#30027 [Com]: segmentation fault in ftp_get/memchr()

2004-10-05 Thread cfield at affinitysolutions dot com 
 ID:   30027
 Comment by:   cfield at affinitysolutions dot com
 Reported By:  sbrown at truckstuffusa dot com
 Status:   Open
 Bug Type: FTP related
 Operating System: Redhat 9
 PHP Version:  4.3.8
 New Comment:

The following patch fixes this bug(also avaliable at
http://beta.affinitysolutions.com/bug30027.patch) :

Index: ext/ftp/ftp.c
===
RCS file: /repository/php-src/ext/ftp/ftp.c,v
retrieving revision 1.68.2.17
diff -u -r1.68.2.17 ftp.c
--- ext/ftp/ftp.c   31 Mar 2004 20:44:04 -  1.68.2.17
+++ ext/ftp/ftp.c   5 Oct 2004 12:41:18 -
@@ -727,12 +727,12 @@
ptr = s;
}
 #else
-   while ((s = memchr(ptr, '\r', (e - ptr {
+   while ((eptr)  (s = memchr(ptr, '\r', (e -
ptr {
php_stream_write(outstream, ptr, (s -
ptr));
if (*(s + 1) == '\n') {
s++;
+   php_stream_putc(outstream,
'\n');
}
-   php_stream_putc(outstream, '\n');
ptr = s + 1;
}
 #endif


Previous Comments:


[2004-09-21 23:31:32] cfield at affinitysolutions dot com

I have the same problem on an SMP redhat 9 system, i can get it to stop
the segmentation faults by adding ((e-ptr)0)  to the while loop
condition on line 732 of ftp.c, however now i am getting sporadic extra
newlines (always in the same places in the file,see below for line
numbers etc. ) however, if i slowly step through the interaction it
does not put the extra new line in

line number written bytes   total bytes
504 126475  126475
689 46333   172808
2589474698  647506
3088105999  753505
3766145320  898825
5005304503  1203328
516340804   1244132
522112232   1256364
558791208   1347572
7454424119  1771691
779080126   1851817
10501   686879  2538696
10680   42243   2580939
12103   361663  2942602
13382   311479  3254081
13921   137267  3391348
16803   724748  4116096
18468   414953  4531049
18654   43412   4574461
18934   63798   4638259
18988   13696   4651955
20429   349357  5001312
21981   390490  5391802
25524   906947  6298749
27445   448641  6747390
29239   497920  7245310
30083   220342  7465652
30274   46327   7511979
31340   270732  7782711
32882   353352  8136063
33421   123803  8259866
34365   224338  8484204
36254   449849  8934053



[2004-09-17 16:25:50] sbrown at truckstuffusa dot com

Downloaded CVS last night, still get the seg fault:

# php --version
PHP 4.3.9RC4-dev (cgi) (built: Sep 17 2004 09:19:39) (DEBUG)
Copyright (c) 1997-2004 The PHP Group
Zend Engine v1.3.0, Copyright (c) 1998-2004 Zend Technologies

# gdb php
(gdb) run script-backup
Starting program: /usr/local/bin/php script-backup
...
 
Program received signal SIGSEGV, Segmentation fault.
0x4207bb01 in memchr () from /lib/tls/libc.so.6
(gdb) bt
#0  0x4207bb01 in memchr () from /lib/tls/libc.so.6
#1  0x0805eaa8 in ftp_get (ftp=0x81828ac, outstream=0x81a6afc,
path=0x81a6604 /x-stuff/php/dashboard_projectmgmt.php,
type=FTPTYPE_ASCII, resumepos=0)
at /usr/local/src/php-src/ext/ftp/ftp.c:730
#2  0x0805c141 in zif_ftp_get (ht=4, return_value=0x81a6184,
this_ptr=0x0, return_value_used=1) at
/usr/local/src/php-src/ext/ftp/php_ftp.c:637
#3  0x0811cb8f in execute (op_array=0x81885b8) at
/usr/local/src/php-src/Zend/zend_execute.c:1640
#4  0x0811cdbb in execute (op_array=0x8189310) at
/usr/local/src/php-src/Zend/zend_execute.c:1684
#5  0x0811cdbb in execute (op_array=0x81827d4) at
/usr/local/src/php-src/Zend/zend_execute.c:1684
#6  0x0810ac19 in zend_execute_scripts (type=8, retval=0x0,
file_count=3) at /usr/local/src/php-src/Zend/zend.c:891
#7  0x080d6795 in php_execute_script (primary_file=0xb0e0) at
/usr/local/src/php-src/main/main.c:1735
#8  0x081238cc in main (argc=2, argv=0xb184) at
/usr/local/src/php-src/sapi/cgi/cgi_main.c:1592
(gdb) up
#1  0x0805eaa8 in ftp_get (ftp=0x81828ac, outstream=0x81a6afc,
path=0x81a6604 /x-stuff/php/dashboard_projectmgmt.php,
type=FTPTYPE_ASCII, resumepos=0)
at /usr/local/src/php-src/ext/ftp/ftp.c:730
730 while ((s = memchr(ptr, '\r', (e -
ptr {
(gdb) p s
$1 = 0x81a6e57 \n var contacts_win = 
(gdb) p ptr
$2 = 0x81a6e58  var contacts_win = 
(gdb) p e
$3 = 0x81a6c4a \ntcus();\r\n}\r\n--\r\n/script\r\n?\r\nif
(isset($_GET['publisher']))\r\n   echo 'form name=\frm_deleteprj\
action=\'.$_SERVER['PHP_SELF'].'?publisher='.$publisher.'\
method=POST';\r\n elseif (isset($_GET['s...
(gdb)



[2004-09-16

#30027 [Com]: segmentation fault in ftp_get/memchr()

2004-09-21 Thread cfield at affinitysolutions dot com 
 ID:   30027
 Comment by:   cfield at affinitysolutions dot com
 Reported By:  sbrown at truckstuffusa dot com
 Status:   Open
 Bug Type: FTP related
 Operating System: Redhat 9
 PHP Version:  4.3.8
 New Comment:

I have the same problem on an SMP redhat 9 system, i can get it to stop
the segmentation faults by adding ((e-ptr)0)  to the while loop
condition on line 732 of ftp.c, however now i am getting sporadic extra
newlines (always in the same places in the file,see below for line
numbers etc. ) however, if i slowly step through the interaction it
does not put the extra new line in

line number written bytes   total bytes
504 126475  126475
689 46333   172808
2589474698  647506
3088105999  753505
3766145320  898825
5005304503  1203328
516340804   1244132
522112232   1256364
558791208   1347572
7454424119  1771691
779080126   1851817
10501   686879  2538696
10680   42243   2580939
12103   361663  2942602
13382   311479  3254081
13921   137267  3391348
16803   724748  4116096
18468   414953  4531049
18654   43412   4574461
18934   63798   4638259
18988   13696   4651955
20429   349357  5001312
21981   390490  5391802
25524   906947  6298749
27445   448641  6747390
29239   497920  7245310
30083   220342  7465652
30274   46327   7511979
31340   270732  7782711
32882   353352  8136063
33421   123803  8259866
34365   224338  8484204
36254   449849  8934053


Previous Comments:


[2004-09-17 16:25:50] sbrown at truckstuffusa dot com

Downloaded CVS last night, still get the seg fault:

# php --version
PHP 4.3.9RC4-dev (cgi) (built: Sep 17 2004 09:19:39) (DEBUG)
Copyright (c) 1997-2004 The PHP Group
Zend Engine v1.3.0, Copyright (c) 1998-2004 Zend Technologies

# gdb php
(gdb) run script-backup
Starting program: /usr/local/bin/php script-backup
...
 
Program received signal SIGSEGV, Segmentation fault.
0x4207bb01 in memchr () from /lib/tls/libc.so.6
(gdb) bt
#0  0x4207bb01 in memchr () from /lib/tls/libc.so.6
#1  0x0805eaa8 in ftp_get (ftp=0x81828ac, outstream=0x81a6afc,
path=0x81a6604 /x-stuff/php/dashboard_projectmgmt.php,
type=FTPTYPE_ASCII, resumepos=0)
at /usr/local/src/php-src/ext/ftp/ftp.c:730
#2  0x0805c141 in zif_ftp_get (ht=4, return_value=0x81a6184,
this_ptr=0x0, return_value_used=1) at
/usr/local/src/php-src/ext/ftp/php_ftp.c:637
#3  0x0811cb8f in execute (op_array=0x81885b8) at
/usr/local/src/php-src/Zend/zend_execute.c:1640
#4  0x0811cdbb in execute (op_array=0x8189310) at
/usr/local/src/php-src/Zend/zend_execute.c:1684
#5  0x0811cdbb in execute (op_array=0x81827d4) at
/usr/local/src/php-src/Zend/zend_execute.c:1684
#6  0x0810ac19 in zend_execute_scripts (type=8, retval=0x0,
file_count=3) at /usr/local/src/php-src/Zend/zend.c:891
#7  0x080d6795 in php_execute_script (primary_file=0xb0e0) at
/usr/local/src/php-src/main/main.c:1735
#8  0x081238cc in main (argc=2, argv=0xb184) at
/usr/local/src/php-src/sapi/cgi/cgi_main.c:1592
(gdb) up
#1  0x0805eaa8 in ftp_get (ftp=0x81828ac, outstream=0x81a6afc,
path=0x81a6604 /x-stuff/php/dashboard_projectmgmt.php,
type=FTPTYPE_ASCII, resumepos=0)
at /usr/local/src/php-src/ext/ftp/ftp.c:730
730 while ((s = memchr(ptr, '\r', (e -
ptr {
(gdb) p s
$1 = 0x81a6e57 \n var contacts_win = 
(gdb) p ptr
$2 = 0x81a6e58  var contacts_win = 
(gdb) p e
$3 = 0x81a6c4a \ntcus();\r\n}\r\n--\r\n/script\r\n?\r\nif
(isset($_GET['publisher']))\r\n   echo 'form name=\frm_deleteprj\
action=\'.$_SERVER['PHP_SELF'].'?publisher='.$publisher.'\
method=POST';\r\n elseif (isset($_GET['s...
(gdb)



[2004-09-16 10:48:10] [EMAIL PROTECTED]

Get the latest stable CVS snapshot of PHP 4 and configure it with this
line:

# ./configure --disable-all --enable-ftp --enable-debug

Run your script in command line instead and try to generate the gdb
backtrace with it.




[2004-09-08 18:11:30] sbrown at truckstuffusa dot com

And just in case, here's the bt:

(gdb) bt
#0  0x4207bae0 in memchr () from /lib/tls/libc.so.6
#1  0x0807ebb0 in ftp_get (ftp=0x8366c4c, outstream=0x83a0fdc,
path=0x83991cc /x-stuff/mir_libraries/lib-htmlMimeMail.php,
type=FTPTYPE_ASCII, resumepos=0)
at /usr/local/src/php-4.3.8/ext/ftp/ftp.c:730
#2  0x0807bf69 in zif_ftp_get (ht=4, return_value=0x83a0f9c,
this_ptr=0x0, return_value_used=1) at
/usr/local/src/php-4.3.8/ext/ftp/php_ftp.c:637
#3  0x081ecfb0 in execute (op_array=0x836c920) at
/usr/local/src/php-4.3.8/Zend/zend_execute.c:1635
#4  0x081ed22b in execute (op_array=0x836d648) at
/usr/local/src/php-4.3.8/Zend/zend_execute.c:1679
#5  0x081ed22b in execute (op_array=0x8366b74) at
/usr/local/src/php-4.3.8/Zend/zend_execute.c:1679
#6  0x081d9783 in zend_execute_scripts (type=8, retval=0x0,
file_count=3) at