From: karmak-php at karmak dot org
Operating system: Linux
PHP version: 4.3.3
PHP Bug Type: Reproducible crash
Bug description: Bug/Segfault in virtual()
Description:
------------
I've found two problems with virtual() that seem likely to be related.
The first is that virtual() does not behave quite like the apache #include
virtual="": When virtual() is used to call another php script, the query
string in the virtual() call is ignored. For example, if you call
virtual("/file?x=y"), the variable "x" will not be set in the included php
script. An example of this is posted at:
http://staging.karmak.org/2003/php-virtual-bug/a1
The source for the two files used in this example are at:
http://staging.karmak.org/2003/php-virtual-bug/a1-php.txt
http://staging.karmak.org/2003/php-virtual-bug/a2-php.txt
However, if you call the first script as "a1?x=y", the variable "x" will
be set to "y" in the second script.
This is not the way the Apache virtual function behaves: With Apache, the
query string in the virtual call is passed to the script, as can be seen
in the following shtml file:
http://staging.karmak.org/2003/php-virtual-bug/a3
The source to this file is at:
http://staging.karmak.org/2003/php-virtual-bug/a3-shtml.txt
Furthermore, all query string variables are reset when the virtual call is
issued. This can be seen by calling the shtml file:
http://staging.karmak.org/2003/php-virtual-bug/a4?x=y
With the corresponding source code at:
http://staging.karmak.org/2003/php-virtual-bug/a4-shtml.txt
Note that the x=y declaration is not passed to the php script.
--------------------------------------------
The second problem is more critical, as it leads to a segfault which is
displayed in the error logs, but nothing is reported in the browser and
only a partial page will be displayed. An example of this is at:
http://staging.karmak.org/2003/php-virtual-bug/a2
This page should end with the word "END", but instead it is cut off
mid-sentence. The source for the two files used in this example are at:
http://staging.karmak.org/2003/php-virtual-bug/b1-php.txt
http://staging.karmak.org/2003/php-virtual-bug/b2-php.txt
Reproduce code:
---------------
See the description for source code URLs.
Expected result:
----------------
See description.
Actual result:
--------------
See description.
--
Edit bug report at http://bugs.php.net/?id=26341&edit=1
--
Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=26341&r=trysnapshot4
Try a CVS snapshot (php5): http://bugs.php.net/fix.php?id=26341&r=trysnapshot5
Fixed in CVS: http://bugs.php.net/fix.php?id=26341&r=fixedcvs
Fixed in release: http://bugs.php.net/fix.php?id=26341&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=26341&r=needtrace
Try newer version: http://bugs.php.net/fix.php?id=26341&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=26341&r=support
Expected behavior: http://bugs.php.net/fix.php?id=26341&r=notwrong
Not enough info: http://bugs.php.net/fix.php?id=26341&r=notenoughinfo
Submitted twice: http://bugs.php.net/fix.php?id=26341&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=26341&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=26341&r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=26341&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=26341&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=26341&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=26341&r=float
