Edit report at https://bugs.php.net/bug.php?id=60477&edit=1
ID: 60477 Updated by: larue...@php.net Reported by: reeze dot xia at gmail dot com Summary: Segfault after two multipart/form-data POST requestes -Status: Assigned +Status: Closed Type: Bug Package: Built-in web server Operating System: Mac OS X 10.6.7 PHP Version: trunk-SVN-2011-12-09 (SVN) Assigned To: laruence Block user comment: N Private report: N Previous Comments: ------------------------------------------------------------------------ [2011-12-09 05:39:21] larue...@php.net This bug has been fixed in SVN. Snapshots of the sources are packaged every three hours; this change will be in the next snapshot. You can grab the snapshot at http://snaps.php.net/. For Windows: http://windows.php.net/snapshots/ Thank you for the report, and for helping us make PHP better. I made a different patch, since the main/SAPI.c is used by many other sapis, and this bug should fixed in built-in server. thanks for your work . ------------------------------------------------------------------------ [2011-12-09 05:37:23] larue...@php.net Automatic comment from SVN on behalf of laruence Revision: http://svn.php.net/viewvc/?view=revision&revision=320716 Log: Fixed bug #60477 (Segfault after two multipart/form-data POST requests) ------------------------------------------------------------------------ [2011-12-09 04:18:57] reeze dot xia at gmail dot com Hi, the 5.4RC3 and the trunk have this bug. After trace the core. I found the SG(rfc1867_uploaded_files) did't set to NULL when sapi deactive. when trying to free the SG(rfc1867_uploaded_files), server will core dumped on the next form-data post request. So It's a simple oneline-fix. I have attached a patch for this, patch tested on Mac OS X 10.6.7 & Redhat Linux. thx. ------------------------------------------------------------------------ [2011-12-09 04:05:38] reeze dot xia at gmail dot com Description: ------------ Post two multipart/form-data to the cli-server, one 200 request and one 404 request will cause the cli-server segfault. if enabled debug, the server exit with a message: "in-consist hashtable". Test script: --------------- 1.Start the cli-server 2.Touch a simple empty php script 3.Make the requestes $ curl --form a=b "http://localhost:8000/file.php" $ curl --form a=b "http://localhost:8000/file-non-exist.php" Expected result: ---------------- Server response correctly. one 200 and one 404 reponse. Actual result: -------------- Correctly response the first request. but segfault after the second 404 request. (gdb) bt #0 0x0000000100250da5 in _zend_mm_free_int (heap=0x101000000, p=0x100670b60) at zend_alloc.c:2097 #1 0x0000000100224e4f in destroy_uploaded_files_hash () at rfc1867.c:199 #2 0x00000001002219f2 in sapi_deactivate () at SAPI.c:535 #3 0x0000000100306b5e in php_cli_server_send_error_page (server=0x7fff5fbfa560, client=0x100b51170, status=404) at php_cli_server.c:1755 #4 0x00000001003046ad in php_cli_server_dispatch [inlined] () at /Volumes/Dev/Opensources/php-src-5.4/sapi/cli/php_cli_server.c:1851 #5 0x00000001003046ad in php_cli_server_recv_event_read_request (server=0x7fff5fbfe790, client=0x100670b60) at php_cli_server.c:2180 #6 0x0000000100305ef5 in php_cli_server_do_event_for_each_fd_callback [inlined] () at /Volumes/Dev/Opensources/php-src-5.4/sapi/cli/php_cli_server.c:2271 #7 php_cli_server_do_event_for_each_fd [inlined] () at php_cli_server.c:767 #8 php_cli_server_poller_iter_on_active [inlined] () at /Volumes/Dev/Opensources/php-src-5.4/sapi/cli/php_cli_server.c:2302 #9 php_cli_server_do_event_loop [inlined] () at /Volumes/Dev/Opensources/php- src-5.4/sapi/cli/php_cli_server.c:2292 #10 0x0000000100305ef5 in do_cli_server (argc=4, argv=0x10) at php_cli_server.c:2403 #11 0x00000001002ffb94 in main (argc=1606414960, argv=0x7fff5fbff298) at php_cli.c:1359 ------------------------------------------------------------------------ -- Edit this bug report at https://bugs.php.net/bug.php?id=60477&edit=1