On 06.05.2008 22:01, Ilia Alshanetsky wrote:
iliaa Tue May 6 18:01:36 2008 UTC
Modified files: (Branch: PHP_5_3)
/php-src/ext/standard basic_functions.c Log:
Fixed bug #44836 (putenv() crashes, avoid direct reference of
environ in
POSIX systems)
# Original patch by delphij at FreeBSD dot org
The patch may be correct for FreeBSD, but this is what it causes on
Linux:
# cat sapi/cgi/tests/001.mem
==3077== Invalid read of size 1
==3077== at 0x4C23DB9: strncmp (mc_replace_strmem.c:314)
==3077== by 0x85C364D: unsetenv (in /lib64/libc-2.5.so)
==3077== by 0x4C24203: unsetenv (mc_replace_strmem.c:760)
==3077== by 0x7508BD: php_putenv_destructor (basic_functions.c:
3826)
==3077== by 0x89901B: zend_hash_destroy (zend_hash.c:526)
==3077== by 0x7514CC: zm_deactivate_basic (basic_functions.c:4143)
==3077== by 0x892D02: module_registry_cleanup (zend_API.c:2119)
==3077== by 0x899602: zend_hash_apply (zend_hash.c:673)
==3077== by 0x888B77: zend_deactivate_modules (zend.c:874)
==3077== by 0x813040: php_request_shutdown (main.c:1497)
==3077== by 0x92C04A: main (php_cli.c:1320)
==3077== Address 0x8ea3d08 is 0 bytes inside a block of size 18
free'd
==3077== at 0x4C2292E: free (vg_replace_malloc.c:323)
==3077== by 0x864AD6: _efree (zend_alloc.c:2291)
==3077== by 0x7508AE: php_putenv_destructor (basic_functions.c:
3823)
==3077== by 0x89901B: zend_hash_destroy (zend_hash.c:526)
==3077== by 0x7514CC: zm_deactivate_basic (basic_functions.c:4143)
==3077== by 0x892D02: module_registry_cleanup (zend_API.c:2119)
==3077== by 0x899602: zend_hash_apply (zend_hash.c:673)
==3077== by 0x888B77: zend_deactivate_modules (zend.c:874)
==3077== by 0x813040: php_request_shutdown (main.c:1497)
==3077== by 0x92C04A: main (php_cli.c:1320)
==3077==
==3077== Invalid read of size 1
==3077== at 0x4C23DC6: strncmp (mc_replace_strmem.c:314)
==3077== by 0x85C364D: unsetenv (in /lib64/libc-2.5.so)
==3077== by 0x4C24203: unsetenv (mc_replace_strmem.c:760)
==3077== by 0x7508BD: php_putenv_destructor (basic_functions.c:
3826)
==3077== by 0x89901B: zend_hash_destroy (zend_hash.c:526)
==3077== by 0x7514CC: zm_deactivate_basic (basic_functions.c:4143)
==3077== by 0x892D02: module_registry_cleanup (zend_API.c:2119)
==3077== by 0x899602: zend_hash_apply (zend_hash.c:673)
==3077== by 0x888B77: zend_deactivate_modules (zend.c:874)
==3077== by 0x813040: php_request_shutdown (main.c:1497)
==3077== by 0x92C04A: main (php_cli.c:1320)
==3077== Address 0x8ea3d08 is 0 bytes inside a block of size 18
free'd
==3077== at 0x4C2292E: free (vg_replace_malloc.c:323)
==3077== by 0x864AD6: _efree (zend_alloc.c:2291)
==3077== by 0x7508AE: php_putenv_destructor (basic_functions.c:
3823)
==3077== by 0x89901B: zend_hash_destroy (zend_hash.c:526)
==3077== by 0x7514CC: zm_deactivate_basic (basic_functions.c:4143)
==3077== by 0x892D02: module_registry_cleanup (zend_API.c:2119)
==3077== by 0x899602: zend_hash_apply (zend_hash.c:673)
==3077== by 0x888B77: zend_deactivate_modules (zend.c:874)
==3077== by 0x813040: php_request_shutdown (main.c:1497)
==3077== by 0x92C04A: main (php_cli.c:1320)
==3077==
==3077== Invalid read of size 1
==3077== at 0x4C23DB9: strncmp (mc_replace_strmem.c:314)
==3077== by 0x85C3750: __add_to_environ (in /lib64/libc-2.5.so)
==3077== by 0x85C34CD: putenv (in /lib64/libc-2.5.so)
==3077== by 0x4C24173: putenv (mc_replace_strmem.c:743)
==3077== by 0x75088C: php_putenv_destructor (basic_functions.c:
3822)
==3077== by 0x89901B: zend_hash_destroy (zend_hash.c:526)
==3077== by 0x7514CC: zm_deactivate_basic (basic_functions.c:4143)
==3077== by 0x892D02: module_registry_cleanup (zend_API.c:2119)
==3077== by 0x899602: zend_hash_apply (zend_hash.c:673)
==3077== by 0x888B77: zend_deactivate_modules (zend.c:874)
==3077== by 0x813040: php_request_shutdown (main.c:1497)
==3077== by 0x92C04A: main (php_cli.c:1320)
==3077== Address 0x8ea3d08 is 0 bytes inside a block of size 18
free'd
==3077== at 0x4C2292E: free (vg_replace_malloc.c:323)
==3077== by 0x864AD6: _efree (zend_alloc.c:2291)
==3077== by 0x7508AE: php_putenv_destructor (basic_functions.c:
3823)
==3077== by 0x89901B: zend_hash_destroy (zend_hash.c:526)
==3077== by 0x7514CC: zm_deactivate_basic (basic_functions.c:4143)
==3077== by 0x892D02: module_registry_cleanup (zend_API.c:2119)
==3077== by 0x899602: zend_hash_apply (zend_hash.c:673)
==3077== by 0x888B77: zend_deactivate_modules (zend.c:874)
==3077== by 0x813040: php_request_shutdown (main.c:1497)
==3077== by 0x92C04A: main (php_cli.c:1320)
==3077==
==3077== Invalid read of size 1
==3077== at 0x4C23DC6: strncmp (mc_replace_strmem.c:314)
==3077== by 0x85C3750: __add_to_environ (in /lib64/libc-2.5.so)
==3077== by 0x85C34CD: putenv (in /lib64/libc-2.5.so)
==3077== by 0x4C24173: putenv (mc_replace_strmem.c:743)
==3077== by 0x75088C: php_putenv_destructor (basic_functions.c:
3822)
==3077== by 0x89901B: zend_hash_destroy (zend_hash.c:526)
==3077== by 0x7514CC: zm_deactivate_basic (basic_functions.c:4143)
==3077== by 0x892D02: module_registry_cleanup (zend_API.c:2119)
==3077== by 0x899602: zend_hash_apply (zend_hash.c:673)
==3077== by 0x888B77: zend_deactivate_modules (zend.c:874)
==3077== by 0x813040: php_request_shutdown (main.c:1497)
==3077== by 0x92C04A: main (php_cli.c:1320)
==3077== Address 0x8ea3d08 is 0 bytes inside a block of size 18
free'd
==3077== at 0x4C2292E: free (vg_replace_malloc.c:323)
==3077== by 0x864AD6: _efree (zend_alloc.c:2291)
==3077== by 0x7508AE: php_putenv_destructor (basic_functions.c:
3823)
==3077== by 0x89901B: zend_hash_destroy (zend_hash.c:526)
==3077== by 0x7514CC: zm_deactivate_basic (basic_functions.c:4143)
==3077== by 0x892D02: module_registry_cleanup (zend_API.c:2119)
==3077== by 0x899602: zend_hash_apply (zend_hash.c:673)
==3077== by 0x888B77: zend_deactivate_modules (zend.c:874)
==3077== by 0x813040: php_request_shutdown (main.c:1497)
==3077== by 0x92C04A: main (php_cli.c:1320)
==3077==
==3077== Invalid read of size 1
==3077== at 0x4C23DD6: strncmp (mc_replace_strmem.c:314)
==3077== by 0x85C364D: unsetenv (in /lib64/libc-2.5.so)
==3077== by 0x4C24203: unsetenv (mc_replace_strmem.c:760)
==3077== by 0x7508BD: php_putenv_destructor (basic_functions.c:
3826)
==3077== by 0x89901B: zend_hash_destroy (zend_hash.c:526)
==3077== by 0x7514CC: zm_deactivate_basic (basic_functions.c:4143)
==3077== by 0x892D02: module_registry_cleanup (zend_API.c:2119)
==3077== by 0x899602: zend_hash_apply (zend_hash.c:673)
==3077== by 0x888B77: zend_deactivate_modules (zend.c:874)
==3077== by 0x813040: php_request_shutdown (main.c:1497)
==3077== by 0x92C04A: main (php_cli.c:1320)
==3077== Address 0x9194079 is 1 bytes inside a block of size 62
free'd
==3077== at 0x4C2292E: free (vg_replace_malloc.c:323)
==3077== by 0x864AD6: _efree (zend_alloc.c:2291)
==3077== by 0x7508AE: php_putenv_destructor (basic_functions.c:
3823)
==3077== by 0x89901B: zend_hash_destroy (zend_hash.c:526)
==3077== by 0x7514CC: zm_deactivate_basic (basic_functions.c:4143)
==3077== by 0x892D02: module_registry_cleanup (zend_API.c:2119)
==3077== by 0x899602: zend_hash_apply (zend_hash.c:673)
==3077== by 0x888B77: zend_deactivate_modules (zend.c:874)
==3077== by 0x813040: php_request_shutdown (main.c:1497)
==3077== by 0x92C04A: main (php_cli.c:1320)
==3077==
==3077== Invalid read of size 1
==3077== at 0x4C23DE5: strncmp (mc_replace_strmem.c:314)
==3077== by 0x85C364D: unsetenv (in /lib64/libc-2.5.so)
==3077== by 0x4C24203: unsetenv (mc_replace_strmem.c:760)
==3077== by 0x7508BD: php_putenv_destructor (basic_functions.c:
3826)
==3077== by 0x89901B: zend_hash_destroy (zend_hash.c:526)
==3077== by 0x7514CC: zm_deactivate_basic (basic_functions.c:4143)
==3077== by 0x892D02: module_registry_cleanup (zend_API.c:2119)
==3077== by 0x899602: zend_hash_apply (zend_hash.c:673)
==3077== by 0x888B77: zend_deactivate_modules (zend.c:874)
==3077== by 0x813040: php_request_shutdown (main.c:1497)
==3077== by 0x92C04A: main (php_cli.c:1320)
==3077== Address 0x9194079 is 1 bytes inside a block of size 62
free'd
==3077== at 0x4C2292E: free (vg_replace_malloc.c:323)
==3077== by 0x864AD6: _efree (zend_alloc.c:2291)
==3077== by 0x7508AE: php_putenv_destructor (basic_functions.c:
3823)
==3077== by 0x89901B: zend_hash_destroy (zend_hash.c:526)
==3077== by 0x7514CC: zm_deactivate_basic (basic_functions.c:4143)
==3077== by 0x892D02: module_registry_cleanup (zend_API.c:2119)
==3077== by 0x899602: zend_hash_apply (zend_hash.c:673)
==3077== by 0x888B77: zend_deactivate_modules (zend.c:874)
==3077== by 0x813040: php_request_shutdown (main.c:1497)
==3077== by 0x92C04A: main (php_cli.c:1320)
==3077==
==3077== Invalid read of size 1
==3077== at 0x4C23DD6: strncmp (mc_replace_strmem.c:314)
==3077== by 0x85C3750: __add_to_environ (in /lib64/libc-2.5.so)
==3077== by 0x85C34CD: putenv (in /lib64/libc-2.5.so)
==3077== by 0x4C24173: putenv (mc_replace_strmem.c:743)
==3077== by 0x75088C: php_putenv_destructor (basic_functions.c:
3822)
==3077== by 0x89901B: zend_hash_destroy (zend_hash.c:526)
==3077== by 0x7514CC: zm_deactivate_basic (basic_functions.c:4143)
==3077== by 0x892D02: module_registry_cleanup (zend_API.c:2119)
==3077== by 0x899602: zend_hash_apply (zend_hash.c:673)
==3077== by 0x888B77: zend_deactivate_modules (zend.c:874)
==3077== by 0x813040: php_request_shutdown (main.c:1497)
==3077== by 0x92C04A: main (php_cli.c:1320)
==3077== Address 0x8ea3d09 is 1 bytes inside a block of size 18
free'd
==3077== at 0x4C2292E: free (vg_replace_malloc.c:323)
==3077== by 0x864AD6: _efree (zend_alloc.c:2291)
==3077== by 0x7508AE: php_putenv_destructor (basic_functions.c:
3823)
==3077== by 0x89901B: zend_hash_destroy (zend_hash.c:526)
==3077== by 0x7514CC: zm_deactivate_basic (basic_functions.c:4143)
==3077== by 0x892D02: module_registry_cleanup (zend_API.c:2119)
==3077== by 0x899602: zend_hash_apply (zend_hash.c:673)
==3077== by 0x888B77: zend_deactivate_modules (zend.c:874)
==3077== by 0x813040: php_request_shutdown (main.c:1497)
==3077== by 0x92C04A: main (php_cli.c:1320)
==3077==
==3077== Invalid read of size 1
==3077== at 0x4C23DE5: strncmp (mc_replace_strmem.c:314)
==3077== by 0x85C3750: __add_to_environ (in /lib64/libc-2.5.so)
==3077== by 0x85C34CD: putenv (in /lib64/libc-2.5.so)
==3077== by 0x4C24173: putenv (mc_replace_strmem.c:743)
==3077== by 0x75088C: php_putenv_destructor (basic_functions.c:
3822)
==3077== by 0x89901B: zend_hash_destroy (zend_hash.c:526)
==3077== by 0x7514CC: zm_deactivate_basic (basic_functions.c:4143)
==3077== by 0x892D02: module_registry_cleanup (zend_API.c:2119)
==3077== by 0x899602: zend_hash_apply (zend_hash.c:673)
==3077== by 0x888B77: zend_deactivate_modules (zend.c:874)
==3077== by 0x813040: php_request_shutdown (main.c:1497)
==3077== by 0x92C04A: main (php_cli.c:1320)
==3077== Address 0x8ea3d09 is 1 bytes inside a block of size 18
free'd
==3077== at 0x4C2292E: free (vg_replace_malloc.c:323)
==3077== by 0x864AD6: _efree (zend_alloc.c:2291)
==3077== by 0x7508AE: php_putenv_destructor (basic_functions.c:
3823)
==3077== by 0x89901B: zend_hash_destroy (zend_hash.c:526)
==3077== by 0x7514CC: zm_deactivate_basic (basic_functions.c:4143)
==3077== by 0x892D02: module_registry_cleanup (zend_API.c:2119)
==3077== by 0x899602: zend_hash_apply (zend_hash.c:673)
==3077== by 0x888B77: zend_deactivate_modules (zend.c:874)
==3077== by 0x813040: php_request_shutdown (main.c:1497)
==3077== by 0x92C04A: main (php_cli.c:1320)
--
Wbr, Antony Dovgal