Bug #17274: sem_remove gets SIGSEGV for not initializing the semun structure.

Thu, 16 May 2002 10:45:01 -0700 

From:             [EMAIL PROTECTED]
Operating system: Linux 2.2.19
PHP version:      4.2.1
PHP Bug Type:     Semaphore related
Bug description:  sem_remove gets SIGSEGV for not initializing the semun structure.

Hi! PHP 4.2.1 gets a SIGSEGV in sem_remove().

The code in ext/sysvsem/sysvsem.c seems to forget the allocation of the
buf member of the semun struct when it calls to semctl().

I solved it adding:
   struct semid_ds semidbuf;
to the declaration of local variables, and:
   un.buf = &semidbuf;
before each call to semctl();

I configured PHP using:

configure --enable-sysvshm --enable-sysvsem
--with-curl=/usr/local/lib/libcurl.a --enable-pcntl

This is the gdb stack trace:

(gdb) where
#0  0x402864e2 in __new_semctl (semid=770, semnum=0, cmd=2)
    at ../sysdeps/i386/i486/bits/string.h:315
#1  0x80be3a3 in zif_sem_remove (ht=1, return_value=0x81a13cc,
this_ptr=0x0, 
    return_value_used=0) at sysvsem.c:406
#2  0x80fe6cf in execute (op_array=0x81946b8) at ./zend_execute.c:1598
#3  0x80fe889 in execute (op_array=0x8186c14) at ./zend_execute.c:1638
#4  0x80e4289 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at zend.c:810
#5  0x8062879 in php_execute_script (primary_file=0xbffffbd0) at
main.c:1381
#6  0x8060850 in main (argc=5, argv=0xbffffc74) at cgi_main.c:778
#7  0x401c2b65 in __libc_start_main (main=0x8060054 <main>, argc=5, 
    ubp_av=0xbffffc74, init=0x805ec7c <_init>, fini=0x81037bc <_fini>, 
    rtld_fini=0x4000df24 <_dl_fini>, stack_end=0xbffffc6c)
    at ../sysdeps/generic/libc-start.c:111

-- 
Edit bug report at http://bugs.php.net/?id=17274&edit=1
-- 
Fixed in CVS:        http://bugs.php.net/fix.php?id=17274&r=fixedcvs
Fixed in release:    http://bugs.php.net/fix.php?id=17274&r=alreadyfixed
Need backtrace:      http://bugs.php.net/fix.php?id=17274&r=needtrace
Try newer version:   http://bugs.php.net/fix.php?id=17274&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=17274&r=support
Expected behavior:   http://bugs.php.net/fix.php?id=17274&r=notwrong
Not enough info:     http://bugs.php.net/fix.php?id=17274&r=notenoughinfo
Submitted twice:     http://bugs.php.net/fix.php?id=17274&r=submittedtwice
register_globals:    http://bugs.php.net/fix.php?id=17274&r=globals

Reply via email to