ID: 18932 Comment by: [EMAIL PROTECTED] Reported By: [EMAIL PROTECTED] Status: Closed Bug Type: Reproducible crash Operating System: Linux (Red Hat 7.3) PHP Version: 4CVS-2002-08-15 New Comment:
This bug seems to be back. With 4.2.3 I do get segfaults when trying to fgetcsv() a line longer than the buffer size (in my case, it fails with 5000 and works with 5100) Previous Comments: ------------------------------------------------------------------------ [2002-08-19 17:42:13] [EMAIL PROTECTED] This bug has been fixed in CVS. In case this was a PHP problem, snapshots of the sources are packaged every three hours; this change will be in the next snapshot. You can grab the snapshot at http://snaps.php.net/. In case this was a documentation problem, the fix will show up soon at http://www.php.net/manual/. In case this was a PHP.net website problem, the change will show up on the PHP.net site and on the mirror sites in short time. Thank you for the report, and for helping us make PHP better. ------------------------------------------------------------------------ [2002-08-16 12:50:48] [EMAIL PROTECTED] Uh, no, I never said that. Even now that I am awake that fgetcsv() code looks nasty. I was about to throw the blame on some poor sod, but I had a look at CVS and I wrote the function originally and it has then since been hacked on by Thies, Sterling, Yohgaki, Wez, Zeev, Derick, Hartmut, Stig, Torben and Jeroen. I'm unassigning myself, for now, to make sure anybody else who is keen on fixing it doesn't get discouraged. I will however try to get to it sometime soon if nobody else does. Looks like it will take an hour of getting cozy with gdb to fix this one. ------------------------------------------------------------------------ [2002-08-16 10:59:31] [EMAIL PROTECTED] Assigning to Rasmus as he seems to think he might know whats going on. from what I know another bug of this same nature was recently no-feedbacked. But I can't remember the bug number off hand. ------------------------------------------------------------------------ [2002-08-15 21:33:21] [EMAIL PROTECTED] With debug on, here is the backtrace Program received signal SIGSEGV, Segmentation fault. 0x0819344b in shutdown_memory_manager (silent=1, clean_cache=0) at /home/rasmus/php4/Zend/zend_alloc.c:462 462 if (!iterator->cached (gdb) bt #0 0x0819344b in shutdown_memory_manager (silent=1, clean_cache=0) at /home/rasmus/php4/Zend/zend_alloc.c:462 #1 0x08175aae in php_request_shutdown (dummy=0x0) at /home/rasmus/php4/main/main.c:901 #2 0x081b8fa6 in main (argc=2, argv=0xbffff974) at /home/rasmus/php4/sapi/cgi/cgi_main.c:1100 #3 0x4047f1c4 in __libc_start_main () from /lib/libc.so.6 (gdb) p iterator $1 = (zend_mem_header *) 0x73656363 (gdb) p *iterator $2 = {magic = 0, filename = 0x0, lineno = 0, reported = 0, orig_filename = 0x0, orig_lineno = 0, pNext = 0x0, pLast = 0x0, size = 0, cached = 0} (gdb) p *t $3 = {magic = 1930623196, filename = 0x82218c0 "/home/rasmus/php4/Zend/zend_API.c", lineno = 835, reported = 1, orig_filename = 0x0, orig_lineno = 0, pNext = 0x8303350, pLast = 0x0, size = 1247, cached = 0} That fgetcsv code is nasty-looking. Not awake enough to dive in right now. ------------------------------------------------------------------------ [2002-08-15 21:04:55] [EMAIL PROTECTED] Reproduced here - unlikely to be a remote exploit unless someone if fgetcsv'ing over the network and the bad guy is able to change the target of that. Or of course if the bad guy gets in and changes .csv files locally, but if they are on your server already, that is the least of your worries. ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/18932 -- Edit this bug report at http://bugs.php.net/?id=18932&edit=1
