PHP :: Bug #35496 :: Segfault in mcrypt

PHP :: Bug #35496 :: Segfault in mcrypt_generic()

Bug #35496	Segfault in mcrypt_generic()
Submitted:	2005-11-30 19:15 UTC	Modified:	2005-12-01 00:54 UTC
From:	iblue at gmx dot net	Assigned:	ilia (profile)
Status:	Closed	Package:	mcrypt related
PHP Version:	5.1.1	OS:	Linux 2.6.14-iblue0
Private report:	No	CVE-ID:	None

[2005-11-30 19:15 UTC] iblue at gmx dot net

Description:
------------
php segfaults when executing the reproduce code.

Reproduce code:
---------------
<?php
  $x = "foobar";
  
  $td = mcrypt_module_open('rijndael-256', '', 'ofb', '');
  $iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_DEV_RANDOM);
  $ks = mcrypt_enc_get_key_size($td);

  $key = md5("foobar");
  
  $encrypted = mcrypt_generic($td, $x);
?>

Expected result:
----------------
No output and a clean exit.

Actual result:
--------------
(gdb) run -q bug.php
Starting program: /home/iblue/src/php-5.1.1/sapi/cli/php -q bug.php
[Thread debugging using libthread_db enabled]
[New Thread -1214781760 (LWP 17768)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1214781760 (LWP 17768)]
0xb7f22b70 in mcrypt_mutex_register () from /usr/lib/libmcrypt.so.4
(gdb) bt
#0  0xb7f22b70 in mcrypt_mutex_register () from /usr/lib/libmcrypt.so.4
#1  0xb7f20203 in mcrypt_enc_get_algorithms_name () from /usr/lib/libmcrypt.so.4
#2  0xb7f1f197 in mcrypt_generic () from /usr/lib/libmcrypt.so.4
#3  0x080ec88b in zif_mcrypt_generic (ht=2, return_value=0x84f17bc, return_value_ptr=0x0, this_ptr=0x0,
    return_value_used=1, tsrm_ls=0x83ed018) at /home/iblue/src/php-5.1.1/ext/mcrypt/mcrypt.c:489
#4  0x0825d2cd in zend_do_fcall_common_helper_SPEC (execute_data=0xbfacdc48, tsrm_ls=0x83ed018)
    at /home/iblue/src/php-5.1.1/Zend/zend_vm_execute.h:188
#5  0x082630bf in ZEND_DO_FCALL_SPEC_CONST_HANDLER (execute_data=0xbfacdc48, tsrm_ls=0x83ed018)
    at /home/iblue/src/php-5.1.1/Zend/zend_vm_execute.h:1578
#6  0x0825cbfc in execute (op_array=0x84fc0ac, tsrm_ls=0x83ed018) at /home/iblue/src/php-5.1.1/Zend/zend_vm_execute.h:88#7  0x08238816 in zend_execute_scripts (type=8, tsrm_ls=0x83ed018, retval=0x0, file_count=3)
    at /home/iblue/src/php-5.1.1/Zend/zend.c:1090
#8  0x081fc32b in php_execute_script (primary_file=0xbfacffe4, tsrm_ls=0x83ed018)
    at /home/iblue/src/php-5.1.1/main/main.c:1704
#9  0x082e26ca in main (argc=3, argv=0xbfad0084) at /home/iblue/src/php-5.1.1/sapi/cli/php_cli.c:1039

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2005-11-30 21:50 UTC] iblue at gmx dot net

You are right, I have not read the manual and thought this 
would be a "real" bug.
But, in my opinion, when php crashes it is a bug, regardless 
of what I did.

It would be nice to have a warning or an error instead of a 
segfault.

[2005-11-30 21:57 UTC] tony2001@php.net

After a short discussion we decided to work around this segfault.
Assigned to Ilia, he's working on the patch.

[2005-12-01 00:54 UTC] iliaa@php.net

This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.