ID: 27484
User updated by: friosa at pnpitalia dot it
Reported By: friosa at pnpitalia dot it
-Status: Feedback
+Status: Closed
Bug Type: Reproducible crash
Operating System: Linux 2.4.18-4GB
PHP Version: 5CVS-2004-03-03 (dev)
New Comment:
Sorry the machine has become a production server so I can't recreate
any more the problem.
I think that if it's not possible recreate this problem on other
computers (it was on mine getting the data from *this* page) it's
better to close this bug.
Previous Comments:
------------------------------------------------------------------------
[2004-03-09 08:53:27] [EMAIL PROTECTED]
The serialized string in your example code is invalid.
Please provide a working version and WITHOUT the base64 encoding!!
------------------------------------------------------------------------
[2004-03-03 15:32:29] friosa at pnpitalia dot it
Description:
------------
investigating on bug #27469 I've tryed to serialize an object that used
was crashing php + apache.
Trying to unserialize it on php 4.x produces a boolean true variable,
doing the same on php 5 cvs create a crash but in a different
fx/program (php_var_serialize_class_name / var.c).
Reproduce code:
---------------
<?php
$mime_part=unserialize(base64_decode("TzoxMjoiTUlNRV9NZXNzYWdlIjoxOTp7czo2OiJfYnVpbGQiO2I6MTtzOjE0OiJfZGVmYXVsdFNlcnZlciI7czo4OiJ3d3cyLnBucCI7czo1OiJfdHlwZSI7czo0OiJ0ZXh0IjtzOjg6Il9zdWJ0eXBlIjtpOjA7czo5OiJfY29udGVudHMiO3M6MDoiIjtzOjE3OiJfdHJhbnNmZXJFbmNvZGluZyI7czo0OiI3Yml0IjtzOjExOiJfZW5jb2RlN2JpdCI7YjoxO3M6MTI6Il9kZXNjcmlwdGlvbiI7czowOiIiO3M6MTI6Il9kaXNwb3NpdGlvbiI7czo2OiJpbmxpbmUiO3M6MjI6Il9kaXNwb3NpdGlvblBhcmFtZXRlcnMiO2E6MDp7fXM6MjI6Il9jb250ZW50VHlwZVBhcmFtZXRlcnMiO2k6MDtzOjY6Il9wYXJ0cyI7YTowOnt9czoxMjoiX2luZm9ybWF0aW9uIjtpOjA7czo2OiJfYnl0ZXMiO3I6MTtzOjU6Il9jaWRzIjthOjA6e31zOjc6Il9taW1laWQiO2k6MDtzOjQ6Il9lb2wiO3M6MToiCiI7czo2OiJfZmxhZ3MiO2k6MDtzOjY6Il9pZG1hcCI7YTowOnt9fQ=="));$pluto=unserialize(base64_decode("TzoxMjoiSU1QX0NvbnRlbnRzIjoxNTp7czo1OiJfYm9keSI7czowOiIiO3M6OToiX2JvZHlwYXJ0IjthOjA6e31zOjY6Il9pbmRleCI7czozOiIxMDQiO3M6NjoiX3N0cmlwIjtiOjA7czo4OiJfbWVzc2FnZSI7TzoxMjoiTUlNRV9NZXNzYWdlIjoxOTp7czo2OiJfYnVpbGQiO2I6MTtzOjE0OiJfZGVmYXVsdFNlcnZlciI7czo4OiJ3d3cyLnBucCI7czo1OiJfdHlwZSI7czo0OiJ0ZXh0IjtzOjg6Il9zdWJ0eXBlIjtpOjA7czo5OiJfY29udGVudHMiO3M6MDoiIjtzOjE3OiJfdHJhbnNmZXJFbmNvZGluZyI7czo0OiI3Yml0IjtzOjExOiJfZW5jb2RlN2JpdCI7YjoxO3M6MTI6Il9kZXNjcmlwdGlvbiI7czowOiIiO3M6MTI6Il9kaXNwb3NpdGlvbiI7czo2OiJpbmxpbmUiO3M6MjI6Il9kaXNwb3NpdGlvblBhcmFtZXRlcnMiO2E6MDp7fXM6MjI6Il9jb250ZW50VHlwZVBhcmFtZXRlcnMiO2k6MDtzOjY6Il9wYXJ0cyI7YTowOnt9czoxMjoiX2luZm9ybWF0aW9uIjtpOjA7czo2OiJfYnl0ZXMiO3M6MDoiIjtzOjU6Il9jaWRzIjthOjA6e31zOjc6Il9taW1laWQiO2k6MDtzOjQ6Il9lb2wiO3M6MToiCiI7czo2OiJfZmxhZ3MiO2k6MDtzOjY6Il9pZG1hcCI7YTowOnt9fXM6NDoiX2F0YyI7YTowOnt9czo2OiJfcGFydHMiO2E6MDp7fXM6ODoiX3N1bW1hcnkiO2E6MDp7fXM6MTU6Il9zZXNzaW9uQ2FjaGVJRCI7TjtzOjEyOiJfdmlld2VyQ2FjaGUiO2E6MDp7fXM6MTI6Il9kaXNwbGF5VHlwZSI7czo0OiJsaXN0IjtzOjg6Il9taW1la2V5IjtOO3M6NzoiX3ZpZXdJRCI7YToyOntzOjg6ImRvd25sb2FkIjtzOjQzOiJmYWlsZWQgdG8gZmx1c2ggYnVmZmVyLiBObyBidWZmZXIgdG8gZmx1c2guIjtzOjQ6InZpZXciO3M6MTE6InZpZXdfYXR0YWNoIjt9czo2OiJfbGlua3MiO2I6MTtzOjU6Il9iYXNlIjtOO30="));
$pluto->buildMessagePart($mime_part);
define('MIME_CONTENTS_CACHE', 'mimecache');
class MIME_Contents {
function MIME_Contents($messageOb, $viewID = array(), $contents =
array()) {}
function buildMessagePart(&$mime_part)
{
$msg = '';
// CRASH HERE
echo "<pre>" . addslashes(serialize($mime_part)) . "</pre>";
return $msg;
}
}
class IMP_Contents extends MIME_Contents {
function IMP_Contents($index) {}
}
?>
Actual result:
--------------
Bug #27469 zend_variables.c problem
Submitted: 2 Mar 6:00pm EST Modified: 3 Mar 4:32am EST
From: friosa at pnpitalia dot it
Status: Feedback Category: Zend Engine 2 problem
Version: 5.0.0b4 (beta4) OS: Linux 2.4.18-4GB
gdb ./httpd
(gdb) run -X
Starting program: /TEST/apache/bin/./httpd -X
[New Thread 1024 (LWP 17036)]
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1024 (LWP 17036)]
0x4035080f in memcpy () from /lib/libc.so.6
(gdb) bt
#0 0x4035080f in memcpy () from /lib/libc.so.6
#1 0x405f8b0b in php_var_serialize_class_name (buf=0xbfffc4dc,
struc=0x16f1520) at /TEST/php5-200403022230/ext/standard/var.c:480
#2 0x40698d73 in zend_do_fcall_common_helper (execute_data=0xbfffc850,
opline=0xbfffc4d5, op_array=0xa) at
/TEST/php5-200403022230/Zend/zend_execute.c:2677
#3 0x406703b9 in zend_execute_scripts (type=1081403672,
retval=0x40d0d24c, file_count=516) at
/TEST/php5-200403022230/Zend/zend.c:1041
(gdb)
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=27484&edit=1
