Crashes in php_mblen when compiled with thread-safety on Linux

Bug #35243	Crashes in php_mblen when compiled with thread-safety on Linux
Submitted:	2005-11-16 16:07 UTC	Modified:	2005-11-21 09:04 UTC
From:	shulmanb at il dot ibm dot com	Assigned:
Status:	Closed	Package:	*General Issues
PHP Version:	5CVS-2005-11-19 (snap)	OS:	Linux
Private report:	No	CVE-ID:	None

[2005-11-16 16:07 UTC] shulmanb at il dot ibm dot com

Description:
------------
When running on Linux with --enable-maintainer-zts (and yes, I know it's not wise...), crashes sometimes happen in ext/standard/php_string.h when using the php_mblen macro.

This happens because in ext/standard/basic_functions.c, in the basic_globals_ctor function, the value of mblen_state is not initialized.

The basic_globals_ctor function should include the following lines as part of the initialization:

#if defined(_REENTRANT)&&defined(HAVE_MBRLEN)&&defined(HAVE_MBSTATE_T)
memset(&BG(mblen_state), 0, sizeof(BG(mblen_state)));
#endif

Unfortunately, I am unable to include code that demonstrate this, as the crash strongly depends on the (random) value of mblen_state.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2005-11-16 18:18 UTC] sniper@php.net

And if it's still a problem, provide the patch in unified diff format.

[2005-11-20 19:08 UTC] sniper@php.net

This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

[2005-11-21 08:52 UTC] shulmanb at il dot ibm dot com

Thanks for including the fix.

From what I've seen, it has been included in HEAD, and in 5.1.x.

Any chance of it being included in 5.0.x as well?

[2005-11-21 09:04 UTC] derick@php.net

No, we're not releasing any more 5.0.x releases.