ID: 10495
User Update by: [EMAIL PROTECTED]
Status: Open
Bug Type: Reproduceable crash
Description: Crash with ob_start();
php4-200104290845
It is minimal script with segfault (after 3-5 times refresh in browser)
<?
function my_gzhandler($contents){
$headers = getallheaders();
global $TIME_EXECUTION,$USERS_ONLINE;
$contents=str_replace("<!-- TIMEEXECUTION -->",$TIME_EXECUTION,$contents);
$contents=str_replace("<!-- USERS_ONLINE -->",$USERS_ONLINE,$contents);
$gzcontent = gzcompress($contents, 3);
$ENCODING = "gzip";
$size = strlen($contents);
$crc32 = crc32($contents);
header("Content-Encoding: $ENCODING");
$ret = "\x1f\x8b\x08\x00\x00\x00\x00\x00";
$ret .= substr($gzcontent, 0, strlen($gzcontent) - 4);
$ret .= pack('V',$crc32);
$ret .= pack('V',$size);
return $ret;
}
ob_start("my_gzhandler");
phpinfo();
?>
bt:
Program received signal SIGSEGV, Segmentation fault.
0x40104493 in memcpy (dstpp=0xbffff86c, srcpp=0x2164eaf1, len=4) at
../sysdeps/generic/memcpy.c:61
#0 0x40104493 in memcpy (dstpp=0xbffff86c, srcpp=0x2164eaf1, len=4) at
../sysdeps/generic/memcpy.c:61
#1 0x4024e567 in _mem_block_check (ptr=0x810caac, silent=0,
__zend_filename=0x40369062 "output.c",
__zend_lineno=229, __zend_orig_filename=0x0, __zend_orig_lineno=0) at
zend_alloc.c:614
#2 0x4024e52b in _mem_block_check (ptr=0x810caac, silent=1,
__zend_filename=0x40369062 "output.c",
__zend_lineno=229, __zend_orig_filename=0x0, __zend_orig_lineno=0) at
zend_alloc.c:606
#3 0x4024d3f9 in _efree (ptr=0x810caac, __zend_filename=0x40369062 "output.c",
__zend_lineno=229,
__zend_orig_filename=0x0, __zend_orig_lineno=0) at zend_alloc.c:210
#4 0x40314c93 in php_end_ob_buffer (send_buffer=1 '\001', just_flush=0 '\000') at
output.c:229
#5 0x40314d5c in php_end_ob_buffers (send_buffer=1 '\001') at output.c:250
#6 0x4027fc08 in apache_php_module_main (r=0x80e353c, display_source_mode=0) at
sapi_apache.c:95
#7 0x40280807 in send_php (r=0x80e353c, display_source_mode=0, filename=0x80e4f44
"/home/httpd/html/3.php")
at mod_php4.c:521
#8 0x40280845 in send_parsed_php (r=0x80e353c) at mod_php4.c:532
#9 0x805345e in ap_invoke_handler () from /lib/libnsl.so.1
#10 0x80618fb in ap_some_auth_required () from /lib/libnsl.so.1
#11 0x8061958 in ap_process_request () from /lib/libnsl.so.1
#12 0x805b940 in ap_child_terminate () from /lib/libnsl.so.1
#13 0x805baa7 in ap_child_terminate () from /lib/libnsl.so.1
#14 0x805bba8 in ap_child_terminate () from /lib/libnsl.so.1
#15 0x805c058 in ap_child_terminate () from /lib/libnsl.so.1
#16 0x805c65f in main () from /lib/libnsl.so.1
#17 0x400bc9cb in __libc_start_main (main=0x805c3e0 <main>, argc=2, argv=0xbffffb74,
init=0x804f014 <_init>,
fini=0x807b99c <_fini>, rtld_fini=0x4000aea0 <_dl_fini>, stack_end=0xbffffb6c)
at ../sysdeps/generic/libc-start.c:92
Previous Comments:
---------------------------------------------------------------------------
[2001-04-29 11:25:01] [EMAIL PROTECTED]
Can you please supply the smallest possible reproducing script and post it. Also
please try today's CVS updating the PHP, TSRM and Zend CVS trees. Please compile with
--enable-debug.
---------------------------------------------------------------------------
[2001-04-25 14:10:08] [EMAIL PROTECTED]
Segmentation fault with next script
<?
function my_h($str){
global $HTTP_ACCEPT_ENCODING,$NO_COMPRESS;
$size = strlen($contents);
$crc32 = crc32($contents);
Header("Etag: VT".$crc32);
$size = strlen($contents);
$crc32 = crc32($contents);
// compressed output: set header
$ENCODING = "gzip";
header("Content-Encoding: $ENCODING");
$ret = "x1fx8bx08x00x00x00x00x00";
$ret .= substr($gzcontent, 0, strlen($gzcontent) - 4);
$ret .= pack('V',$crc32);
$ret .= pack('V',$size);
return $ret;
if ($NO_COMPRESS) {return $str;}
return $str.$HTTP_ACCEPT_ENCODING;
}
function TO_LOGIN(){
echo "Login";
exit;
}
ob_start("my_h");
phpinfo();
TO_LOGIN("rr");
?>
---------------------------------------------------------------------------
Full Bug description available at: http://bugs.php.net/?id=10495
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
