Edit report at http://bugs.php.net/bug.php?id=52944&edit=1
ID: 52944 Updated by: cataphr...@php.net Reported by: svimik at mail dot ru Summary: fclose: quiet script interruption -Status: Analyzed +Status: Closed Type: Bug Package: *Network Functions Operating System: Debian-50-lenny-64 PHP Version: 5.3.3 -Assigned To: +Assigned To: cataphract Block user comment: N New Comment: This bug has been fixed in SVN. Snapshots of the sources are packaged every three hours; this change will be in the next snapshot. You can grab the snapshot at http://snaps.php.net/. Thank you for the report, and for helping us make PHP better. Previous Comments: ------------------------------------------------------------------------ [2010-09-29 20:59:00] cataphr...@php.net Automatic comment from SVN on behalf of cataphract Revision: http://svn.php.net/viewvc/?view=revision&revision=303878 Log: - Fixed bug #52944 (Invalid write on second and subsequent reads with an inflate filter fed invalid data). ------------------------------------------------------------------------ [2010-09-29 03:56:37] cataphr...@php.net Fixed in the attached patch, which also includes a test. ------------------------------------------------------------------------ [2010-09-29 03:54:39] cataphr...@php.net The following patch has been added/updated: Patch Name: zlib_filter_segfault_fix Revision: 1285725279 URL: http://bugs.php.net/patch-display.php?bug=52944&patch=zlib_filter_segfault_fix&revision=1285725279 ------------------------------------------------------------------------ [2010-09-28 22:10:55] cataphr...@php.net Valgrind log for trunk: http://nebm.ist.utl.pt/~glopes/valgrind-52944.log ------------------------------------------------------------------------ [2010-09-28 21:58:55] cataphr...@php.net I can confirm some sort of bug in both PHP 5.3.3 and trunk on Debian Lenny x64. On trunk: [Tue Sep 28 20:54:06 2010] Script: '-' --------------------------------------- /tmp/trunk/ext/zlib/zlib_filter.c(165) : Block 0x7fba5a6120c0 status: Beginning: OK (allocated on /tmp/trunk/ext/zlib/zlib_filter.c:311, 2048 bytes) Start: OK End: Overflown (magic=0x00000018 instead of 0x5289A744) At least 4 bytes overflown --------------------------------------- done [Tue Sep 28 20:54:06 2010] Script: '-' /tmp/trunk/ext/zlib/zlib_filter.c(311) : Freeing 0x7FBA5A6120C0 (2048 bytes), script=- === Total 1 memory leaks detected === On PHP 5.3.3 (sorry, not debug build), there's a segfault: #0 zend_mm_remove_from_free_list (heap=0x11fc290, mm_block=0x1407380) at /opt/php-5.3.3/Zend/zend_alloc.c:841 #1 0x000000000069613e in _zend_mm_free_int (heap=0x11fc290, p=0x1406b80) at /opt/php-5.3.3/Zend/zend_alloc.c:2019 #2 0x00007f029fa548c9 in php_zlib_inflate_dtor ( thisfilter=<value optimized out>) at /opt/php-5.3.3/ext/zlib/zlib_filter.c:161 #3 0x0000000000678ae2 in php_stream_filter_free (filter=0x1409950) at /opt/php-5.3.3/main/streams/filter.c:312 #4 0x0000000000678b8a in php_stream_filter_remove (filter=0x0, call_dtor=1) at /opt/php-5.3.3/main/streams/filter.c:531 #5 0x000000000067559a in _php_stream_free (stream=0x14096a0, close_options=11) at /opt/php-5.3.3/main/streams/streams.c:369 #6 0x00000000006757d1 in stream_resource_regular_dtor ( rsrc=<value optimized out>) at /opt/php-5.3.3/main/streams/streams.c:1426 #7 0x00000000006c34a2 in list_entry_destructor (ptr=0x14097e0) at /opt/php-5.3.3/Zend/zend_list.c:184 #8 0x00000000006c2566 in zend_hash_del_key_or_index (ht=0xc6e7b0, arKey=0x0, nKeyLength=0, h=2, flag=<value optimized out>) at /opt/php-5.3.3/Zend/zend_hash.c:497 #9 0x00000000006c3719 in _zend_list_delete (id=<value optimized out>) at /opt/php-5.3.3/Zend/zend_list.c:58 #10 0x00000000005fbd88 in zif_fclose (ht=<value optimized out>, return_value=0x1409228, return_value_ptr=<value optimized out>, this_ptr=<value optimized out>, return_value_used=<value optimized out>) at /opt/php-5.3.3/ext/standard/file.c:928 #11 0x0000000000704cce in zend_do_fcall_common_helper_SPEC ( execute_data=0x7f029f9ce050) at /opt/php-5.3.3/Zend/zend_vm_execute.h:316 #12 0x00000000006e0589 in execute (op_array=0x14067c8) at /opt/php-5.3.3/Zend/zend_vm_execute.h:107 #13 0x00000000006b349b in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /opt/php-5.3.3/Zend/zend.c:1194 #14 0x000000000065e5e8 in php_execute_script (primary_file=0x7fff04d51350) at /opt/php-5.3.3/main/main.c:2260 #15 0x0000000000740717 in main (argc=1, argv=0x7fff04d515b8) at /opt/php-5.3.3/sapi/cli/php_cli.c:1192 ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/bug.php?id=52944 -- Edit this bug report at http://bugs.php.net/bug.php?id=52944&edit=1
