#38420 [NEW]: stream_filter_append function with a zlib filter segfaults or hangs

Fri, 11 Aug 2006 02:46:25 -0700 

From:             rb at ez dot no
Operating system: Linux
PHP version:      5.1.4
PHP Bug Type:     Reproducible crash
Bug description:  stream_filter_append function with a zlib filter segfaults or 
hangs

Description:
------------
The application I am writing uses the  
stream_filter_append() function to inflate / decompress a  
part of the file content. Unfortunately, this results into  
a segmentation fault. I wrote a small script to reproduce  
this problem, but that script hangs instead of segfaults.  
There may be a relation.  
 
Backtracing the segfault shows that there is a null 
pointer assignment (thanks to Derick). 

Reproduce code:
---------------
// Script that hangs.

// Compress
$fw = fopen( "myfile.txt", "r+b" );
stream_filter_append( $fw, "zlib.deflate");
fwrite( $fw, "Hello world" );
fclose($fw);

// Decompress
$fr = fopen( "myfile.txt", "r+b" );
stream_filter_append( $fr, "zlib.inflate");
echo fread( $fr, 100 );
fclose($fr);


Actual result:
--------------
// Backtrace from the crash ( brigade = 0x0 ). 
 
Program received signal SIGSEGV, Segmentation fault. 
0x081fcc88 in php_stream_bucket_unlink (bucket=0x885d0f4) 
at /usr/local/php/php5/src/main/streams/filter.c:228 
228                     bucket->brigade->head = 
bucket->next; 
(gdb) print *bucket 
$1 = {next = 0x0, prev = 0x0, brigade = 0x0, 
  buf = 0x8860cf5 
"[\017TT×\231\177\203O\235\220Á\231\032\210\230b|
f\237\t&[EMAIL 
PROTECTED]'vÛmmÖ\234¶©ÝX\213©5\202\215¢¸þIÒ¬Ñ\234mZ³)©\232Ì\004í1Ñ\030Z­
³¿ïÞ;ð 
\230Äö\234=gÏöéÇ}ß½ßýþÝ{¿ïÞ7ï}}Qáb\213Å\"%®$i\204DX\203.
[g l\233ÉëgH\212d\2252¥;¤ñÒ([EMAIL PROTECTED]", 
buflen = 7762, own_buf = 0, is_persistent = 0, refcount = 
0} 
 

-- 
Edit bug report at http://bugs.php.net/?id=38420&edit=1
-- 
Try a CVS snapshot (PHP 4.4): 
http://bugs.php.net/fix.php?id=38420&r=trysnapshot44
Try a CVS snapshot (PHP 5.2): 
http://bugs.php.net/fix.php?id=38420&r=trysnapshot52
Try a CVS snapshot (PHP 6.0): 
http://bugs.php.net/fix.php?id=38420&r=trysnapshot60
Fixed in CVS:                 http://bugs.php.net/fix.php?id=38420&r=fixedcvs
Fixed in release:             
http://bugs.php.net/fix.php?id=38420&r=alreadyfixed
Need backtrace:               http://bugs.php.net/fix.php?id=38420&r=needtrace
Need Reproduce Script:        http://bugs.php.net/fix.php?id=38420&r=needscript
Try newer version:            http://bugs.php.net/fix.php?id=38420&r=oldversion
Not developer issue:          http://bugs.php.net/fix.php?id=38420&r=support
Expected behavior:            http://bugs.php.net/fix.php?id=38420&r=notwrong
Not enough info:              
http://bugs.php.net/fix.php?id=38420&r=notenoughinfo
Submitted twice:              
http://bugs.php.net/fix.php?id=38420&r=submittedtwice
register_globals:             http://bugs.php.net/fix.php?id=38420&r=globals
PHP 3 support discontinued:   http://bugs.php.net/fix.php?id=38420&r=php3
Daylight Savings:             http://bugs.php.net/fix.php?id=38420&r=dst
IIS Stability:                http://bugs.php.net/fix.php?id=38420&r=isapi
Install GNU Sed:              http://bugs.php.net/fix.php?id=38420&r=gnused
Floating point limitations:   http://bugs.php.net/fix.php?id=38420&r=float
No Zend Extensions:           http://bugs.php.net/fix.php?id=38420&r=nozend
MySQL Configuration Error:    http://bugs.php.net/fix.php?id=38420&r=mysqlcfg

Reply via email to