#38420 [Opn]: stream_filter_append function with a zlib filter segfaults or hangs

rb at ez dot no Fri, 11 Aug 2006 03:02:15 -0700

 ID:               38420
 User updated by:  rb at ez dot no
 Reported By:      rb at ez dot no
 Status:           Open
 Bug Type:         Reproducible crash
 Operating System: Linux
 PHP Version:      5.1.4
 New Comment:


Oops, forgot to attach the backtrace. 
 
Program received signal SIGSEGV, Segmentation fault. 
0x081fcc88 in php_stream_bucket_unlink (bucket=0x884dbe4) 
at /usr/local/php/php5/src/main/streams/filter.c:228 
228                     bucket->brigade->head = 
bucket->next; 
(gdb) bt 
#0  0x081fcc88 in php_stream_bucket_unlink 
(bucket=0x884dbe4) 
at /usr/local/php/php5/src/main/streams/filter.c:228 
#1  0x081fd0f2 in _php_stream_filter_append 
(chain=0x88603a4, filter=0x885ba74) 
at /usr/local/php/php5/src/main/streams/filter.c:370 
#2  0x081d9f7d in apply_filter_to_stream (append=1, ht=0, 
return_value=0x885e0cc, return_value_ptr=0x0, 
this_ptr=0x0, return_value_used=1) 
    
at /usr/local/php/php5/src/ext/standard/streamsfuncs.c:1095 
#3  0x081da065 in zif_stream_filter_append (ht=0, 
return_value=0x0, return_value_ptr=0x0, this_ptr=0x0, 
return_value_used=0) 
at /usr/local/php/php5/src/ext/standard/streamsfuncs.c:1133 
#4  0x0823bcc0 in execute_internal (execute_data_ptr=0x0, 
return_value_used=0) 
at /usr/local/php/php5/src/Zend/zend_execute.c:1368 
#5  0xb788e6cf in xdebug_execute_internal 
(current_execute_data=0xbf90be70, return_value_used=1) 
at /tmp/tmpOl29f1/xdebug-2.0.0beta5/xdebug.c:1299 
#6  0x0823c557 in zend_do_fcall_common_helper_SPEC 
(execute_data=0xbf90be70) at zend_vm_execute.h:202 
#7  0x0823bdd8 in execute (op_array=0x87db654) at 
zend_vm_execute.h:92 
#8  0xb788e437 in xdebug_execute (op_array=0x87db654) 
at /tmp/tmpOl29f1/xdebug-2.0.0beta5/xdebug.c:1242 
#9  0x0823c2f1 in zend_do_fcall_common_helper_SPEC 
(execute_data=0xbf90c3a0) at zend_vm_execute.h:234 
#10 0x0823bdd8 in execute (op_array=0x879b41c) at 
zend_vm_execute.h:92 
#11 0xb788e437 in xdebug_execute (op_array=0x879b41c) 
at /tmp/tmpOl29f1/xdebug-2.0.0beta5/xdebug.c:1242 
#12 0x0823c2f1 in zend_do_fcall_common_helper_SPEC 
(execute_data=0xbf90c560) at zend_vm_execute.h:234 
#13 0x0823bdd8 in execute (op_array=0x8796654) at 
zend_vm_execute.h:92 
#14 0xb788e437 in xdebug_execute (op_array=0x8796654) 
at /tmp/tmpOl29f1/xdebug-2.0.0beta5/xdebug.c:1242 
#15 0x0823c2f1 in zend_do_fcall_common_helper_SPEC 
(execute_data=0xbf90d220) at zend_vm_execute.h:234 
#16 0x0823bdd8 in execute (op_array=0x878a904) at 
zend_vm_execute.h:92 
#17 0xb788e437 in xdebug_execute (op_array=0x878a904) 
at /tmp/tmpOl29f1/xdebug-2.0.0beta5/xdebug.c:1242 
#18 0x0823c2f1 in zend_do_fcall_common_helper_SPEC 
(execute_data=0xbf90d480) at zend_vm_execute.h:234 
#19 0x0823bdd8 in execute (op_array=0x873d50c) at 
zend_vm_execute.h:92 
#20 0xb788e437 in xdebug_execute (op_array=0x873d50c) 
at /tmp/tmpOl29f1/xdebug-2.0.0beta5/xdebug.c:1242 
#21 0x08219751 in zend_call_function (fci=0xbf90d640, 
fci_cache=0xbf90d630) 
at /usr/local/php/php5/src/Zend/zend_execute_API.c:938 
#22 0x08119c68 in zif_reflection_method_invoke (ht=1, 
return_value=0x87f3d3c, return_value_ptr=0x0, 
this_ptr=0x880bd54, return_value_used=0) 
    
at /usr/local/php/php5/src/ext/reflection/php_reflection.c:2286 
#23 0x0823bcc0 in execute_internal (execute_data_ptr=0x0, 
return_value_used=0) 
at /usr/local/php/php5/src/Zend/zend_execute.c:1368 
#24 0xb788e6cf in xdebug_execute_internal 
(current_execute_data=0xbf90d940, return_value_used=0) 
at /tmp/tmpOl29f1/xdebug-2.0.0beta5/xdebug.c:1299 
#25 0x0823c557 in zend_do_fcall_common_helper_SPEC 
(execute_data=0xbf90d940) at zend_vm_execute.h:202 
#26 0x0823bdd8 in execute (op_array=0x875631c) at 
zend_vm_execute.h:92


Previous Comments:
------------------------------------------------------------------------

[2006-08-11 09:46:15] rb at ez dot no

Description:
------------
The application I am writing uses the  
stream_filter_append() function to inflate / decompress a  
part of the file content. Unfortunately, this results into  
a segmentation fault. I wrote a small script to reproduce  
this problem, but that script hangs instead of segfaults.  
There may be a relation.  
 
Backtracing the segfault shows that there is a null 
pointer assignment (thanks to Derick). 

Reproduce code:
---------------
// Script that hangs.

// Compress
$fw = fopen( "myfile.txt", "r+b" );
stream_filter_append( $fw, "zlib.deflate");
fwrite( $fw, "Hello world" );
fclose($fw);

// Decompress
$fr = fopen( "myfile.txt", "r+b" );
stream_filter_append( $fr, "zlib.inflate");
echo fread( $fr, 100 );
fclose($fr);


Actual result:
--------------
// Backtrace from the crash ( brigade = 0x0 ). 
 
Program received signal SIGSEGV, Segmentation fault. 
0x081fcc88 in php_stream_bucket_unlink (bucket=0x885d0f4) 
at /usr/local/php/php5/src/main/streams/filter.c:228 
228                     bucket->brigade->head = 
bucket->next; 
(gdb) print *bucket 
$1 = {next = 0x0, prev = 0x0, brigade = 0x0, 
  buf = 0x8860cf5 
"[\017TT×\231\177\203O\235\220Á\231\032\210\230b|
f\237\t&[EMAIL 
PROTECTED]'vÛmmÖ\234¶©ÝX\213©5\202\215¢¸þIÒ¬Ñ\234mZ³)©\232Ì\004í1Ñ\030Z
³¿ïÞ;ð 
\230Äö\234=gÏöéÇ}ß½ßýþÝ{¿ïÞ7ï}}Qáb\213Å\"%®$i\204DX\203.
[g l\233ÉëgH\212d\2252¥;¤ñÒ([EMAIL PROTECTED]", 
buflen = 7762, own_buf = 0, is_persistent = 0, refcount = 
0} 
 


------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=38420&edit=1

#38420 [Opn]: stream_filter_append function with a zlib filter segfaults or hangs

Reply via email to