Bug #15905 Updated: long filenames in fopen() crash PHP.

Wed, 06 Mar 2002 09:35:30 -0800 

 ID:               15905
 Updated by:       [EMAIL PROTECTED]
 Reported By:      [EMAIL PROTECTED]
-Status:           Open
+Status:           Feedback
 Bug Type:         Reproducible crash
 Operating System: Solaris 2.6
 PHP Version:      4.1.2
 New Comment:

Can't reproduce this problem with latest CVS on Linux (don't have
solaris test environment).

Can you test with CVS ?


Previous Comments:
------------------------------------------------------------------------

[2002-03-06 12:16:07] [EMAIL PROTECTED]

sorry, gdb output was duplicated during cut'n'paste.

------------------------------------------------------------------------

[2002-03-06 12:06:58] [EMAIL PROTECTED]

Just investigated, it happens if the path name is longer than 1980
characters: PHP Works with 1980 characters, crashes with 1981.

Forgot to mention that i use the CGI version of PHP.

------------------------------------------------------------------------

[2002-03-06 11:34:02] [EMAIL PROTECTED]

While upgrading PHP from 4.0.3pl1 to 4.1.2 i noticed crashes related to
long file names, espacially when running under safe_mode.

The problem can be reproduced using the following one liner:

<?
sleep(20);
fopen("xxxxxxxxxxxxxxxxxx..... [very long file name, 1000 characters]
...xxxxxxxxxx", "r");
?>

Please note that for obvious reasons the filename has been shortened in
the example above, the "sleep" statement has been added for debugging
purposes...

Process trace of PHP:

sigprocmask(SIG_UNBLOCK, 0xEFFFE5B8, 0x00000000) = 0
sigaction(SIGALRM, 0xEFFFE518, 0x00000000)      = 0
resolvepath("xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
0xEFFFE078, 1024) Err#78 ENAMETOOLONG
    Incurred fault #6, FLTBOUNDS  %pc = 0xEF3A4644
      siginfo: SIGSEGV SEGV_MAPERR addr=0xF0000000
    Received signal #11, SIGSEGV [default]
      siginfo: SIGSEGV SEGV_MAPERR addr=0xF0000000
        *** process killed ***


gdb output:

(gdb) b php_fopen_wrapper
Breakpoint 1 at 0x2f3b8: file fopen_wrappers.c, line 245.
(gdb) cont
Continuing.

Breakpoint 1, php_fopen_wrapper (path=0x1cb060 'x' <repeats 200
times>..., 
    mode=0x1c71e8 "r", options=4, issock=0xefffe660, socketd=0x72, 
    opened_path=0x0) at fopen_wrappers.c:245
fopen_wrappers.c:245: No such file or directory.
(gdb) 
Continuing.

Program received signal SIGSEGV, Segmentation fault.
0xef3a4644 in strcpy ()
(gdb) bt
#0  0xef3a4644 in strcpy ()
#1  0xef3cbe18 in _realpath ()
#2  0xf8090 in php_checkuid (filename=0x1cb060 'x' <repeats 200
times>..., 
    fopen_mode=0x1c71e8 "r", mode=0) at safe_mode.c:79
#3  0x2fcf8 in php_fopen_url_wrapper (
    path=0x78787878 <Address 0x78787878 out of bounds>, 
    mode=0x78787878 <Address 0x78787878 out of bounds>,
options=2021161080, 
    issock=0x78787878, socketd=0x78787878, opened_path=0x78787878)
    at fopen_wrappers.c:558
Cannot access memory at address 0x787878b0.
(gdb) (gdb) b php_fopen_wrapper
Breakpoint 1 at 0x2f3b8: file fopen_wrappers.c, line 245.
(gdb) cont
Continuing.

Breakpoint 1, php_fopen_wrapper (path=0x1cb060 'x' <repeats 200
times>..., 
    mode=0x1c71e8 "r", options=4, issock=0xefffe660, socketd=0x72, 
    opened_path=0x0) at fopen_wrappers.c:245
fopen_wrappers.c:245: No such file or directory.
(gdb) 
Continuing.

Program received signal SIGSEGV, Segmentation fault.
0xef3a4644 in strcpy ()
(gdb) bt
#0  0xef3a4644 in strcpy ()
#1  0xef3cbe18 in _realpath ()
#2  0xf8090 in php_checkuid (filename=0x1cb060 'x' <repeats 200
times>..., 
    fopen_mode=0x1c71e8 "r", mode=0) at safe_mode.c:79
#3  0x2fcf8 in php_fopen_url_wrapper (
    path=0x78787878 <Address 0x78787878 out of bounds>, 
    mode=0x78787878 <Address 0x78787878 out of bounds>,
options=2021161080, 
    issock=0x78787878, socketd=0x78787878, opened_path=0x78787878)
    at fopen_wrappers.c:558
Cannot access memory at address 0x787878b0.
(gdb) 

Other occurrences with different path names and include path lead to
Bus Errors...

If you need further information, don't hesitate to contact me.

Alex Mayrhofer

------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=15905&edit=1

Reply via email to