Bug #64836 [Fbk->Asn]: segfault in softmagic.c
Edit report at https://bugs.php.net/bug.php?id=64836&edit=1 ID: 64836 User updated by: r dot biegel at gmx dot at Reported by: r dot biegel at gmx dot at Summary:segfault in softmagic.c -Status: Feedback +Status: Assigned Type: Bug Package:Unknown/Other Function Operating System: Gentoo Linux PHP Version:5.4.15 Assigned To:ab Block user comment: N Private report: N New Comment: After downgrading sys-apps/file to 5.11 there are no segfaults anymore. But after upgrading to 5.12-r1 again, there are no sefaults either. So maybe "file" just needed to be recompiled? I'm not able to reproduce it with any php/file combination for now (php 5.4.16, 5.4.17, 5.5.0). Previous Comments: [2013-07-11 20:48:09] joschi at tollwerk dot de I can confirm the issue on an x86_64 hardened Gentoo box with both PHP 5.4.17 as well as PHP 5.5.0. It's not only the TYPO3 upgrade wizard that is failing, but also several TYPO3 backend modules (probably all the ones involving thumbnail generation) as well as the frontend (in my case at least). As stated above, downgrading sys-apps/file to version 5.11 solves the issue for me as well. [2013-07-09 22:09:18] a...@php.net Thanks staying on this guys. Reading the linked ticket: "Simply removing (and thus disabling file) /usr/share/misc/magic.mgc "fixes" issues with Mediawiki" That could be a plausible explanation why PHP could fail, not sure about crash. As PHP uses a compiled in magic file which is strongly recommended to use (so no external file loading). However that explanation wouldn't exactly match with what "r dot biegel at gmx dot at" told earlier "PHP Versions 5.3.25, 5.4.13, 5.4.14, 5.4.15 and 5.5.0_rc2 all segfault for me." where by 5.3 didn't become any libmagic upgrades since long. That fact makes me really confused, as that would mean even without upgrade the constellation of apache svn module and php would cause crash. 5.3 has libmagic 5.11 or older if i don't err. And this is anyway something i can't reproduce compiling all the stuff manually. @r.biegel - if downgrading libmagic on your gentoo system works, i would close this ticket with the status "mystic" :) Thanks [2013-07-09 08:46:08] sabel at altmuehlnet dot de https://bugs.gentoo.org/show_bug.cgi?id=471682 Downgrading sys-apps/file to version 5.11 solved the issue for me. [2013-07-08 22:09:02] sabel at altmuehlnet dot de I have the same issue on two different systems with two different applications (ownCloud and Roundcubemail). Disabling (removing -D SVN) the svn module fixes the problem... Any news on that issue? ------------------------ [2013-06-10 17:23:14] r dot biegel at gmx dot at USE=nss doesn't work for me. Seems to be another problem, sorry. The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at https://bugs.php.net/bug.php?id=64836 -- Edit this bug report at https://bugs.php.net/bug.php?id=64836&edit=1
Bug #64836 [Sus]: segfault in softmagic.c
Edit report at https://bugs.php.net/bug.php?id=64836&edit=1 ID: 64836 User updated by: r dot biegel at gmx dot at Reported by: r dot biegel at gmx dot at Summary:segfault in softmagic.c Status: Suspended Type: Bug Package:Unknown/Other Function Operating System: Gentoo Linux PHP Version:5.4.15 Assigned To:ab Block user comment: N Private report: N New Comment: USE=nss doesn't work for me. Seems to be another problem, sorry. Previous Comments: [2013-06-10 16:06:21] mah at everybody dot org Someone posting on this problem on the Gentoo forums (https://forums.gentoo.org/viewtopic-p-7260284.html) said that they fixed this (or a similar problem) by adding USE=nss for apr-utils. [2013-06-10 13:48:44] r dot biegel at gmx dot at No change of behaviour with php 5.4.16 and 5.5.0_rc3. [2013-06-06 16:46:10] r dot biegel at gmx dot at Shame on me, I still suffer from this crash. Somehow I confused the "-D SVN" and "-D DAV" apache startup parameters and didn't add the SVN to the options when testing. PHP Versions 5.3.25, 5.4.13, 5.4.14, 5.4.15 and 5.5.0_rc2 all segfault for me. What did you mean with "TS build"? Treadsafe? I compiled php with threads enabled (at least i specified the gentoo threads USE flag which seems to enable maintainer-zts). [2013-05-25 07:48:03] a...@php.net Hi, thanks for investing so much time in this ticket. After looking at the Gentoo tickets - #470828 seems to report about SVN issue in apache, PHP is only mentioned aside - #467756 looks related to PHP, however 5.4.14. As i've mentioned, libmagic is upgraded in 5.4.15, though one small regression was present. The crash in that ticket is therefore most likely not relevant for 5.4.15 and later. - The BT in this ticket isn't reproducible anymore by you, nor I could get it crashy Conclusion - I would suspend this bug and check when the new PHP version is out. May be also some more info is present in the Gentoo tickets by that time. Have a nice weekend :) ------------------------ [2013-05-23 11:04:18] r dot biegel at gmx dot at OK, in short: I can't reproduce the segfault behaviour anymore. Longer version: - updated kernel from gentoo-hardened 3.8.12 to 3.9.2 - updated gcc to 4.7.3 - compiled php 5.4.13 and 5.4.14 and both work fine - compiled php 5.4.15 again which now works fine too - downgraded kernel and gcc to previous versions - compiled php 5.4.15, still works I just don't get it... I already had re-compiled php and apache before reporting as bug. With "-D SVN" I meant the startup-arguments for apache on the command line. Don't know if this is Gentoo specific, but it controls the loading of the svn DAV module. At last I'd like to link these two bugs on gentoo bugzilla, which might be related: https://bugs.gentoo.org/show_bug.cgi?id=467756 https://bugs.gentoo.org/show_bug.cgi?id=470828 Thanks for your help! The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at https://bugs.php.net/bug.php?id=64836 -- Edit this bug report at https://bugs.php.net/bug.php?id=64836&edit=1
Bug #64836 [Sus]: segfault in softmagic.c
Edit report at https://bugs.php.net/bug.php?id=64836&edit=1 ID: 64836 User updated by: r dot biegel at gmx dot at Reported by: r dot biegel at gmx dot at Summary:segfault in softmagic.c Status: Suspended Type: Bug Package:Unknown/Other Function Operating System: Gentoo Linux PHP Version:5.4.15 Assigned To:ab Block user comment: N Private report: N New Comment: No change of behaviour with php 5.4.16 and 5.5.0_rc3. Previous Comments: [2013-06-06 16:46:10] r dot biegel at gmx dot at Shame on me, I still suffer from this crash. Somehow I confused the "-D SVN" and "-D DAV" apache startup parameters and didn't add the SVN to the options when testing. PHP Versions 5.3.25, 5.4.13, 5.4.14, 5.4.15 and 5.5.0_rc2 all segfault for me. What did you mean with "TS build"? Treadsafe? I compiled php with threads enabled (at least i specified the gentoo threads USE flag which seems to enable maintainer-zts). [2013-05-25 07:48:03] a...@php.net Hi, thanks for investing so much time in this ticket. After looking at the Gentoo tickets - #470828 seems to report about SVN issue in apache, PHP is only mentioned aside - #467756 looks related to PHP, however 5.4.14. As i've mentioned, libmagic is upgraded in 5.4.15, though one small regression was present. The crash in that ticket is therefore most likely not relevant for 5.4.15 and later. - The BT in this ticket isn't reproducible anymore by you, nor I could get it crashy Conclusion - I would suspend this bug and check when the new PHP version is out. May be also some more info is present in the Gentoo tickets by that time. Have a nice weekend :) ------------------------ [2013-05-23 11:04:18] r dot biegel at gmx dot at OK, in short: I can't reproduce the segfault behaviour anymore. Longer version: - updated kernel from gentoo-hardened 3.8.12 to 3.9.2 - updated gcc to 4.7.3 - compiled php 5.4.13 and 5.4.14 and both work fine - compiled php 5.4.15 again which now works fine too - downgraded kernel and gcc to previous versions - compiled php 5.4.15, still works I just don't get it... I already had re-compiled php and apache before reporting as bug. With "-D SVN" I meant the startup-arguments for apache on the command line. Don't know if this is Gentoo specific, but it controls the loading of the svn DAV module. At last I'd like to link these two bugs on gentoo bugzilla, which might be related: https://bugs.gentoo.org/show_bug.cgi?id=467756 https://bugs.gentoo.org/show_bug.cgi?id=470828 Thanks for your help! [2013-05-21 08:00:47] a...@php.net I've just compiled apache 2.4 with subversion 1.7.x module plus PHP-5.5, TS build. But it still doesn't crash for me. Note that the libmagic is the same in 5.4 and 5.5 and was upgraded in 5.4.15 and 5.5.0 beta4. To diagnose it further, is it possible you to check if the behavior is the same with the earlier php versions? May be 5.4.14 or 5.5.0 beta3. Also i think this behaviour is TS specific, svn might be even not the cause, too. btw what do you mean "not using -D SVN"? As i've experienced the mod_dav_svn.so has to be built from the subversion sources and is not contained in the apache source tree. Thanks. -------------------- [2013-05-19 15:31:46] r dot biegel at gmx dot at I used this little script to test the finfo_file function on its own. Crashes in apache (if the file $fn exists, filetype doesn't matter), but it works on cli: So it has something to do with apache i thought and it turned out that disabling SVN DAV in apache (not using -D SVN) fixes the problem. How can I investigate further? Btw, I already upgraded from apache 2.2 to 2.4 before my first report. Here another (more detailed) bt: Thread 28 (Thread 0x7fffd9feb700 (LWP 24821)): #0 0x7fffeeec2e6b in mget (ms=0x7fffd411c5f0, s=0x7fffd8896030 "GIF89a", m=0x7fffd8a69268, nbytes=1218, o=0, cont_level=0, mode=32, text=0, flip=0, recursion_level=1, printed_something=0x7fffd9fe7dd4, need_separator=0x7fffd9fe7dd8, returnval=0x7fffd9fe7d24) at ext/fileinfo/libmagic/softmagic.c:1610 off = 0 soffset = 410814606 offset = 0 count = 0 rv = -207172457 oneed_separator = 994741513 sbuf = 0x5cb76acd3615aac9 rbuf = 0x8efc10f4e7cb6d6d p = 0x7fffd411c660 ml = {magic = 0x180ffedff931d7c7, nmagic = 1473718312, map = 0xd8c865c8, next = 0x7fffd411c5f0, prev = 0x1a09a2a9d9c97089} #1 0x7fffeeebede8 in match
Bug #64836 [Sus]: segfault in softmagic.c
Edit report at https://bugs.php.net/bug.php?id=64836&edit=1 ID: 64836 User updated by: r dot biegel at gmx dot at Reported by: r dot biegel at gmx dot at Summary:segfault in softmagic.c Status: Suspended Type: Bug Package:Unknown/Other Function Operating System: Gentoo Linux PHP Version:5.4.15 Assigned To:ab Block user comment: N Private report: N New Comment: Shame on me, I still suffer from this crash. Somehow I confused the "-D SVN" and "-D DAV" apache startup parameters and didn't add the SVN to the options when testing. PHP Versions 5.3.25, 5.4.13, 5.4.14, 5.4.15 and 5.5.0_rc2 all segfault for me. What did you mean with "TS build"? Treadsafe? I compiled php with threads enabled (at least i specified the gentoo threads USE flag which seems to enable maintainer-zts). Previous Comments: [2013-05-25 07:48:03] a...@php.net Hi, thanks for investing so much time in this ticket. After looking at the Gentoo tickets - #470828 seems to report about SVN issue in apache, PHP is only mentioned aside - #467756 looks related to PHP, however 5.4.14. As i've mentioned, libmagic is upgraded in 5.4.15, though one small regression was present. The crash in that ticket is therefore most likely not relevant for 5.4.15 and later. - The BT in this ticket isn't reproducible anymore by you, nor I could get it crashy Conclusion - I would suspend this bug and check when the new PHP version is out. May be also some more info is present in the Gentoo tickets by that time. Have a nice weekend :) ------------------------ [2013-05-23 11:04:18] r dot biegel at gmx dot at OK, in short: I can't reproduce the segfault behaviour anymore. Longer version: - updated kernel from gentoo-hardened 3.8.12 to 3.9.2 - updated gcc to 4.7.3 - compiled php 5.4.13 and 5.4.14 and both work fine - compiled php 5.4.15 again which now works fine too - downgraded kernel and gcc to previous versions - compiled php 5.4.15, still works I just don't get it... I already had re-compiled php and apache before reporting as bug. With "-D SVN" I meant the startup-arguments for apache on the command line. Don't know if this is Gentoo specific, but it controls the loading of the svn DAV module. At last I'd like to link these two bugs on gentoo bugzilla, which might be related: https://bugs.gentoo.org/show_bug.cgi?id=467756 https://bugs.gentoo.org/show_bug.cgi?id=470828 Thanks for your help! [2013-05-21 08:00:47] a...@php.net I've just compiled apache 2.4 with subversion 1.7.x module plus PHP-5.5, TS build. But it still doesn't crash for me. Note that the libmagic is the same in 5.4 and 5.5 and was upgraded in 5.4.15 and 5.5.0 beta4. To diagnose it further, is it possible you to check if the behavior is the same with the earlier php versions? May be 5.4.14 or 5.5.0 beta3. Also i think this behaviour is TS specific, svn might be even not the cause, too. btw what do you mean "not using -D SVN"? As i've experienced the mod_dav_svn.so has to be built from the subversion sources and is not contained in the apache source tree. Thanks. -------------------- [2013-05-19 15:31:46] r dot biegel at gmx dot at I used this little script to test the finfo_file function on its own. Crashes in apache (if the file $fn exists, filetype doesn't matter), but it works on cli: So it has something to do with apache i thought and it turned out that disabling SVN DAV in apache (not using -D SVN) fixes the problem. How can I investigate further? Btw, I already upgraded from apache 2.2 to 2.4 before my first report. Here another (more detailed) bt: Thread 28 (Thread 0x7fffd9feb700 (LWP 24821)): #0 0x7fffeeec2e6b in mget (ms=0x7fffd411c5f0, s=0x7fffd8896030 "GIF89a", m=0x7fffd8a69268, nbytes=1218, o=0, cont_level=0, mode=32, text=0, flip=0, recursion_level=1, printed_something=0x7fffd9fe7dd4, need_separator=0x7fffd9fe7dd8, returnval=0x7fffd9fe7d24) at ext/fileinfo/libmagic/softmagic.c:1610 off = 0 soffset = 410814606 offset = 0 count = 0 rv = -207172457 oneed_separator = 994741513 sbuf = 0x5cb76acd3615aac9 rbuf = 0x8efc10f4e7cb6d6d p = 0x7fffd411c660 ml = {magic = 0x180ffedff931d7c7, nmagic = 1473718312, map = 0xd8c865c8, next = 0x7fffd411c5f0, prev = 0x1a09a2a9d9c97089} #1 0x7fffeeebede8 in match (ms=0x7fffd411c5f0, magic=0x7fffd89170e8, nmagic=9629, s=0x7fffd8896030 "GIF89a", nbytes=1218, offset=0, mode=32, text=0, flip=0, recursion_level=0, printed
Bug #64836 [Fbk->Asn]: segfault in softmagic.c
Edit report at https://bugs.php.net/bug.php?id=64836&edit=1 ID: 64836 User updated by: r dot biegel at gmx dot at Reported by: r dot biegel at gmx dot at Summary:segfault in softmagic.c -Status: Feedback +Status: Assigned Type: Bug Package:Unknown/Other Function Operating System: Gentoo Linux PHP Version:5.4.15 Assigned To:ab Block user comment: N Private report: N New Comment: OK, in short: I can't reproduce the segfault behaviour anymore. Longer version: - updated kernel from gentoo-hardened 3.8.12 to 3.9.2 - updated gcc to 4.7.3 - compiled php 5.4.13 and 5.4.14 and both work fine - compiled php 5.4.15 again which now works fine too - downgraded kernel and gcc to previous versions - compiled php 5.4.15, still works I just don't get it... I already had re-compiled php and apache before reporting as bug. With "-D SVN" I meant the startup-arguments for apache on the command line. Don't know if this is Gentoo specific, but it controls the loading of the svn DAV module. At last I'd like to link these two bugs on gentoo bugzilla, which might be related: https://bugs.gentoo.org/show_bug.cgi?id=467756 https://bugs.gentoo.org/show_bug.cgi?id=470828 Thanks for your help! Previous Comments: [2013-05-21 08:00:47] a...@php.net I've just compiled apache 2.4 with subversion 1.7.x module plus PHP-5.5, TS build. But it still doesn't crash for me. Note that the libmagic is the same in 5.4 and 5.5 and was upgraded in 5.4.15 and 5.5.0 beta4. To diagnose it further, is it possible you to check if the behavior is the same with the earlier php versions? May be 5.4.14 or 5.5.0 beta3. Also i think this behaviour is TS specific, svn might be even not the cause, too. btw what do you mean "not using -D SVN"? As i've experienced the mod_dav_svn.so has to be built from the subversion sources and is not contained in the apache source tree. Thanks. ------------------------ [2013-05-19 15:31:46] r dot biegel at gmx dot at I used this little script to test the finfo_file function on its own. Crashes in apache (if the file $fn exists, filetype doesn't matter), but it works on cli: So it has something to do with apache i thought and it turned out that disabling SVN DAV in apache (not using -D SVN) fixes the problem. How can I investigate further? Btw, I already upgraded from apache 2.2 to 2.4 before my first report. Here another (more detailed) bt: Thread 28 (Thread 0x7fffd9feb700 (LWP 24821)): #0 0x7fffeeec2e6b in mget (ms=0x7fffd411c5f0, s=0x7fffd8896030 "GIF89a", m=0x7fffd8a69268, nbytes=1218, o=0, cont_level=0, mode=32, text=0, flip=0, recursion_level=1, printed_something=0x7fffd9fe7dd4, need_separator=0x7fffd9fe7dd8, returnval=0x7fffd9fe7d24) at ext/fileinfo/libmagic/softmagic.c:1610 off = 0 soffset = 410814606 offset = 0 count = 0 rv = -207172457 oneed_separator = 994741513 sbuf = 0x5cb76acd3615aac9 rbuf = 0x8efc10f4e7cb6d6d p = 0x7fffd411c660 ml = {magic = 0x180ffedff931d7c7, nmagic = 1473718312, map = 0xd8c865c8, next = 0x7fffd411c5f0, prev = 0x1a09a2a9d9c97089} #1 0x7fffeeebede8 in match (ms=0x7fffd411c5f0, magic=0x7fffd89170e8, nmagic=9629, s=0x7fffd8896030 "GIF89a", nbytes=1218, offset=0, mode=32, text=0, flip=0, recursion_level=0, printed_something=0x7fffd9fe7dd4, need_separator=0x7fffd9fe7dd8, returnval=0x7fffd9fe7d24) at ext/fileinfo/libmagic/softmagic.c:157 flush = 0 m = 0x7fffd8a69268 magindex = 5584 cont_level = 0 returnvalv = 0 e = -647236122 firstline = 1 print = 0 #2 0x7fffeeebeb19 in file_softmagic (ms=0x7fffd411c5f0, buf=0x7fffd8896030 "GIF89a", nbytes=1218, mode=32, text=0) at ext/fileinfo/libmagic/softmagic.c:82 ml = 0x7fffd40efb50 rv = 32767 printed_something = 0 need_separator = 0 #3 0x7fffeeebc3a5 in file_buffer (ms=0x7fffd411c5f0, stream=0x7fffd8d70388, inname=0x0, buf=0x7fffd8896030, nb=1218) at ext/fileinfo/libmagic/funcs.c:238 m = 0 rv = 0 looks_text = 0 mime = 16 ubuf = 0x7fffd8896030 "GIF89a" u8buf = 0x7fffd4255aa0 ulen = 3 code = 0x0 code_mime = 0x7fffef6f618f "binary" type = 0x7fffef6f5f84 "binary" #4 0x7fffeeebd698 in file_or_stream (ms=0x7fffd411c5f0, inname=0x0, stream=0x7fffd8d70388) at ext/fileinfo/libmagic/magic.c:413 rv = -1 buf = 0x7fffd8896030 "GIF89a" sb = {st_dev = 2058, st_ino = 105911862, st_nlink = 1, st_mode = 33188, st_uid = 81, st_gi
Bug #64836 [Fbk->Asn]: segfault in softmagic.c
Edit report at https://bugs.php.net/bug.php?id=64836&edit=1 ID: 64836 User updated by: r dot biegel at gmx dot at Reported by: r dot biegel at gmx dot at Summary:segfault in softmagic.c -Status: Feedback +Status: Assigned Type: Bug Package:Unknown/Other Function Operating System: Gentoo Linux PHP Version:5.4.15 Assigned To:ab Block user comment: N Private report: N New Comment: I used this little script to test the finfo_file function on its own. Crashes in apache (if the file $fn exists, filetype doesn't matter), but it works on cli: So it has something to do with apache i thought and it turned out that disabling SVN DAV in apache (not using -D SVN) fixes the problem. How can I investigate further? Btw, I already upgraded from apache 2.2 to 2.4 before my first report. Here another (more detailed) bt: Thread 28 (Thread 0x7fffd9feb700 (LWP 24821)): #0 0x7fffeeec2e6b in mget (ms=0x7fffd411c5f0, s=0x7fffd8896030 "GIF89a", m=0x7fffd8a69268, nbytes=1218, o=0, cont_level=0, mode=32, text=0, flip=0, recursion_level=1, printed_something=0x7fffd9fe7dd4, need_separator=0x7fffd9fe7dd8, returnval=0x7fffd9fe7d24) at ext/fileinfo/libmagic/softmagic.c:1610 off = 0 soffset = 410814606 offset = 0 count = 0 rv = -207172457 oneed_separator = 994741513 sbuf = 0x5cb76acd3615aac9 rbuf = 0x8efc10f4e7cb6d6d p = 0x7fffd411c660 ml = {magic = 0x180ffedff931d7c7, nmagic = 1473718312, map = 0xd8c865c8, next = 0x7fffd411c5f0, prev = 0x1a09a2a9d9c97089} #1 0x7fffeeebede8 in match (ms=0x7fffd411c5f0, magic=0x7fffd89170e8, nmagic=9629, s=0x7fffd8896030 "GIF89a", nbytes=1218, offset=0, mode=32, text=0, flip=0, recursion_level=0, printed_something=0x7fffd9fe7dd4, need_separator=0x7fffd9fe7dd8, returnval=0x7fffd9fe7d24) at ext/fileinfo/libmagic/softmagic.c:157 flush = 0 m = 0x7fffd8a69268 magindex = 5584 cont_level = 0 returnvalv = 0 e = -647236122 firstline = 1 print = 0 #2 0x7fffeeebeb19 in file_softmagic (ms=0x7fffd411c5f0, buf=0x7fffd8896030 "GIF89a", nbytes=1218, mode=32, text=0) at ext/fileinfo/libmagic/softmagic.c:82 ml = 0x7fffd40efb50 rv = 32767 printed_something = 0 need_separator = 0 #3 0x7fffeeebc3a5 in file_buffer (ms=0x7fffd411c5f0, stream=0x7fffd8d70388, inname=0x0, buf=0x7fffd8896030, nb=1218) at ext/fileinfo/libmagic/funcs.c:238 m = 0 rv = 0 looks_text = 0 mime = 16 ubuf = 0x7fffd8896030 "GIF89a" u8buf = 0x7fffd4255aa0 ulen = 3 code = 0x0 code_mime = 0x7fffef6f618f "binary" type = 0x7fffef6f5f84 "binary" #4 0x7fffeeebd698 in file_or_stream (ms=0x7fffd411c5f0, inname=0x0, stream=0x7fffd8d70388) at ext/fileinfo/libmagic/magic.c:413 rv = -1 buf = 0x7fffd8896030 "GIF89a" sb = {st_dev = 2058, st_ino = 105911862, st_nlink = 1, st_mode = 33188, st_uid = 81, st_gid = 81, __pad0 = 0, st_rdev = 0, st_size = 1218, st_blksize = 4096, st_blocks = 8, st_atim = {tv_sec = 1322087240, tv_nsec = 505034622}, st_mtim = {tv_sec = 1276182426, tv_nsec = 0}, st_ctim = { tv_sec = 1368462842, tv_nsec = 483233520}, __unused = {0, 0, 0}} nbytes = 1218 no_in_stream = 0 tsrm_ls = 0x7fffd40068f0 #5 0x7fffeeebd441 in magic_stream (ms=0x7fffd411c5f0, stream=0x7fffd8d70388) at ext/fileinfo/libmagic/magic.c:345 No locals. #6 0x7fffeeeae9b8 in _php_finfo_get_type (ht=2, return_value=0x7fffd49f1e50, return_value_ptr=0x0, this_ptr=0x7fffd49f3d58, return_value_used=1, tsrm_ls=0x7fffd40068f0, mode=2, mimetype_emu=0) at ext/fileinfo/fileinfo.c:540 stream = 0x7fffd8d70388 context = 0x7fffd8b84610 tmp2 = 0x7fffd49db410 "/xxx/yyy/zzz/fileadmin/template/head.gif" wrap = 0x7fffefb6c700 ssb = {sb = {st_dev = 2058, st_ino = 105911862, st_nlink = 1, st_mode = 33188, st_uid = 81, st_gid = 81, __pad0 = 0, st_rdev = 0, st_size = 1218, st_blksize = 4096, st_blocks = 8, st_atim = {tv_sec = 1322087240, tv_nsec = 505034622}, st_mtim = {tv_sec = 1276182426, tv_nsec = 0}, st_ctim = {tv_sec = 1368462842, tv_nsec = 483233520}, __unused = {0, 0, 0}}} options = 16 ret_val = 0x0 buffer = 0x7fffd49db410 "/xxx/yyy/zzz/fileadmin/template/head.gif" buffer_len = 53 finfo = 0x7fffd49e7e08 zfinfo = 0x7fffef8234f1 zcontext = 0x0 what = 0x7fffef8234fc mime_directory = "directory" magic = 0x7fffd411c5f0 object = 0x7fffd49f3d58 #7 0x7fffeeeaec40 in zif_finfo_file (ht=2, return_value=0x7
Bug #64836 [Csd]: segfault in softmagic.c
Edit report at https://bugs.php.net/bug.php?id=64836&edit=1 ID: 64836 User updated by: r dot biegel at gmx dot at Reported by: r dot biegel at gmx dot at Summary:segfault in softmagic.c Status: Closed Type: Bug Package:Unknown/Other Function Operating System: Gentoo Linux PHP Version:5.4.15 Assigned To:pajoye Block user comment: N Private report: N New Comment: Downloaded a snapshot today, bug still exists. What commit are you referring to? This bug seems to affect GIFs, but note that it is not this one which is about mp3 files: https://bugs.php.net/bug.php?id=64830 Previous Comments: [2013-05-14 17:53:58] paj...@php.net The fix for this bug has been committed. Snapshots of the sources are packaged every three hours; this change will be in the next snapshot. You can grab the snapshot at http://snaps.php.net/. For Windows: http://windows.php.net/snapshots/ Thank you for the report, and for helping us make PHP better. [2013-05-14 16:49:33] r dot biegel at gmx dot at Description: PHP segfaults when going through the typo3 upgrade wizzard (4.5 -> 6.1) Not shure what's going on, but line 1610 in softmagic.c says: offset += ms->c.li[cont_level-1].off; but cont_level seems to be 0. == Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7fffdbfef700 (LWP 20398)] 0x7fffeeec2e6f in mget (ms=0x7fffd40f1410, s=0x7fffd4704760 "GIF89a", m=0x7fffe8509268, nbytes=4749, o=0, cont_level=0, mode=32, text=0, flip=0, recursion_level=1, printed_something=0x7fffdbfebdd4, need_separator=0x7fffdbfebdd8, returnval=0x7fffdbfebd24) at ext/fileinfo/libmagic/softmagic.c:1610 == #0 0x7fffeeec2e6f in mget (ms=0x7fffd40f1410, s=0x7fffd4704760 "GIF89a", m=0x7fffe8509268, nbytes=4749, o=0, cont_level=0, mode=32, text=0, flip=0, recursion_level=1, printed_something=0x7fffdbfebdd4, need_separator=0x7fffdbfebdd8, returnval=0x7fffdbfebd24) at ext/fileinfo/libmagic/softmagic.c:1610 #1 0x7fffeeebedec in match (ms=0x7fffd40f1410, magic=0x7fffe83b70e8, nmagic=9629, s=0x7fffd4704760 "GIF89a", nbytes=4749, offset=0, mode=32, text=0, flip=0, recursion_level=0, printed_something=0x7fffdbfebdd4, need_separator=0x7fffdbfebdd8, returnval=0x7fffdbfebd24) at ext/fileinfo/libmagic/softmagic.c:157 #2 0x7fffeeebeb1d in file_softmagic (ms=0x7fffd40f1410, buf=0x7fffd4704760 "GIF89a", nbytes=4749, mode=32, text=0) at ext/fileinfo/libmagic/softmagic.c:82 #3 0x7fffeeebc3a5 in file_buffer (ms=0x7fffd40f1410, stream=0x7fffd46d7998, inname=0x0, buf=0x7fffd4704760, nb=4749) at ext/fileinfo/libmagic/funcs.c:238 #4 0x7fffeeebd698 in file_or_stream (ms=0x7fffd40f1410, inname=0x0, stream=0x7fffd46d7998) at ext/fileinfo/libmagic/magic.c:412 #5 0x7fffeeebd441 in magic_stream (ms=0x7fffd40f1410, stream=0x7fffd46d7998) at ext/fileinfo/libmagic/magic.c:344 #6 0x7fffeeeae9b8 in _php_finfo_get_type (ht=2, return_value=0x7fffd46e4e68, return_value_ptr=0x0, this_ptr=0x7fffd46e4e38, return_value_used=1, tsrm_ls=0x7fffd4008900, mode=2, mimetype_emu=0) at ext/fileinfo/fileinfo.c:540 #7 0x7fffeeeaec40 in zif_finfo_file (ht=2, return_value=0x7fffd46e4e68, return_value_ptr=0x0, this_ptr=0x7fffd46e4e38, return_value_used=1, tsrm_ls=0x7fffd4008900) at ext/fileinfo/fileinfo.c:578 #8 0x7fffef2f0972 in zend_do_fcall_common_helper_SPEC ( execute_data=0x77e5db28, tsrm_ls=0x7fffd4008900) at Zend/zend_vm_execute.h:643 #9 0x7fffef2f1dde in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER ( execute_data=0x77e5db28, tsrm_ls=0x7fffd4008900) at Zend/zend_vm_execute.h:754 #10 0x7fffef2ee767 in execute (op_array=0x7fffd45da558, tsrm_ls=0x7fffd4008900) at Zend/zend_vm_execute.h:410 #11 0x7fffef2a453e in zend_execute_scripts (type=8, tsrm_ls=0x7fffd4008900, retval=0x0, file_count=3) at Zend/zend.c:1315 #12 0x7fffef1e6053 in php_execute_script (primary_file=0x7fffdbfeea30, tsrm_ls=0x7fffd4008900) at main/main.c:2492 #13 0x7fffef423efb in php_handler (r=0x7fffd4004980) at sapi/apache2handler/sapi_apache2.c:667 #14 0x555ba9c6 in ap_run_handler (r=0x7fffd4004980) at config.c:169 #15 0x555bb56d in ap_invoke_handler (r=0x7fffd4004980) at config.c:432 #16 0x555db438 in ap_process_async_request (r=0x7fffd4004980) at http_request.c:317 #17 0x555db543 in ap_process_request (r=0x7fffd4004980) at http_request.c:363 #18 0x555d721a in ap_process_http_sync_connection (c=0x7fffe4003228) at http_core.c:190 #19 0x555d7353 in ap_process_http_connection (c=0x7fffe40
[PHP-BUG] Bug #64836 [NEW]: segfault in softmagic.c
From: r dot biegel at gmx dot at Operating system: Gentoo Linux PHP version: 5.4.15 Package: Unknown/Other Function Bug Type: Bug Bug description:segfault in softmagic.c Description: PHP segfaults when going through the typo3 upgrade wizzard (4.5 -> 6.1) Not shure what's going on, but line 1610 in softmagic.c says: offset += ms->c.li[cont_level-1].off; but cont_level seems to be 0. == Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7fffdbfef700 (LWP 20398)] 0x7fffeeec2e6f in mget (ms=0x7fffd40f1410, s=0x7fffd4704760 "GIF89a", m=0x7fffe8509268, nbytes=4749, o=0, cont_level=0, mode=32, text=0, flip=0, recursion_level=1, printed_something=0x7fffdbfebdd4, need_separator=0x7fffdbfebdd8, returnval=0x7fffdbfebd24) at ext/fileinfo/libmagic/softmagic.c:1610 == #0 0x7fffeeec2e6f in mget (ms=0x7fffd40f1410, s=0x7fffd4704760 "GIF89a", m=0x7fffe8509268, nbytes=4749, o=0, cont_level=0, mode=32, text=0, flip=0, recursion_level=1, printed_something=0x7fffdbfebdd4, need_separator=0x7fffdbfebdd8, returnval=0x7fffdbfebd24) at ext/fileinfo/libmagic/softmagic.c:1610 #1 0x7fffeeebedec in match (ms=0x7fffd40f1410, magic=0x7fffe83b70e8, nmagic=9629, s=0x7fffd4704760 "GIF89a", nbytes=4749, offset=0, mode=32, text=0, flip=0, recursion_level=0, printed_something=0x7fffdbfebdd4, need_separator=0x7fffdbfebdd8, returnval=0x7fffdbfebd24) at ext/fileinfo/libmagic/softmagic.c:157 #2 0x7fffeeebeb1d in file_softmagic (ms=0x7fffd40f1410, buf=0x7fffd4704760 "GIF89a", nbytes=4749, mode=32, text=0) at ext/fileinfo/libmagic/softmagic.c:82 #3 0x7fffeeebc3a5 in file_buffer (ms=0x7fffd40f1410, stream=0x7fffd46d7998, inname=0x0, buf=0x7fffd4704760, nb=4749) at ext/fileinfo/libmagic/funcs.c:238 #4 0x7fffeeebd698 in file_or_stream (ms=0x7fffd40f1410, inname=0x0, stream=0x7fffd46d7998) at ext/fileinfo/libmagic/magic.c:412 #5 0x7fffeeebd441 in magic_stream (ms=0x7fffd40f1410, stream=0x7fffd46d7998) at ext/fileinfo/libmagic/magic.c:344 #6 0x7fffeeeae9b8 in _php_finfo_get_type (ht=2, return_value=0x7fffd46e4e68, return_value_ptr=0x0, this_ptr=0x7fffd46e4e38, return_value_used=1, tsrm_ls=0x7fffd4008900, mode=2, mimetype_emu=0) at ext/fileinfo/fileinfo.c:540 #7 0x7fffeeeaec40 in zif_finfo_file (ht=2, return_value=0x7fffd46e4e68, return_value_ptr=0x0, this_ptr=0x7fffd46e4e38, return_value_used=1, tsrm_ls=0x7fffd4008900) at ext/fileinfo/fileinfo.c:578 #8 0x7fffef2f0972 in zend_do_fcall_common_helper_SPEC ( execute_data=0x77e5db28, tsrm_ls=0x7fffd4008900) at Zend/zend_vm_execute.h:643 #9 0x7fffef2f1dde in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER ( execute_data=0x77e5db28, tsrm_ls=0x7fffd4008900) at Zend/zend_vm_execute.h:754 #10 0x7fffef2ee767 in execute (op_array=0x7fffd45da558, tsrm_ls=0x7fffd4008900) at Zend/zend_vm_execute.h:410 #11 0x7fffef2a453e in zend_execute_scripts (type=8, tsrm_ls=0x7fffd4008900, retval=0x0, file_count=3) at Zend/zend.c:1315 #12 0x7fffef1e6053 in php_execute_script (primary_file=0x7fffdbfeea30, tsrm_ls=0x7fffd4008900) at main/main.c:2492 #13 0x7fffef423efb in php_handler (r=0x7fffd4004980) at sapi/apache2handler/sapi_apache2.c:667 #14 0x555ba9c6 in ap_run_handler (r=0x7fffd4004980) at config.c:169 #15 0x555bb56d in ap_invoke_handler (r=0x7fffd4004980) at config.c:432 #16 0x555db438 in ap_process_async_request (r=0x7fffd4004980) at http_request.c:317 #17 0x555db543 in ap_process_request (r=0x7fffd4004980) at http_request.c:363 #18 0x555d721a in ap_process_http_sync_connection (c=0x7fffe4003228) at http_core.c:190 #19 0x555d7353 in ap_process_http_connection (c=0x7fffe4003228) at http_core.c:231 #20 0x555ca23d in ap_run_process_connection (c=0x7fffe4003228) at connection.c:41 #21 0x555ca828 in ap_process_connection (c=0x7fffe4003228, csd=0x7fffe4003010) at connection.c:202 #22 0x555e5e36 in process_socket (thd=0x558a8a78, p=0x7fffe4002f98, sock=0x7fffe4003010, my_child_num=0, my_thread_num=20, bucket_alloc=0x7fffd40008e8) at worker.c:620 #23 0x555e6e1e in worker_thread (thd=0x558a8a78, dummy=0x7fffe4000f80) at worker.c:979 #24 0x76713f6b in start_thread () from /lib64/libpthread.so.0 #25 0x76248d8d in clone () from /lib64/libc.so.6 == ./php-config --configure-options --prefix=/usr --build=x86_64-pc-linux-gnu --host=x86_64-pc-linux-gnu --mandir=/usr/share/man --infodir=/usr/share/info --datadir=/usr/share --sysconfdir=/etc --localstatedir=/var/lib --prefix=/usr/lib64/php5.4 --mandir=/usr/lib64/php5.4/man --infodir=/usr/lib64/php5.4/info --libdir=/usr/lib64/php5.4/lib --with-libdir=lib64 --without-pear --enable-maintainer-zts