From:
Operating system: Solaris 10
PHP version: 5.3.8
Package: ICONV related
Bug Type: Bug
Bug description:UTF-8 to ISO-8859-1 conversion of a string segfaults
Description:
------------
using iconv() within a php script segfaults when converting a UTF-8 string
to ISO-8859-1
I downloaded and compiled gnu libiconv-1.14 into /opt/local
My php configure
./configure '--prefix=/opt/bstage/php5.3.8' \
'--with-apxs2=/opt/bstage/apache2.2.21-php/bin/apxs' \
'--enable-bcmath' \
'--enable-mbstring' \
'--with-zlib' \
'--with-config-file-path=/opt/bstage/php5.3.8/lib' \
'--with-xsl' \
'--with-xmlrpc' \
'--with-regex=system' \
'--without-sqlite' \
'--disable-posix' \
'--enable-dom' \
'--disable-pdo' \
'--enable-xml' \
'--with-libxml-dir=/opt/local' \
'--enable-ipv6' \
'--host=i386-sun-solaris2' \
'--mandir=/opt/local/man' \
'--with-gd' \
'--with-mysql=/opt/mysql-5.5.8-solaris10-i386' \
'--with-mysqli=/opt/mysql-5.5.8-solaris10-i386/bin/mysql_config' \
'--with-curl=/opt/local' \
'--enable-debug'
ldd php
libexslt.so.0 => /usr/lib/libexslt.so.0
libresolv.so.2 => /lib/libresolv.so.2
libmysqlclient.so.16 =>
/opt/mysql-5.5.8-solaris10-i386/lib/libmysqlclient.so.16
libiconv.so.2 => /opt/local/lib/libiconv.so.2
libpng12.so.0 => /usr/lib/libpng12.so.0
libz.so.1 => /usr/lib/libz.so.1
librt.so.1 => /lib/librt.so.1
libm.so.2 => /lib/libm.so.2
libnsl.so.1 => /lib/libnsl.so.1
libsocket.so.1 => /lib/libsocket.so.1
libxml2.so.2 => /usr/lib/libxml2.so.2
libcurl.so.4 => /opt/local/lib/libcurl.so.4
libssl.so.0.9.7 => /usr/sfw/lib/libssl.so.0.9.7
libcrypto.so.0.9.7 => /usr/sfw/lib/libcrypto.so.0.9.7
libldap.so.5 => /usr/lib/libldap.so.5
libdl.so.1 => /lib/libdl.so.1
libthread.so.1 => /lib/libthread.so.1
libxslt.so.1 => /usr/lib/libxslt.so.1
libc.so.1 => /lib/libc.so.1
libpthread.so.1 => /lib/libpthread.so.1
libgcc_s.so.1 => /usr/sfw/lib/libgcc_s.so.1
libaio.so.1 => /lib/libaio.so.1
libmd.so.1 => /lib/libmd.so.1
libmp.so.2 => /lib/libmp.so.2
libscf.so.1 => /lib/libscf.so.1
libsasl.so.1 => /usr/lib/libsasl.so.1
libnspr4.so => /usr/lib/mps/libnspr4.so
libplc4.so => /usr/lib/mps/libplc4.so
libnss3.so => /usr/lib/mps/libnss3.so
libssl3.so => /usr/lib/mps/libssl3.so
libdoor.so.1 => /lib/libdoor.so.1
libuutil.so.1 => /lib/libuutil.so.1
libgen.so.1 => /lib/libgen.so.1
libsoftokn3.so => /usr/lib/mps/libsoftokn3.so
libplds4.so => /usr/lib/mps/libplds4.so
libbsm.so.1 => /lib/libbsm.so.1
libsecdb.so.1 => /lib/libsecdb.so.1
libtsol.so.2 => /lib/libtsol.so.2
libcmd.so.1 => /lib/libcmd.so.1
libssl_extra.so.0.9.7 =>
/usr/sfw/lib/libssl_extra.so.0.9.7
libcrypto_extra.so.0.9.7 =>
/usr/sfw/lib/libcrypto_extra.so.0.9.7
I've used truss and gdb and get a segfault.
Test script:
---------------
<?php
error_reporting(E_ALL);
/*
$text = utf8_encode("Dave Kelsey");
*/
$text = "Dave Kelsey";
echo 'Original : ', $text, PHP_EOL;
echo 'Plain : ', iconv("UTF-8", "ISO-8859-1", $text), PHP_EOL;
?>
Expected result:
----------------
Original : Dave Kelsey
Plain : Dave Kelsey
Actual result:
--------------
./php -ef iconv.php
Original : Dave Kelsey
Plain : Segmentation Fault (core dumped)
Note: the parsing of the string takes about 3-4 seconds?
gdb ./php -c core
GNU gdb 6.8
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
<http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "i386-pc-solaris2.9"...
Reading symbols from /opt/local/lib/libexslt.so.0...done.
Loaded symbols for /opt/local/lib/libexslt.so.0
Reading symbols from /opt/local/lib/libgcrypt.so.11...done.
Loaded symbols for /opt/local/lib/libgcrypt.so.11
Reading symbols from /opt/local/lib/libgpg-error.so.0...done.
Loaded symbols for /opt/local/lib/libgpg-error.so.0
Reading symbols from /lib/libsocket.so.1...done.
Loaded symbols for /lib/libsocket.so.1
Reading symbols from /lib/libnsl.so.1...done.
Loaded symbols for /lib/libnsl.so.1
Reading symbols from /lib/libm.so.2...done.
Loaded symbols for /lib/libm.so.2
Reading symbols from /lib/libresolv.so.2...done.
Loaded symbols for /lib/libresolv.so.2
Reading symbols from
/opt/mysql/mysql-5.5.16/lib/libmysqlclient.so.18...done.
Loaded symbols for /opt/mysql/mysql-5.5.16//lib/libmysqlclient.so.18
Reading symbols from /opt/local/lib/libfreetype.so.6...done.
Loaded symbols for /opt/local/lib/libfreetype.so.6
Reading symbols from /opt/local/usr/local/lib/libpng12.so.0...done.
Loaded symbols for /opt/local/usr/local/lib/libpng12.so.0
Reading symbols from /opt/local/lib/libjpeg.so.8...done.
Loaded symbols for /opt/local/lib/libjpeg.so.8
Reading symbols from /lib/librt.so.1...
warning: Lowest section in /lib/librt.so.1 is .dynamic at 00000074
done.
Loaded symbols for /lib/librt.so.1
Reading symbols from /opt/local/lib/libcurl.so.4...done.
Loaded symbols for /opt/local/lib/libcurl.so.4
Reading symbols from /opt/local/lib/libidn.so.11...done.
Loaded symbols for /opt/local/lib/libidn.so.11
Reading symbols from /opt/local/lib/libintl.so.3...done.
Loaded symbols for /opt/local/lib/libintl.so.3
Reading symbols from /lib/libc.so.1...done.
Loaded symbols for /lib/libc.so.1
Reading symbols from /opt/local/lib/libssh2.so.1...done.
Loaded symbols for /opt/local/lib/libssh2.so.1
Reading symbols from /opt/local/lib/libssl.so.0.9.8...done.
Loaded symbols for /opt/local/lib/libssl.so.0.9.8
Reading symbols from /opt/local/lib/libcrypto.so.0.9.8...done.
Loaded symbols for /opt/local/lib/libcrypto.so.0.9.8
Reading symbols from /lib/libthread.so.1...
warning: Lowest section in /lib/libthread.so.1 is .dynamic at 00000074
done.
Loaded symbols for /lib/libthread.so.1
Reading symbols from /opt/local/lib/libxslt.so.1...done.
Loaded symbols for /opt/local/lib/libxslt.so.1
Reading symbols from /opt/local/lib/libxml2.so.2...done.
Loaded symbols for /opt/local/lib/libxml2.so.2
Reading symbols from /opt/local/lib/libz.so.1...done.
Loaded symbols for /opt/local/lib/libz.so.1
Reading symbols from /opt/local/lib/libiconv.so.2...done.
Loaded symbols for /opt/local/lib/libiconv.so.2
Reading symbols from /opt/gcc/lib/libgcc_s.so.1...done.
Loaded symbols for /opt/gcc/lib/libgcc_s.so.1
Reading symbols from /usr/lib/libm.so.1...done.
Loaded symbols for /usr/lib/libm.so.1
Reading symbols from /lib/libdl.so.1...
warning: Lowest section in /lib/libdl.so.1 is .dynamic at 00000074
done.
Loaded symbols for /lib/libdl.so.1
Reading symbols from
/usr/lib/locale/en_US.ISO8859-1/en_US.ISO8859-1.so.3...done.
Loaded symbols for /usr/lib/locale/en_US.ISO8859-1/en_US.ISO8859-1.so.3
Reading symbols from /lib/ld.so.1...done.
Loaded symbols for /lib/ld.so.1
Core was generated by `./php -ef iconv.php'.
Program terminated with signal 11, Segmentation fault.
[New process 79440 ]
#0 0xec835356 in ?? ()
(gdb) bt full
#0 0xec835356 in ?? ()
No symbol table info available.
#1 0xfe5068ab in iconv () from /lib/libc.so.1
No symbol table info available.
#2 0x081f7a91 in php_iconv_string (in_p=0x889aab0 "Dave Kelsey",
in_len=11, out=0x8046fc0, out_len=0x8046fc4, out_charset=0x889ab58
"ISO-8859-1",
in_charset=0x889ab48 "UTF-8") at
/root/downloads/php/php-5.3.8/ext/iconv/iconv.c:501
cd = (libiconv_t) 0x8a12670
in_left = 11
out_size = 134508456
out_left = 43
out_p = 0x889ab88 "\200«\211\b\200«\211\bÃÃ\210\b"
out_buf = 0x889ab88 "\200«\211\b\200«\211\bÃÃ\210\b"
bsz = 43
result = 143239192
retval = PHP_ICONV_ERR_SUCCESS
#3 0x081faa54 in php_if_iconv (ht=3, return_value=0x889ab6c,
return_value_ptr=0x0, this_ptr=0x0, return_value_used=1)
at /root/downloads/php/php-5.3.8/ext/iconv/iconv.c:2327
in_charset = 0x889ab48 "UTF-8"
out_charset = 0x889ab58 "ISO-8859-1"
in_buffer = 0x889aab0 "Dave Kelsey"
out_buffer = 0x0
out_len = 0
in_charset_len = 5
out_charset_len = 10
in_buffer_len = 11
err = 4261726858
#4 0x083991e6 in zend_do_fcall_common_helper_SPEC (execute_data=0x8a128a0)
at /root/downloads/php/php-5.3.8/Zend/zend_vm_execute.h:320
opline = (zend_op *) 0x889a818
should_change_scope = 0 '\0'
#5 0x08398241 in execute (op_array=0x889a0a0) at
/root/downloads/php/php-5.3.8/Zend/zend_vm_execute.h:107
ret = -33240438
execute_data = (zend_execute_data *) 0x8a128a0
nested = 1 '\001'
original_in_execution = 0 '\0'
#6 0x08377dc1 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
at /root/downloads/php/php-5.3.8/Zend/zend.c:1236
files = 0x8047164 ""
i = 1
file_handle = (zend_file_handle *) 0x8047c34
orig_op_array = (zend_op_array *) 0x0
orig_retval_ptr_ptr = (zval **) 0x0
#7 0x08328d93 in php_execute_script (primary_file=0x8047c34) at
/root/downloads/php/php-5.3.8/main/main.c:2284
__orig_bailout = (sigjmp_buf *) 0x8047a24
__bailout = {6, 0, 2, -28186266, 143236960, 2, 124026880, 10485760,
0, 451, 144637952, -27328437, 134479947, 134511140, 143169632, 134510648,
134508896, 142788536, 0, 0, 134509984, 0, 0, 137530443, 67, 0, 134508896,
134479947, -27314224, 143236784, 134510136, 137625212, 134510176,
-27873851, 0,
142788536, -27314224, 142480623, 134510392, 137358624, -27314224,
142484396, 134510224, 142480623, 134510336, -16797368, -16797380, 212116,
17,
143236012, 3, -16795644, 134510224, 4, -27314224, 137728298, 0, 2,
143185368, 142788536, 79691777, 0, 0, -28264130, -1451536758, -27328512,
-27298104,
-28267682, -27324200, 0, 0, -27873640, 32, -27328512, 134510344,
-27895262, -27324200, 0, 1319653082, -27895702, 143448376, -27328512,
134510344,
-34002432, -27324200, 0, -27298104, 7, 144748440, -27328512, 134510376,
-28267395, -27324200, -27328512, 134510424, -28267454, 143448376, 7,
143448376,
137898921, 144748440, 134510544, 32, 7, -1043831655, 145041656, 1177,
142788536, 0, 7, 134510504, 137728298, 143448376, 144739664, 7, 134510544,
32, 0,
2, 0, 144739664, 142542513, 6, 7, 0, 144739664, 143185368, 142788536}
prepend_file_p = (zend_file_handle *) 0x0
append_file_p = (zend_file_handle *) 0x0
prepend_file = {type = ZEND_HANDLE_FILENAME, filename = 0x0,
opened_path = 0x0, handle = {fd = 0, fp = 0x0, stream = {handle = 0x0,
isatty = 0,
mmap = {len = 0, pos = 0, map = 0x0, buf = 0x0, old_handle = 0x0,
old_closer = 0}, reader = 0, fsizer = 0, closer = 0}}, free_filename = 0
'\0'}
append_file = {type = ZEND_HANDLE_FILENAME, filename = 0x0,
opened_path = 0x0, handle = {fd = 0, fp = 0x0, stream = {handle = 0x0,
isatty = 0,
mmap = {len = 0, pos = 0, map = 0x0, buf = 0x0, old_handle = 0x0,
old_closer = 0}, reader = 0, fsizer = 0, closer = 0}}, free_filename = 0
'\0'}
old_cwd_fd = -1
retval = 0
#8 0x083fbd48 in main (argc=3, argv=0x8047cc4) at
/root/downloads/php/php-5.3.8/sapi/cli/php_cli.c:1184
__bailout = {6, 0, 134959818, 134955032, 134511236, -16997478,
124026880, 10485760, 0, 142737859, 134479872, -17039285, -17235893, 43096,
-1,
134511772, 134510656, 142788536, 143169632, 143194129, 134511140, 0, 0,
138391421, 67, 0, 134510656, -65461, 134511312, 134511572, 134511576, 16,
0,
134511336, -27873640, -27310912, -27328512, 134511352, -27895262,
-27310912, 0, 134511620, -27895702, 134959818, -17234952, -33423080,
-34002432,
81189587, 3515, 134729512, -27873640, -27310912, -27328512, 134511416,
-27873851, -34002432, 0, 134511432, -27874005, 134511616, 6401, 134511496,
3,
134511616, 134511572, 134511576, -16797368, -16797380, -16795644,
134511448, -16987850, 3, -16795644, 134511464, -16987912, 3, -16795644,
134511496,
-16953738, 3, -16795644, 134511496, -16954035, 3, 134511508, -16987912,
0, -16796876, -16795644, 134511688, -16920736, -16797368, 0, 2, 0,
142788576, 0,
0, 40, -16795644, 134959818, -33881832, -33550900, -33516788, 2,
135072476, 1, 0, -27873640, 1, -27328512, 134511648, -27896958, -33443444,
0, 0,
-27873640, 1, -27328512, 134511680, -27895262, -33443444, 0, 81189587,
-27895702, 143081348, -33443992, 134511680}
exit_status = 0
c = 134512039
file_handle = {type = ZEND_HANDLE_MAPPED, filename = 0x8047da6
"iconv.php", opened_path = 0x0, handle = {fd = 143237716, fp = 0x889a254,
stream = {
handle = 0x889a254, isatty = 0, mmap = {len = 202, pos = 0, map =
0xfdf30000, buf = 0xfdf30000 <Address 0xfdf30000 out of bounds>,
old_handle = 0xfe5f37e0, old_closer = 0x8389b7c
<zend_stream_stdio_closer>}, reader = 0x8389b50
<zend_stream_stdio_reader>,
fsizer = 0x8389bb0 <zend_stream_stdio_fsizer>, closer = 0x8389c14
<zend_stream_mmap_closer>}}, free_filename = 0 '\0'}
behavior = 1
reflection_what = 0x0
orig_optind = 1
orig_optarg = 0x0
arg_free = 0x8047da6 "iconv.php"
arg_excp = (char **) 0x87ede1e
script_file = 0x8047da6 "iconv.php"
interactive = 0
module_started = 1
request_started = 1
lineno = 1
exec_direct = 0x0
exec_run = 0x0
exec_begin = 0x0
exec_end = 0x0
param_error = 0x0
hide_argv = 0
ini_entries_len = 110
(gdb)
--
Edit bug report at https://bugs.php.net/bug.php?id=60310&edit=1
--
Try a snapshot (PHP 5.4):
https://bugs.php.net/fix.php?id=60310&r=trysnapshot54
Try a snapshot (PHP 5.3):
https://bugs.php.net/fix.php?id=60310&r=trysnapshot53
Try a snapshot (trunk):
https://bugs.php.net/fix.php?id=60310&r=trysnapshottrunk
Fixed in SVN:
https://bugs.php.net/fix.php?id=60310&r=fixed
Fixed in SVN and need be documented:
https://bugs.php.net/fix.php?id=60310&r=needdocs
Fixed in release:
https://bugs.php.net/fix.php?id=60310&r=alreadyfixed
Need backtrace:
https://bugs.php.net/fix.php?id=60310&r=needtrace
Need Reproduce Script:
https://bugs.php.net/fix.php?id=60310&r=needscript
Try newer version:
https://bugs.php.net/fix.php?id=60310&r=oldversion
Not developer issue:
https://bugs.php.net/fix.php?id=60310&r=support
Expected behavior:
https://bugs.php.net/fix.php?id=60310&r=notwrong
Not enough info:
https://bugs.php.net/fix.php?id=60310&r=notenoughinfo
Submitted twice:
https://bugs.php.net/fix.php?id=60310&r=submittedtwice
register_globals:
https://bugs.php.net/fix.php?id=60310&r=globals
PHP 4 support discontinued:
https://bugs.php.net/fix.php?id=60310&r=php4
Daylight Savings: https://bugs.php.net/fix.php?id=60310&r=dst
IIS Stability:
https://bugs.php.net/fix.php?id=60310&r=isapi
Install GNU Sed:
https://bugs.php.net/fix.php?id=60310&r=gnused
Floating point limitations:
https://bugs.php.net/fix.php?id=60310&r=float
No Zend Extensions:
https://bugs.php.net/fix.php?id=60310&r=nozend
MySQL Configuration Error:
https://bugs.php.net/fix.php?id=60310&r=mysqlcfg
