ID: 11806
User Update by: [EMAIL PROTECTED]
Old-Status: Feedback
Status: Open
Bug Type: Reproducible crash
Operating system: Linux 2.2.16
PHP Version: 4.0.6
Description: Using $string = md5($string); crashed HTTP child processes


Thanks I did not think to check there this time.  I see the following, even with the 
the $cipher = md5() and CleanString functions disabled:

[Sun Jul  1 09:11:55 2001]  Script:  '/home/nerdwww/compose.php'
mcrypt.c(1322) : Block 0x08429258 status:
Beginning:      OK (allocated on mcrypt.c:1252, 24 bytes)
      End:      Overflown (magic=0x35653364 instead of 0x2A8FCC84)
                At least 4 bytes overflown

Here are the calls I make using mcrypt outside of the compose.php script you have 
already seen:

Thanks again!


Previous Comments:

[2001-07-01 06:45:31] [EMAIL PROTECTED]


with debug enabled, do you see any errors in either your httpd errorlog or in 
/var/log/zenderrors ?



[2001-06-30 21:52:11] [EMAIL PROTECTED]


I have compiled php-4.0.6 with --enable-debug to try and get a backtrace, but when I 
do, the bug vanishes and the same code no longer crashed my httpd child process.. 

Here is some detailed info:

PHP 4.0.6 config line:
./configure  --with-mysql --with-gd --enable-track-vars --with-jpeg-dir=/usr/local/lib 

--enable-bcmath --with-apache=../apache_1.3.20 --enable-ftp --enable-sockets 
--with-mcrypt --enable-debug

and for Apache 1.3.20


The script that is causing this error is:

As you can see, a use submits a form, which is the source of $cipher, an alphanumeric 
string, which is then encrypted and other actions take place after.

I am not using the Zend Optimizer or anything unusual here at all... If I run the 
httpd thru gdb and reproduce the crash it gives me an error in 
shutdown_memory_manager() when it crashes, but not much else since the bug disappears 
when I compile in debug into PHP...  If any more info is needed let me know... Thanks 
PHP team, you guys rule!!!



[2001-06-30 05:10:11] [EMAIL PROTECTED]

Can you please post your script as .txt file on the web, so that I can check how the 
$cipher is generated?
And is it possibly for you to make a backtrace of this crash 
( as I couldn't reproduce it.



[2001-06-29 14:04:25] [EMAIL PROTECTED]

PHP Options:
'./configure' '--with-mysql' '--with-gd' '--enable-track-vars' 
'--with-jpeg-dir=/usr/local/lib' '--enable-bcmath' '--with-apache=../apache_1.3.20' 
'--enable-ftp' '--enable-sockets' '--with-mcrypt'

The problem I am having is:

When using the code:

$cipher = md5($cipher); httpd crashes the current child process with:

[Fri Jun 29 10:54:49 2001] [notice] child pid 9766 exit signal Segmentation fault (11)
[Fri Jun 29 10:54:50 2001] [notice] child pid 9920 exit signal Segmentation fault (11)

The page then fails to load, returning nothing to the browser.

Also, I have another function called CleanSring($string);  which looks like:

function CleanString($string)
        $string = strip_tags($string);
        $string = 

        $string = 

        $string = preg_replace("/<[^>]*>/","",$string);
        return $string;

Calling this function like:

$string = CleanString($string); causes the same problem.

Whats weird is I call md5() again below the problem code:

    $now = date("r");
    $thisID = md5(substr(makeID(), 0, 16));
    $onetimepass = substr(md5($thisID), 0, 8);

And neither of these causes the same problem, even when being used in the same 


Full Bug description available at:

PHP Development Mailing List <>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to