Edit report at https://bugs.php.net/bug.php?id=63159&edit=1
ID: 63159
Comment by: slangley at google dot com
Reported by: slangley at google dot com
Summary: Passing > 1 additional module to php_module_startup
causes a segfault
Status: Feedback
Type: Bug
Package: Reproducible crash
Operating System: N/A
PHP Version: 5.4.7
Block user comment: N
Private report: N
New Comment:
Sure - this will result in a segfault.
int register_moules(sapi_module_struct* sapi_module) {
zend_module_entry modules[] = {
my_module_1_entry,
my_module_2_entry,
};
int module_count = sizeof(modules) / sizeof(zend_module_entry);
return php_module_startup(sapi_module, modules, module_count);
}
Previous Comments:
------------------------------------------------------------------------
[2013-01-28 00:56:16] s...@php.net
Could you add some (short) code that would help to reproduce the problem?
------------------------------------------------------------------------
[2012-09-25 10:34:03] slangley at google dot com
Not sure how that might be ...
Here's the signature for php_module_startup
int php_module_startup(sapi_module_struct *sf, zend_module_entry
*additional_modules, uint num_additional_modules);
The parameter num_additional_modules suggests that more then one module_entry
can be passed in the additional_modules argument, but it's only a pointer not
an
array of pointers.
Here's the signature for php_register_extensions, which is called from
php_module_startup.
int php_register_extensions(zend_module_entry **ptr, int count TSRMLS_DC);
This more correctly takes an array of pointers.
I don't know why this wasn't fixed when first reported in 2004 - I couldn't
find
any more information than the thread I linked.
------------------------------------------------------------------------
[2012-09-25 09:42:22] larue...@php.net
I am not sure, is this just a wrong usage of ZEND API?
------------------------------------------------------------------------
[2012-09-25 02:06:43] slangley at google dot com
Description:
------------
This was reported in 2004 but seemingly never fixed?
http://marc.info/?l=php-internals&m=110257814320454&w=2
php_module_startup expects a pointer to an array of structures of
zend_module_entry. This gets passed to php_register_extensions which expects an
array of points to structures of zend_module_entry. php_register_extensions
then
tries to use pointer arithmetic to walk along the passed array, which will
cause a
seg fault.
I will make a pull request on github with this fix.
Test script:
---------------
Write a SAPI, pass > 2 additional modules to php_module_startup.
------------------------------------------------------------------------
--
Edit this bug report at https://bugs.php.net/bug.php?id=63159&edit=1
