#34311 [NEW]: unserialize() causes php to segfault

Tue, 30 Aug 2005 10:37:35 -0700 

From:             marco at storm dot ee
Operating system: Debian-AMD64
PHP version:      4.4.0
PHP Bug Type:     Reproducible crash
Bug description:  unserialize() causes php to segfault

Description:
------------
OS: Debian-AMD64, Linux 2.6.12.5
Configure line: configure --enable-debug --with-zlib

gdb:
Program terminated with signal 11, Segmentation fault.

#0  0x00000000004ede39 in php_var_unserialize (rval=0x7fffffd4cc90,
p=0x7fffffd4cc58,
    max=0x7bb831 "", var_hash=0x7fffffd4cc60)
    at /home/marco/soft/php-4.4.0/ext/standard/var_unserializer.c:428
#1  0x00000000004e5045 in zif_unserialize (ht=1, return_value=0x7b45e0,
this_ptr=0x0,
    return_value_used=0) at
/home/marco/soft/php-4.4.0/ext/standard/var.c:716
#2  0x0000000000570876 in execute (op_array=0x7b5200)
    at /home/marco/soft/php-4.4.0/Zend/zend_execute.c:1672
#3  0x000000000055aa3d in zend_execute_scripts (type=8, retval=0x0,
file_count=3)
    at /home/marco/soft/php-4.4.0/Zend/zend.c:938
#4  0x000000000051f878 in php_execute_script
(primary_file=0x7fffffd4f6b0)
    at /home/marco/soft/php-4.4.0/main/main.c:1751
#5  0x00000000005777a3 in main (argc=2, argv=0x7fffffd4f828)
    at /home/marco/soft/php-4.4.0/sapi/cli/php_cli.c:828


Segfault reproduced with php4-STABLE-200508300648 and php-4.4.0.

Reproduce code:
---------------
<?php

 $fp = fopen('http://194.204.33.43/test.txt', 'r');
 $line = fread($fp, 1);
 unserialize($line);
 fclose($fp);

?>

Expected result:
----------------
no output

Actual result:
--------------
Segmentation fault

-- 
Edit bug report at http://bugs.php.net/?id=34311&edit=1
-- 
Try a CVS snapshot (php4):   http://bugs.php.net/fix.php?id=34311&r=trysnapshot4
Try a CVS snapshot (php5.0): 
http://bugs.php.net/fix.php?id=34311&r=trysnapshot50
Try a CVS snapshot (php5.1): 
http://bugs.php.net/fix.php?id=34311&r=trysnapshot51
Fixed in CVS:                http://bugs.php.net/fix.php?id=34311&r=fixedcvs
Fixed in release:            http://bugs.php.net/fix.php?id=34311&r=alreadyfixed
Need backtrace:              http://bugs.php.net/fix.php?id=34311&r=needtrace
Need Reproduce Script:       http://bugs.php.net/fix.php?id=34311&r=needscript
Try newer version:           http://bugs.php.net/fix.php?id=34311&r=oldversion
Not developer issue:         http://bugs.php.net/fix.php?id=34311&r=support
Expected behavior:           http://bugs.php.net/fix.php?id=34311&r=notwrong
Not enough info:             
http://bugs.php.net/fix.php?id=34311&r=notenoughinfo
Submitted twice:             
http://bugs.php.net/fix.php?id=34311&r=submittedtwice
register_globals:            http://bugs.php.net/fix.php?id=34311&r=globals
PHP 3 support discontinued:  http://bugs.php.net/fix.php?id=34311&r=php3
Daylight Savings:            http://bugs.php.net/fix.php?id=34311&r=dst
IIS Stability:               http://bugs.php.net/fix.php?id=34311&r=isapi
Install GNU Sed:             http://bugs.php.net/fix.php?id=34311&r=gnused
Floating point limitations:  http://bugs.php.net/fix.php?id=34311&r=float
No Zend Extensions:          http://bugs.php.net/fix.php?id=34311&r=nozend
MySQL Configuration Error:   http://bugs.php.net/fix.php?id=34311&r=mysqlcfg

Reply via email to