Edit report at https://bugs.php.net/bug.php?id=55121&edit=1
ID: 55121 Updated by: nbpo...@php.net Reported by: nbpo...@php.net Summary: Segfault with multipart/form-data POST / 404 request Status: Feedback Type: Bug Package: Built-in web server Operating System: Ubuntu 10.04.2 LTS (64-bit) PHP Version: 5.4SVN-2011-07-03 (snap) Assigned To: moriyoshi Block user comment: N Private report: N New Comment: OK. I retested again just now with the latest snapshot on both OS X and Ubuntu. No segfaults anymore. Previous Comments: ------------------------------------------------------------------------ [2011-07-25 18:11:10] nbpo...@php.net Tested latest snapshot on OS X. Same backtrace. ------------------------------------------------------------------------ [2011-07-25 16:47:21] f...@php.net Could you please try if this fix works on OS X as well? Tested on debian stable. ------------------------------------------------------------------------ [2011-07-25 16:45:42] f...@php.net Automatic comment from SVN on behalf of fa Revision: http://svn.php.net/viewvc/?view=revision&revision=313677 Log: Fix #55121 Segfault with multipart/form-data POST ------------------------------------------------------------------------ [2011-07-20 13:41:49] nbpo...@php.net A similar segfault on OS X 10.6.7 can be caused using the original steps to reproduce: $ curl --form a=b http://127.0.0.1:8000/file.php $ curl http://127.0.0.1:8000/does_not_exist Program received signal EXC_BAD_ACCESS, Could not access memory. Reason: KERN_INVALID_ADDRESS at address: 0x00000002011b0b30 0x000000010024a3b5 in _zend_mm_free_int (heap=0x101000000, p=0x1006651e0) at zend_alloc.c:2097 2097 heap->size -= size; (gdb) bt #0 0x000000010024a3b5 in _zend_mm_free_int (heap=0x101000000, p=0x1006651e0) at zend_alloc.c:2097 #1 0x000000010021e6af in destroy_uploaded_files_hash () at rfc1867.c:199 #2 0x000000010021b252 in sapi_deactivate () at SAPI.c:535 #3 0x00000001002fd61e in php_cli_server_send_error_page (server=0x7fff5fbfa730, client=0x100b4e6f0, status=404) at php_cli_server.c:1525 #4 0x00000001002fb31e in php_cli_server_dispatch [inlined] () at /Users/nbpoole/php-test/php5.4-201107201630/sapi/cli/php_cli_server.c:1636 #5 0x00000001002fb31e in php_cli_server_recv_event_read_request (server=0x7fff5fbfe970, client=0x1006651e0) at php_cli_server.c:1924 #6 0x00000001002fcae5 in php_cli_server_do_event_for_each_fd_callback [inlined] () at /Users/nbpoole/php-test/php5.4-201107201630/sapi/cli/php_cli_server.c:2010 #7 0x00000001002fcae5 in php_cli_server_do_event_for_each_fd [inlined] () at php_cli_server.c:671 #8 0x00000001002fcae5 in php_cli_server_poller_iter_on_active [inlined] () at /Users/nbpoole/php-test/php5.4-201107201630/sapi/cli/php_cli_server.c:2046 #9 0x00000001002fcae5 in php_cli_server_do_event_loop [inlined] () at /Users/nbpoole/php-test/php5.4-201107201630/sapi/cli/php_cli_server.c:2036 #10 0x00000001002fcae5 in do_cli_server (argc=4, argv=0x10) at php_cli_server.c:2147 #11 0x00000001002f6aa4 in main (argc=1606415328, argv=0x7fff5fbff400) at php_cli.c:1359 ------------------------------------------------------------------------ [2011-07-20 13:09:48] f...@php.net I think the culprit lies in php_cli_server_client_populate_request_info in the line request_info->content_type = *val; which doesn't terminate correctly at ; and reads multipart/form-data; boundary=----------------------------c1e04e412bff instead of multipart/form-data; ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at https://bugs.php.net/bug.php?id=55121 -- Edit this bug report at https://bugs.php.net/bug.php?id=55121&edit=1
