ID: 39737
User updated by: cody at codymays dot net
Reported By: cody at codymays dot net
-Status: Feedback
+Status: Open
Bug Type: Reproducible crash
Operating System: OSX
PHP Version: 5.2.0
New Comment:
Sorry that took so long, it took me a while to get it narrowed down,
but I can do it in one line now.
The following line segfaults php ever time:
if(!stristr(implode(',',array(NULL)), 'earth'))
Previous Comments:
------------------------------------------------------------------------
[2006-12-05 09:57:03] [EMAIL PROTECTED]
Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves.
A proper reproducing script starts with <?php and ends with ?>,
is max. 10-20 lines long and does not require any external
resources such as databases, etc. If the script requires a
database to demonstrate the issue, please make sure it creates
all necessary tables, stored procedures etc.
Please avoid embedding huge scripts into the report.
------------------------------------------------------------------------
[2006-12-05 01:55:33] cody at codymays dot net
According to a:
var_dump($XPath->getData( "/phpsysinfo/FileSystem/Mount[" . $i .
"]/Options"));
The result is:
string(0) ""
------------------------------------------------------------------------
[2006-12-05 01:42:30] [EMAIL PROTECTED]
What is the actual value of the 1st parameter being passed to
stristr() function?
------------------------------------------------------------------------
[2006-12-05 00:06:32] cody at codymays dot net
Description:
------------
It seems that whenever I run stristr in certain situations on this
system (Macbook Pro Core 2 Duo with apache 2.0.59 and php 5.2.0) php's
stristr crashes.
I've tested this on phpSysInfo-2.5.2_rc3
(http://sourceforge.net/projects/phpsysinfo) and on the demos on the
stristr docs page. This is where stuff gets interesting. The demos on
the docs page works, while the following line in phpsysinfo causes the
crash:
if( ! $XPath->match( "/phpsysinfo/FileSystem/Mount[" . $i . "]/Options"
) || ! stristr( $XPath->getData( "/phpsysinfo/FileSystem/Mount[" . $i .
"]/Options" ), "bind" ) )
An even more interesting observation is that the following code does
not segfault:
if( ! $XPath->match( "/phpsysinfo/FileSystem/Mount[" . $i . "]/Options"
) || ! stristr( strtolower($XPath->getData(
"/phpsysinfo/FileSystem/Mount[" . $i . "]/Options") ), "bind" ) )
Expected result:
----------------
To not crash. :)
Actual result:
--------------
Backtrace:
klashnikov:~/public_html/phpsysinfo cody$ gdb --args php index.php
GNU gdb 6.3.50-20050815 (Apple version gdb-563) (Wed Jul 19 05:10:58
GMT 2006)
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and
you are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for
details.
This GDB was configured as "i386-apple-darwin"...Reading symbols for
shared libraries .......... done
(gdb) start
Breakpoint 1 at 0x316085: file
/Users/cody/Desktop/php-5.2.0/sapi/cli/php_cli.c, line 564.
Starting program: /usr/local/bin/php index.php
Reading symbols for shared libraries ..+ done
Breakpoint 1, main (argc=2, argv=0xbffff96c) at
/Users/cody/Desktop/php-5.2.0/sapi/cli/php_cli.c:564
564 int orig_optind=php_optind;
(gdb) bt
#0 main (argc=2, argv=0xbffff96c) at
/Users/cody/Desktop/php-5.2.0/sapi/cli/php_cli.c:564
(gdb) c
Continuing.
Reading symbols for shared libraries . done
Reading symbols for shared libraries . done
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<!--
Created By: phpSysInfo - 2.5.2_rc3
http://phpsysinfo.sourceforge.net/
-->
<head>
<title>System Information -- klashnikov --</title>
<link rel="stylesheet" type="text/css"
href="templates/classic/classic.css">
</head>
<body>
Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_PROTECTION_FAILURE at address: 0x00000000
0x90021dcc in memchr ()
(gdb) bt
#0 0x90021dcc in memchr ()
#1 0x00202256 in php_stristr (s=0x0, t=0x1564aa8 "bind", s_len=0,
t_len=4) at /Users/cody/Desktop/php-5.2.0/Zend/zend_operators.h:156
#2 0x0020254d in zif_stristr (ht=2, return_value=0x15669a0,
return_value_ptr=0x0, this_ptr=0x0, return_value_used=1) at
/Users/cody/Desktop/php-5.2.0/ext/standard/string.c:1538
#3 0x002a668f in zend_do_fcall_common_helper_SPEC
(execute_data=0xbfffefa0) at
/Users/cody/Desktop/php-5.2.0/Zend/zend_vm_execute.h:200
#4 0x002a422f in execute (op_array=0x13e3330) at
/Users/cody/Desktop/php-5.2.0/Zend/zend_vm_execute.h:92
#5 0x002a5ece in zend_do_fcall_common_helper_SPEC
(execute_data=0xbffff0e0) at
/Users/cody/Desktop/php-5.2.0/Zend/zend_vm_execute.h:234
#6 0x002a422f in execute (op_array=0x10c2534) at
/Users/cody/Desktop/php-5.2.0/Zend/zend_vm_execute.h:92
#7 0x00289639 in zend_execute_scripts (type=8, retval=0x0,
file_count=3) at /Users/cody/Desktop/php-5.2.0/Zend/zend.c:1097
#8 0x00247fcf in php_execute_script (primary_file=0xbffff8b8) at
/Users/cody/Desktop/php-5.2.0/main/main.c:1758
#9 0x0031756a in main (argc=2, argv=0xbffff96c) at
/Users/cody/Desktop/php-5.2.0/sapi/cli/php_cli.c:1108
(gdb) stack
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=39737&edit=1
