[PHP-DEV] Bug #13170: Crash Bug. ereg() with null regex

Thu, 06 Sep 2001 01:11:08 -0700 

From:             [EMAIL PROTECTED]
Operating system: RedHat 7.1
PHP version:      4.0CVS-2001-09-06
PHP Bug Type:     Reproducible crash
Bug description:  Crash Bug. ereg() with null regex

I found this bug while trying to find other memory problem. PHP4.0.7RC1 has
different problem with null regex. Problem under PHP4.0.7RC1 cannot
reproduce easily, but I think null regex isn't handle well in PHP4.0.7RC1
also.

Program received signal SIGSEGV, Segmentation fault.
0x5f656475 in ?? ()
(gdb) bt
#0  0x5f656475 in ?? ()
#1  0x406304ea in zm_activate_basic (type=1, module_number=5) at
basic_functions.c:1040
#2  0x405a4a15 in module_registry_request_startup (module=0x8108e68) at
zend_API.c:1145
#3  0x405a7776 in zend_hash_apply (ht=0x4073f240, apply_func=0x405a49e0
<module_registry_request_startup>) at zend_hash.c:669
#4  0x405a0d19 in zend_activate_modules () at zend.c:572
#5  0x405b2143 in php_request_startup () at main.c:685
#6  0x405ae6ef in apache_php_module_main (r=0x817e168,
display_source_mode=0) at sapi_apache.c:67
#7  0x405af5e8 in send_php (r=0x817e168, display_source_mode=0,
filename=0x817fe58
"/home/yohgaki/public_html/bugs/memory_4.0.7RC1/case3/test.php") at
mod_php4.c:575
#8  0x405af662 in send_parsed_php (r=0x817e168) at mod_php4.c:590
#9  0x08055927 in ap_invoke_handler () at eval.c:41
#10 0x08069bdb in process_request_internal () at eval.c:41
#11 0x08069c3c in ap_process_request () at eval.c:41
#12 0x08061011 in child_main () at eval.c:41
#13 0x080611e0 in make_child () at eval.c:41
#14 0x08061354 in startup_children () at eval.c:41
#15 0x080619a3 in standalone_main () at eval.c:41
#16 0x080621db in main () at eval.c:41
#17 0x400a3177 in __libc_start_main (main=0x8061e28 <main>, argc=2,
ubp_av=0xbffff9dc, init=0x804fa20 <_init>, fini=0x8099f6c <_fini>,
rtld_fini=0x4000e184 <_dl_fini>, stack_end=0xbffff9d4) at
../sysdeps/generic/libc-start.c:129


Script is not shortest, but I thinks it's short enough
<?php
function foo()
{
        $tmp = null;
        $str = 'abc';
        $regex = '';
        echo "foo() called<br>\n";
        if (!eregi($regex,$str,$regs)) {
                return $tmp;
        }
}

function bar() 
{
        // just call foo()
        foo();
}

bar();
?>
-- 
Edit bug report at: http://bugs.php.net/?id=13170&edit=1


-- 
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to