Bug #5731 [Csd]: Segmentation fault with dbase_add_record() (trace included)

xrumer at chaneljpoutlet dot com Thu, 10 May 2012 03:18:26 -0700

Edit report at https://bugs.php.net/bug.php?id=5731&edit=1


 ID:                 5731
 User updated by:    xrumer at chaneljpoutlet dot com
 Reported by:        xrumer at chaneljpoutlet dot com
 Summary:            Segmentation fault with dbase_add_record() (trace
                     included)
 Status:             Closed
 Type:               Bug
 Package:            *General Issues
 Operating System:   NetBSD 1.3.3, RedHat 6.2
 PHP Version:        4.0 Latest CVS (22/07/2000)
 Block user comment: N
 Private report:     N

 New Comment:

ããªãã¯ä¿¡é ¼æ§ã¨ä½ã·ã£ãã«ã®ãã³ãããã°ãæ¢ãã¦ããå ´åã¯ãããã«ã¯ãã®ããã«å¤ã«è¦ãããã¨ãã§ãã¾ããï¼ãã¹ã¦ã®å¥³æ§ã«ãã®ã¯ã¨ãªãè¦æ±ããå½¼å¥³ã¯çããç¨ãã¦èª¿è£½ãããã¨ãã§ãã¾ããå½¼å¥³ã¯éæ¹ãæ¸å°ãè²©å£²ä¾¡æ ¼èé¢åã®éã§å½¼ãã®ã·ã³ã°ã«ãå¾ãã®ã§ãå½¼å¥³ã¯ãç¥ã£ã¦ãã¾ããæªãå¥³ã®åã§ããå½¼å¥³ãå¾ãããä½ãã·ã£ãã«ã®è²¡å¸ãä¿¡é ¼ã§ãããã®ã§ã¯ããã¾ãããã¨ãèªèãã¦ãã¾ãããå¥³æ§ãäººçã®ãã¹ã¦ã®ä»ã®è¦å ã§éå¸¸ã«è³¢æã§ããã«ãããããããå½¼ãã¯ããä½ãæ¼æã·ã£ãã«ã³ã³ã»ã³ããè¦ã¦ãåãã§è²©å£²ä¾¡æ ¼ã«è¦ããããã«æ°ã«ããªãã¨ãå½¼ãã¯åã«æº¶ããã<a
 href=http://www.chaneljpoutlet.com/>ã·ã£ãã« ããã°</a>  
  
  
 
å½¼ãã¯ãããå²å¼ä¾¡æ ¼ã®ãã®ç¨®ã§ã¯ããããã®åªããããã°ãå¥æãããã¨ã¯ä¸å¯è½ã§ãããã¨ãå®ç¾ãããããããããã¯éå¸¸ã«ä½ãå¤ãä»ããããã¨ããäºå®ã ãã®ããå½ç©ãä»ãã¦ãããå§åããã¦ãã¾ããããªãã¯ä¸ã®ã·ã£ãã«ã®ããã°ãè²·ã£ã¦ç´æ¬å½ã«ç±å¿ã§ããã°ãããªãã®çæ³çãªé¸æã¯ããããã®å²å¼ãæä¾ãã¦ãã¦æåãªãåºãæ¢ãããã§ããããããªãã¯ãåã«ææ°ã¢ãã«ãè³¼å¥ãããã¨ãã§ããããã«å¤§ååºãé¢ãæç½ã«ãã®æä»£éãã®æ ªå¼ãããã°ã®æ ªå¼ãæãã®ã¤ã³ã¹ã¿ã³ã¹ãããã¾ããã¤ã³ã¹ã¿ã³ã¹ã®ãã®ç¨®ã§ãå½¼ãã¯ã·ã£ãã«ã®è²¡å¸ãã·ã£ãã«ã®10ï¼ã¨ææã«å²å¼ãæä¾ãã¦ãã¾ããããªãã¯ãããç¬éã®å©çãèæ®ããä½ã·ã£ãã«ã®ãã³ãããã°ãè³¼å¥ããå¿è¦ãããã¾ããããªããä½ã³ã¹ãã§ããããã®ãã©ã³ãã®è²¡å¸ã®å½¹ã«ç«ã¤ãã¨ãã§ããã°ä»ã®æ©ä¼ã«ã¯ãç¥ãã®å£ç¯ãã¯ãªã¹ãã¹ã®ããã«ããã¾ãã«ãããã¾ãã<a
 href=http://www.chaneljpoutlet.com/>ã·ã£ãã«</a>  
  
 
ã¦ã§ãã¹ãã¢ã®ç°ãªãå¤ãã¯ããã«ãããã¨ãã§ããå®ä¾¡ãªæ¨¡é åã«ã ã¾ããã¾ããããããã®å¤§åã¯ãæè³ãå®ä¾¡ã§ã¤ã³ãã¼ããããå½ã®ããã°ãå½¼ãã¯æ¬ç©ã®ä¼¼ã¦ããããããªãããããä¸ããæ¬ é¥ã®éãçºè¦ããããã«è¦ããã®è¿ãã«ã¨ãèããããããã¾ãããçç£éè¤ãã©ã³ãè²¡å¸ãå°éã«æªããââãªæ©é¢ãããã¾ããããªãã¯ãåã«ãããã®å¨ãã«æ°ã¥ãã¦ãããã¨ãæ¸å°ãä¾¡æ ¼ã®ããã°ã¯ããããã®æ©é¢ããçºä¿¡ãã«ãªã£ã¦ãã¾ããããªãã¯ãããã®è²ãæ£å¸¸ã«åä½ãã¦ãããã¨ãã¾ãã¯ãããã®ã¹ããããé¢ãã¦è½ã¡ã¦ãããã¨ãçºè¦ããã§ãããæ£ç¢ºã«åããã®ãå©ç¨ãã¦ããã®åã®éã®åé¨ã<a
 href=http://www.chaneljpoutlet.com/>ã·ã£ãã« ããã°</a>  
  
  
 
èª°ãå½¼ãããªã³ã©ã¤ã³ã§è³¼å¥å¾ããã®ã«ã¼ããç¢ºä¿ããããã«æ±ããããã«æ°ã«ãªãã¯ããã¾ãããå½¼ãã¯ãããã®å®ä¾¡ãªã·ã£ãã«2.55ãã¼ãã£ã³ãã¤ã¸ã³ã°ãããã¨ãã§ããWebãã¼ã¸ä¸ã§è³¢æãªæç« ãéãã¦ãã ã¾ããã¦ãã¾ããã¦ã§ãã·ã§ããä¸ã§ãç¹å®ã®ããã«ãããããããç¾å¨ã§ãã·ã£ãã«ã®ããã°ã«å¤§è¦æ¨¡ãªä½ä¾¡æ ¼ãæä¾ãã¦ããå ´åã«é©ãã¦ã¯ããã¾ãããããªããçµé¨ããã®ã§ãåã«1é±éã¨åããæ£ç¢ºã«è¨ªåããå ´åãWebãµã¤ãã§ã¯ããããããã¦ãæçµçãªã¡ã¬å©çã®æ¥ãçµé¨ããã¨ä¸»å¼µããã<a
 href=http://www.chaneljpoutlet.com/>ã·ã£ãã«</a>


Previous Comments:
------------------------------------------------------------------------
[2000-07-23 05:39:50] sterling at cvs dot php dot net

Fixed in CVS (in two minutes or so).

------------------------------------------------------------------------
[2000-07-23 04:58:14] joey at cvs dot php dot net

Can duplicate using CVS a/o 23 Jul 2000.

Here is a more complete example (using dbase_create() instead of db_open()):

<?php
$def =
        array(
                        array("Name", "C", 250),
                        array("Foo", "N", 5, 2),
                        array("Date", "D"),
                        array("Bar", "L")
                );
$db = dbase_create("customer.dbf", $def);
//$db = dbase_open("customer.dbf", 2);
$newRecord = array("John Smith", 100.00, "199980901", "Y");
dbase_add_record($db, $newRecord);
dbase_close($db);
?>


#0  0x80e5878 in _zval_ptr_dtor (zval_ptr=0x842c1b0, __zend_filename=0x8185ba9 
"zend_variables.c", __zend_lineno=182) at zend_execute_API.c:270
#1  0x80eb083 in _zval_ptr_dtor_wrapper (zval_ptr=0x842c1b0) at 
zend_variables.c:182
#2  0x80eeca0 in zend_hash_destroy (ht=0x842c124) at zend_hash.c:564
#3  0x80eae26 in _zval_dtor (zvalue=0x8427c64, __zend_filename=0x818543c 
"zend_execute_API.c", __zend_lineno=272) at zend_variables.c:69
#4  0x80e589a in _zval_ptr_dtor (zval_ptr=0x8255e28, __zend_filename=0x81911e0 
"zend_execute.h", __zend_lineno=123) at zend_execute_API.c:272
#5  0x80f6bd4 in zend_ptr_stack_clear_multiple () at zend_execute.h:123
#6  0x8118ce2 in execute (op_array=0x8205fa4) at ./zend_execute.c:1638
#7  0x8070607 in php_execute_script (primary_file=0xbffffbb8) at main.c:1169
#8  0x806ee0e in main (argc=3, argv=0xbffffc34) at cgi_main.c:674

(gdb) print **zval_ptr
$1 = {value = {lval = 1852144128, dval = 3.1453911460008387e+161, str = {val = 
0x6e657a00 <Address 0x6e657a00 out of bounds>, len = 1635147620}, ht = 
0x6e657a00, obj = {
      ce = 0x6e657a00, properties = 0x61765f64}}, type = 114 'r', is_ref = 105 
'i', refcount = 25185}

Looks to me like zval_ptr has already been freed at this point?

And a more complete backtrace:


------------------------------------------------------------------------
[2000-07-22 01:27:55] xrumer at chaneljpoutlet dot com

Hi,

I ran some tests with PHP 4.0.2-dev snapshot php4-200007211345.

I saw that dbase_create() was finally fixed so this ran fine. Every other dBase 
function runs fine, except dbase_add_record().

(gdb) run -e -q -f add.php
Starting program: /space/www/bin/php/php-4.0.2-dev_debug -e -q -f add.php

Program received signal SIGSEGV, Segmentation fault.
0x7f21d in _zval_ptr_dtor (zval_ptr=0x22c198) at zend_execute_API.c:270
zend_execute_API.c:270: No such file or directory.

Here's create.php that works fine (basically, dbase_get_record(), 
dbase_delete_record(), dbase_pack(), etc. work but dbase_add_record()):

#!/space/www/bin/php/php
<?
$fields = array(
        array("Name", "C", 32),
        array("Balance", "N", 8, 2),
        array("Birthday", "D"),
        array("Commercial", "L")
        );

$db = dbase_create("customer.dbf", $fields);

dbase_close($db);
?>

Here's the most simple script that will segfault PHP, add.php:

#!/space/www/bin/php/php
<?
$db = dbase_open("customer.dbf", 2);
$newRecord = array("John Smith", 100.00, "199980901", "Y");
dbase_add_record($db, $newRecord);
dbase_close($db);
?>

Here's my ./configure:

./configure --with-config-file-path=/space/www/etc/httpd/conf/php_cgi \
            --enable-discard-path \
            --with-gd=/u/guest/www/mbin/i386-NetBSD \
            --with-mysql \
            --with-dbase \
            --with-zlib=/u/guest/www/mbin/i386-NetBSD \
            --with-mcrypt=/u/guest/www/mbin/i386-NetBSD \
            --with-mhash=/u/guest/www/mbin/i386-NetBSD \
            --enable-ftp \
            --enable-inline-optimization \
            --with-jpeg-dir=/u/guest/www/mbin/i386-NetBSD \
            --with-imap=/u/guest/www/mbin/i386-NetBSD/lib

Everything mentioned by theses lines works (except GD+PNG but that's another 
story :)

I tried this on a basic RH6.2 and gets the same result:

here's the trace, running the same scripts and same snapshot with basic 
./configure

(gdb) run -e -q -f add.cgi
Starting program: /usr/local/bin/php -e -q -f add.cgi

Program received signal SIGSEGV, Segmentation fault.
0x80c4c55 in _zval_ptr_dtor (zval_ptr=0x8145550) at zend_execute_API.c:270
270             (*zval_ptr)->refcount--;

------------------------------------------------------------------------



-- 
Edit this bug report at https://bugs.php.net/bug.php?id=5731&edit=1

Bug #5731 [Csd]: Segmentation fault with dbase_add_record() (trace included)

Reply via email to