#30027 [Com]: segmentation fault in ftp_get/memchr()
ID: 30027 Comment by: cfield at affinitysolutions dot com Reported By: sbrown at truckstuffusa dot com Status: Open Bug Type: FTP related Operating System: Redhat 9 PHP Version: 4.3.8 New Comment: The following patch fixes this bug(also avaliable at http://beta.affinitysolutions.com/bug30027.patch) : Index: ext/ftp/ftp.c === RCS file: /repository/php-src/ext/ftp/ftp.c,v retrieving revision 1.68.2.17 diff -u -r1.68.2.17 ftp.c --- ext/ftp/ftp.c 31 Mar 2004 20:44:04 - 1.68.2.17 +++ ext/ftp/ftp.c 5 Oct 2004 12:41:18 - @@ -727,12 +727,12 @@ ptr = s; } #else - while ((s = memchr(ptr, '\r', (e - ptr { + while ((eptr) (s = memchr(ptr, '\r', (e - ptr { php_stream_write(outstream, ptr, (s - ptr)); if (*(s + 1) == '\n') { s++; + php_stream_putc(outstream, '\n'); } - php_stream_putc(outstream, '\n'); ptr = s + 1; } #endif Previous Comments: [2004-09-21 23:31:32] cfield at affinitysolutions dot com I have the same problem on an SMP redhat 9 system, i can get it to stop the segmentation faults by adding ((e-ptr)0) to the while loop condition on line 732 of ftp.c, however now i am getting sporadic extra newlines (always in the same places in the file,see below for line numbers etc. ) however, if i slowly step through the interaction it does not put the extra new line in line number written bytes total bytes 504 126475 126475 689 46333 172808 2589474698 647506 3088105999 753505 3766145320 898825 5005304503 1203328 516340804 1244132 522112232 1256364 558791208 1347572 7454424119 1771691 779080126 1851817 10501 686879 2538696 10680 42243 2580939 12103 361663 2942602 13382 311479 3254081 13921 137267 3391348 16803 724748 4116096 18468 414953 4531049 18654 43412 4574461 18934 63798 4638259 18988 13696 4651955 20429 349357 5001312 21981 390490 5391802 25524 906947 6298749 27445 448641 6747390 29239 497920 7245310 30083 220342 7465652 30274 46327 7511979 31340 270732 7782711 32882 353352 8136063 33421 123803 8259866 34365 224338 8484204 36254 449849 8934053 [2004-09-17 16:25:50] sbrown at truckstuffusa dot com Downloaded CVS last night, still get the seg fault: # php --version PHP 4.3.9RC4-dev (cgi) (built: Sep 17 2004 09:19:39) (DEBUG) Copyright (c) 1997-2004 The PHP Group Zend Engine v1.3.0, Copyright (c) 1998-2004 Zend Technologies # gdb php (gdb) run script-backup Starting program: /usr/local/bin/php script-backup ... Program received signal SIGSEGV, Segmentation fault. 0x4207bb01 in memchr () from /lib/tls/libc.so.6 (gdb) bt #0 0x4207bb01 in memchr () from /lib/tls/libc.so.6 #1 0x0805eaa8 in ftp_get (ftp=0x81828ac, outstream=0x81a6afc, path=0x81a6604 /x-stuff/php/dashboard_projectmgmt.php, type=FTPTYPE_ASCII, resumepos=0) at /usr/local/src/php-src/ext/ftp/ftp.c:730 #2 0x0805c141 in zif_ftp_get (ht=4, return_value=0x81a6184, this_ptr=0x0, return_value_used=1) at /usr/local/src/php-src/ext/ftp/php_ftp.c:637 #3 0x0811cb8f in execute (op_array=0x81885b8) at /usr/local/src/php-src/Zend/zend_execute.c:1640 #4 0x0811cdbb in execute (op_array=0x8189310) at /usr/local/src/php-src/Zend/zend_execute.c:1684 #5 0x0811cdbb in execute (op_array=0x81827d4) at /usr/local/src/php-src/Zend/zend_execute.c:1684 #6 0x0810ac19 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /usr/local/src/php-src/Zend/zend.c:891 #7 0x080d6795 in php_execute_script (primary_file=0xb0e0) at /usr/local/src/php-src/main/main.c:1735 #8 0x081238cc in main (argc=2, argv=0xb184) at /usr/local/src/php-src/sapi/cgi/cgi_main.c:1592 (gdb) up #1 0x0805eaa8 in ftp_get (ftp=0x81828ac, outstream=0x81a6afc, path=0x81a6604 /x-stuff/php/dashboard_projectmgmt.php, type=FTPTYPE_ASCII, resumepos=0) at /usr/local/src/php-src/ext/ftp/ftp.c:730 730 while ((s = memchr(ptr, '\r', (e - ptr { (gdb) p s $1 = 0x81a6e57 \n var contacts_win = (gdb) p ptr $2 = 0x81a6e58 var contacts_win = (gdb) p e $3 = 0x81a6c4a \ntcus();\r\n}\r\n--\r\n/script\r\n?\r\nif (isset($_GET['publisher']))\r\n echo 'form name=\frm_deleteprj\ action=\'.$_SERVER['PHP_SELF'].'?publisher='.$publisher.'\ method=POST';\r\n elseif (isset($_GET['s... (gdb) [2004-09-16
#30027 [Com]: segmentation fault in ftp_get/memchr()
ID: 30027 Comment by: cfield at affinitysolutions dot com Reported By: sbrown at truckstuffusa dot com Status: Open Bug Type: FTP related Operating System: Redhat 9 PHP Version: 4.3.8 New Comment: I have the same problem on an SMP redhat 9 system, i can get it to stop the segmentation faults by adding ((e-ptr)0) to the while loop condition on line 732 of ftp.c, however now i am getting sporadic extra newlines (always in the same places in the file,see below for line numbers etc. ) however, if i slowly step through the interaction it does not put the extra new line in line number written bytes total bytes 504 126475 126475 689 46333 172808 2589474698 647506 3088105999 753505 3766145320 898825 5005304503 1203328 516340804 1244132 522112232 1256364 558791208 1347572 7454424119 1771691 779080126 1851817 10501 686879 2538696 10680 42243 2580939 12103 361663 2942602 13382 311479 3254081 13921 137267 3391348 16803 724748 4116096 18468 414953 4531049 18654 43412 4574461 18934 63798 4638259 18988 13696 4651955 20429 349357 5001312 21981 390490 5391802 25524 906947 6298749 27445 448641 6747390 29239 497920 7245310 30083 220342 7465652 30274 46327 7511979 31340 270732 7782711 32882 353352 8136063 33421 123803 8259866 34365 224338 8484204 36254 449849 8934053 Previous Comments: [2004-09-17 16:25:50] sbrown at truckstuffusa dot com Downloaded CVS last night, still get the seg fault: # php --version PHP 4.3.9RC4-dev (cgi) (built: Sep 17 2004 09:19:39) (DEBUG) Copyright (c) 1997-2004 The PHP Group Zend Engine v1.3.0, Copyright (c) 1998-2004 Zend Technologies # gdb php (gdb) run script-backup Starting program: /usr/local/bin/php script-backup ... Program received signal SIGSEGV, Segmentation fault. 0x4207bb01 in memchr () from /lib/tls/libc.so.6 (gdb) bt #0 0x4207bb01 in memchr () from /lib/tls/libc.so.6 #1 0x0805eaa8 in ftp_get (ftp=0x81828ac, outstream=0x81a6afc, path=0x81a6604 /x-stuff/php/dashboard_projectmgmt.php, type=FTPTYPE_ASCII, resumepos=0) at /usr/local/src/php-src/ext/ftp/ftp.c:730 #2 0x0805c141 in zif_ftp_get (ht=4, return_value=0x81a6184, this_ptr=0x0, return_value_used=1) at /usr/local/src/php-src/ext/ftp/php_ftp.c:637 #3 0x0811cb8f in execute (op_array=0x81885b8) at /usr/local/src/php-src/Zend/zend_execute.c:1640 #4 0x0811cdbb in execute (op_array=0x8189310) at /usr/local/src/php-src/Zend/zend_execute.c:1684 #5 0x0811cdbb in execute (op_array=0x81827d4) at /usr/local/src/php-src/Zend/zend_execute.c:1684 #6 0x0810ac19 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /usr/local/src/php-src/Zend/zend.c:891 #7 0x080d6795 in php_execute_script (primary_file=0xb0e0) at /usr/local/src/php-src/main/main.c:1735 #8 0x081238cc in main (argc=2, argv=0xb184) at /usr/local/src/php-src/sapi/cgi/cgi_main.c:1592 (gdb) up #1 0x0805eaa8 in ftp_get (ftp=0x81828ac, outstream=0x81a6afc, path=0x81a6604 /x-stuff/php/dashboard_projectmgmt.php, type=FTPTYPE_ASCII, resumepos=0) at /usr/local/src/php-src/ext/ftp/ftp.c:730 730 while ((s = memchr(ptr, '\r', (e - ptr { (gdb) p s $1 = 0x81a6e57 \n var contacts_win = (gdb) p ptr $2 = 0x81a6e58 var contacts_win = (gdb) p e $3 = 0x81a6c4a \ntcus();\r\n}\r\n--\r\n/script\r\n?\r\nif (isset($_GET['publisher']))\r\n echo 'form name=\frm_deleteprj\ action=\'.$_SERVER['PHP_SELF'].'?publisher='.$publisher.'\ method=POST';\r\n elseif (isset($_GET['s... (gdb) [2004-09-16 10:48:10] [EMAIL PROTECTED] Get the latest stable CVS snapshot of PHP 4 and configure it with this line: # ./configure --disable-all --enable-ftp --enable-debug Run your script in command line instead and try to generate the gdb backtrace with it. [2004-09-08 18:11:30] sbrown at truckstuffusa dot com And just in case, here's the bt: (gdb) bt #0 0x4207bae0 in memchr () from /lib/tls/libc.so.6 #1 0x0807ebb0 in ftp_get (ftp=0x8366c4c, outstream=0x83a0fdc, path=0x83991cc /x-stuff/mir_libraries/lib-htmlMimeMail.php, type=FTPTYPE_ASCII, resumepos=0) at /usr/local/src/php-4.3.8/ext/ftp/ftp.c:730 #2 0x0807bf69 in zif_ftp_get (ht=4, return_value=0x83a0f9c, this_ptr=0x0, return_value_used=1) at /usr/local/src/php-4.3.8/ext/ftp/php_ftp.c:637 #3 0x081ecfb0 in execute (op_array=0x836c920) at /usr/local/src/php-4.3.8/Zend/zend_execute.c:1635 #4 0x081ed22b in execute (op_array=0x836d648) at /usr/local/src/php-4.3.8/Zend/zend_execute.c:1679 #5 0x081ed22b in execute (op_array=0x8366b74) at /usr/local/src/php-4.3.8/Zend/zend_execute.c:1679 #6 0x081d9783 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at