ID: 40185
Updated by: [EMAIL PROTECTED]
Reported By: darkwinter at tiscali dot es
Status: Open
Bug Type: Reproducible crash
Operating System: Linux - Ubuntu Dapper 6.06 LTS
PHP Version: 5.2.0
New Comment:
This is no forum for questions about API usage, if you need help
contact pecl-dev (or internals) mailing list. I didn't check your code
in detail but I guess you missed to initialized some variables.
Therefore you should use zend_eval_string() instead of calling
zend_compile_string() and zend_execute() directly. For any further help
one would also need a backtrace...
Previous Comments:
------------------------------------------------------------------------
[2007-01-21 11:10:19] darkwinter at tiscali dot es
Description:
------------
Let's see... I'm trying to write an extension module for PHP (shared
extension, ie: myext.so) that compiles and executes some PHP code that
I will pass to it.
Extension is working already but crashes on zend_execute() call
depending on what PHP code I give to it.
Trying to pin down the problem, I've found that it crashes trying to
execute ANY code that declares a variable (ie $a=1;) BEFORE any
function declaration. Weird.
I can reproduce the crash (Segmentation Fault (11) in Apache error.log)
anytime. See the "Reproduce Code" for tips.
Also, I could fix the problem "in lab" somewhat: I have to create and
call a function (even a dummy one works) BEFORE the first variable use,
ON EVERY PHP CODE SNIPPET/SCRIPT I want to use, which will (might?)
overflow the global function table over time (I guess :m), as every
function have to have different names (so I don't try to redeclare a
function twice, AFAIK).
As you can see, this is not a long term soluction I guess... :( but it
works for testing and may give you a clue to what's going on.
Tested with the Following Env.
Ubuntu Dapper 6.06 LTS (Linux)
Apache 2.2.3
PHP 5.2.0
- myext.so
Reproduce code:
---------------
--- PHP CODE -----------
<?php
$a=1;
?>
--- END OF PHP CODE ----
--- EXTENSION CODE THAT I'M TRYING TO USE: ---
myext.so
/* FAULTY CODE */
char faulty_code[] = "echo 'Hi all<br>';?><?php $a = 5; echo $a;
?>"; // this code crashes.
char faulty_code2[] = "?><?php $a = 5; echo $a; ?>";
// this code
crashes.
char working_code[] = "function foo() {}; foo(); echo 'Hi
all<br>';?><?php $a = 5; echo $a; ?>"; // this code works. Prepending a
function declaration AND a function call works (¿?)...
zend_op_array *op_array = NULL;
zval *new_string;
char *buf = (char *)emalloc(20 * 1024); // have plenty of space
for
this test.
strcpy(buf, faulty_code); // replace faulty_code with
working_code to
see the difference.
MAKE_STD_ZVAL(new_string);
ZVAL_STRING(new_string, buf, 0);
op_array = zend_compile_string(new_string, "test");
if (op_array != NULL)
{
zend_execute(op_array); // this crashes.
}
/* END OF FAULTY CODE */
--- END OF EXTENSION CODE THAT I'M TRYING TO USE: ---
Expected result:
----------------
It is expected for the PHP code to be executed: faulty_code[] arrays
contain valid PHP code and should execute, not give a segfault.
char faulty_code[] = "echo 'Hi all<br>';?><?php $a = 5; echo $a;
?>"; // this code crashes.
Actual result:
--------------
faulty_code[] crashes with a SegFault #11 in apache logs.
working_code[] fix works flawless but need to create a function on
every snippet of code.
Of course, that would be a different problem and requires different
names each time, but that is not the real problem here.
// this code crashes and should work. Works in "php -r"
char faulty_code2[] = "?><?php $a = 5; echo $a; ?>";
Note that i *require* to close and open PHP tags as I might have in
between some HTML code, for example:
// this code crashes and should work. Works in "php -r"
char faulty_code3[] = "?><center>Hello World from HTML</center><?php $a
= 5; echo $a; ?>";
In few words:
A. Trying to execute faulty_code[] below from my PHP extension (or
loading the PHP CODE snippet (without the --- PHP CODE ---- lines)
from a .php file crashes on zend_execute()
B. Trying to execute working_code[] or adding a function foo() {};
foo(); line before the line $a = 1 in the PHP CODE script works too.
C. Might be useful to know, so I remark it: I've tried also to execute
this code trough the PHP CLI successfully:
# php -r "$a = 1; echo $a;"
and it works.
Even with tags leave on it:
# php -r "?><? $a = 1; echo $a; ?>"
also works.
Hope all of this helps. Please contact me for any issue you might have.
Thank you.
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=40185&edit=1
