ID: 35916
Updated by: [EMAIL PROTECTED]
Reported By: sqchen at citiz dot net
-Status: Open
+Status: Assigned
Bug Type: Unknown/Other Function
Operating System: redhat 7.3
PHP Version: 5.1.1
-Assigned To:
+Assigned To: pollita
New Comment:
Sara, here's one more..
Previous Comments:
------------------------------------------------------------------------
[2006-01-06 12:51:39] [EMAIL PROTECTED]
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1085230688 (LWP 21490)]
0x0814f3ae in php_stream_bucket_unlink (bucket=0x8300c3c) at
/usr/src/dev/php-src_5_1/main/streams/filter.c:222
222 bucket->prev->next = bucket->next;
(gdb) p bucket
$1 = (php_stream_bucket *) 0x8300c3c
(gdb) p bucket->prev
$2 = (php_stream_bucket *) 0x5a5a5a5a
(gdb) bt
#0 0x0814f3ae in php_stream_bucket_unlink (bucket=0x8300c3c) at
/usr/src/dev/php-src_5_1/main/streams/filter.c:222
#1 0x0814b171 in _php_stream_write_filtered (stream=0x83033a4,
buf=0x830519c "Thank you\n", count=10, flags=0) at
/usr/src/dev/php-src_5_1/main/streams/streams.c:978
#2 0x0814b22b in _php_stream_write (stream=0x83033a4, buf=0x830519c
"Thank you\n", count=10) at
/usr/src/dev/php-src_5_1/main/streams/streams.c:1017
#3 0x080de0a7 in zif_fwrite (ht=2, return_value=0x830357c,
return_value_ptr=0x0, this_ptr=0x0, return_value_used=0) at
/usr/src/dev/php-src_5_1/ext/standard/file.c:1257
#4 0x0819a7c8 in zend_do_fcall_common_helper_SPEC
(execute_data=0xbfffca90) at zend_vm_execute.h:192
#5 0x0819d50e in ZEND_DO_FCALL_SPEC_CONST_HANDLER
(execute_data=0xbfffca90) at zend_vm_execute.h:1587
#6 0x0819a475 in execute (op_array=0x82fe3f4) at zend_vm_execute.h:92
#7 0x0817d890 in zend_execute_scripts (type=8, retval=0x0,
file_count=3) at /usr/src/dev/php-src_5_1/Zend/zend.c:1101
#8 0x08139bf0 in php_execute_script (primary_file=0xbfffef30) at
/usr/src/dev/php-src_5_1/main/main.c:1720
#9 0x081e0df6 in main (argc=2, argv=0xbffff014) at
/usr/src/dev/php-src_5_1/sapi/cli/php_cli.c:1077
------------------------------------------------------------------------
[2006-01-06 09:03:27] sqchen at citiz dot net
sorry, it's stream_bucket_append and stream_bucket_prepend
------------------------------------------------------------------------
[2006-01-06 06:59:53] sqchen at citiz dot net
Description:
------------
stream_socket_append() twice will cause segfault, the same as
stream_socket_prepend()
Reproduce code:
---------------
<?php
class strtoupper_filter extends php_user_filter{
function filter($in, $out, &$consumed, $closing)
{
while($bucket=stream_bucket_make_writeable($in)){
$bucket->data = strtoupper($bucket->data);
$consumed += $bucket->datalen;
stream_bucket_append($out, $bucket);
/*here twice will cause segfault*/
stream_bucket_append($out, $bucket);
}
return PSFS_PASS_ON;
}
function onCreate(){
echo "fffffffffff\n";
}
function onClose(){
echo "hello\n";
}
}
stream_filter_register("strtoupper", "strtoupper_filter");
$fp=fopen("1.txt", "w");
stream_filter_append($fp, "strtoupper");
fread($fp, 1024);
fwrite($fp, "Thank you\n");
fclose($fp);
readfile("1.txt");
unlink("1.txt");
?>
Actual result:
--------------
segfault
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=35916&edit=1
