#38649 [Opn->Fbk]: NULL pointer leads to core dump in "php_stream_bucket_unlink()"

Wed, 30 Aug 2006 01:48:39 -0700 

 ID:               38649
 Updated by:       [EMAIL PROTECTED]
 Reported By:      songmaqd at hotmail dot com
-Status:           Open
+Status:           Feedback
 Bug Type:         Streams related
 Operating System: UNIX
 PHP Version:      5CVS-2006-08-30 (snap)
 New Comment:

Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves. 

A proper reproducing script starts with <?php and ends with ?>,
is max. 10-20 lines long and does not require any external 
resources such as databases, etc. If the script requires a 
database to demonstrate the issue, please make sure it creates 
all necessary tables, stored procedures etc.

Please avoid embedding huge scripts into the report.




Previous Comments:
------------------------------------------------------------------------

[2006-08-30 06:05:38] songmaqd at hotmail dot com

Description:
------------
In source file "main/streams/xp_socket.c", function "sock_sendto" need
more strict condition evaluation in "if" judgement.

The reason is because PHP function "stream_socket_sendto" has an
optional parameter "string address". When user omit this option, "addr"
and "addrlen" is not initialized or valid. Since "addr" is a char
pointer, if it is not initialized then its value is highly operation
system dependent. We can not assume it is "NULL" or a invalid value not
not "NULL". This leads core dump.

Problem code:
static inline int sock_sendto(php_netstream_data_t *sock, char *buf,
size_t buflen, int flags,
                struct sockaddr *addr, socklen_t addrlen
                TSRMLS_DC)
{
        if (addr) {
                return sendto(sock->socket, buf, buflen, flags, addr, addrlen);
        }
        return send(sock->socket, buf, buflen, flags);
}

An possible fix example:
static inline int sock_sendto(php_netstream_data_t *sock, char *buf,
size_t buflen, int flags,
                struct sockaddr *addr, socklen_t addrlen
                TSRMLS_DC)
{
        if (addr && (addrlen>0)) /*newly added*/{
                return sendto(sock->socket, buf, buflen, flags, addr, addrlen);
        }
        return send(sock->socket, buf, buflen, flags);
}




------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=38649&edit=1

Reply via email to