Segfault when using ob_gzhandler() with open buffers
| Bug #60282 | Segfault when using ob_gzhandler() with open buffers | ||||
|---|---|---|---|---|---|
| Submitted: | 2011-11-13 02:30 UTC | Modified: | 2011-11-13 04:15 UTC | ||
| From: | mark at mark-story dot com | Assigned: | laruence (profile) | ||
| Status: | Closed | Package: | Output Control | ||
| PHP Version: | 5.4.0RC1 | OS: | MacOS | ||
| Private report: | No | CVE-ID: | None | ||
[2011-11-13 02:30 UTC] mark at mark-story dot com
Description:
------------
When creating multiple output buffers, and then switching the output callback,
PHP5.4RC1 segfaults. The same code works without any problems in PHP5.3.8.
zlib version: 1.2.5
Test script and gdb trace included below.
Test script:
---------------
--Test script--
<?php
ob_start();
ob_start();
echo "here\n";
ob_start('ob_gzhandler');
--gdb backtrace--
#0 0x000000010043cf24 in php_output_handler_started (name=0x10063c343 "zlib output compression", name_len=23) at /Users/markstory/Sites/php/php-src/main/output.c:518
518 if (name_len == handlers[i]->name_len && !memcmp(handlers[i]->name, name, name_len)) {
(gdb) bt
#0 0x000000010043cf24 in php_output_handler_started (name=0x10063c343 "zlib output compression", name_len=23) at /Users/markstory/Sites/php/php-src/main/output.c:518
#1 0x000000010043cf97 in php_output_handler_conflict (handler_new=0x1012d12d0 "ob_gzhandler", handler_new_len=12, handler_set=0x10063c343 "zlib output compression", handler_set_len=23) at /Users/markstory/Sites/php/php-src/main/output.c:532
#2 0x0000000100167c9a in php_zlib_output_conflict_check (handler_name=0x1012d12d0 "ob_gzhandler", handler_name_len=12) at /Users/markstory/Sites/php/php-src/ext/zlib/zlib.c:56
#3 0x000000010043ce05 in php_output_handler_start (handler=0x1012d04e8) at /Users/markstory/Sites/php/php-src/main/output.c:484
#4 0x000000010043ca25 in php_output_start_user (output_handler=0x1012cda68, chunk_size=0, flags=112) at /Users/markstory/Sites/php/php-src/main/output.c:382
#5 0x000000010043ec2b in zif_ob_start (ht=1, return_value=0x1012cd9f0, return_value_ptr=0x0, this_ptr=0x0, return_value_used=0) at /Users/markstory/Sites/php/php-src/main/output.c:1252
#6 0x00000001004fcb30 in zend_do_fcall_common_helper_SPEC (execute_data=0x1012980d8) at zend_vm_execute.h:642
#7 0x0000000100504658 in ZEND_DO_FCALL_SPEC_CONST_HANDLER (execute_data=0x1012980d8) at zend_vm_execute.h:2215
#8 0x00000001004fb282 in execute (op_array=0x1012cf938) at zend_vm_execute.h:410
#9 0x00000001004bd643 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /Users/markstory/Sites/php/php-src/Zend/zend.c:1272
#10 0x00000001004246c2 in php_execute_script (primary_file=0x7fff5fbff3b0) at /Users/markstory/Sites/php/php-src/main/main.c:2414
#11 0x0000000100608d13 in do_cli (argc=2, argv=0x7fff5fbff690) at /Users/markstory/Sites/php/php-src/sapi/cli/php_cli.c:983
#12 0x000000010060a069 in main (argc=2, argv=0x7fff5fbff690) at /Users/markstory/Sites/php/php-src/sapi/cli/php_cli.c:1356
Expected result:
----------------
here should be output.
Actual result:
--------------
Segmentation Fault
Patches
Pull Requests
History
AllCommentsChangesGit/SVN commits