ID: 17375
Updated by: [EMAIL PROTECTED]
Reported By: [EMAIL PROTECTED]
Status: Feedback
Bug Type: Reproducible crash
Operating System: Debian GNU/Linux
PHP Version: 4.0CVS-2002-05-23
New Comment:
The "Edit Submission" form said I wan't allowed to change the state to
Open, so I added a comment here.
Here's a script to trigger the segfault:
<?
$ds = array(
0 => array("pipe", "r"),
1 => array("pipe", "w"),
2 => array("file", "/tmp/stderr")
);
$cat = proc_open(
"/bin/cat",
$ds,
$pipes
);
echo "I didn't segfault!\n";
?>
And here's a backtrace:
kims@lionred:~/public_html$ gdb /usr/local/bin/php core
GNU gdb 2002-04-01-cvs
Copyright 2002 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and
you are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for
details.
This GDB was configured as "i386-linux"...
Core was generated by `/usr/local/bin/php sf.php'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /lib/libcrypt.so.1...done.
Loaded symbols for /lib/libcrypt.so.1
Reading symbols from /lib/libresolv.so.2...done.
Loaded symbols for /lib/libresolv.so.2
Reading symbols from /lib/libm.so.6...done.
Loaded symbols for /lib/libm.so.6
Reading symbols from /lib/libdl.so.2...done.
Loaded symbols for /lib/libdl.so.2
Reading symbols from /lib/libpthread.so.0...done.
Loaded symbols for /lib/libpthread.so.0
Reading symbols from /lib/libc.so.6...done.
Loaded symbols for /lib/libc.so.6
Reading symbols from /lib/ld-linux.so.2...done.
Loaded symbols for /lib/ld-linux.so.2
#0 0x080c3c03 in zif_proc_open (ht=3, return_value=0x820e910,
this_ptr=0x0,
return_value_used=1, tsrm_ls=0x81d55e0)
at /home/kims/php4/ext/standard/exec.c:800
800 convert_to_string_ex(zmode);
(gdb) bt
#0 0x080c3c03 in zif_proc_open (ht=3, return_value=0x820e910,
this_ptr=0x0,
return_value_used=1, tsrm_ls=0x81d55e0)
at /home/kims/php4/ext/standard/exec.c:800
#1 0x081674b9 in execute (op_array=0x8209a08, tsrm_ls=0x81d55e0)
at /home/kims/php4/Zend/zend_execute.c:1587
#2 0x08152d1f in zend_execute_scripts (type=8, tsrm_ls=0x81d55e0,
retval=0x0,
file_count=3) at /home/kims/php4/Zend/zend.c:810
#3 0x08125b2a in php_execute_script (primary_file=0xbffffd38,
tsrm_ls=0x81d55e0) at /home/kims/php4/main/main.c:1373
#4 0x0816fedb in main (argc=2, argv=0xbffffdb4)
at /home/kims/php4/sapi/cli/php_cli.c:622
(gdb)
Thankyou :)
Previous Comments:
------------------------------------------------------------------------
[2002-05-23 02:16:58] [EMAIL PROTECTED]
Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read
http://bugs.php.net/bugs-generating-backtrace.php
Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.
A backtrace really would help for us...
Derick
------------------------------------------------------------------------
[2002-05-23 00:42:24] [EMAIL PROTECTED]
proc_open() causes my apache process to segfault when I pass it a
broken descriptorspec array.
An entry in the descriptorspec array of type "file" that has only two
elements (i.e., is missing the third element, the mode with which to
open the file) causes the segfault.
I suggest that:
* proc_open() should return an invalid resource, and a meaningful
warning, instead of segfaulting like this.
* perhaps the mode should default to something if ommitted, instead of
giving a warning, perhaps "r" would be a safe default.
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=17375&edit=1
