ID: 11998
Updated by: troels
Reported By: [EMAIL PROTECTED]
Status: Critical
Bug Type: Reproducible crash
Operating System: FreeBSD 4.2-STABLE
PHP Version: 4.0CVS-2001-07-10
New Comment:
Some follow-up.
PHP 4.0.5 does _not_ have the bug.
Current CVS (August 30 2001) does have the bug.
The bug doesn't seem to show up unless around 30 files are uploaded.
Here's a back-trace from PHP current CVS.
#0 php_mime_split (
buf=0x80fbaf4 '-' <repeats 29 times>,
"172461271845611381008674657\r\nContent-Disposition: form-data;
name=\"date_debut\"\r\n\r\n2001-08-25", cnt=28292, boundary=0x80c387a '-' <repeats 27
times>, "172461271845611381008674657", array_ptr=0x80fb0e4) at rfc1867.c:177
#1 0x4042a55f in rfc1867_post_handler (
content_type_dup=0x80c385c "multipart/form-data; boundary=", '-' <repeats 27
times>, "172461271845611381008674657", arg=0x80fb0e4)
at rfc1867.c:472
#2 0x40427c83 in sapi_handle_post (arg=0x80fb0e4) at SAPI.c:107
#3 0x4042b768 in php_treat_data (arg=0, str=0x0, destArray=0x0) at
php_variables.c:250
#4 0x40425036 in php_hash_environment () at main.c:1097
#5 0x404244d0 in php_request_startup () at main.c:684
#6 0x404216c0 in apache_php_module_main (r=0x80e5218, display_source_mode=0) at
sapi_apache.c:67
#7 0x40422324 in send_php (r=0x80e5218, display_source_mode=0, filename=0x0) at
mod_php4.c:575
#8 0x40422383 in send_parsed_php (r=0x80e5218) at mod_php4.c:590
#9 0x080551cd in ap_invoke_handler () at eval.c:41
#10 0x0806732c in ap_some_auth_required () at eval.c:41
#11 0x080673a3 in ap_process_request () at eval.c:41
#12 0x0805fa47 in ap_child_terminate () at eval.c:41
#13 0x0805fbea in ap_child_terminate () at eval.c:41
#14 0x0805fd2d in ap_child_terminate () at eval.c:41
#15 0x08060350 in ap_child_terminate () at eval.c:41
#16 0x08060c13 in main () at eval.c:41
#17 0x4015c4b7 in __libc_start_main (main=0x8060790 <main>, argc=2, ubp_av=0xbffff9c4,
init=0x804fb20 <_init>, fini=0x80894d0 <_fini>,
rtld_fini=0x4000dbb4 <_dl_fini>, stack_end=0xbffff9bc) at
../sysdeps/generic/libc-start.c:129
Previous Comments:
------------------------------------------------------------------------
[2001-08-30 13:32:38] [EMAIL PROTECTED]
The bug also exists when running PHP on Linux. And it may be reproduced with Mozilla,
too. Please don't forget this one before 4.0.7 is released.
------------------------------------------------------------------------
[2001-08-23 05:54:35] [EMAIL PROTECTED]
Reproduced with IE 5.5. The rfc1867.c has some bugs
in it after all..
Marked as fix before release. (4.0.7)
--Jani
------------------------------------------------------------------------
[2001-08-21 05:42:02] [EMAIL PROTECTED]
Crashes with 1.3.14, 1.3.17 and 1.3.20.
I've tried it with IE5, IE5.5, Mozilla 0.9.3 and Netscape 6.1.
Whoa, just found it _doesn't_ crash with Netscape 4.08 or Opera 5.11.
I can't test it in Linux, as I'm currently sans-external-DSL-modem and therefore stuck
in windows until a new one arrives.
------------------------------------------------------------------------
[2001-08-21 05:28:51] [EMAIL PROTECTED]
Just one more thing: What version of Apache?
And does this happen with any browser? IE / NS / Mozilla ?
--Jani
------------------------------------------------------------------------
[2001-08-21 00:11:45] [EMAIL PROTECTED]
>From CVS as at 21/08/2001 16:15 NZDT using same form and uploading 2 images in the
>fields supplied.
(gdb) bt
#0 0x1823fdbf in php_mime_split (
buf=0x820000c '-' <repeats 29 times>, "7d12252130332\r\nContent-Disposition:
form-data; name=\"id\"\r\n\r\n3319", cnt=33534,
boundary=0x819762a '-' <repeats 27 times>, "7d12252130332", array_ptr=0x817eaec)
at rfc1867.c:174
#1 0x18240a3b in rfc1867_post_handler (
content_type_dup=0x819760c "multipart/form-data; boundary=", '-' <repeats 27
times>, "7d12252130332", arg=0x817eaec)
at rfc1867.c:472
#2 0x1823eb25 in sapi_handle_post (arg=0x817eaec) at SAPI.c:107
#3 0x18241a01 in php_treat_data (arg=0, str=0x0, destArray=0x0) at
php_variables.c:250
#4 0x1823c2ce in php_hash_environment () at main.c:1097
#5 0x1823b6f0 in php_request_startup () at main.c:684
#6 0x18238cd6 in apache_php_module_main (r=0x819e71c, display_source_mode=0) at
sapi_apache.c:67
#7 0x18239822 in send_php (r=0x819e71c, display_source_mode=0, filename=0x0) at
mod_php4.c:575
#8 0x18239882 in send_parsed_php (r=0x819e71c) at mod_php4.c:590
#9 0x80758a1 in ap_invoke_handler ()
#10 0x8089fa8 in process_request_internal ()
#11 0x808a402 in ap_internal_redirect ()
#12 0x181d48d2 in mod_gzip_redir1_handler () from
/usr/local/apache_test/libexec/mod_gzip.so
#13 0x181d2fa0 in mod_gzip_handler () from /usr/local/apache_test/libexec/mod_gzip.so
#14 0x80758a1 in ap_invoke_handler ()
#15 0x8089fa8 in process_request_internal ()
#16 0x808a402 in ap_internal_redirect ()
#17 0x80602b2 in handle_dir ()
#18 0x80758a1 in ap_invoke_handler ()
#19 0x8089fa8 in process_request_internal ()
#20 0x808a012 in ap_process_request ()
#21 0x8080fdf in child_main ()
#22 0x808119d in make_child ()
#23 0x8081316 in startup_children ()
#24 0x8081924 in standalone_main ()
#25 0x808213c in main ()
#26 0x804f429 in _start ()
(gdb)
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/?id=11998
Edit this bug report at http://bugs.php.net/?id=11998&edit=1
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
