hi list,
first, to narrow down the list of systems affected:
it only happens with the one .jpg file and only if you try to upload the
file in a special html-form and only with mozilla 0.9.9.
i didnt test another mozilla; i did test with netscape 4.76
successfully.
i was supposed to just add a file upload to an html form to allow users
to upload some images. for testing i had to randomly pick a file. out of
all files on my disks, i chose exactly the one that would result in
mozilla just stalling the request and make php segfault as soon as i hit
ESC! it's been a great evening since...
using the same browser but different files : works
intercepting the segfault-provoking-request
bytestream and netcat'ing it into the webserver : works
using a simple (minimalistic) file upload form : works
oh and yes, i can reproduce this bug at a rate of 100% when the
preconditions are met...
i believe that mozilla is faulty in this case. but php shouldn't segfault.
i have not tested all variations to find out what exactly mozilla is so
confused about here. the mozilla guys might want to check this...
i dont know. all too strange. if anyone has any idea what's causing
this, let me know...
here's my simple patch[1]. it doesn't make the file upload work, but at
least php does not segfault anymore (see backtrace[1]) and gracefully
terminates the request.
--- php-4.2.0/main/rfc1867.c Tue Apr 2 01:29:19 2002
+++ php-4.2.0RC4/main/rfc1867.c Mon Apr 22 23:54:06 2002
@@ -371,11 +371,12 @@
}
entry = zend_llist_get_first(&header);
- do {
+ while (entry) {
if (!strcasecmp(entry->key, key)) {
return entry->value;
}
- } while ((entry = zend_llist_get_next(&header)));
+ entry = zend_llist_get_next(&header);
+ }
return NULL;
}
some more info so someone might get on the right track here:
- the content-length header is set correctly, i.e. apache isn't
waiting for data mozilla wont send
- the uploaded file is __fully__ retrieved! and md5sum yields the same
result. (i manually found the tmp/php* corresponding to that upload).
- the php code for the POST'ed to url is __never__ executed even
though the upload seems to be complete. and apache does not add it
to the access log (not after i hit ESC either).
[1] relevant files -- the problematic image, the patch, the backtrace,
the bytestream -- can be found here http://www.azzit.de/patches/php4/fileupload-segv/
regards,
-lukas
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, visit: http://www.php.net/unsub.php
