#22638 [NEW]: Using Horde/IMP to read an email causes a crash

dsilvers at pepperfish dot net Tue, 11 Mar 2003 11:48:00 -0800

From:             dsilvers at pepperfish dot net
Operating system: Linux
PHP version:      4.3.1
PHP Bug Type:     Reproducible crash
Bug description:  Using Horde/IMP to read an email causes a crash


When attempting to view an email from British Airways, Horde/IMP would
cause a reliably reproducable segmentation fault in the zend hash
implementation.

I have worked the minimum-tripping example to:

---CUT
>From [EMAIL PROTECTED] Mon Mar 10 17:23:48 2003
From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
CC: <>
Reply-To: <[EMAIL PROTECTED]>
Subject: Crashy email

This email crashes IMP
---CUT

The guys at horde.org say it's a PHP problem and that I should ask you
guys to solve it.

If you could, I'd be very very grateful -- I have several customers whose
email is very affected by this bug.

It appears that the bug is provoked by the adding of the odd CC header
into the hash table of headers maintained by the IMAP code.

Here is a GDB backtrace of it happening in 4.3.1 release:

Program received signal SIGSEGV, Segmentation fault.
0x402d2998 in malloc () from /lib/libc.so.6
(gdb) bt
#0  0x402d2998 in malloc () from /lib/libc.so.6
#1  0x402d2074 in malloc () from /lib/libc.so.6
#2  0x0811d53c in _emalloc (size=53)
    at /home/dsilvers/new-webmail/php-4.3.1/Zend/zend_alloc.c:154
#3  0x0812d126 in zend_hash_add_or_update (ht=0x833a004, 
    arKey=0x8159ee6 "mon_thousands_sep", nKeyLength=18, pData=0xbfff2118,

    nDataSize=4, pDest=0x0, flag=1)
    at /home/dsilvers/new-webmail/php-4.3.1/Zend/zend_hash.c:262
#4  0x0812b61c in add_assoc_string_ex (arg=0x828d864, 
    key=0x8159ee6 "mon_thousands_sep", key_len=18, str=0x404a30c9 ",", 
    duplicate=1) at
/home/dsilvers/new-webmail/php-4.3.1/Zend/zend_API.c:673
#5  0x080d953d in zif_localeconv (ht=0, return_value=0x828d864,
this_ptr=0x0, 
    return_value_used=1)
    at /home/dsilvers/new-webmail/php-4.3.1/ext/standard/string.c:3766
#6  0x0813982a in execute (op_array=0x836253c)
    at /home/dsilvers/new-webmail/php-4.3.1/Zend/zend_execute.c:1598
#7  0x08139984 in execute (op_array=0x83639a4)
    at /home/dsilvers/new-webmail/php-4.3.1/Zend/zend_execute.c:1640
#8  0x08139984 in execute (op_array=0x8362a2c)
    at /home/dsilvers/new-webmail/php-4.3.1/Zend/zend_execute.c:1640
#9  0x08139984 in execute (op_array=0x824dcbc)
    at /home/dsilvers/new-webmail/php-4.3.1/Zend/zend_execute.c:1640
#10 0x0812a598 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at /home/dsilvers/new-webmail/php-4.3.1/Zend/zend.c:864
#11 0x081087ef in php_execute_script (primary_file=0xbffffe48)
    at /home/dsilvers/new-webmail/php-4.3.1/main/main.c:1573
#12 0x08144a43 in main (argc=1, argv=0xbffffec4)
    at /home/dsilvers/new-webmail/php-4.3.1/sapi/cgi/cgi_main.c:1424
(gdb) quit

Here's my configure line:

./configure  --enable-fastcgi --with-pgsql --disable-ipv6 --with-imap
--with-gettext --with-xml --with-mcrypt --prefix=/usr/local/webmail/php
--with-imap-ssl  --with-zlib --disable-safe-mode

Here's info about the system:

Linux salmon 2.4.18 #1 Thu Mar 14 19:06:39 GMT 2002 i686 unknown
 
It's a duron 600 based system with plenty of free ram and swap.

It is running Debian GNU/Linux 3.0r1 (Woody) with security patches

PHP is compiled up from source.

If there's any other information you need, just yell.

D.

-- 
Edit bug report at http://bugs.php.net/?id=22638&edit=1
-- 
Try a CVS snapshot:         http://bugs.php.net/fix.php?id=22638&r=trysnapshot
Fixed in CVS:               http://bugs.php.net/fix.php?id=22638&r=fixedcvs
Fixed in release:           http://bugs.php.net/fix.php?id=22638&r=alreadyfixed
Need backtrace:             http://bugs.php.net/fix.php?id=22638&r=needtrace
Try newer version:          http://bugs.php.net/fix.php?id=22638&r=oldversion
Not developer issue:        http://bugs.php.net/fix.php?id=22638&r=support
Expected behavior:          http://bugs.php.net/fix.php?id=22638&r=notwrong
Not enough info:            http://bugs.php.net/fix.php?id=22638&r=notenoughinfo
Submitted twice:            http://bugs.php.net/fix.php?id=22638&r=submittedtwice
register_globals:           http://bugs.php.net/fix.php?id=22638&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=22638&r=php3
Daylight Savings:           http://bugs.php.net/fix.php?id=22638&r=dst
IIS Stability:              http://bugs.php.net/fix.php?id=22638&r=isapi
Install GNU Sed:            http://bugs.php.net/fix.php?id=22638&r=gnused

#22638 [NEW]: Using Horde/IMP to read an email causes a crash

Reply via email to