From: eggert at gnu dot org Operating system: Debian GNU/Linux 3.0r1 PHP version: 4.3.4RC1 PHP Bug Type: Reproducible crash Bug description: Segfault with PHP and bison 1.875
Description: ------------ PHP segfaults if it's built with Bison 1.875 or later. This turns out to be a portability bug in Zend/zend_ini_parser.y. That grammar uses the character constant '\0' as a token. POSIX says that the behavior is undefined in this case. See <http://www.opengroup.org/onlinepubs/007904975/utilities/yacc.html>, section "Lexical Structure of the Grammar", which says "The application shall ensure that the NUL character is not used in grammar rules or literals." This prohibits grammars from using '\0' tokens. I suspect that earlier versions of Bison silently ignored any grammar rules containing '\0' tokens, but newer versions cause them to make the parser dump core. Both behaviors conform to POSIX, but obviously it'd be better if Bison issues a diagnostic when it sees such tokens. I'll install a fix to Bison to do that. Here is a patch to PHP to fix the PHP bug. This patch is relative to php5, but the bug is php4 as well. Can you please arrange for this fix to be installed, or let me know the proper bug-reporting procedure? Thanks. 2003-10-06 Paul Eggert <[EMAIL PROTECTED]> * Zend/zend_ini_parser.y: This patch also fixes PHP bug #21159. Index: Zend/zend_ini_parser.y =================================================================== RCS file: /repository/ZendEngine2/zend_ini_parser.y,v retrieving revision 1.24 diff -p -u -r1.24 zend_ini_parser.y --- Zend/zend_ini_parser.y 10 Jun 2003 20:03:25 -0000 1.24 +++ Zend/zend_ini_parser.y 7 Oct 2003 06:55:36 -0000 @@ -213,7 +213,6 @@ string_or_value: | CFG_TRUE { $$ = $1; } | CFG_FALSE { $$ = $1; } | '\n' { $$.value.str.val = strdup(""); $$.value.str.len=0; $$.type = IS_STRING; } - | '\0' { $$.value.str.val = strdup(""); $$.value.str.len=0; $$.type = IS_STRING; } ; expr: -- Edit bug report at http://bugs.php.net/?id=25770&edit=1 -- Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=25770&r=trysnapshot4 Try a CVS snapshot (php5): http://bugs.php.net/fix.php?id=25770&r=trysnapshot5 Fixed in CVS: http://bugs.php.net/fix.php?id=25770&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=25770&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=25770&r=needtrace Try newer version: http://bugs.php.net/fix.php?id=25770&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=25770&r=support Expected behavior: http://bugs.php.net/fix.php?id=25770&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=25770&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=25770&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=25770&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=25770&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=25770&r=dst IIS Stability: http://bugs.php.net/fix.php?id=25770&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=25770&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=25770&r=float
