From: rudi at jawmail dot org Operating system: Linux PHP version: 4.3.5 PHP Bug Type: Reproducible crash Bug description: unserialize crash?
Description: ------------ This crash occurs in a large web application when somewhere a string with an UTF-8 encoded string with a multibyte character on the first place (apparently?) gets unserialized. It works okay if multi-byte characters are in other parts of the string, just not the first character. Working on a small crash script... Actual result: -------------- gcc version egcs-2.91.66 19990314/Linux (egcs-1.1.2 release) Program received signal SIGSEGV, Segmentation fault. php_var_unserialize (rval=0xbfff79ac, p=0xbfff7994, max=0x823ec51 "", var_hash=0xbfff7998) at /compile/php-4.3.5/ext/standard/var_unserializer.c:318 318 if(yych == ':') goto yy74; (gdb) bt #0 php_var_unserialize (rval=0xbfff79ac, p=0xbfff7994, max=0x823ec51 "", var_hash=0xbfff7998) at /compile/php-4.3.5/ext/standard/var_unserializer.c:318 #1 0x4025815a in zif_unserialize (ht=1, return_value=0x8201b84, this_ptr=0x0, return_value_used=1) at /compile/php-4.3.5/ext/standard/var.c:681 #2 0x402be7d5 in execute (op_array=0x83c5474) at /compile/php-4.3.5/Zend/zend_execute.c:1621 #3 0x402be9aa in execute (op_array=0x83c531c) at /compile/php-4.3.5/Zend/zend_execute.c:1665 #4 0x402be9aa in execute (op_array=0x80f6644) at /compile/php-4.3.5/Zend/zend_execute.c:1665 #5 0x402be9aa in execute (op_array=0x80f64f4) at /compile/php-4.3.5/Zend/zend_execute.c:1665 #6 0x402be9aa in execute (op_array=0x829361c) at /compile/php-4.3.5/Zend/zend_execute.c:1665 #7 0x402c4615 in execute (op_array=0x82da95c) at /compile/php-4.3.5/Zend/zend_execute.c:2186 #8 0x402be9aa in execute (op_array=0x838e6f4) at /compile/php-4.3.5/Zend/zend_execute.c:1665 #9 0x402ab3c3 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /compile/php-4.3.5/Zend/zend.c:889 #10 0x4028400b in php_execute_script (primary_file=0xbffff848) at /compile/php-4.3.5/main/main.c:1731 #11 0x402c71df in apache_php_module_main (r=0x811f214, display_source_mode=0) at /compile/php-4.3.5/sapi/apache/sapi_apache.c:54 #12 0x402c7d73 in send_php (r=0x811f214, display_source_mode=0, filename=0x0) at /compile/php-4.3.5/sapi/apache/mod_php4.c:620 #13 0x402c7dd4 in send_parsed_php (r=0x811f214) at /compile/php-4.3.5/sapi/apache/mod_php4.c:635 #14 0x806c5a3 in ap_invoke_handler () #15 0x80800e9 in process_request_internal () #16 0x808014c in ap_process_request () #17 0x807771e in child_main () #18 0x80778ac in make_child () #19 0x8077a09 in startup_children () #20 0x8078046 in standalone_ma -- Edit bug report at http://bugs.php.net/?id=27816&edit=1 -- Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=27816&r=trysnapshot4 Try a CVS snapshot (php5): http://bugs.php.net/fix.php?id=27816&r=trysnapshot5 Fixed in CVS: http://bugs.php.net/fix.php?id=27816&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=27816&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=27816&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=27816&r=needscript Try newer version: http://bugs.php.net/fix.php?id=27816&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=27816&r=support Expected behavior: http://bugs.php.net/fix.php?id=27816&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=27816&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=27816&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=27816&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=27816&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=27816&r=dst IIS Stability: http://bugs.php.net/fix.php?id=27816&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=27816&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=27816&r=float
