I've committed the patch. Thanks.
--Jani
On Tue, 23 Apr 2002, Lukas Schroeder wrote:
>hi list,
>
>first, to narrow down the list of systems affected:
>it only happens with the one .jpg file and only if you try to upload the
>file in a special html-form and only with mozilla 0.9.9.
>i didnt test another mozilla; i did test with netscape 4.76
>successfully.
>
>i was supposed to just add a file upload to an html form to allow users
>to upload some images. for testing i had to randomly pick a file. out of
>all files on my disks, i chose exactly the one that would result in
>mozilla just stalling the request and make php segfault as soon as i hit
>ESC! it's been a great evening since...
>
>using the same browser but different files : works
>intercepting the segfault-provoking-request
>bytestream and netcat'ing it into the webserver : works
>using a simple (minimalistic) file upload form : works
>
>oh and yes, i can reproduce this bug at a rate of 100% when the
>preconditions are met...
>
>i believe that mozilla is faulty in this case. but php shouldn't segfault.
>i have not tested all variations to find out what exactly mozilla is so
>confused about here. the mozilla guys might want to check this...
>i dont know. all too strange. if anyone has any idea what's causing
>this, let me know...
>
>here's my simple patch[1]. it doesn't make the file upload work, but at
>least php does not segfault anymore (see backtrace[1]) and gracefully
>terminates the request.
>
>--- php-4.2.0/main/rfc1867.c Tue Apr 2 01:29:19 2002
>+++ php-4.2.0RC4/main/rfc1867.c Mon Apr 22 23:54:06 2002
>@@ -371,11 +371,12 @@
> }
>
> entry = zend_llist_get_first(&header);
>- do {
>+ while (entry) {
> if (!strcasecmp(entry->key, key)) {
> return entry->value;
> }
>- } while ((entry = zend_llist_get_next(&header)));
>+ entry = zend_llist_get_next(&header);
>+ }
>
> return NULL;
> }
>
>
>some more info so someone might get on the right track here:
> - the content-length header is set correctly, i.e. apache isn't
> waiting for data mozilla wont send
> - the uploaded file is __fully__ retrieved! and md5sum yields the same
> result. (i manually found the tmp/php* corresponding to that upload).
> - the php code for the POST'ed to url is __never__ executed even
> though the upload seems to be complete. and apache does not add it
> to the access log (not after i hit ESC either).
>
>
>[1] relevant files -- the problematic image, the patch, the backtrace,
>the bytestream -- can be found here http://www.azzit.de/patches/php4/fileupload-segv/
>
>
>
>regards,
> -lukas
>
>
>
--
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, visit: http://www.php.net/unsub.php
