ID: 36928 User updated by: michaelw at webcentral dot com dot au Reported By: michaelw at webcentral dot com dot au -Status: Feedback +Status: Open Bug Type: Reproducible crash Operating System: Solaris 9 / PHP Version: 4.4.2 New Comment:
Hey, This is a better 'Reproduce Code' (it doesn't attempt to send an email if the 2nd variable is a 0, and hence doesn't crash, so depending on what $_SERVER['HTTPS'] evaluated to for you, it might not have errored..): <html> <body> <?php error_log("commas can crash ",1); ?> <p> Test..</p> </body> </html> I'm currently compiling the suggested CVS snapshot and will let you know when I have a result. Previous Comments: ------------------------------------------------------------------------ [2006-03-31 03:32:05] [EMAIL PROTECTED] Please try using this CVS snapshot: http://snaps.php.net/php4-STABLE-latest.tar.gz For Windows: http://snaps.php.net/win32/php4-win32-STABLE-latest.zip Can't reproduce ------------------------------------------------------------------------ [2006-03-31 03:08:23] michaelw at webcentral dot com dot au Description: ------------ This was noticed by a developer making a typo ( , instead of . ) when attempting to concat strings within the parameters of error_log. It is reported as a bug because it causes a segfault in PHP which causes the webserver to crash. Reproduce code: --------------- <html> <body> <?php error_log("commas can crash ",($_SERVER['HTTPS'] != 'off')); ?> <p> Test..</p> </body> </html> Expected result: ---------------- Presumably an error indicating that the 2nd parameter passed to error_log is invalid. Actual result: -------------- Program received signal SIGSEGV, Segmentation fault. (gdb) bt #0 0xfedb451c in strlen () from /usr/lib/libc.so.1 #1 0xfee06f88 in _doprnt () from /usr/lib/libc.so.1 #2 0xfee089e4 in fprintf () from /usr/lib/libc.so.1 #3 0x000d0970 in php_mail (to=0x0, subject=0x193868 "To: %s\n", message=0x0, headers=0x0, extra_cmd=0x0, tsrm_ls=0x0) at /opt/admin/build/php-4.4.2/ext/standard/mail.c:228 Presumably the variable should be sanity checked both in php_mail and the error_log function.. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=36928&edit=1