . '/foo/bar/foo/bar/' . $no;
//sleep($no);
var_dump(is_dir($dir));
echo Making $dir ;
mkdir($dir, 0777, true);
var_dump(is_dir($dir));
?


Expected result:

Thread 2 should output this:
bool(false) Making /tmp/1132653651/foo/bar/foo/bar/2 bool(true)


Actual result:
--
Thread 2 sometimes outputs this:
bool(false) Making /tmp/1132655181/foo/bar/foo/bar/2 Warning: mkdir():
File exists in /home/chsc/public_html/mkdir/iframe.php on line 10
bool(false) 

Notice that the directory does not exist afterwards.

If I uncomment the sleep() call above, there are no problems.


A workaround:
$ok = mkdir($dir, 0777, true);
if (!$ok  !is_dir($dir)) {
sleep(1);
mkdir($dir, 0777, true);
}


In other words, it works if I try again. I hope that mkdir() can be
changed so that it only returns false if the directory cannot be
created at all (e.g. because of lack of permissions or because it
already exists).






-- 
Edit this bug report at http://bugs.php.net/?id=35326edit=1

#35326 [NEW]: Concurrency issue with recursive mkdir

2005-11-22 Thread bugs dot php dot net at chsc dot dk

From: bugs dot php dot net at chsc dot dk
Operating system: Linux
PHP version:  5.0.5
PHP Bug Type: Directory function related
Bug description:  Concurrency issue with recursive mkdir

Description:

There appears to be a concurrency issue when mkdir is called on two
separate threads with the following parameters:

Thread 1:
mkdir('/tmp/foo/bar/1', 0777, true);

Thread 2:
mkdir('/tmp/foo/bar/2', 0777, true);

Sometimes one of the threads (e.g. thread 2) two fails with Warning:
mkdir(): File exists and the directory /tmp/foo/bar/2 does not exist
afterwards.

What I think is happening in thread 2 is is this:
PHP looks for /tmp/foo/bar/2 and sees that it does not exist. Neither does
/tmp/foo/bar and /tmp/foo. So it tries to create /tmp/foo, but that
directory was just created a millisecond second ago by another thread, so
mkdir gives instead of just moving on to create /tmp/foo/bar and
/tmp/foo/bar/2.

Reproduce code:
---
This code reproduces the problem in about every second attempt. It
consists of two files, index.php and iframe.php.


index.php:

?php
$fire = time() + 2;
?
h1Nr. 1/h1
iframe src=iframe.php?fire=?= $fire ?amp;no=1/iframe
h1Nr. 2/h1
iframe src=iframe.php?fire=?= $fire ?amp;no=2/iframe


iframe.php:

?php
$fire = $_GET['fire'];
$no = $_GET['no'];
// synchronize the two threads
while ($fire  time());
$dir = '/tmp/' . $fire . '/foo/bar/foo/bar/' . $no;
//sleep($no);
var_dump(is_dir($dir));
echo Making $dir ;
mkdir($dir, 0777, true);
var_dump(is_dir($dir));
?


Expected result:

Thread 2 should output this:
bool(false) Making /tmp/1132653651/foo/bar/foo/bar/2 bool(true)


Actual result:
--
Thread 2 sometimes outputs this:
bool(false) Making /tmp/1132655181/foo/bar/foo/bar/2 Warning: mkdir():
File exists in /home/chsc/public_html/mkdir/iframe.php on line 10
bool(false) 

Notice that the directory does not exist afterwards.

If I uncomment the sleep() call above, there are no problems.


A workaround:
$ok = mkdir($dir, 0777, true);
if (!$ok  !is_dir($dir)) {
sleep(1);
mkdir($dir, 0777, true);
}


In other words, it works if I try again. I hope that mkdir() can be
changed so that it only returns false if the directory cannot be created
at all (e.g. because of lack of permissions or because it already
exists).


-- 
Edit bug report at http://bugs.php.net/?id=35326edit=1
-- 
Try a CVS snapshot (php4):   http://bugs.php.net/fix.php?id=35326r=trysnapshot4
Try a CVS snapshot (php5.0): 
http://bugs.php.net/fix.php?id=35326r=trysnapshot50
Try a CVS snapshot (php5.1): 
http://bugs.php.net/fix.php?id=35326r=trysnapshot51
Fixed in CVS:http://bugs.php.net/fix.php?id=35326r=fixedcvs
Fixed in release:http://bugs.php.net/fix.php?id=35326r=alreadyfixed
Need backtrace:  http://bugs.php.net/fix.php?id=35326r=needtrace
Need Reproduce Script:   http://bugs.php.net/fix.php?id=35326r=needscript
Try newer version:   http://bugs.php.net/fix.php?id=35326r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=35326r=support
Expected behavior:   http://bugs.php.net/fix.php?id=35326r=notwrong
Not enough info: 
http://bugs.php.net/fix.php?id=35326r=notenoughinfo
Submitted twice: 
http://bugs.php.net/fix.php?id=35326r=submittedtwice
register_globals:http://bugs.php.net/fix.php?id=35326r=globals
PHP 3 support discontinued:  http://bugs.php.net/fix.php?id=35326r=php3
Daylight Savings:http://bugs.php.net/fix.php?id=35326r=dst
IIS Stability:   http://bugs.php.net/fix.php?id=35326r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=35326r=gnused
Floating point limitations:  http://bugs.php.net/fix.php?id=35326r=float
No Zend Extensions:  http://bugs.php.net/fix.php?id=35326r=nozend
MySQL Configuration Error:   http://bugs.php.net/fix.php?id=35326r=mysqlcfg

#35326 [Fbk-Opn]: Concurrency issue with recursive mkdir

2005-11-22 Thread bugs dot php dot net at chsc dot dk

 ID:   35326
 User updated by:  bugs dot php dot net at chsc dot dk
 Reported By:  bugs dot php dot net at chsc dot dk
-Status:   Feedback
+Status:   Open
 Bug Type: Directory function related
 Operating System: Linux
 PHP Version:  5.0.5
 New Comment:

Yes, it also occurs with the CVS snapshot (this time I tried with the
CGI version).

AFAICS the problem is in php_plain_files_mkdir in
main/streams/plain_wrapper.c. If php_mkdir() or VCWD_MKDIR() returns
false, the method gives up instead of checking whether directory exists
anyway, i.e. if it was created by another thread.


Previous Comments:


[2005-11-22 12:13:10] [EMAIL PROTECTED]

Please try using this CVS snapshot:

  http://snaps.php.net/php5-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5-win32-latest.zip





[2005-11-22 11:32:49] bugs dot php dot net at chsc dot dk

Description:

There appears to be a concurrency issue when mkdir is called on two
separate threads with the following parameters:

Thread 1:
mkdir('/tmp/foo/bar/1', 0777, true);

Thread 2:
mkdir('/tmp/foo/bar/2', 0777, true);

Sometimes one of the threads (e.g. thread 2) two fails with Warning:
mkdir(): File exists and the directory /tmp/foo/bar/2 does not exist
afterwards.

What I think is happening in thread 2 is is this:
PHP looks for /tmp/foo/bar/2 and sees that it does not exist. Neither
does /tmp/foo/bar and /tmp/foo. So it tries to create /tmp/foo, but
that directory was just created a millisecond second ago by another
thread, so mkdir gives instead of just moving on to create /tmp/foo/bar
and /tmp/foo/bar/2.

Reproduce code:
---
This code reproduces the problem in about every second attempt. It
consists of two files, index.php and iframe.php.


index.php:

?php
$fire = time() + 2;
?
h1Nr. 1/h1
iframe src=iframe.php?fire=?= $fire ?amp;no=1/iframe
h1Nr. 2/h1
iframe src=iframe.php?fire=?= $fire ?amp;no=2/iframe


iframe.php:

?php
$fire = $_GET['fire'];
$no = $_GET['no'];
// synchronize the two threads
while ($fire  time());
$dir = '/tmp/' . $fire . '/foo/bar/foo/bar/' . $no;
//sleep($no);
var_dump(is_dir($dir));
echo Making $dir ;
mkdir($dir, 0777, true);
var_dump(is_dir($dir));
?


Expected result:

Thread 2 should output this:
bool(false) Making /tmp/1132653651/foo/bar/foo/bar/2 bool(true)


Actual result:
--
Thread 2 sometimes outputs this:
bool(false) Making /tmp/1132655181/foo/bar/foo/bar/2 Warning: mkdir():
File exists in /home/chsc/public_html/mkdir/iframe.php on line 10
bool(false) 

Notice that the directory does not exist afterwards.

If I uncomment the sleep() call above, there are no problems.


A workaround:
$ok = mkdir($dir, 0777, true);
if (!$ok  !is_dir($dir)) {
sleep(1);
mkdir($dir, 0777, true);
}


In other words, it works if I try again. I hope that mkdir() can be
changed so that it only returns false if the directory cannot be
created at all (e.g. because of lack of permissions or because it
already exists).






-- 
Edit this bug report at http://bugs.php.net/?id=35326edit=1

#33468 [Com]: preg_match on long strings fails

2005-08-10 Thread bugs dot php dot net at chsc dot dk

 ID:   33468
 Comment by:   bugs dot php dot net at chsc dot dk
 Reported By:  mjsherman at chartermi dot net
 Status:   Assigned
 Bug Type: PCRE related
 Operating System: *
 PHP Version:  5CVS, 4CVS (2005-08-09)
 Assigned To:  andrei
 New Comment:

An even simpler testcase:

$data = str_repeat('a', );
preg_match('/(?:[a])*/', $data, $reg);

Notice that the parenthesis is non-capturing, i.e. we don't even put a
lot of elements in the $reg array.


Previous Comments:


[2005-08-09 10:36:28] [EMAIL PROTECTED]

Happens also with the new PCRE 6.2 lib which was bundled in PHP CVS
today.



[2005-06-24 19:30:06] [EMAIL PROTECTED]

Andrei, could you check it plz.
As far as I understand, this is something not related to PHP, but just
another PCRE limitation.



[2005-06-24 19:21:22] mjsherman at chartermi dot net

Just tested with 5.1.0beta2
Same problem.



[2005-06-24 18:28:01] [EMAIL PROTECTED]

Please try using this CVS snapshot:

  http://snaps.php.net/php5-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5-win32-latest.zip





[2005-06-24 18:24:34] mjsherman at chartermi dot net

Description:

preg_match, if passed a long subject string, fails unexpectedly.

I have read through the PCRE limitations, and can't see that this is
one of them.  I have tried increasing memory limit (to increase the
stack) with the same results.

Cutoff and examples are below:

Reproduce code:
---
$subject = str_repeat('a',100);
$subject .= str_repeat('b', 4370);
$subject .= str_repeat('a', 100);
if (preg_match('/(.*).*?\1/',$subject)) {
  echo OK\n;
}

Expected result:

OK to be printed after matching 100 as.
If 4370 is changed to 4369, then OK is printed.

Actual result:
--
With 4370 'b's, nothing is printed (failed preg_match)
With 4369 'b's, OK is printed (worked).





-- 
Edit this bug report at http://bugs.php.net/?id=33468edit=1

#31349 [NEW]: Segmentation fault in mysql_query()

2004-12-30 Thread bugs dot php dot net at chsc dot dk

From: bugs dot php dot net at chsc dot dk
Operating system: Linux
PHP version:  5.0.3
PHP Bug Type: MySQL related
Bug description:  Segmentation fault in mysql_query()

Description:

I have a rather complex script that dumps core every time mysql_query() is
called for the 7th time (through PEAR's DB_mysql).

The script uses Smarty, PEAR_DB and a bunch of other classes. I have not
been able to make a simple testcase. Doing the seven SQL queries alone
without Smarty and all the other code does not trigger this bug. I hope
that a stack trace will point in the right direction though.

The problem occurs with two different MySQL versions:
mysql  Ver 12.22 Distrib 4.0.20, for pc-linux (i686)
mysql  Ver 14.7 Distrib 4.1.8, for pc-linux (i686)

The problem can be reproduced on two different machines.

I am using PHP 5.0.3. The problem wasn't there with PHP 5.0.2.

PHP was configured like this:
'./configure' '--with-mysql=/usr/local/mysql' '--with-apache=../apache'
'--enable-track-vars' '--with-gettext' '--with-dom' '--with-mcrypt'
'--with-gd' '--with-jpeg-dir' '--with-png-dir' '--with-zlib-dir'
'--with-freetype-dir' '--with-pear' '--enable-mbstring' '--with-iconv'
'--disable-debug' '--enable-soap'


This is a stacktrace of the failure:

# gdb /usr/local/apache/bin/httpd
GNU gdb 2002-04-01-cvs
Copyright 2002 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you
are
welcome to change it and/or distribute copies of it under certain
conditions.
Type show copying to see the conditions.
There is absolutely no warranty for GDB.  Type show warranty for
details.
This GDB was configured as i386-linux...(no debugging symbols found)...
(gdb) run -X
Starting program: /usr/local/apache/bin/httpd -X
(no debugging symbols found)...[New Thread 1024 (LWP 31535)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1024 (LWP 31535)]
0x403d61b7 in memcpy () from /lib/libc.so.6
(gdb) bt
#0  0x403d61b7 in memcpy () from /lib/libc.so.6
#1  0x0829a104 in cli_read_rows ()
#2  0x0829b942 in mysql_close ()
#3  0x0829ba50 in mysql_real_query ()
#4  0x0817446e in zif_mysql_client_encoding ()
#5  0x0817460c in zif_mysql_client_encoding ()
#6  0x08174630 in zif_mysql_query ()
#7  0x08113a5a in zend_do_fcall_common_helper ()
#8  0x08114091 in zend_do_fcall_handler ()
#9  0x080fc375 in execute ()
#10 0x08113b42 in zend_do_fcall_common_helper ()
#11 0x08113e99 in zend_do_fcall_by_name_handler ()
#12 0x080fc375 in execute ()
#13 0x08113b42 in zend_do_fcall_common_helper ()
#14 0x08113e99 in zend_do_fcall_by_name_handler ()
#15 0x080fc375 in execute ()
#16 0x08113b42 in zend_do_fcall_common_helper ()
#17 0x08113e99 in zend_do_fcall_by_name_handler ()
#18 0x080fc375 in execute ()
#19 0x08113b42 in zend_do_fcall_common_helper ()
#20 0x08113e99 in zend_do_fcall_by_name_handler ()
#21 0x080fc375 in execute ()
#22 0x08113b42 in zend_do_fcall_common_helper ()
---Type return to continue, or q return to quit---
#23 0x08113e99 in zend_do_fcall_by_name_handler ()
#24 0x080fc375 in execute ()
#25 0x08113b42 in zend_do_fcall_common_helper ()
#26 0x08113e99 in zend_do_fcall_by_name_handler ()
#27 0x080fc375 in execute ()
#28 0x08113b42 in zend_do_fcall_common_helper ()
#29 0x08113e99 in zend_do_fcall_by_name_handler ()
#30 0x080fc375 in execute ()
#31 0x08113b42 in zend_do_fcall_common_helper ()
#32 0x08113e99 in zend_do_fcall_by_name_handler ()
#33 0x080fc375 in execute ()
#34 0x08113b42 in zend_do_fcall_common_helper ()
#35 0x08113e99 in zend_do_fcall_by_name_handler ()
#36 0x080fc375 in execute ()
#37 0x08118cd6 in zend_include_or_eval_handler ()
#38 0x080fc375 in execute ()
#39 0x08113b42 in zend_do_fcall_common_helper ()
#40 0x08113e99 in zend_do_fcall_by_name_handler ()
#41 0x080fc375 in execute ()
#42 0x08118cd6 in zend_include_or_eval_handler ()
#43 0x080fc375 in execute ()
#44 0x08113b42 in zend_do_fcall_common_helper ()
#45 0x08113e99 in zend_do_fcall_by_name_handler ()
---Type return to continue, or q return to quit---
#46 0x080fc375 in execute ()
#47 0x08113b42 in zend_do_fcall_common_helper ()
#48 0x08113e99 in zend_do_fcall_by_name_handler ()
#49 0x080fc375 in execute ()
#50 0x08113b42 in zend_do_fcall_common_helper ()
#51 0x08113e99 in zend_do_fcall_by_name_handler ()
#52 0x080fc375 in execute ()
#53 0x08113b42 in zend_do_fcall_common_helper ()
#54 0x08113e99 in zend_do_fcall_by_name_handler ()
#55 0x080fc375 in execute ()
#56 0x080e1a68 in zend_execute_scripts ()
#57 0x080b98da in php_execute_script ()
#58 0x0811b712 in apache_php_module_main ()
#59 0x080b22f2 in ssl_expr_yyinput ()
#60 0x080b2341 in ssl_expr_yyinput ()
#61 0x0825b364 in ap_invoke_handler ()
#62 0x0826b74c in ap_some_auth_required ()
#63 0x0826ba50 in ap_internal_redirect ()
#64 0x08096c6c in ap_get_server_built ()
#65 0x0825b364 in ap_invoke_handler ()
#66 0x0826b74c in ap_some_auth_required ()
#67 0x0826b7a8 in ap_process_request ()
#68 0x08264d57 in ap_child_terminate

#31349 [Opn]: Segmentation fault in mysql_query()

2004-12-30 Thread bugs dot php dot net at chsc dot dk

 ID:   31349
 User updated by:  bugs dot php dot net at chsc dot dk
 Reported By:  bugs dot php dot net at chsc dot dk
 Status:   Open
 Bug Type: MySQL related
 Operating System: Linux
 PHP Version:  5.0.3
 New Comment:

I appears that if I change the queries slightly, e.g. add a /* comment
*/ to the end of the SQL string, or remove additional whitespace
outsite strings, everything works as expected.

It may be related to this bug: http://bugs.mysql.com/bug.php?id=5607


Previous Comments:


[2004-12-30 11:56:20] bugs dot php dot net at chsc dot dk

Description:

I have a rather complex script that dumps core every time mysql_query()
is called for the 7th time (through PEAR's DB_mysql).

The script uses Smarty, PEAR_DB and a bunch of other classes. I have
not been able to make a simple testcase. Doing the seven SQL queries
alone without Smarty and all the other code does not trigger this bug.
I hope that a stack trace will point in the right direction though.

The problem occurs with two different MySQL versions:
mysql  Ver 12.22 Distrib 4.0.20, for pc-linux (i686)
mysql  Ver 14.7 Distrib 4.1.8, for pc-linux (i686)

The problem can be reproduced on two different machines.

I am using PHP 5.0.3. The problem wasn't there with PHP 5.0.2.

PHP was configured like this:
'./configure' '--with-mysql=/usr/local/mysql' '--with-apache=../apache'
'--enable-track-vars' '--with-gettext' '--with-dom' '--with-mcrypt'
'--with-gd' '--with-jpeg-dir' '--with-png-dir' '--with-zlib-dir'
'--with-freetype-dir' '--with-pear' '--enable-mbstring' '--with-iconv'
'--disable-debug' '--enable-soap'


This is a stacktrace of the failure:

# gdb /usr/local/apache/bin/httpd
GNU gdb 2002-04-01-cvs
Copyright 2002 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and
you are
welcome to change it and/or distribute copies of it under certain
conditions.
Type show copying to see the conditions.
There is absolutely no warranty for GDB.  Type show warranty for
details.
This GDB was configured as i386-linux...(no debugging symbols
found)...
(gdb) run -X
Starting program: /usr/local/apache/bin/httpd -X
(no debugging symbols found)...[New Thread 1024 (LWP 31535)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1024 (LWP 31535)]
0x403d61b7 in memcpy () from /lib/libc.so.6
(gdb) bt
#0  0x403d61b7 in memcpy () from /lib/libc.so.6
#1  0x0829a104 in cli_read_rows ()
#2  0x0829b942 in mysql_close ()
#3  0x0829ba50 in mysql_real_query ()
#4  0x0817446e in zif_mysql_client_encoding ()
#5  0x0817460c in zif_mysql_client_encoding ()
#6  0x08174630 in zif_mysql_query ()
#7  0x08113a5a in zend_do_fcall_common_helper ()
#8  0x08114091 in zend_do_fcall_handler ()
#9  0x080fc375 in execute ()
#10 0x08113b42 in zend_do_fcall_common_helper ()
#11 0x08113e99 in zend_do_fcall_by_name_handler ()
#12 0x080fc375 in execute ()
#13 0x08113b42 in zend_do_fcall_common_helper ()
#14 0x08113e99 in zend_do_fcall_by_name_handler ()
#15 0x080fc375 in execute ()
#16 0x08113b42 in zend_do_fcall_common_helper ()
#17 0x08113e99 in zend_do_fcall_by_name_handler ()
#18 0x080fc375 in execute ()
#19 0x08113b42 in zend_do_fcall_common_helper ()
#20 0x08113e99 in zend_do_fcall_by_name_handler ()
#21 0x080fc375 in execute ()
#22 0x08113b42 in zend_do_fcall_common_helper ()
---Type return to continue, or q return to quit---
#23 0x08113e99 in zend_do_fcall_by_name_handler ()
#24 0x080fc375 in execute ()
#25 0x08113b42 in zend_do_fcall_common_helper ()
#26 0x08113e99 in zend_do_fcall_by_name_handler ()
#27 0x080fc375 in execute ()
#28 0x08113b42 in zend_do_fcall_common_helper ()
#29 0x08113e99 in zend_do_fcall_by_name_handler ()
#30 0x080fc375 in execute ()
#31 0x08113b42 in zend_do_fcall_common_helper ()
#32 0x08113e99 in zend_do_fcall_by_name_handler ()
#33 0x080fc375 in execute ()
#34 0x08113b42 in zend_do_fcall_common_helper ()
#35 0x08113e99 in zend_do_fcall_by_name_handler ()
#36 0x080fc375 in execute ()
#37 0x08118cd6 in zend_include_or_eval_handler ()
#38 0x080fc375 in execute ()
#39 0x08113b42 in zend_do_fcall_common_helper ()
#40 0x08113e99 in zend_do_fcall_by_name_handler ()
#41 0x080fc375 in execute ()
#42 0x08118cd6 in zend_include_or_eval_handler ()
#43 0x080fc375 in execute ()
#44 0x08113b42 in zend_do_fcall_common_helper ()
#45 0x08113e99 in zend_do_fcall_by_name_handler ()
---Type return to continue, or q return to quit---
#46 0x080fc375 in execute ()
#47 0x08113b42 in zend_do_fcall_common_helper ()
#48 0x08113e99 in zend_do_fcall_by_name_handler ()
#49 0x080fc375 in execute ()
#50 0x08113b42 in zend_do_fcall_common_helper ()
#51 0x08113e99 in zend_do_fcall_by_name_handler ()
#52 0x080fc375 in execute ()
#53 0x08113b42 in zend_do_fcall_common_helper ()
#54 0x08113e99 in zend_do_fcall_by_name_handler ()
#55 0x080fc375 in execute ()
#56 0x080e1a68 in zend_execute_scripts ()
#57 0x080b98da

#29923 [Fbk-Opn]: Assignment operations inside class methods not working

2004-09-01 Thread bugs dot php dot net at chsc dot dk

 ID:   29923
 User updated by:  bugs dot php dot net at chsc dot dk
 Reported By:  bugs dot php dot net at chsc dot dk
-Status:   Feedback
+Status:   Open
 Bug Type: Zend Engine 2 problem
 Operating System: Linux
 PHP Version:  5.0.1
 New Comment:

Sorry, it's not a bug in PHP but in the Zend Optimizer. 

Changing zend_optimizer.optimization_level from 15 to 0 in php.ini
fixes the problem. We'll report this to Zend.


Previous Comments:


[2004-09-01 08:39:24] [EMAIL PROTECTED]

Extra note: this works fine for me.



[2004-09-01 08:39:09] [EMAIL PROTECTED]

Please try using this CVS snapshot:

  http://snaps.php.net/php5-STABLE-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5.0-win32-latest.zip



[2004-08-31 19:24:44] bugs dot php dot net at chsc dot dk

Description:

When called from inside a class method, $this-foo += 2 does not
increment the variable.

$this-foo = $this-foo + 2 appears to work, though.

This looks related to bug 27798.

Reproduce code:
---
?php

class foo {
var $bar = 1;

function baz() {
$this-bar += 2;
var_dump($this-bar);
var_dump(get_object_vars($this));
}
}

$f = new foo();
$f-baz();

$f-bar += 4;
var_dump($f-bar);

?

Expected result:

int(3)
array(1) {
  [bar]=
  int(3)
}
int(7)


Actual result:
--
int(1)
array(2) {
  [bar]=
  int(1)
  [0]=
  int(2)
}
int(5)






-- 
Edit this bug report at http://bugs.php.net/?id=29923edit=1

#29923 [Opn-Bgs]: Assignment operations inside class methods not working

2004-09-01 Thread bugs dot php dot net at chsc dot dk

 ID:   29923
 User updated by:  bugs dot php dot net at chsc dot dk
 Reported By:  bugs dot php dot net at chsc dot dk
-Status:   Open
+Status:   Bogus
 Bug Type: Zend Engine 2 problem
 Operating System: Linux
 PHP Version:  5.0.1
 New Comment:

Marking Bogus


Previous Comments:


[2004-09-01 09:29:18] bugs dot php dot net at chsc dot dk

Sorry, it's not a bug in PHP but in the Zend Optimizer. 

Changing zend_optimizer.optimization_level from 15 to 0 in php.ini
fixes the problem. We'll report this to Zend.



[2004-09-01 08:39:24] [EMAIL PROTECTED]

Extra note: this works fine for me.



[2004-09-01 08:39:09] [EMAIL PROTECTED]

Please try using this CVS snapshot:

  http://snaps.php.net/php5-STABLE-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5.0-win32-latest.zip



[2004-08-31 19:24:44] bugs dot php dot net at chsc dot dk

Description:

When called from inside a class method, $this-foo += 2 does not
increment the variable.

$this-foo = $this-foo + 2 appears to work, though.

This looks related to bug 27798.

Reproduce code:
---
?php

class foo {
var $bar = 1;

function baz() {
$this-bar += 2;
var_dump($this-bar);
var_dump(get_object_vars($this));
}
}

$f = new foo();
$f-baz();

$f-bar += 4;
var_dump($f-bar);

?

Expected result:

int(3)
array(1) {
  [bar]=
  int(3)
}
int(7)


Actual result:
--
int(1)
array(2) {
  [bar]=
  int(1)
  [0]=
  int(2)
}
int(5)






-- 
Edit this bug report at http://bugs.php.net/?id=29923edit=1

#29923 [NEW]: Assignment operations inside class methods not working

2004-08-31 Thread bugs dot php dot net at chsc dot dk

From: bugs dot php dot net at chsc dot dk
Operating system: Linux
PHP version:  5.0.1
PHP Bug Type: Zend Engine 2 problem
Bug description:  Assignment operations inside class methods not working

Description:

When called from inside a class method, $this-foo += 2 does not increment
the variable.

$this-foo = $this-foo + 2 appears to work, though.

This looks related to bug 27798.

Reproduce code:
---
?php

class foo {
var $bar = 1;

function baz() {
$this-bar += 2;
var_dump($this-bar);
var_dump(get_object_vars($this));
}
}

$f = new foo();
$f-baz();

$f-bar += 4;
var_dump($f-bar);

?

Expected result:

int(3)
array(1) {
  [bar]=
  int(3)
}
int(7)


Actual result:
--
int(1)
array(2) {
  [bar]=
  int(1)
  [0]=
  int(2)
}
int(5)


-- 
Edit bug report at http://bugs.php.net/?id=29923edit=1
-- 
Try a CVS snapshot (php4):   http://bugs.php.net/fix.php?id=29923r=trysnapshot4
Try a CVS snapshot (php5.0): http://bugs.php.net/fix.php?id=29923r=trysnapshot50
Try a CVS snapshot (php5.1): http://bugs.php.net/fix.php?id=29923r=trysnapshot51
Fixed in CVS:http://bugs.php.net/fix.php?id=29923r=fixedcvs
Fixed in release:http://bugs.php.net/fix.php?id=29923r=alreadyfixed
Need backtrace:  http://bugs.php.net/fix.php?id=29923r=needtrace
Need Reproduce Script:   http://bugs.php.net/fix.php?id=29923r=needscript
Try newer version:   http://bugs.php.net/fix.php?id=29923r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=29923r=support
Expected behavior:   http://bugs.php.net/fix.php?id=29923r=notwrong
Not enough info: http://bugs.php.net/fix.php?id=29923r=notenoughinfo
Submitted twice: http://bugs.php.net/fix.php?id=29923r=submittedtwice
register_globals:http://bugs.php.net/fix.php?id=29923r=globals
PHP 3 support discontinued:  http://bugs.php.net/fix.php?id=29923r=php3
Daylight Savings:http://bugs.php.net/fix.php?id=29923r=dst
IIS Stability:   http://bugs.php.net/fix.php?id=29923r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=29923r=gnused
Floating point limitations:  http://bugs.php.net/fix.php?id=29923r=float

#29049 [NEW]: usort() does not trigger an error when callback does not exist

2004-07-07 Thread bugs dot php dot net at chsc dot dk

From: bugs dot php dot net at chsc dot dk
Operating system: Linux
PHP version:  4.3.7
PHP Bug Type: Arrays related
Bug description:  usort() does not trigger an error when callback does not exist

Description:

When the second argument to usort() is not a valid callback, no error is
triggered, and the return value is true.

This makes debugging tricky.

When invoked with an invalid callback, usort() for some reason rearranges
the values in the array anyway.

Reproduce code:
---
?php
error_reporting(E_ALL);
$array = array(1, 7, 3, 2);
var_dump(usort($array, 'not a function name'));
var_dump($array);
var_dump(usort($array, ));
var_dump($array);
var_dump(usort($array, array('foo', 'bar')));
var_dump($array);
?

Expected result:

The output should be three error messages, three times bool(false) and
three times the original array.

Actual result:
--
bool(true)
array(4) {
  [0]=
  int(2)
  [1]=
  int(3)
  [2]=
  int(7)
  [3]=
  int(1)
}
bool(true)
array(4) {
  [0]=
  int(1)
  [1]=
  int(7)
  [2]=
  int(3)
  [3]=
  int(2)
}
bool(true)
array(4) {
  [0]=
  int(2)
  [1]=
  int(3)
  [2]=
  int(7)
  [3]=
  int(1)
}
 

-- 
Edit bug report at http://bugs.php.net/?id=29049edit=1
-- 
Try a CVS snapshot (php4):  http://bugs.php.net/fix.php?id=29049r=trysnapshot4
Try a CVS snapshot (php5):  http://bugs.php.net/fix.php?id=29049r=trysnapshot5
Fixed in CVS:   http://bugs.php.net/fix.php?id=29049r=fixedcvs
Fixed in release:   http://bugs.php.net/fix.php?id=29049r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=29049r=needtrace
Need Reproduce Script:  http://bugs.php.net/fix.php?id=29049r=needscript
Try newer version:  http://bugs.php.net/fix.php?id=29049r=oldversion
Not developer issue:http://bugs.php.net/fix.php?id=29049r=support
Expected behavior:  http://bugs.php.net/fix.php?id=29049r=notwrong
Not enough info:http://bugs.php.net/fix.php?id=29049r=notenoughinfo
Submitted twice:http://bugs.php.net/fix.php?id=29049r=submittedtwice
register_globals:   http://bugs.php.net/fix.php?id=29049r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=29049r=php3
Daylight Savings:   http://bugs.php.net/fix.php?id=29049r=dst
IIS Stability:  http://bugs.php.net/fix.php?id=29049r=isapi
Install GNU Sed:http://bugs.php.net/fix.php?id=29049r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=29049r=float

#41492 [NEW]: open_basedir bypass via readfile()

#40009 [NEW]: http_build_query(array()) returns NULL, not empty string

#35326 [Opn]: Concurrency issue with recursive mkdir

#35326 [NEW]: Concurrency issue with recursive mkdir

#35326 [Fbk-Opn]: Concurrency issue with recursive mkdir

#33468 [Com]: preg_match on long strings fails

#31349 [NEW]: Segmentation fault in mysql_query()

#31349 [Opn]: Segmentation fault in mysql_query()

#29923 [Fbk-Opn]: Assignment operations inside class methods not working

#29923 [Opn-Bgs]: Assignment operations inside class methods not working

#29923 [NEW]: Assignment operations inside class methods not working

#29049 [NEW]: usort() does not trigger an error when callback does not exist

12 matches

Site Navigation

Mail list logo

Footer information