Bug #65667 [Com]: ftp_nb_continue produces segfault

phofstetter at sensational dot ch Tue, 01 Oct 2013 23:15:29 -0700

Edit report at https://bugs.php.net/bug.php?id=65667&edit=1


 ID:                 65667
 Comment by:         phofstetter at sensational dot ch
 Reported by:        imprec at gmail dot com
 Summary:            ftp_nb_continue produces segfault
 Status:             Open
 Type:               Bug
 Package:            FTP related
 Operating System:   OSX
 PHP Version:        5.5.3
 Block user comment: N
 Private report:     N

 New Comment:

and here's one stack frame higher (giving you the data you requested):

(gdb) p ftp
$1 = (ftpbuf_t *) 0x7ffff7fcf1f8
(gdb) p ftp->stream
$2 = (php_stream *) 0x7ffff7fceb78
(gdb) p data
$3 = (databuf_t *) 0x7ffff7fd1388
(gdb) p ftp->stream->ops
$4 = (php_stream_ops *) 0x0

Again, something is wrong with that stream.


Previous Comments:
------------------------------------------------------------------------
[2013-10-02 06:00:46] phofstetter at sensational dot ch

Here's a bit of poking around in gdb:

Program received signal SIGSEGV, Segmentation fault.
0x000000000070080d in _php_stream_write (stream=0x18eecb8,
    buf=0x19511b4 
"\243\060\060\060\060\060\060\060\061\243\r\nPAD\243\060\243\060\060\062\063\071\060\243\060\060\067\065\063\061\243\060\060\060\060\060\060\060\061\243\r\nPAD\243\060\243\060\060\062\063\071\060\243\060\060\067\063\066\061\243\060\060\060\060\060\060\060\062\243\r\nPAD\243\060\243\060\060\062\063\071\060\243\060\060\064\065\070\060\243\060\060\060\060\060\060\062\071\243\r\nPAD\243\060\243\060\060\062\063\071\060\243\060\060\067\060\060\066\243\060\060\060\060\060\060\060\063\243\r\nPAD\243\060\243\060\060\062\063\071\060\243\060\060\060\063\061\061\243\060\060\060\060\060\060\060\065\243\r\nPAD\243\060\243\060\060\062\063\071\060\243\060\060\066\063\061\065\243\060\060\060\060\060\060\060\066\243\r\nPA"...,
 count=1352) at 
/home/crazyhat/popscan-deb/downloads/php-5.5.4/main/streams/streams.c:1233
warning: Source file is more recent than executable.
1233        if (buf == NULL || count == 0 || stream->ops->write == NULL) {
(gdb) p count
$1 = 1352
(gdb) p stream
$2 = (php_stream *) 0x18eecb8
(gdb) p stream->ops
$3 = (php_stream_ops *) 0x0
(gdb)

stream->ops seems to be NULL

------------------------------------------------------------------------
[2013-10-02 05:52:56] phofstetter at sensational dot ch

I can confirm this to happen on Linux too.

Also in 5.4.20 (5.4.16 was fine) and 5.5.4

------------------------------------------------------------------------
[2013-09-17 08:36:21] imprec at gmail dot com

Well, not so much chance :(


(gdb) run
Starting program: /usr/local/bin/php 
/Users/romain/Documents/workspace/Phraseanet/ftp.php
Reading symbols for shared libraries 
+++++++++++++++++++++............................................... done
Reading symbols for shared libraries ...................... done
Reading symbols for shared libraries .. done
Reading symbols for shared libraries .. done
Reading symbols for shared libraries ....... done
Reading symbols for shared libraries ..... done
Reading symbols for shared libraries . done
Reading symbols for shared libraries . done
bt full
Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: 13 at address: 0x0000000000000000
0x0000000100387a75 in _php_stream_write ()
(gdb) bt full
#0  0x0000000100387a75 in _php_stream_write ()
No symbol table info available.
#1  0x000000010013ab6f in ftp_nb_continue_read ()
No symbol table info available.
#2  0x0000000100137c2c in zif_ftp_nb_continue ()
No symbol table info available.
#3  0x00000001003bf524 in dtrace_execute_internal ()
No symbol table info available.
#4  0x00000001004430c2 in zend_do_fcall_common_helper_SPEC ()
No symbol table info available.
#5  0x00000001003f310a in execute_ex ()
No symbol table info available.
#6  0x00000001003bf458 in dtrace_execute_ex ()
No symbol table info available.
#7  0x00000001003ce7ac in zend_execute_scripts ()
No symbol table info available.
#8  0x0000000100374602 in php_execute_script ()
No symbol table info available.
#9  0x0000000100467075 in do_cli ()
No symbol table info available.
#10 0x0000000100465e3d in main ()
No symbol table info available.
(gdb) p ftp
No symbol "ftp" in current context.
(gdb) p data
No symbol "data" in current context.
(gdb) p rcvd
No symbol "rcvd" in current context.
(gdb) 


Whereas my PHP is compiled with debug :

PHP 5.5.3 (cli) (built: Sep 12 2013 02:41:16) (DEBUG)
Copyright (c) 1997-2013 The PHP Group
Zend Engine v2.5.0, Copyright (c) 1998-2013 Zend Technologies

------------------------------------------------------------------------
[2013-09-17 00:58:19] fel...@php.net

Hi, when seeing the backtrace on gdb, please run the following commands (and 
post the results):
p ftp
p data
p rcvd

Thanks.

------------------------------------------------------------------------
[2013-09-13 16:11:48] imprec at gmail dot com

Description:
------------
Running the following code on my OSX produces a segfault, see backtrace 

(gdb) (gdb) Starting program: /usr/local/bin/php /Users/romain/ftp-script.php
Reading symbols for shared libraries 
+++++++++++++++++++++............................................... done
Reading symbols for shared libraries ...................... done
Reading symbols for shared libraries .. done
Reading symbols for shared libraries .. done
Reading symbols for shared libraries ....... done
Reading symbols for shared libraries ..... done
Reading symbols for shared libraries . done
Reading symbols for shared libraries . done

Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: 13 at address: 0x0000000000000000
0x0000000100387a75 in _php_stream_write ()
(gdb) #0  0x0000000100387a75 in _php_stream_write ()
No symbol table info available.
#1  0x000000010013ab6f in ftp_nb_continue_read ()
No symbol table info available.
#2  0x0000000100137c2c in zif_ftp_nb_continue ()
No symbol table info available.
#3  0x00000001003bf524 in dtrace_execute_internal ()
No symbol table info available.
#4  0x00000001004430c2 in zend_do_fcall_common_helper_SPEC ()
No symbol table info available.
#5  0x00000001003f310a in execute_ex ()
No symbol table info available.
#6  0x00000001003bf458 in dtrace_execute_ex ()
No symbol table info available.
#7  0x00000001003ce7ac in zend_execute_scripts ()
No symbol table info available.
#8  0x0000000100374602 in php_execute_script ()
No symbol table info available.
#9  0x0000000100467075 in do_cli ()
No symbol table info available.
#10 0x0000000100465e3d in main ()
No symbol table info available.
(gdb) %                          

Test script:
---------------
$connection = ftp_connect('hostname', 21);
ftp_login($connection, 'login', 'password');

$localfile = __DIR__ . '/ftpfile';
$start = file_exists($localfile) ? FTP_AUTORESUME : 0;

$result = ftp_nb_get($connection, $localfile, '/remotedir/remotefile', 
FTP_BINARY, $start);

while ($result == FTP_MOREDATA) {
    $result = ftp_nb_continue($connection);
}

ftp_close($connection);


Expected result:
----------------
No seg fault

Actual result:
--------------
A seg fault


------------------------------------------------------------------------



-- 
Edit this bug report at https://bugs.php.net/bug.php?id=65667&edit=1

Bug #65667 [Com]: ftp_nb_continue produces segfault

Reply via email to