[PHP-DEV] Bug #11998 Updated: Crash on multipart file form upload

2001-10-02 Thread sniper

ID: 11998
Updated by: sniper
Reported By: [EMAIL PROTECTED]
Old Status: Critical
Status: Closed
Bug Type: Reproducible crash
Operating System: FreeBSD 4.2-STABLE
PHP Version: 4.0CVS-2001-07-10
New Comment:

This is fixed now.

--Jani

Previous Comments:


[2001-08-30 14:22:59] [EMAIL PROTECTED]

Some follow-up.

PHP 4.0.5 does _not_ have the bug.
Current CVS (August 30 2001) does have the bug.

The bug doesn't seem to show up unless around 30 files are uploaded.

Here's a back-trace from PHP current CVS.

#0  php_mime_split (
buf=0x80fbaf4 '-' repeats 29 times, 
172461271845611381008674657\r\nContent-Disposition: form-data; 
name=\date_debut\\r\n\r\n2001-08-25, cnt=28292, boundary=0x80c387a '-' repeats 27 
times, 172461271845611381008674657, array_ptr=0x80fb0e4) at rfc1867.c:177
#1  0x4042a55f in rfc1867_post_handler (
content_type_dup=0x80c385c multipart/form-data; boundary=, '-' repeats 27 
times, 172461271845611381008674657, arg=0x80fb0e4)
at rfc1867.c:472
#2  0x40427c83 in sapi_handle_post (arg=0x80fb0e4) at SAPI.c:107
#3  0x4042b768 in php_treat_data (arg=0, str=0x0, destArray=0x0) at 
php_variables.c:250
#4  0x40425036 in php_hash_environment () at main.c:1097
#5  0x404244d0 in php_request_startup () at main.c:684
#6  0x404216c0 in apache_php_module_main (r=0x80e5218, display_source_mode=0) at 
sapi_apache.c:67
#7  0x40422324 in send_php (r=0x80e5218, display_source_mode=0, filename=0x0) at 
mod_php4.c:575
#8  0x40422383 in send_parsed_php (r=0x80e5218) at mod_php4.c:590
#9  0x080551cd in ap_invoke_handler () at eval.c:41
#10 0x0806732c in ap_some_auth_required () at eval.c:41
#11 0x080673a3 in ap_process_request () at eval.c:41
#12 0x0805fa47 in ap_child_terminate () at eval.c:41
#13 0x0805fbea in ap_child_terminate () at eval.c:41
#14 0x0805fd2d in ap_child_terminate () at eval.c:41
#15 0x08060350 in ap_child_terminate () at eval.c:41
#16 0x08060c13 in main () at eval.c:41
#17 0x4015c4b7 in __libc_start_main (main=0x8060790 main, argc=2, ubp_av=0xb9c4, 
init=0x804fb20 _init, fini=0x80894d0 _fini, 
rtld_fini=0x4000dbb4 _dl_fini, stack_end=0xb9bc) at 
../sysdeps/generic/libc-start.c:129



[2001-08-30 13:32:38] [EMAIL PROTECTED]

The bug also exists when running PHP on Linux. And it may be reproduced with Mozilla, 
too. Please don't forget this one before 4.0.7 is released.



[2001-08-23 05:54:35] [EMAIL PROTECTED]

Reproduced with IE 5.5. The rfc1867.c has some bugs
in it after all..

Marked as fix before release. (4.0.7)

--Jani




[2001-08-21 05:42:02] [EMAIL PROTECTED]

Crashes with 1.3.14, 1.3.17 and 1.3.20.

I've tried it with IE5, IE5.5, Mozilla 0.9.3 and Netscape 6.1.

Whoa, just found it _doesn't_ crash with Netscape 4.08 or Opera 5.11.

I can't test it in Linux, as I'm currently sans-external-DSL-modem and therefore stuck 
in windows until a new one arrives.



[2001-08-21 05:28:51] [EMAIL PROTECTED]

Just one more thing: What version of Apache? 
And does this happen with any browser? IE / NS / Mozilla ?

--Jani




The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/?id=11998


Edit this bug report at http://bugs.php.net/?id=11998edit=1


-- 
PHP Development Mailing List http://www.php.net/
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]




[PHP-DEV] Bug #11998 Updated: Crash on multipart file form upload

2001-08-30 Thread troels

ID: 11998
Updated by: troels
Reported By: [EMAIL PROTECTED]
Status: Critical
Bug Type: Reproducible crash
Operating System: FreeBSD 4.2-STABLE
PHP Version: 4.0CVS-2001-07-10
New Comment:

The bug also exists when running PHP on Linux. And it may be reproduced with Mozilla, 
too. Please don't forget this one before 4.0.7 is released.

Previous Comments:


[2001-08-23 05:54:35] [EMAIL PROTECTED]

Reproduced with IE 5.5. The rfc1867.c has some bugs
in it after all..

Marked as fix before release. (4.0.7)

--Jani




[2001-08-21 05:42:02] [EMAIL PROTECTED]

Crashes with 1.3.14, 1.3.17 and 1.3.20.

I've tried it with IE5, IE5.5, Mozilla 0.9.3 and Netscape 6.1.

Whoa, just found it _doesn't_ crash with Netscape 4.08 or Opera 5.11.

I can't test it in Linux, as I'm currently sans-external-DSL-modem and therefore stuck 
in windows until a new one arrives.



[2001-08-21 05:28:51] [EMAIL PROTECTED]

Just one more thing: What version of Apache? 
And does this happen with any browser? IE / NS / Mozilla ?

--Jani




[2001-08-21 00:11:45] [EMAIL PROTECTED]

From CVS as at 21/08/2001 16:15 NZDT using same form and uploading 2 images in the 
fields supplied.

(gdb) bt
#0  0x1823fdbf in php_mime_split (
buf=0x82c '-' repeats 29 times, 7d12252130332\r\nContent-Disposition: 
form-data; name=\id\\r\n\r\n3319, cnt=33534, 
boundary=0x819762a '-' repeats 27 times, 7d12252130332, array_ptr=0x817eaec) 
at rfc1867.c:174
#1  0x18240a3b in rfc1867_post_handler (
content_type_dup=0x819760c multipart/form-data; boundary=, '-' repeats 27 
times, 7d12252130332, arg=0x817eaec)
at rfc1867.c:472
#2  0x1823eb25 in sapi_handle_post (arg=0x817eaec) at SAPI.c:107
#3  0x18241a01 in php_treat_data (arg=0, str=0x0, destArray=0x0) at 
php_variables.c:250
#4  0x1823c2ce in php_hash_environment () at main.c:1097
#5  0x1823b6f0 in php_request_startup () at main.c:684
#6  0x18238cd6 in apache_php_module_main (r=0x819e71c, display_source_mode=0) at 
sapi_apache.c:67
#7  0x18239822 in send_php (r=0x819e71c, display_source_mode=0, filename=0x0) at 
mod_php4.c:575
#8  0x18239882 in send_parsed_php (r=0x819e71c) at mod_php4.c:590
#9  0x80758a1 in ap_invoke_handler ()
#10 0x8089fa8 in process_request_internal ()
#11 0x808a402 in ap_internal_redirect ()
#12 0x181d48d2 in mod_gzip_redir1_handler () from 
/usr/local/apache_test/libexec/mod_gzip.so
#13 0x181d2fa0 in mod_gzip_handler () from /usr/local/apache_test/libexec/mod_gzip.so
#14 0x80758a1 in ap_invoke_handler ()
#15 0x8089fa8 in process_request_internal ()
#16 0x808a402 in ap_internal_redirect ()
#17 0x80602b2 in handle_dir ()
#18 0x80758a1 in ap_invoke_handler ()
#19 0x8089fa8 in process_request_internal ()
#20 0x808a012 in ap_process_request ()
#21 0x8080fdf in child_main ()
#22 0x808119d in make_child ()
#23 0x8081316 in startup_children ()
#24 0x8081924 in standalone_main ()
#25 0x808213c in main ()
#26 0x804f429 in _start ()
(gdb) 



[2001-08-20 19:48:36] [EMAIL PROTECTED]

I can not reproduce it with your form and with latest CVS.
Please provide a GDB backtrace of the crash (using latest CVS of PHP)

--Jani




The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/?id=11998


Edit this bug report at http://bugs.php.net/?id=11998edit=1


-- 
PHP Development Mailing List http://www.php.net/
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]




[PHP-DEV] Bug #11998 Updated: Crash on multipart file form upload

2001-08-30 Thread troels

ID: 11998
Updated by: troels
Reported By: [EMAIL PROTECTED]
Status: Critical
Bug Type: Reproducible crash
Operating System: FreeBSD 4.2-STABLE
PHP Version: 4.0CVS-2001-07-10
New Comment:

Some follow-up.

PHP 4.0.5 does _not_ have the bug.
Current CVS (August 30 2001) does have the bug.

The bug doesn't seem to show up unless around 30 files are uploaded.

Here's a back-trace from PHP current CVS.

#0  php_mime_split (
buf=0x80fbaf4 '-' repeats 29 times, 
172461271845611381008674657\r\nContent-Disposition: form-data; 
name=\date_debut\\r\n\r\n2001-08-25, cnt=28292, boundary=0x80c387a '-' repeats 27 
times, 172461271845611381008674657, array_ptr=0x80fb0e4) at rfc1867.c:177
#1  0x4042a55f in rfc1867_post_handler (
content_type_dup=0x80c385c multipart/form-data; boundary=, '-' repeats 27 
times, 172461271845611381008674657, arg=0x80fb0e4)
at rfc1867.c:472
#2  0x40427c83 in sapi_handle_post (arg=0x80fb0e4) at SAPI.c:107
#3  0x4042b768 in php_treat_data (arg=0, str=0x0, destArray=0x0) at 
php_variables.c:250
#4  0x40425036 in php_hash_environment () at main.c:1097
#5  0x404244d0 in php_request_startup () at main.c:684
#6  0x404216c0 in apache_php_module_main (r=0x80e5218, display_source_mode=0) at 
sapi_apache.c:67
#7  0x40422324 in send_php (r=0x80e5218, display_source_mode=0, filename=0x0) at 
mod_php4.c:575
#8  0x40422383 in send_parsed_php (r=0x80e5218) at mod_php4.c:590
#9  0x080551cd in ap_invoke_handler () at eval.c:41
#10 0x0806732c in ap_some_auth_required () at eval.c:41
#11 0x080673a3 in ap_process_request () at eval.c:41
#12 0x0805fa47 in ap_child_terminate () at eval.c:41
#13 0x0805fbea in ap_child_terminate () at eval.c:41
#14 0x0805fd2d in ap_child_terminate () at eval.c:41
#15 0x08060350 in ap_child_terminate () at eval.c:41
#16 0x08060c13 in main () at eval.c:41
#17 0x4015c4b7 in __libc_start_main (main=0x8060790 main, argc=2, ubp_av=0xb9c4, 
init=0x804fb20 _init, fini=0x80894d0 _fini, 
rtld_fini=0x4000dbb4 _dl_fini, stack_end=0xb9bc) at 
../sysdeps/generic/libc-start.c:129

Previous Comments:


[2001-08-30 13:32:38] [EMAIL PROTECTED]

The bug also exists when running PHP on Linux. And it may be reproduced with Mozilla, 
too. Please don't forget this one before 4.0.7 is released.



[2001-08-23 05:54:35] [EMAIL PROTECTED]

Reproduced with IE 5.5. The rfc1867.c has some bugs
in it after all..

Marked as fix before release. (4.0.7)

--Jani




[2001-08-21 05:42:02] [EMAIL PROTECTED]

Crashes with 1.3.14, 1.3.17 and 1.3.20.

I've tried it with IE5, IE5.5, Mozilla 0.9.3 and Netscape 6.1.

Whoa, just found it _doesn't_ crash with Netscape 4.08 or Opera 5.11.

I can't test it in Linux, as I'm currently sans-external-DSL-modem and therefore stuck 
in windows until a new one arrives.



[2001-08-21 05:28:51] [EMAIL PROTECTED]

Just one more thing: What version of Apache? 
And does this happen with any browser? IE / NS / Mozilla ?

--Jani




[2001-08-21 00:11:45] [EMAIL PROTECTED]

From CVS as at 21/08/2001 16:15 NZDT using same form and uploading 2 images in the 
fields supplied.

(gdb) bt
#0  0x1823fdbf in php_mime_split (
buf=0x82c '-' repeats 29 times, 7d12252130332\r\nContent-Disposition: 
form-data; name=\id\\r\n\r\n3319, cnt=33534, 
boundary=0x819762a '-' repeats 27 times, 7d12252130332, array_ptr=0x817eaec) 
at rfc1867.c:174
#1  0x18240a3b in rfc1867_post_handler (
content_type_dup=0x819760c multipart/form-data; boundary=, '-' repeats 27 
times, 7d12252130332, arg=0x817eaec)
at rfc1867.c:472
#2  0x1823eb25 in sapi_handle_post (arg=0x817eaec) at SAPI.c:107
#3  0x18241a01 in php_treat_data (arg=0, str=0x0, destArray=0x0) at 
php_variables.c:250
#4  0x1823c2ce in php_hash_environment () at main.c:1097
#5  0x1823b6f0 in php_request_startup () at main.c:684
#6  0x18238cd6 in apache_php_module_main (r=0x819e71c, display_source_mode=0) at 
sapi_apache.c:67
#7  0x18239822 in send_php (r=0x819e71c, display_source_mode=0, filename=0x0) at 
mod_php4.c:575
#8  0x18239882 in send_parsed_php (r=0x819e71c) at mod_php4.c:590
#9  0x80758a1 in ap_invoke_handler ()
#10 0x8089fa8 in process_request_internal ()
#11 0x808a402 in ap_internal_redirect ()
#12 0x181d48d2 in mod_gzip_redir1_handler () from 
/usr/local/apache_test/libexec/mod_gzip.so
#13 0x181d2fa0 in mod_gzip_handler () from /usr/local/apache_test/libexec/mod_gzip.so
#14 0x80758a1 in ap_invoke_handler ()
#15 0x8089fa8 in process_request_internal ()
#16 0x808a402 in ap_internal_redirect ()
#17 0x80602b2 in handle_dir ()
#18 0x80758a1 in ap_invoke_handler ()
#19 0x8089fa8 in 

[PHP-DEV] Bug #11998 Updated: Crash on multipart file form upload

2001-08-23 Thread sniper

ID: 11998
Updated by: sniper
Reported By: [EMAIL PROTECTED]
Old Status: Open
Status: Critical
Bug Type: Reproducible crash
Operating System: FreeBSD 4.2-STABLE
PHP Version: 4.0CVS-2001-07-10
New Comment:

Reproduced with IE 5.5. The rfc1867.c has some bugs
in it after all..

Marked as fix before release. (4.0.7)

--Jani


Previous Comments:


[2001-08-21 05:42:02] [EMAIL PROTECTED]

Crashes with 1.3.14, 1.3.17 and 1.3.20.

I've tried it with IE5, IE5.5, Mozilla 0.9.3 and Netscape 6.1.

Whoa, just found it _doesn't_ crash with Netscape 4.08 or Opera 5.11.

I can't test it in Linux, as I'm currently sans-external-DSL-modem and therefore stuck 
in windows until a new one arrives.



[2001-08-21 05:28:51] [EMAIL PROTECTED]

Just one more thing: What version of Apache? 
And does this happen with any browser? IE / NS / Mozilla ?

--Jani




[2001-08-21 00:11:45] [EMAIL PROTECTED]

From CVS as at 21/08/2001 16:15 NZDT using same form and uploading 2 images in the 
fields supplied.

(gdb) bt
#0  0x1823fdbf in php_mime_split (
buf=0x82c '-' repeats 29 times, 7d12252130332\r\nContent-Disposition: 
form-data; name=\id\\r\n\r\n3319, cnt=33534, 
boundary=0x819762a '-' repeats 27 times, 7d12252130332, array_ptr=0x817eaec) 
at rfc1867.c:174
#1  0x18240a3b in rfc1867_post_handler (
content_type_dup=0x819760c multipart/form-data; boundary=, '-' repeats 27 
times, 7d12252130332, arg=0x817eaec)
at rfc1867.c:472
#2  0x1823eb25 in sapi_handle_post (arg=0x817eaec) at SAPI.c:107
#3  0x18241a01 in php_treat_data (arg=0, str=0x0, destArray=0x0) at 
php_variables.c:250
#4  0x1823c2ce in php_hash_environment () at main.c:1097
#5  0x1823b6f0 in php_request_startup () at main.c:684
#6  0x18238cd6 in apache_php_module_main (r=0x819e71c, display_source_mode=0) at 
sapi_apache.c:67
#7  0x18239822 in send_php (r=0x819e71c, display_source_mode=0, filename=0x0) at 
mod_php4.c:575
#8  0x18239882 in send_parsed_php (r=0x819e71c) at mod_php4.c:590
#9  0x80758a1 in ap_invoke_handler ()
#10 0x8089fa8 in process_request_internal ()
#11 0x808a402 in ap_internal_redirect ()
#12 0x181d48d2 in mod_gzip_redir1_handler () from 
/usr/local/apache_test/libexec/mod_gzip.so
#13 0x181d2fa0 in mod_gzip_handler () from /usr/local/apache_test/libexec/mod_gzip.so
#14 0x80758a1 in ap_invoke_handler ()
#15 0x8089fa8 in process_request_internal ()
#16 0x808a402 in ap_internal_redirect ()
#17 0x80602b2 in handle_dir ()
#18 0x80758a1 in ap_invoke_handler ()
#19 0x8089fa8 in process_request_internal ()
#20 0x808a012 in ap_process_request ()
#21 0x8080fdf in child_main ()
#22 0x808119d in make_child ()
#23 0x8081316 in startup_children ()
#24 0x8081924 in standalone_main ()
#25 0x808213c in main ()
#26 0x804f429 in _start ()
(gdb) 



[2001-08-20 19:48:36] [EMAIL PROTECTED]

I can not reproduce it with your form and with latest CVS.
Please provide a GDB backtrace of the crash (using latest CVS of PHP)

--Jani




[2001-08-19 17:22:19] [EMAIL PROTECTED]

Hmmm, maybe I missed something.

This form here crashes it:

http://philth.net.nz/upload.php

and the file it's posting to has 

?
echo foobar;
?

in it.



The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/?id=11998


Edit this bug report at http://bugs.php.net/?id=11998edit=1


-- 
PHP Development Mailing List http://www.php.net/
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]




[PHP-DEV] Bug #11998 Updated: Crash on multipart file form upload

2001-08-21 Thread sniper

ID: 11998
Updated by: sniper
Reported By: [EMAIL PROTECTED]
Old Status: Open
Status: Feedback
Bug Type: Reproducible crash
Operating System: FreeBSD 4.2-STABLE
PHP Version: 4.0CVS-2001-07-10
New Comment:

Just one more thing: What version of Apache? 
And does this happen with any browser? IE / NS / Mozilla ?

--Jani


Previous Comments:


[2001-08-21 00:11:45] [EMAIL PROTECTED]

From CVS as at 21/08/2001 16:15 NZDT using same form and uploading 2 images in the 
fields supplied.

(gdb) bt
#0  0x1823fdbf in php_mime_split (
buf=0x82c '-' repeats 29 times, 7d12252130332\r\nContent-Disposition: 
form-data; name=\id\\r\n\r\n3319, cnt=33534, 
boundary=0x819762a '-' repeats 27 times, 7d12252130332, array_ptr=0x817eaec) 
at rfc1867.c:174
#1  0x18240a3b in rfc1867_post_handler (
content_type_dup=0x819760c multipart/form-data; boundary=, '-' repeats 27 
times, 7d12252130332, arg=0x817eaec)
at rfc1867.c:472
#2  0x1823eb25 in sapi_handle_post (arg=0x817eaec) at SAPI.c:107
#3  0x18241a01 in php_treat_data (arg=0, str=0x0, destArray=0x0) at 
php_variables.c:250
#4  0x1823c2ce in php_hash_environment () at main.c:1097
#5  0x1823b6f0 in php_request_startup () at main.c:684
#6  0x18238cd6 in apache_php_module_main (r=0x819e71c, display_source_mode=0) at 
sapi_apache.c:67
#7  0x18239822 in send_php (r=0x819e71c, display_source_mode=0, filename=0x0) at 
mod_php4.c:575
#8  0x18239882 in send_parsed_php (r=0x819e71c) at mod_php4.c:590
#9  0x80758a1 in ap_invoke_handler ()
#10 0x8089fa8 in process_request_internal ()
#11 0x808a402 in ap_internal_redirect ()
#12 0x181d48d2 in mod_gzip_redir1_handler () from 
/usr/local/apache_test/libexec/mod_gzip.so
#13 0x181d2fa0 in mod_gzip_handler () from /usr/local/apache_test/libexec/mod_gzip.so
#14 0x80758a1 in ap_invoke_handler ()
#15 0x8089fa8 in process_request_internal ()
#16 0x808a402 in ap_internal_redirect ()
#17 0x80602b2 in handle_dir ()
#18 0x80758a1 in ap_invoke_handler ()
#19 0x8089fa8 in process_request_internal ()
#20 0x808a012 in ap_process_request ()
#21 0x8080fdf in child_main ()
#22 0x808119d in make_child ()
#23 0x8081316 in startup_children ()
#24 0x8081924 in standalone_main ()
#25 0x808213c in main ()
#26 0x804f429 in _start ()
(gdb) 



[2001-08-20 19:48:36] [EMAIL PROTECTED]

I can not reproduce it with your form and with latest CVS.
Please provide a GDB backtrace of the crash (using latest CVS of PHP)

--Jani




[2001-08-19 17:22:19] [EMAIL PROTECTED]

Hmmm, maybe I missed something.

This form here crashes it:

http://philth.net.nz/upload.php

and the file it's posting to has 

?
echo foobar;
?

in it.



[2001-08-19 16:26:29] [EMAIL PROTECTED]

I can not reproduce this. I have a form with 30 indexed
file fields plus 50 with no preset indexes.
ie.

30 of these: input type=file name=test1[1]
50 of these: input type=file name=test2[]

And I can't get it to crash..do I have to upload ove 26
file or?

--Jani




[2001-08-19 07:21:38] [EMAIL PROTECTED]

Simply a form containing more than 26 input type=file tag's.

So,
form action=/prop/ method=post id=editForm enctype=multipart/form-data

Image 1:input type=file name=img[1] size=24 onclick= onchange=
Image 2:input type=file name=img[2] size=24 onclick= onchange=

... [Lots more here] ...

Image 18:input type=file name=img[18] size=24 onclick= onchange=
Image 19:input type=file name=img[19] size=24 onclick= onchange=


Virtual Image 1:input type=file name=virtimg[1] size=24 onclick= 
onchange=
Image IVR 1:input type=file name=virtivr[1] size=24 onclick= 
onchange=

... [Lots more here] ...

Virtual Image 6:input type=file name=virtimg[6] size=24 onclick= 
onchange=
Image IVR 6:input type=file name=virtivr[6] size=24 onclick= 
onchange=

input type=submit value=  Submit   id=submitButton
/form


It doesn't matter what's in the page it POST's too.




The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/?id=11998


Edit this bug report at http://bugs.php.net/?id=11998edit=1


-- 
PHP Development Mailing List http://www.php.net/
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]




[PHP-DEV] Bug #11998 Updated: Crash on multipart file form upload

2001-08-21 Thread me

ID: 11998
User updated by: [EMAIL PROTECTED]
Reported By: [EMAIL PROTECTED]
Old Status: Feedback
Status: Open
Bug Type: Reproducible crash
Operating System: FreeBSD 4.2-STABLE
PHP Version: 4.0CVS-2001-07-10
New Comment:

Crashes with 1.3.14, 1.3.17 and 1.3.20.

I've tried it with IE5, IE5.5, Mozilla 0.9.3 and Netscape 6.1.

Whoa, just found it _doesn't_ crash with Netscape 4.08 or Opera 5.11.

I can't test it in Linux, as I'm currently sans-external-DSL-modem and therefore stuck 
in windows until a new one arrives.

Previous Comments:


[2001-08-21 05:28:51] [EMAIL PROTECTED]

Just one more thing: What version of Apache? 
And does this happen with any browser? IE / NS / Mozilla ?

--Jani




[2001-08-21 00:11:45] [EMAIL PROTECTED]

From CVS as at 21/08/2001 16:15 NZDT using same form and uploading 2 images in the 
fields supplied.

(gdb) bt
#0  0x1823fdbf in php_mime_split (
buf=0x82c '-' repeats 29 times, 7d12252130332\r\nContent-Disposition: 
form-data; name=\id\\r\n\r\n3319, cnt=33534, 
boundary=0x819762a '-' repeats 27 times, 7d12252130332, array_ptr=0x817eaec) 
at rfc1867.c:174
#1  0x18240a3b in rfc1867_post_handler (
content_type_dup=0x819760c multipart/form-data; boundary=, '-' repeats 27 
times, 7d12252130332, arg=0x817eaec)
at rfc1867.c:472
#2  0x1823eb25 in sapi_handle_post (arg=0x817eaec) at SAPI.c:107
#3  0x18241a01 in php_treat_data (arg=0, str=0x0, destArray=0x0) at 
php_variables.c:250
#4  0x1823c2ce in php_hash_environment () at main.c:1097
#5  0x1823b6f0 in php_request_startup () at main.c:684
#6  0x18238cd6 in apache_php_module_main (r=0x819e71c, display_source_mode=0) at 
sapi_apache.c:67
#7  0x18239822 in send_php (r=0x819e71c, display_source_mode=0, filename=0x0) at 
mod_php4.c:575
#8  0x18239882 in send_parsed_php (r=0x819e71c) at mod_php4.c:590
#9  0x80758a1 in ap_invoke_handler ()
#10 0x8089fa8 in process_request_internal ()
#11 0x808a402 in ap_internal_redirect ()
#12 0x181d48d2 in mod_gzip_redir1_handler () from 
/usr/local/apache_test/libexec/mod_gzip.so
#13 0x181d2fa0 in mod_gzip_handler () from /usr/local/apache_test/libexec/mod_gzip.so
#14 0x80758a1 in ap_invoke_handler ()
#15 0x8089fa8 in process_request_internal ()
#16 0x808a402 in ap_internal_redirect ()
#17 0x80602b2 in handle_dir ()
#18 0x80758a1 in ap_invoke_handler ()
#19 0x8089fa8 in process_request_internal ()
#20 0x808a012 in ap_process_request ()
#21 0x8080fdf in child_main ()
#22 0x808119d in make_child ()
#23 0x8081316 in startup_children ()
#24 0x8081924 in standalone_main ()
#25 0x808213c in main ()
#26 0x804f429 in _start ()
(gdb) 



[2001-08-20 19:48:36] [EMAIL PROTECTED]

I can not reproduce it with your form and with latest CVS.
Please provide a GDB backtrace of the crash (using latest CVS of PHP)

--Jani




[2001-08-19 17:22:19] [EMAIL PROTECTED]

Hmmm, maybe I missed something.

This form here crashes it:

http://philth.net.nz/upload.php

and the file it's posting to has 

?
echo foobar;
?

in it.



[2001-08-19 16:26:29] [EMAIL PROTECTED]

I can not reproduce this. I have a form with 30 indexed
file fields plus 50 with no preset indexes.
ie.

30 of these: input type=file name=test1[1]
50 of these: input type=file name=test2[]

And I can't get it to crash..do I have to upload ove 26
file or?

--Jani




The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/?id=11998


Edit this bug report at http://bugs.php.net/?id=11998edit=1


-- 
PHP Development Mailing List http://www.php.net/
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]




[PHP-DEV] Bug #11998 Updated: Crash on multipart file form upload

2001-08-20 Thread sniper

ID: 11998
Updated by: sniper
Reported By: [EMAIL PROTECTED]
Old Status: Open
Status: Feedback
Bug Type: Reproducible crash
Operating System: FreeBSD 4.2-STABLE
PHP Version: 4.0CVS-2001-07-10
New Comment:

I can not reproduce it with your form and with latest CVS.
Please provide a GDB backtrace of the crash (using latest CVS of PHP)

--Jani


Previous Comments:


[2001-08-19 17:22:19] [EMAIL PROTECTED]

Hmmm, maybe I missed something.

This form here crashes it:

http://philth.net.nz/upload.php

and the file it's posting to has 

?
echo foobar;
?

in it.



[2001-08-19 16:26:29] [EMAIL PROTECTED]

I can not reproduce this. I have a form with 30 indexed
file fields plus 50 with no preset indexes.
ie.

30 of these: input type=file name=test1[1]
50 of these: input type=file name=test2[]

And I can't get it to crash..do I have to upload ove 26
file or?

--Jani




[2001-08-19 07:21:38] [EMAIL PROTECTED]

Simply a form containing more than 26 input type=file tag's.

So,
form action=/prop/ method=post id=editForm enctype=multipart/form-data

Image 1:input type=file name=img[1] size=24 onclick= onchange=
Image 2:input type=file name=img[2] size=24 onclick= onchange=

... [Lots more here] ...

Image 18:input type=file name=img[18] size=24 onclick= onchange=
Image 19:input type=file name=img[19] size=24 onclick= onchange=


Virtual Image 1:input type=file name=virtimg[1] size=24 onclick= 
onchange=
Image IVR 1:input type=file name=virtivr[1] size=24 onclick= 
onchange=

... [Lots more here] ...

Virtual Image 6:input type=file name=virtimg[6] size=24 onclick= 
onchange=
Image IVR 6:input type=file name=virtivr[6] size=24 onclick= 
onchange=

input type=submit value=  Submit   id=submitButton
/form


It doesn't matter what's in the page it POST's too.




[2001-08-19 04:46:27] [EMAIL PROTECTED]

Please include the shortest possible example
script into this report.




[2001-07-10 02:21:53] [EMAIL PROTECTED]

Crashes (signal 11) on file upload using multipart form data.

Worked with 4.0.4pl1, haven't tried 4.0.5, crashed with 4.0.6 and latest CVS since.

Compiled with:
./configure \
--enable-inline-optimization \
--enable-sysvsem \
--enable-sysvshm \
--with-mysql=/usr/local \
--with-pdflib=/usr/local \
--with-jpeg=/usr/local \
--with-jpeg-dir=/usr/local \
--with-png-dir=/usr/local \
--with-png=/usr/local \
--with-zlib-dir=/usr \
--with-pgsql=/usr/local \
--with-imap=/usr/local \
--with-gd=/usr/local \
--with-freetype=/usr/local \
--with-apxs=/usr/local/apache_test/bin/apxs

Backtrace:
(gdb) bt
#0  0x1822c8f3 in php_mime_split (
buf=0x81bf00c '-' repeats 29 times, 7d1bb1e111070e\r\nContent-Disposition: 
form-data; name=\id\\r\n\r\n3319, cnt=80256, 
boundary=0x818e02a '-' repeats 27 times, 7d1bb1e111070e, array_ptr=0x81389cc) 
at rfc1867.c:174
#1  0x1822d56f in rfc1867_post_handler (
content_type_dup=0x818e00c multipart/form-data; boundary=, '-' repeats 27 
times, 7d1bb1e111070e, arg=0x81389cc)
at rfc1867.c:472
#2  0x1822b675 in sapi_handle_post (arg=0x81389cc) at SAPI.c:110
#3  0x1822e52d in php_treat_data (arg=0, str=0x0, destArray=0x0) at 
php_variables.c:251
#4  0x18229486 in php_hash_environment () at main.c:1080
#5  0x18228b98 in php_request_startup () at main.c:650
#6  0x18226321 in apache_php_module_main (r=0x818406c, display_source_mode=0) at 
sapi_apache.c:67
#7  0x18226d6a in send_php (r=0x818406c, display_source_mode=0, filename=0x0) at 
mod_php4.c:581
#8  0x18226da6 in send_parsed_php (r=0x818406c) at mod_php4.c:594
#9  0x80758a1 in ap_invoke_handler ()
#10 0x8089fa8 in process_request_internal ()
#11 0x808a402 in ap_internal_redirect ()
#12 0x184e68d2 in mod_gzip_redir1_handler () from 
/usr/local/apache_test/libexec/mod_gzip.so
#13 0x184e4fa0 in mod_gzip_handler () from /usr/local/apache_test/libexec/mod_gzip.so
#14 0x80758a1 in ap_invoke_handler ()
#15 0x8089fa8 in process_request_internal ()
#16 0x808a402 in ap_internal_redirect ()
#17 0x80602b2 in handle_dir ()
#18 0x80758a1 in ap_invoke_handler ()
#19 0x8089fa8 in process_request_internal ()
#20 0x808a012 in ap_process_request ()
#21 0x8080fdf in child_main ()
#22 0x808119d in make_child ()
#23 0x8081316 in startup_children ()
#24 0x8081924 in standalone_main ()
#25 0x808213c in main ()
#26 0x804f429 in _start ()


[PHP-DEV] Bug #11998 Updated: Crash on multipart file form upload

2001-08-20 Thread me

ID: 11998
User updated by: [EMAIL PROTECTED]
Reported By: [EMAIL PROTECTED]
Old Status: Feedback
Status: Open
Bug Type: Reproducible crash
Operating System: FreeBSD 4.2-STABLE
PHP Version: 4.0CVS-2001-07-10
New Comment:

From CVS as at 21/08/2001 16:15 NZDT using same form and uploading 2 images in the 
fields supplied.

(gdb) bt
#0  0x1823fdbf in php_mime_split (
buf=0x82c '-' repeats 29 times, 7d12252130332\r\nContent-Disposition: 
form-data; name=\id\\r\n\r\n3319, cnt=33534, 
boundary=0x819762a '-' repeats 27 times, 7d12252130332, array_ptr=0x817eaec) 
at rfc1867.c:174
#1  0x18240a3b in rfc1867_post_handler (
content_type_dup=0x819760c multipart/form-data; boundary=, '-' repeats 27 
times, 7d12252130332, arg=0x817eaec)
at rfc1867.c:472
#2  0x1823eb25 in sapi_handle_post (arg=0x817eaec) at SAPI.c:107
#3  0x18241a01 in php_treat_data (arg=0, str=0x0, destArray=0x0) at 
php_variables.c:250
#4  0x1823c2ce in php_hash_environment () at main.c:1097
#5  0x1823b6f0 in php_request_startup () at main.c:684
#6  0x18238cd6 in apache_php_module_main (r=0x819e71c, display_source_mode=0) at 
sapi_apache.c:67
#7  0x18239822 in send_php (r=0x819e71c, display_source_mode=0, filename=0x0) at 
mod_php4.c:575
#8  0x18239882 in send_parsed_php (r=0x819e71c) at mod_php4.c:590
#9  0x80758a1 in ap_invoke_handler ()
#10 0x8089fa8 in process_request_internal ()
#11 0x808a402 in ap_internal_redirect ()
#12 0x181d48d2 in mod_gzip_redir1_handler () from 
/usr/local/apache_test/libexec/mod_gzip.so
#13 0x181d2fa0 in mod_gzip_handler () from /usr/local/apache_test/libexec/mod_gzip.so
#14 0x80758a1 in ap_invoke_handler ()
#15 0x8089fa8 in process_request_internal ()
#16 0x808a402 in ap_internal_redirect ()
#17 0x80602b2 in handle_dir ()
#18 0x80758a1 in ap_invoke_handler ()
#19 0x8089fa8 in process_request_internal ()
#20 0x808a012 in ap_process_request ()
#21 0x8080fdf in child_main ()
#22 0x808119d in make_child ()
#23 0x8081316 in startup_children ()
#24 0x8081924 in standalone_main ()
#25 0x808213c in main ()
#26 0x804f429 in _start ()
(gdb) 

Previous Comments:


[2001-08-20 19:48:36] [EMAIL PROTECTED]

I can not reproduce it with your form and with latest CVS.
Please provide a GDB backtrace of the crash (using latest CVS of PHP)

--Jani




[2001-08-19 17:22:19] [EMAIL PROTECTED]

Hmmm, maybe I missed something.

This form here crashes it:

http://philth.net.nz/upload.php

and the file it's posting to has 

?
echo foobar;
?

in it.



[2001-08-19 16:26:29] [EMAIL PROTECTED]

I can not reproduce this. I have a form with 30 indexed
file fields plus 50 with no preset indexes.
ie.

30 of these: input type=file name=test1[1]
50 of these: input type=file name=test2[]

And I can't get it to crash..do I have to upload ove 26
file or?

--Jani




[2001-08-19 07:21:38] [EMAIL PROTECTED]

Simply a form containing more than 26 input type=file tag's.

So,
form action=/prop/ method=post id=editForm enctype=multipart/form-data

Image 1:input type=file name=img[1] size=24 onclick= onchange=
Image 2:input type=file name=img[2] size=24 onclick= onchange=

... [Lots more here] ...

Image 18:input type=file name=img[18] size=24 onclick= onchange=
Image 19:input type=file name=img[19] size=24 onclick= onchange=


Virtual Image 1:input type=file name=virtimg[1] size=24 onclick= 
onchange=
Image IVR 1:input type=file name=virtivr[1] size=24 onclick= 
onchange=

... [Lots more here] ...

Virtual Image 6:input type=file name=virtimg[6] size=24 onclick= 
onchange=
Image IVR 6:input type=file name=virtivr[6] size=24 onclick= 
onchange=

input type=submit value=  Submit   id=submitButton
/form


It doesn't matter what's in the page it POST's too.




[2001-08-19 04:46:27] [EMAIL PROTECTED]

Please include the shortest possible example
script into this report.




The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/?id=11998


Edit this bug report at http://bugs.php.net/?id=11998edit=1


-- 
PHP Development Mailing List http://www.php.net/
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]




[PHP-DEV] Bug #11998 Updated: Crash on multipart file form upload

2001-08-19 Thread sniper

ID: 11998
Updated by: sniper
Reported By: [EMAIL PROTECTED]
Old Status: Open
Status: Feedback
Bug Type: Reproducible crash
Operating System: FreeBSD 4.2-STABLE
PHP Version: 4.0CVS-2001-07-10
New Comment:

Please include the shortest possible example
script into this report.


Previous Comments:


[2001-07-10 02:21:53] [EMAIL PROTECTED]

Crashes (signal 11) on file upload using multipart form data.

Worked with 4.0.4pl1, haven't tried 4.0.5, crashed with 4.0.6 and latest CVS since.

Compiled with:
./configure \
--enable-inline-optimization \
--enable-sysvsem \
--enable-sysvshm \
--with-mysql=/usr/local \
--with-pdflib=/usr/local \
--with-jpeg=/usr/local \
--with-jpeg-dir=/usr/local \
--with-png-dir=/usr/local \
--with-png=/usr/local \
--with-zlib-dir=/usr \
--with-pgsql=/usr/local \
--with-imap=/usr/local \
--with-gd=/usr/local \
--with-freetype=/usr/local \
--with-apxs=/usr/local/apache_test/bin/apxs

Backtrace:
(gdb) bt
#0  0x1822c8f3 in php_mime_split (
buf=0x81bf00c '-' repeats 29 times, 7d1bb1e111070e\r\nContent-Disposition: 
form-data; name=\id\\r\n\r\n3319, cnt=80256, 
boundary=0x818e02a '-' repeats 27 times, 7d1bb1e111070e, array_ptr=0x81389cc) 
at rfc1867.c:174
#1  0x1822d56f in rfc1867_post_handler (
content_type_dup=0x818e00c multipart/form-data; boundary=, '-' repeats 27 
times, 7d1bb1e111070e, arg=0x81389cc)
at rfc1867.c:472
#2  0x1822b675 in sapi_handle_post (arg=0x81389cc) at SAPI.c:110
#3  0x1822e52d in php_treat_data (arg=0, str=0x0, destArray=0x0) at 
php_variables.c:251
#4  0x18229486 in php_hash_environment () at main.c:1080
#5  0x18228b98 in php_request_startup () at main.c:650
#6  0x18226321 in apache_php_module_main (r=0x818406c, display_source_mode=0) at 
sapi_apache.c:67
#7  0x18226d6a in send_php (r=0x818406c, display_source_mode=0, filename=0x0) at 
mod_php4.c:581
#8  0x18226da6 in send_parsed_php (r=0x818406c) at mod_php4.c:594
#9  0x80758a1 in ap_invoke_handler ()
#10 0x8089fa8 in process_request_internal ()
#11 0x808a402 in ap_internal_redirect ()
#12 0x184e68d2 in mod_gzip_redir1_handler () from 
/usr/local/apache_test/libexec/mod_gzip.so
#13 0x184e4fa0 in mod_gzip_handler () from /usr/local/apache_test/libexec/mod_gzip.so
#14 0x80758a1 in ap_invoke_handler ()
#15 0x8089fa8 in process_request_internal ()
#16 0x808a402 in ap_internal_redirect ()
#17 0x80602b2 in handle_dir ()
#18 0x80758a1 in ap_invoke_handler ()
#19 0x8089fa8 in process_request_internal ()
#20 0x808a012 in ap_process_request ()
#21 0x8080fdf in child_main ()
#22 0x808119d in make_child ()
#23 0x8081316 in startup_children ()
#24 0x8081924 in standalone_main ()
#25 0x808213c in main ()
#26 0x804f429 in _start ()





Edit this bug report at http://bugs.php.net/?id=11998edit=1


-- 
PHP Development Mailing List http://www.php.net/
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]




[PHP-DEV] Bug #11998 Updated: Crash on multipart file form upload

2001-08-19 Thread me

ID: 11998
User updated by: [EMAIL PROTECTED]
Reported By: [EMAIL PROTECTED]
Old Status: Feedback
Status: Open
Bug Type: Reproducible crash
Operating System: FreeBSD 4.2-STABLE
PHP Version: 4.0CVS-2001-07-10
New Comment:

Simply a form containing more than 26 input type=file tag's.

So,
form action=/prop/ method=post id=editForm enctype=multipart/form-data

Image 1:input type=file name=img[1] size=24 onclick= onchange=
Image 2:input type=file name=img[2] size=24 onclick= onchange=

... [Lots more here] ...

Image 18:input type=file name=img[18] size=24 onclick= onchange=
Image 19:input type=file name=img[19] size=24 onclick= onchange=


Virtual Image 1:input type=file name=virtimg[1] size=24 onclick= 
onchange=
Image IVR 1:input type=file name=virtivr[1] size=24 onclick= 
onchange=

... [Lots more here] ...

Virtual Image 6:input type=file name=virtimg[6] size=24 onclick= 
onchange=
Image IVR 6:input type=file name=virtivr[6] size=24 onclick= 
onchange=

input type=submit value=  Submit   id=submitButton
/form


It doesn't matter what's in the page it POST's too.


Previous Comments:


[2001-08-19 04:46:27] [EMAIL PROTECTED]

Please include the shortest possible example
script into this report.




[2001-07-10 02:21:53] [EMAIL PROTECTED]

Crashes (signal 11) on file upload using multipart form data.

Worked with 4.0.4pl1, haven't tried 4.0.5, crashed with 4.0.6 and latest CVS since.

Compiled with:
./configure \
--enable-inline-optimization \
--enable-sysvsem \
--enable-sysvshm \
--with-mysql=/usr/local \
--with-pdflib=/usr/local \
--with-jpeg=/usr/local \
--with-jpeg-dir=/usr/local \
--with-png-dir=/usr/local \
--with-png=/usr/local \
--with-zlib-dir=/usr \
--with-pgsql=/usr/local \
--with-imap=/usr/local \
--with-gd=/usr/local \
--with-freetype=/usr/local \
--with-apxs=/usr/local/apache_test/bin/apxs

Backtrace:
(gdb) bt
#0  0x1822c8f3 in php_mime_split (
buf=0x81bf00c '-' repeats 29 times, 7d1bb1e111070e\r\nContent-Disposition: 
form-data; name=\id\\r\n\r\n3319, cnt=80256, 
boundary=0x818e02a '-' repeats 27 times, 7d1bb1e111070e, array_ptr=0x81389cc) 
at rfc1867.c:174
#1  0x1822d56f in rfc1867_post_handler (
content_type_dup=0x818e00c multipart/form-data; boundary=, '-' repeats 27 
times, 7d1bb1e111070e, arg=0x81389cc)
at rfc1867.c:472
#2  0x1822b675 in sapi_handle_post (arg=0x81389cc) at SAPI.c:110
#3  0x1822e52d in php_treat_data (arg=0, str=0x0, destArray=0x0) at 
php_variables.c:251
#4  0x18229486 in php_hash_environment () at main.c:1080
#5  0x18228b98 in php_request_startup () at main.c:650
#6  0x18226321 in apache_php_module_main (r=0x818406c, display_source_mode=0) at 
sapi_apache.c:67
#7  0x18226d6a in send_php (r=0x818406c, display_source_mode=0, filename=0x0) at 
mod_php4.c:581
#8  0x18226da6 in send_parsed_php (r=0x818406c) at mod_php4.c:594
#9  0x80758a1 in ap_invoke_handler ()
#10 0x8089fa8 in process_request_internal ()
#11 0x808a402 in ap_internal_redirect ()
#12 0x184e68d2 in mod_gzip_redir1_handler () from 
/usr/local/apache_test/libexec/mod_gzip.so
#13 0x184e4fa0 in mod_gzip_handler () from /usr/local/apache_test/libexec/mod_gzip.so
#14 0x80758a1 in ap_invoke_handler ()
#15 0x8089fa8 in process_request_internal ()
#16 0x808a402 in ap_internal_redirect ()
#17 0x80602b2 in handle_dir ()
#18 0x80758a1 in ap_invoke_handler ()
#19 0x8089fa8 in process_request_internal ()
#20 0x808a012 in ap_process_request ()
#21 0x8080fdf in child_main ()
#22 0x808119d in make_child ()
#23 0x8081316 in startup_children ()
#24 0x8081924 in standalone_main ()
#25 0x808213c in main ()
#26 0x804f429 in _start ()





Edit this bug report at http://bugs.php.net/?id=11998edit=1


-- 
PHP Development Mailing List http://www.php.net/
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]




[PHP-DEV] Bug #11998 Updated: Crash on multipart file form upload

2001-08-19 Thread sniper

ID: 11998
Updated by: sniper
Reported By: [EMAIL PROTECTED]
Old Status: Open
Status: Feedback
Bug Type: Reproducible crash
Operating System: FreeBSD 4.2-STABLE
PHP Version: 4.0CVS-2001-07-10
New Comment:

I can not reproduce this. I have a form with 30 indexed
file fields plus 50 with no preset indexes.
ie.

30 of these: input type=file name=test1[1]
50 of these: input type=file name=test2[]

And I can't get it to crash..do I have to upload ove 26
file or?

--Jani


Previous Comments:


[2001-08-19 07:21:38] [EMAIL PROTECTED]

Simply a form containing more than 26 input type=file tag's.

So,
form action=/prop/ method=post id=editForm enctype=multipart/form-data

Image 1:input type=file name=img[1] size=24 onclick= onchange=
Image 2:input type=file name=img[2] size=24 onclick= onchange=

... [Lots more here] ...

Image 18:input type=file name=img[18] size=24 onclick= onchange=
Image 19:input type=file name=img[19] size=24 onclick= onchange=


Virtual Image 1:input type=file name=virtimg[1] size=24 onclick= 
onchange=
Image IVR 1:input type=file name=virtivr[1] size=24 onclick= 
onchange=

... [Lots more here] ...

Virtual Image 6:input type=file name=virtimg[6] size=24 onclick= 
onchange=
Image IVR 6:input type=file name=virtivr[6] size=24 onclick= 
onchange=

input type=submit value=  Submit   id=submitButton
/form


It doesn't matter what's in the page it POST's too.




[2001-08-19 04:46:27] [EMAIL PROTECTED]

Please include the shortest possible example
script into this report.




[2001-07-10 02:21:53] [EMAIL PROTECTED]

Crashes (signal 11) on file upload using multipart form data.

Worked with 4.0.4pl1, haven't tried 4.0.5, crashed with 4.0.6 and latest CVS since.

Compiled with:
./configure \
--enable-inline-optimization \
--enable-sysvsem \
--enable-sysvshm \
--with-mysql=/usr/local \
--with-pdflib=/usr/local \
--with-jpeg=/usr/local \
--with-jpeg-dir=/usr/local \
--with-png-dir=/usr/local \
--with-png=/usr/local \
--with-zlib-dir=/usr \
--with-pgsql=/usr/local \
--with-imap=/usr/local \
--with-gd=/usr/local \
--with-freetype=/usr/local \
--with-apxs=/usr/local/apache_test/bin/apxs

Backtrace:
(gdb) bt
#0  0x1822c8f3 in php_mime_split (
buf=0x81bf00c '-' repeats 29 times, 7d1bb1e111070e\r\nContent-Disposition: 
form-data; name=\id\\r\n\r\n3319, cnt=80256, 
boundary=0x818e02a '-' repeats 27 times, 7d1bb1e111070e, array_ptr=0x81389cc) 
at rfc1867.c:174
#1  0x1822d56f in rfc1867_post_handler (
content_type_dup=0x818e00c multipart/form-data; boundary=, '-' repeats 27 
times, 7d1bb1e111070e, arg=0x81389cc)
at rfc1867.c:472
#2  0x1822b675 in sapi_handle_post (arg=0x81389cc) at SAPI.c:110
#3  0x1822e52d in php_treat_data (arg=0, str=0x0, destArray=0x0) at 
php_variables.c:251
#4  0x18229486 in php_hash_environment () at main.c:1080
#5  0x18228b98 in php_request_startup () at main.c:650
#6  0x18226321 in apache_php_module_main (r=0x818406c, display_source_mode=0) at 
sapi_apache.c:67
#7  0x18226d6a in send_php (r=0x818406c, display_source_mode=0, filename=0x0) at 
mod_php4.c:581
#8  0x18226da6 in send_parsed_php (r=0x818406c) at mod_php4.c:594
#9  0x80758a1 in ap_invoke_handler ()
#10 0x8089fa8 in process_request_internal ()
#11 0x808a402 in ap_internal_redirect ()
#12 0x184e68d2 in mod_gzip_redir1_handler () from 
/usr/local/apache_test/libexec/mod_gzip.so
#13 0x184e4fa0 in mod_gzip_handler () from /usr/local/apache_test/libexec/mod_gzip.so
#14 0x80758a1 in ap_invoke_handler ()
#15 0x8089fa8 in process_request_internal ()
#16 0x808a402 in ap_internal_redirect ()
#17 0x80602b2 in handle_dir ()
#18 0x80758a1 in ap_invoke_handler ()
#19 0x8089fa8 in process_request_internal ()
#20 0x808a012 in ap_process_request ()
#21 0x8080fdf in child_main ()
#22 0x808119d in make_child ()
#23 0x8081316 in startup_children ()
#24 0x8081924 in standalone_main ()
#25 0x808213c in main ()
#26 0x804f429 in _start ()





Edit this bug report at http://bugs.php.net/?id=11998edit=1


-- 
PHP Development Mailing List http://www.php.net/
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]




[PHP-DEV] Bug #11998 Updated: Crash on multipart file form upload

2001-08-19 Thread me

ID: 11998
User updated by: [EMAIL PROTECTED]
Reported By: [EMAIL PROTECTED]
Old Status: Feedback
Status: Open
Bug Type: Reproducible crash
Operating System: FreeBSD 4.2-STABLE
PHP Version: 4.0CVS-2001-07-10
New Comment:

Hmmm, maybe I missed something.

This form here crashes it:

http://philth.net.nz/upload.php

and the file it's posting to has 

?
echo foobar;
?

in it.

Previous Comments:


[2001-08-19 16:26:29] [EMAIL PROTECTED]

I can not reproduce this. I have a form with 30 indexed
file fields plus 50 with no preset indexes.
ie.

30 of these: input type=file name=test1[1]
50 of these: input type=file name=test2[]

And I can't get it to crash..do I have to upload ove 26
file or?

--Jani




[2001-08-19 07:21:38] [EMAIL PROTECTED]

Simply a form containing more than 26 input type=file tag's.

So,
form action=/prop/ method=post id=editForm enctype=multipart/form-data

Image 1:input type=file name=img[1] size=24 onclick= onchange=
Image 2:input type=file name=img[2] size=24 onclick= onchange=

... [Lots more here] ...

Image 18:input type=file name=img[18] size=24 onclick= onchange=
Image 19:input type=file name=img[19] size=24 onclick= onchange=


Virtual Image 1:input type=file name=virtimg[1] size=24 onclick= 
onchange=
Image IVR 1:input type=file name=virtivr[1] size=24 onclick= 
onchange=

... [Lots more here] ...

Virtual Image 6:input type=file name=virtimg[6] size=24 onclick= 
onchange=
Image IVR 6:input type=file name=virtivr[6] size=24 onclick= 
onchange=

input type=submit value=  Submit   id=submitButton
/form


It doesn't matter what's in the page it POST's too.




[2001-08-19 04:46:27] [EMAIL PROTECTED]

Please include the shortest possible example
script into this report.




[2001-07-10 02:21:53] [EMAIL PROTECTED]

Crashes (signal 11) on file upload using multipart form data.

Worked with 4.0.4pl1, haven't tried 4.0.5, crashed with 4.0.6 and latest CVS since.

Compiled with:
./configure \
--enable-inline-optimization \
--enable-sysvsem \
--enable-sysvshm \
--with-mysql=/usr/local \
--with-pdflib=/usr/local \
--with-jpeg=/usr/local \
--with-jpeg-dir=/usr/local \
--with-png-dir=/usr/local \
--with-png=/usr/local \
--with-zlib-dir=/usr \
--with-pgsql=/usr/local \
--with-imap=/usr/local \
--with-gd=/usr/local \
--with-freetype=/usr/local \
--with-apxs=/usr/local/apache_test/bin/apxs

Backtrace:
(gdb) bt
#0  0x1822c8f3 in php_mime_split (
buf=0x81bf00c '-' repeats 29 times, 7d1bb1e111070e\r\nContent-Disposition: 
form-data; name=\id\\r\n\r\n3319, cnt=80256, 
boundary=0x818e02a '-' repeats 27 times, 7d1bb1e111070e, array_ptr=0x81389cc) 
at rfc1867.c:174
#1  0x1822d56f in rfc1867_post_handler (
content_type_dup=0x818e00c multipart/form-data; boundary=, '-' repeats 27 
times, 7d1bb1e111070e, arg=0x81389cc)
at rfc1867.c:472
#2  0x1822b675 in sapi_handle_post (arg=0x81389cc) at SAPI.c:110
#3  0x1822e52d in php_treat_data (arg=0, str=0x0, destArray=0x0) at 
php_variables.c:251
#4  0x18229486 in php_hash_environment () at main.c:1080
#5  0x18228b98 in php_request_startup () at main.c:650
#6  0x18226321 in apache_php_module_main (r=0x818406c, display_source_mode=0) at 
sapi_apache.c:67
#7  0x18226d6a in send_php (r=0x818406c, display_source_mode=0, filename=0x0) at 
mod_php4.c:581
#8  0x18226da6 in send_parsed_php (r=0x818406c) at mod_php4.c:594
#9  0x80758a1 in ap_invoke_handler ()
#10 0x8089fa8 in process_request_internal ()
#11 0x808a402 in ap_internal_redirect ()
#12 0x184e68d2 in mod_gzip_redir1_handler () from 
/usr/local/apache_test/libexec/mod_gzip.so
#13 0x184e4fa0 in mod_gzip_handler () from /usr/local/apache_test/libexec/mod_gzip.so
#14 0x80758a1 in ap_invoke_handler ()
#15 0x8089fa8 in process_request_internal ()
#16 0x808a402 in ap_internal_redirect ()
#17 0x80602b2 in handle_dir ()
#18 0x80758a1 in ap_invoke_handler ()
#19 0x8089fa8 in process_request_internal ()
#20 0x808a012 in ap_process_request ()
#21 0x8080fdf in child_main ()
#22 0x808119d in make_child ()
#23 0x8081316 in startup_children ()
#24 0x8081924 in standalone_main ()
#25 0x808213c in main ()
#26 0x804f429 in _start ()





Edit this bug report at http://bugs.php.net/?id=11998edit=1


-- 
PHP Development Mailing List http://www.php.net/
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list