Edit report at https://bugs.php.net/bug.php?id=60477&edit=1
ID: 60477
Updated by: larue...@php.net
Reported by: reeze dot xia at gmail dot com
Summary: Segfault after two multipart/form-data POST
requestes
-Status: Assigned
+Status: Closed
Type: Bug
Package: Built-in web server
Operating System: Mac OS X 10.6.7
PHP Version: trunk-SVN-2011-12-09 (SVN)
Assigned To: laruence
Block user comment: N
Private report: N
Previous Comments:
------------------------------------------------------------------------
[2011-12-09 05:39:21] larue...@php.net
This bug has been fixed in SVN.
Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
For Windows:
http://windows.php.net/snapshots/
Thank you for the report, and for helping us make PHP better.
I made a different patch, since the main/SAPI.c is used by many other sapis,
and
this bug should fixed in built-in server.
thanks for your work .
------------------------------------------------------------------------
[2011-12-09 05:37:23] larue...@php.net
Automatic comment from SVN on behalf of laruence
Revision: http://svn.php.net/viewvc/?view=revision&revision=320716
Log: Fixed bug #60477 (Segfault after two multipart/form-data POST requests)
------------------------------------------------------------------------
[2011-12-09 04:18:57] reeze dot xia at gmail dot com
Hi, the 5.4RC3 and the trunk have this bug.
After trace the core.
I found the SG(rfc1867_uploaded_files) did't set to NULL when sapi deactive.
when trying to free the SG(rfc1867_uploaded_files), server will core dumped on
the next form-data post request.
So It's a simple oneline-fix.
I have attached a patch for this, patch tested on Mac OS X 10.6.7 & Redhat
Linux.
thx.
------------------------------------------------------------------------
[2011-12-09 04:05:38] reeze dot xia at gmail dot com
Description:
------------
Post two multipart/form-data to the cli-server, one 200 request and one 404
request will cause the cli-server segfault. if enabled debug, the server exit
with
a message: "in-consist hashtable".
Test script:
---------------
1.Start the cli-server
2.Touch a simple empty php script
3.Make the requestes
$ curl --form a=b "http://localhost:8000/file.php";
$ curl --form a=b "http://localhost:8000/file-non-exist.php";
Expected result:
----------------
Server response correctly. one 200 and one 404 reponse.
Actual result:
--------------
Correctly response the first request. but segfault after the second 404 request.
(gdb) bt
#0 0x0000000100250da5 in _zend_mm_free_int (heap=0x101000000, p=0x100670b60)
at
zend_alloc.c:2097
#1 0x0000000100224e4f in destroy_uploaded_files_hash () at rfc1867.c:199
#2 0x00000001002219f2 in sapi_deactivate () at SAPI.c:535
#3 0x0000000100306b5e in php_cli_server_send_error_page
(server=0x7fff5fbfa560,
client=0x100b51170, status=404) at php_cli_server.c:1755
#4 0x00000001003046ad in php_cli_server_dispatch [inlined] () at
/Volumes/Dev/Opensources/php-src-5.4/sapi/cli/php_cli_server.c:1851
#5 0x00000001003046ad in php_cli_server_recv_event_read_request
(server=0x7fff5fbfe790, client=0x100670b60) at php_cli_server.c:2180
#6 0x0000000100305ef5 in php_cli_server_do_event_for_each_fd_callback
[inlined]
() at /Volumes/Dev/Opensources/php-src-5.4/sapi/cli/php_cli_server.c:2271
#7 php_cli_server_do_event_for_each_fd [inlined] () at php_cli_server.c:767
#8 php_cli_server_poller_iter_on_active [inlined] () at
/Volumes/Dev/Opensources/php-src-5.4/sapi/cli/php_cli_server.c:2302
#9 php_cli_server_do_event_loop [inlined] () at /Volumes/Dev/Opensources/php-
src-5.4/sapi/cli/php_cli_server.c:2292
#10 0x0000000100305ef5 in do_cli_server (argc=4, argv=0x10) at
php_cli_server.c:2403
#11 0x00000001002ffb94 in main (argc=1606414960, argv=0x7fff5fbff298) at
php_cli.c:1359
------------------------------------------------------------------------
--
Edit this bug report at https://bugs.php.net/bug.php?id=60477&edit=1
