From: judas dot iscariote at gmail dot com Operating system: linux PHP version: 5CVS-2006-09-25 (CVS) PHP Bug Type: Zip Related Bug description: ZipArchive exits with SEGV
Description: ------------ the following code segfaults. Reproduce code: --------------- <?php class zipper { public $zip_handler; public function __construct( ) { $this->zip_handler = new ZipArchive; } public function Myopen($filename) { return $this->zip_handler->open($filename, ZIPARCHIVE::CREATE); } } $foo = new zipper(); $foo->Myopen('/tmp/foo.zip'); var_dump($foo); ?> Expected result: ---------------- $foo var_dump'ed Actual result: -------------- Program received signal SIGSEGV, Segmentation fault. 0x0000000000623d88 in zip_get_archive_comment (za=0xa74b50, lenp=0x7fffaeae4534, flags=0) at /home/cristian/php-src/ext/zip/lib/zip_get_archive_comment.c:49 49 *lenp = za->cdir->comment_len; (gdb) bt full #0 0x0000000000623d88 in zip_get_archive_comment (za=0xa74b50, lenp=0x7fffaeae4534, flags=0) at /home/cristian/php-src/ext/zip/lib/zip_get_archive_comment.c:49 No locals. #1 0x00000000006181a5 in php_zipobj_get_zip_comment (za=0xa74b50, len=0x7fffaeae4534) at /home/cristian/php-src/ext/zip/php_zip.c:255 No locals. #2 0x00000000006182c3 in php_zip_property_reader (obj=0x2b0afc0a57b0, hnd=0x99b000, retval=0x7fffaeae45c8, newzval=0) at /home/cristian/php-src/ext/zip/php_zip.c:322 retchar = 0x0 retint = 0 len = 0 #3 0x00000000006187f6 in php_zip_get_properties (object=0x2b0afc0a5638) at /home/cristian/php-src/ext/zip/php_zip.c:467 obj = (ze_zip_object *) 0x2b0afc0a57b0 hnd = (zip_prop_handler *) 0x99b000 props = (HashTable *) 0x2b0afc0a5840 val = (zval *) 0x2b0afc0a5ee8 ret = 0 key = 0x99afe0 "comment" key_len = 8 pos = (HashPosition) 0x99afa0 num_key = 5 #4 0x00000000005e082e in php_var_dump (struc=0x2b0afc0a5498, level=3) at /home/cristian/php-src/ext/standard/var.c:140 myht = (HashTable *) 0x0 class_name = 0x7fffaeae4700 " G\177" class_name_len = 5 php_element_dump_func = (int (*)(zval **, int, struct __va_list_tag *, zend_hash_key *)) 0x5aeae4770 #5 0x00000000005e04bf in php_object_property_dump (zv=0x2b0afc0a5498, num_args=1, args=0x7fffaeae47d0, hash_key=0x7fffaeae47b0) at /home/cristian/php-src/ext/standard/var.c:96 level = 1 prop_name = 0x2b0afc0a54c0 "zip_handler" class_name = 0x0 #6 0x000000000068f27e in zend_hash_apply_with_arguments (ht=0x2b0afc0a5368, destruct=0x5e034b <php_object_property_dump>, num_args=1) at /home/cristian/php-src/Zend/zend_hash.c:710 p = (Bucket *) 0x2b0afc0a5480 args = {{gp_offset = 32, fp_offset = 48, overflow_arg_area = 0x7fffaeae48b0, reg_save_area = 0x7fffaeae47f0}} hash_key = {arKey = 0x2b0afc0a54c0 "zip_handler", nKeyLength = 12, h = 16128149184387123093} #7 0x00000000005e099b in php_var_dump (struc=0x2b0afc0803b8, level=1) at /home/cristian/php-src/ext/standard/var.c:152 myht = (HashTable *) 0x2b0afc0a5368 class_name = 0x2b0afc0a5318 "" class_name_len = 6 php_element_dump_func = (int (*)(zval **, int, struct __va_list_tag *, zend_hash_key *)) 0x5e034b <php_object_property_dump> #8 0x00000000005e0b5f in zif_var_dump (ht=1, return_value=0x2b0afc0a5958, return_value_ptr=0x0, this_ptr=0x0, return_value_used=0) at /home/cristian/php-src/ext/standard/var.c:193 args = (zval ***) 0x2b0afc0a51c0 argc = 1 i = 0 #9 0x00000000006a7cf6 in zend_do_fcall_common_helper_SPEC (execute_data=0x7fffaeae4cd0) at /home/cristian/php-src/Zend/zend_vm_execute.h:200 return_reference = 0 '\0' opline = (zend_op *) 0x2b0afc0a2058 original_return_value = (zval **) 0x2b0afc0a52c0 current_scope = (zend_class_entry *) 0x0 current_this = (zval *) 0x0 return_value_used = 0 should_change_scope = 0 '\0' ctor_opline = (zend_op *) 0x9006e8ddf #10 0x00000000006add96 in ZEND_DO_FCALL_SPEC_CONST_HANDLER (execute_data=0x7fffaeae4cd0) at /home/cristian/php-src/Zend/zend_vm_execute.h:1681 opline = (zend_op *) 0x2b0afc0a2058 fname = (zval *) 0x2b0afc0a2088 #11 0x00000000006a7797 in execute (op_array=0x2b0afc0a18d8) at /home/cristian/php-src/Zend/zend_vm_execute.h:92 execute_data = {opline = 0x2b0afc0a2058, function_state = {function_symbol_table = 0x2b0afc0a5520, function = 0x96e050, reserved = {0x2b0afc0a1a08, 0x7fffaeae4d30, 0x67505e, 0x0}}, fbc = 0x0, op_array = 0x2b0afc0a18d8, object = 0x0, Ts = 0x7fffaeae4b60, CVs = 0x7fffaeae4b40, original_in_execution = 0 '\0', symbol_table = 0x93e168, prev_execute_data = 0x0, old_error_reporting = 0x0} #12 0x00000000006817b2 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /home/cristian/php-src/Zend/zend.c:1096 files = {{gp_offset = 40, fp_offset = 48, overflow_arg_area = 0x7fffaeae4f60, reg_save_area = 0x7fffaeae4ea0}} i = 1 file_handle = (zend_file_handle *) 0x7fffaeae7360 orig_op_array = (zend_op_array *) 0x0 local_retval = (zval *) 0x0 #13 0x0000000000629426 in php_execute_script (primary_file=0x7fffaeae7360) at /home/cristian/php-src/main/main.c:1759 realfile = "/srv/www/htdocs/class.zipper.php\000\006\000\000\177\000\000-\210h\000\000\000\000\000�203\237\n+\000\000�216\n+\000\000\006\000\000\177\000\000�\220", '\0' <repeats 13 times>, "\200u\177", '\0' <repeats 26 times>, "�\n+\000\000\001\000\000\000\177\000\000\000\000\000\000\000\000\000\000str_pad\000HY{\000\000\000\000\000�203\237\n+\000\000\000\r\n+\000\000�\177\000\000B\005\n+\000\000�o\000\000\000\000\000\000\177y\000\000\000\000\000\224\000\000\000\000\000�h"... __orig_bailout = (jmp_buf *) 0x7fffaeae71e0 __bailout = {{__jmpbuf = {47326178421760, -69763556646008843, 0, 140736124056960, 0, 0, -69763556645996091, -69707295103899789}, __mask_was_saved = 0, __saved_mask = {__val = {6749112, 140736124055616, 6693656, 47321949667651, 2930667632, 0, 2186138353664, 8135640, 47326178184376, 140736124055888, 7341490, 8135640, 474, 0, 0, 3}}}} prepend_file_p = (zend_file_handle *) 0x0 append_file_p = (zend_file_handle *) 0x0 prepend_file = {type = 0 '\0', filename = 0x0, opened_path = 0x0, handle = {fd = 0, fp = 0x0, stream = { handle = 0x0, reader = 0, closer = 0, fteller = 0, interactive = 0}}, free_filename = 0 '\0'} append_file = {type = 0 '\0', filename = 0x0, opened_path = 0x0, handle = {fd = 0, fp = 0x0, stream = { handle = 0x0, reader = 0, closer = 0, fteller = 0, interactive = 0}}, free_filename = 0 '\0'} old_cwd = 0x7fffaeae4f80 "" retval = 0 #14 0x00000000007015ec in main (argc=2, argv=0x7fffaeae7588) at /home/cristian/php-src/sapi/cli/php_cli.c:1108 __orig_bailout = (jmp_buf *) 0x0 __bailout = {{__jmpbuf = {47326178421760, -69763556646010363, 0, 140736124056960, 0, 0, -69763556646008891, -69707295104778918}, __mask_was_saved = 0, __saved_mask = {__val = {0, 0, 0, 0, 0, 140736124056288, 0, 0, 0, 0, 2641803917, 47326178424384, 47326178426208, 281474976710656, 0, 0}}}} exit_status = 0 c = -1 file_handle = {type = 2 '\002', filename = 0x7fffaeae8ef1 "class.zipper.php", opened_path = 0x2b0afc0a1868 'Z' <repeats 33 times>, "\204�217*", handle = {fd = 10963600, fp = 0xa74a90, stream = { handle = 0xa74a90, reader = 0x69a350 <zend_stream_stdio_reader>, closer = 0x69a37c <zend_stream_stdio_closer>, fteller = 0x69a3a3 <zend_stream_stdio_fteller>, interactive = 0}}, free_filename = 0 '\0'} behavior = 1 reflection_what = 0x0 orig_optind = 1 orig_optarg = 0x0 arg_free = 0x7fffaeae8ef1 "class.zipper.php" arg_excp = (char **) 0x7fffaeae7590 script_file = 0x7fffaeae8ef1 "class.zipper.php" interactive = 0 module_started = 1 request_started = 1 lineno = 1 exec_direct = 0x0 exec_run = 0x0 exec_begin = 0x0 exec_end = 0x0 param_error = 0x0 hide_argv = 0 ini_entries_len = 110 -- Edit bug report at http://bugs.php.net/?id=38944&edit=1 -- Try a CVS snapshot (PHP 4.4): http://bugs.php.net/fix.php?id=38944&r=trysnapshot44 Try a CVS snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=38944&r=trysnapshot52 Try a CVS snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=38944&r=trysnapshot60 Fixed in CVS: http://bugs.php.net/fix.php?id=38944&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=38944&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=38944&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=38944&r=needscript Try newer version: http://bugs.php.net/fix.php?id=38944&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=38944&r=support Expected behavior: http://bugs.php.net/fix.php?id=38944&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=38944&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=38944&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=38944&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=38944&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=38944&r=dst IIS Stability: http://bugs.php.net/fix.php?id=38944&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=38944&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=38944&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=38944&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=38944&r=mysqlcfg