[PHP-DEV] Bug #11998 Updated: Crash on multipart file form upload

me Sun, 19 Aug 2001 14:00:12 -0700
ID: 11998
User updated by: [EMAIL PROTECTED]
Reported By: [EMAIL PROTECTED]
Old Status: Feedback
Status: Open
Bug Type: Reproducible crash
Operating System: FreeBSD 4.2-STABLE
PHP Version: 4.0CVS-2001-07-10
New Comment:

Hmmm, maybe I missed something.

This form here crashes it:

http://philth.net.nz/upload.php

and the file it's posting to has 

<?
echo "foobar";
?>

in it.

Previous Comments:
------------------------------------------------------------------------

[2001-08-19 16:26:29] [EMAIL PROTECTED]

I can not reproduce this. I have a form with 30 indexed
file fields plus 50 with no preset indexes.
ie.

30 of these: <input type="file" name="test1[1]">
50 of these: <input type="file" name="test2[]">

And I can't get it to crash..do I have to upload ove 26
file or?

--Jani


------------------------------------------------------------------------

[2001-08-19 07:21:38] [EMAIL PROTECTED]

Simply a form containing more than 26 <input type="file"> tag's.

So,
<form action="/prop/" method="post" id="editForm" enctype="multipart/form-data">
        
        Image 1:<input type="file" name="img[1]" size="24" onclick="" onchange="">
        Image 2:<input type="file" name="img[2]" size="24" onclick="" onchange="">
                
                ... [Lots more here] ...
        
        Image 18:<input type="file" name="img[18]" size="24" onclick="" onchange="">
        Image 19:<input type="file" name="img[19]" size="24" onclick="" onchange="">
                
                
        Virtual Image 1:<input type="file" name="virtimg[1]" size="24" onclick="" 
onchange="">
        Image IVR 1:<input type="file" name="virtivr[1]" size="24" onclick="" 
onchange="">
                
                ... [Lots more here] ...
        
        Virtual Image 6:<input type="file" name="virtimg[6]" size="24" onclick="" 
onchange="">
        Image IVR 6:<input type="file" name="virtivr[6]" size="24" onclick="" 
onchange="">
        
        <input type="submit" value="  Submit  " id="submitButton">
</form>


It doesn't matter what's in the page it POST's too.


------------------------------------------------------------------------

[2001-08-19 04:46:27] [EMAIL PROTECTED]

Please include the shortest possible example
script into this report.


------------------------------------------------------------------------

[2001-07-10 02:21:53] [EMAIL PROTECTED]

Crashes (signal 11) on file upload using multipart form data.

Worked with 4.0.4pl1, haven't tried 4.0.5, crashed with 4.0.6 and latest CVS since.

Compiled with:
./configure \
--enable-inline-optimization \
--enable-sysvsem \
--enable-sysvshm \
--with-mysql=/usr/local \
--with-pdflib=/usr/local \
--with-jpeg=/usr/local \
--with-jpeg-dir=/usr/local \
--with-png-dir=/usr/local \
--with-png=/usr/local \
--with-zlib-dir=/usr \
--with-pgsql=/usr/local \
--with-imap=/usr/local \
--with-gd=/usr/local \
--with-freetype=/usr/local \
--with-apxs=/usr/local/apache_test/bin/apxs

Backtrace:
(gdb) bt
#0  0x1822c8f3 in php_mime_split (
    buf=0x81bf00c '-' <repeats 29 times>, "7d1bb1e111070e\r\nContent-Disposition: 
form-data; name=\"id\"\r\n\r\n3319", cnt=80256, 
    boundary=0x818e02a '-' <repeats 27 times>, "7d1bb1e111070e", array_ptr=0x81389cc) 
at rfc1867.c:174
#1  0x1822d56f in rfc1867_post_handler (
    content_type_dup=0x818e00c "multipart/form-data; boundary=", '-' <repeats 27 
times>, "7d1bb1e111070e", arg=0x81389cc)
    at rfc1867.c:472
#2  0x1822b675 in sapi_handle_post (arg=0x81389cc) at SAPI.c:110
#3  0x1822e52d in php_treat_data (arg=0, str=0x0, destArray=0x0) at 
php_variables.c:251
#4  0x18229486 in php_hash_environment () at main.c:1080
#5  0x18228b98 in php_request_startup () at main.c:650
#6  0x18226321 in apache_php_module_main (r=0x818406c, display_source_mode=0) at 
sapi_apache.c:67
#7  0x18226d6a in send_php (r=0x818406c, display_source_mode=0, filename=0x0) at 
mod_php4.c:581
#8  0x18226da6 in send_parsed_php (r=0x818406c) at mod_php4.c:594
#9  0x80758a1 in ap_invoke_handler ()
#10 0x8089fa8 in process_request_internal ()
#11 0x808a402 in ap_internal_redirect ()
#12 0x184e68d2 in mod_gzip_redir1_handler () from 
/usr/local/apache_test/libexec/mod_gzip.so
#13 0x184e4fa0 in mod_gzip_handler () from /usr/local/apache_test/libexec/mod_gzip.so
#14 0x80758a1 in ap_invoke_handler ()
#15 0x8089fa8 in process_request_internal ()
#16 0x808a402 in ap_internal_redirect ()
#17 0x80602b2 in handle_dir ()
#18 0x80758a1 in ap_invoke_handler ()
#19 0x8089fa8 in process_request_internal ()
#20 0x808a012 in ap_process_request ()
#21 0x8080fdf in child_main ()
#22 0x808119d in make_child ()
#23 0x8081316 in startup_children ()
#24 0x8081924 in standalone_main ()
#25 0x808213c in main ()
#26 0x804f429 in _start ()

------------------------------------------------------------------------



Edit this bug report at http://bugs.php.net/?id=11998&edit=1


-- 
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DEV] Bug #11998 Updated: Crash on multipart file form upload

Reply via email to
