From:
Operating system: NetBSD
PHP version: 5.3.6
Package: *General Issues
Bug Type: Bug
Bug description:missing TRACK_VARS_SERVER
Description:
------------
./work/php-5.3.6/ext/standard/basic_functions.c: if
((zend_hash_find(HASH_OF(PG(http_globals)[TRACK_VARS_SERVER]), "argv",
sizeof("argv"), (void **) &args) != FAILURE ||
Some 'if' condition is missing here. In all others [TRACK_VARS SERVER]
calls, we can see used if condition like
if (!PG(http_globals)[TRACK_VARS_SERVER]) {
Only in basic_function.c is missing. Please see..
# find . -name "*.c"|xargs grep '\[TRACK_VARS_SERVER\]'
./work/php-5.3.6/ext/phar/phar_object.c: if
(!PG(http_globals)[TRACK_VARS_SERVER]) {
./work/php-5.3.6/ext/phar/phar_object.c: _SERVER =
Z_ARRVAL_P(PG(http_globals)[TRACK_VARS_SERVER]);
./work/php-5.3.6/ext/phar/phar_object.c: if
(PG(http_globals)[TRACK_VARS_SERVER]) {
./work/php-5.3.6/ext/phar/phar_object.c:
HashTable *_server = Z_ARRVAL_P(PG(http_globals)[TRACK_VARS_SERVER]);
./work/php-5.3.6/ext/soap/soap.c: if
(PG(http_globals)[TRACK_VARS_SERVER] &&
./work/php-5.3.6/ext/soap/soap.c:
zend_hash_find(PG(http_globals)[TRACK_VARS_SERVER]->value.ht,
"HTTP_USER_AGENT", sizeof("HTTP_USER_AGENT"), (void **) &agent_name) ==
SUCCESS &&
./work/php-5.3.6/ext/zlib/zlib.c: if
(!PG(http_globals)[TRACK_VARS_SERVER]
./work/php-5.3.6/ext/zlib/zlib.c: ||
zend_hash_find(PG(http_globals)[TRACK_VARS_SERVER]->value.ht,
"HTTP_ACCEPT_ENCODING", sizeof("HTTP_ACCEPT_ENCODING"), (void **)
&a_encoding) == FAILURE
./work/php-5.3.6/ext/zlib/zlib.c: if
(!PG(http_globals)[TRACK_VARS_SERVER]
./work/php-5.3.6/ext/zlib/zlib.c: ||
zend_hash_find(PG(http_globals)[TRACK_VARS_SERVER]->value.ht,
"HTTP_ACCEPT_ENCODING", sizeof("HTTP_ACCEPT_ENCODING"), (void **)
&a_encoding) == FAILURE
./work/php-5.3.6/ext/session/session.c: if (!PS(use_only_cookies) &&
!PS(id) && PG(http_globals)[TRACK_VARS_SERVER] &&
./work/php-5.3.6/ext/session/session.c:
zend_hash_find(Z_ARRVAL_P(PG(http_globals)[TRACK_VARS_SERVER]),
"REQUEST_URI", sizeof("REQUEST_URI"), (void **) &data) == SUCCESS &&
./work/php-5.3.6/ext/session/session.c:
PG(http_globals)[TRACK_VARS_SERVER] &&
./work/php-5.3.6/ext/session/session.c:
zend_hash_find(Z_ARRVAL_P(PG(http_globals)[TRACK_VARS_SERVER]),
"HTTP_REFERER", sizeof("HTTP_REFERER"), (void **) &data) == SUCCESS &&
./work/php-5.3.6/ext/standard/basic_functions.c: if
((zend_hash_find(HASH_OF(PG(http_globals)[TRACK_VARS_SERVER]), "argv",
sizeof("argv"), (void **) &args) != FAILURE ||
./work/php-5.3.6/ext/standard/browscap.c: if
(!PG(http_globals)[TRACK_VARS_SERVER] ||
./work/php-5.3.6/ext/standard/browscap.c:
zend_hash_find(HASH_OF(PG(http_globals)[TRACK_VARS_SERVER]),
"HTTP_USER_AGENT", sizeof("HTTP_USER_AGENT"), (void **)
&http_user_agent) == FAILURE
./work/php-5.3.6/main/php_variables.c: if
(PG(http_globals)[TRACK_VARS_SERVER]) {
./work/php-5.3.6/main/php_variables.c:
zval_ptr_dtor(&PG(http_globals)[TRACK_VARS_SERVER]);
./work/php-5.3.6/main/php_variables.c:
PG(http_globals)[TRACK_VARS_SERVER] = array_ptr;
./work/php-5.3.6/main/php_variables.c:
php_autoglobal_merge(&EG(symbol_table),
Z_ARRVAL_P(PG(http_globals)[TRACK_VARS_SERVER]) TSRMLS_CC);
./work/php-5.3.6/main/php_variables.c:
php_build_argv(SG(request_info).query_string,
PG(http_globals)[TRACK_VARS_SERVER] TSRMLS_CC);
./work/php-5.3.6/main/php_variables.c:
zend_hash_update(Z_ARRVAL_P(PG(http_globals)[TRACK_VARS_SERVER]),
"argv", sizeof("argv"), argv, sizeof(zval *), NULL);
./work/php-5.3.6/main/php_variables.c:
zend_hash_update(Z_ARRVAL_P(PG(http_globals)[TRACK_VARS_SERVER]),
"argc", sizeof("argc"), argc, sizeof(zval *), NULL);
./work/php-5.3.6/main/php_variables.c:
php_build_argv(SG(request_info).query_string,
PG(http_globals)[TRACK_VARS_SERVER] TSRMLS_CC);
./work/php-5.3.6/main/php_variables.c: if
(PG(http_globals)[TRACK_VARS_SERVER]) {
./work/php-5.3.6/main/php_variables.c:
zval_ptr_dtor(&PG(http_globals)[TRACK_VARS_SERVER]);
./work/php-5.3.6/main/php_variables.c:
PG(http_globals)[TRACK_VARS_SERVER] = server_vars;
./work/php-5.3.6/main/php_variables.c:
zend_hash_update(&EG(symbol_table), name, name_len + 1,
&PG(http_globals)[TRACK_VARS_SERVER], sizeof(zval *), NULL);
./work/php-5.3.6/main/php_variables.c:
Z_ADDREF_P(PG(http_globals)[TRACK_VARS_SERVER]);
./work/php-5.3.6/main/php_variables.c:
zend_hash_update(&EG(symbol_table), "HTTP_SERVER_VARS",
sizeof("HTTP_SERVER_VARS"), &PG(http_globals)[TRACK_VARS_SERVER],
sizeof(zval *), NULL);
./work/php-5.3.6/main/php_variables.c:
Z_ADDREF_P(PG(http_globals)[TRACK_VARS_SERVER]);
./work/php-5.3.6/sapi/cgi/cgi_main.c: } else if
(PG(http_globals)[TRACK_VARS_SERVER] &&
./work/php-5.3.6/sapi/cgi/cgi_main.c: array_ptr !=
PG(http_globals)[TRACK_VARS_SERVER] &&
./work/php-5.3.6/sapi/cgi/cgi_main.c:
Z_TYPE_P(PG(http_globals)[TRACK_VARS_SERVER]) == IS_ARRAY &&
./work/php-5.3.6/sapi/cgi/cgi_main.c:
zend_hash_num_elements(Z_ARRVAL_P(PG(http_globals)[TRACK_VARS_SERVER])) >
0
./work/php-5.3.6/sapi/cgi/cgi_main.c: *array_ptr =
*PG(http_globals)[TRACK_VARS_SERVER];
./work/php-5.3.6/sapi/fpm/fpm/fpm_main.c: } else if
(PG(http_globals)[TRACK_VARS_SERVER] &&
./work/php-5.3.6/sapi/fpm/fpm/fpm_main.c: array_ptr !=
PG(http_globals)[TRACK_VARS_SERVER] &&
./work/php-5.3.6/sapi/fpm/fpm/fpm_main.c:
Z_TYPE_P(PG(http_globals)[TRACK_VARS_SERVER]) == IS_ARRAY &&
./work/php-5.3.6/sapi/fpm/fpm/fpm_main.c:
zend_hash_num_elements(Z_ARRVAL_P(PG(http_globals)[TRACK_VARS_SERVER])) >
0
./work/php-5.3.6/sapi/fpm/fpm/fpm_main.c: *array_ptr =
*PG(http_globals)[TRACK_VARS_SERVER];
./work/php-5.3.6/sapi/apache_hooks/sapi_apache.c:
php_register_variable_ex("request", req,
PG(http_globals)[TRACK_VARS_SERVER] TSRMLS_CC);
./work/php-5.3.6/sapi/apache_hooks/sapi_apache.c:
php_register_variable("PHP_SELF_HOOK", handler->name,
PG(http_globals)[TRACK_VARS_SERVER] TSRMLS_CC);
#
Test script:
---------------
127# php -v && uname -a
PHP 5.3.6 (cli) (built: Mar 16 2011 10:00:59) (DEBUG)
Copyright (c) 1997-2011 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2011 Zend Technologies
NetBSD 127 5.1 NetBSD 5.1 (GENERIC) #0: Sun Nov 7 14:39:56 UTC 2010
[email protected]:/home/builds/ab/netbsd-5-1-RELEASE/i386/201011061943Z-obj/home/builds/ab/netbsd-5-1-RELEASE/src/sys/arch/i386/compile/GENERIC
i386
127# curl http://127.0.0.1/getopt.php
curl: (52) Empty reply from server
error_log:
[Sat May 07 02:29:20 2011] [notice] child pid 970 exit signal Segmentation
fault (11)
Actual result:
--------------
Program received signal SIGSEGV, Segmentation fault.
0xbaf5506c in zif_getopt (ht=2, return_value=0xba60e4c4,
return_value_ptr=0x0,
this_ptr=0x0, return_value_used=0, tsrm_ls=0xba939980)
at
/usr/pkgsrc/www/ap-php/work/php-5.3.6/ext/standard/basic_functions.c:4260
4260 if
((zend_hash_find(HASH_OF(PG(http_globals)[TRACK_VARS_SERVER]), "argv",
sizeof("argv"), (void **) &args) != FAILURE ||
(gdb)
#0 0xbaf5506c in zif_getopt (ht=2, return_value=0xba60e4c4,
return_value_ptr=0x0, this_ptr=0x0, return_value_used=0,
tsrm_ls=0xba939980)
at
/usr/pkgsrc/www/ap-php/work/php-5.3.6/ext/standard/basic_functions.c:4260
#1 0xbb0aa13d in zend_do_fcall_common_helper_SPEC
(execute_data=0xba6a7044,
tsrm_ls=0xba939980)
at /usr/pkgsrc/www/ap-php/work/php-5.3.6/Zend/zend_vm_execute.h:316
#2 0xbb0affa9 in ZEND_DO_FCALL_SPEC_CONST_HANDLER
(execute_data=0xba6a7044,
tsrm_ls=0xba939980)
at /usr/pkgsrc/www/ap-php/work/php-5.3.6/Zend/zend_vm_execute.h:1602
#3 0xbb0a8f54 in execute (op_array=0xba60e128, tsrm_ls=0xba939980)
at /usr/pkgsrc/www/ap-php/work/php-5.3.6/Zend/zend_vm_execute.h:96
#4 0xbb079d8a in zend_execute_scripts (type=8, tsrm_ls=0xba939980,
retval=0x0, file_count=3)
at /usr/pkgsrc/www/ap-php/work/php-5.3.6/Zend/zend.c:1194
#5 0xbaff56f9 in php_execute_script (primary_file=0xbfbfe81c,
tsrm_ls=0xba939980)
at /usr/pkgsrc/www/ap-php/work/php-5.3.6/main/main.c:2266
#6 0xbb15729d in php_handler (r=0xba718058)
at
/usr/pkgsrc/www/ap-php/work/php-5.3.6/sapi/apache2handler/sapi_apache2.c:666
#7 0x0807894a in ap_run_handler ()
(gdb) i r
eax 0x0 0
ecx 0xbfbfcfa4 -1077948508
edx 0xba88b0cc -1165446964
ebx 0xbb5e66d8 -1151441192
esp 0xbfbfcfb0 0xbfbfcfb0
ebp 0xbfbfd0e8 0xbfbfd0e8
esi 0xbb6069c8 -1151309368
edi 0xba60e4d4 -1168055084
eip 0xbaf5506c 0xbaf5506c <zif_getopt+218>
eflags 0x10216 [ PF AF IF RF ]
cs 0x17 23
ss 0x1f 31
ds 0x1f 31
es 0x1f 31
fs 0x0 0
gs 0x0 0
(gdb) x/i $eip
0xbaf5506c <zif_getopt+218>: mov 0xc(%eax),%al
(gdb) x/i $eax
0x0: Cannot access memory at address 0x0
--
Edit bug report at http://bugs.php.net/bug.php?id=54680&edit=1
--
Try a snapshot (PHP 5.2):
http://bugs.php.net/fix.php?id=54680&r=trysnapshot52
Try a snapshot (PHP 5.3):
http://bugs.php.net/fix.php?id=54680&r=trysnapshot53
Try a snapshot (trunk):
http://bugs.php.net/fix.php?id=54680&r=trysnapshottrunk
Fixed in SVN:
http://bugs.php.net/fix.php?id=54680&r=fixed
Fixed in SVN and need be documented:
http://bugs.php.net/fix.php?id=54680&r=needdocs
Fixed in release:
http://bugs.php.net/fix.php?id=54680&r=alreadyfixed
Need backtrace:
http://bugs.php.net/fix.php?id=54680&r=needtrace
Need Reproduce Script:
http://bugs.php.net/fix.php?id=54680&r=needscript
Try newer version:
http://bugs.php.net/fix.php?id=54680&r=oldversion
Not developer issue:
http://bugs.php.net/fix.php?id=54680&r=support
Expected behavior:
http://bugs.php.net/fix.php?id=54680&r=notwrong
Not enough info:
http://bugs.php.net/fix.php?id=54680&r=notenoughinfo
Submitted twice:
http://bugs.php.net/fix.php?id=54680&r=submittedtwice
register_globals:
http://bugs.php.net/fix.php?id=54680&r=globals
PHP 4 support discontinued: http://bugs.php.net/fix.php?id=54680&r=php4
Daylight Savings: http://bugs.php.net/fix.php?id=54680&r=dst
IIS Stability:
http://bugs.php.net/fix.php?id=54680&r=isapi
Install GNU Sed:
http://bugs.php.net/fix.php?id=54680&r=gnused
Floating point limitations:
http://bugs.php.net/fix.php?id=54680&r=float
No Zend Extensions:
http://bugs.php.net/fix.php?id=54680&r=nozend
MySQL Configuration Error:
http://bugs.php.net/fix.php?id=54680&r=mysqlcfg
