From:
Operating system: Linux
PHP version: 5.3.2
Package: Reproducible crash
Bug Type: Bug
Bug description:php_cgi_ini_activate_user_config() crashes when given
apache-rewritten URL
Description:
------------
Using php-5.3.2 as a cgi executable with Apache on Linux (though this bug
looks to exist in the trunk branch as well).
We have an apache RewriteRule that turned the URL requested into another
location (that unfortunately does not exist on the file system).
Here is a source change I made to find the error:
Index: sapi/cgi/cgi_main.c
===================================================================
diff -p -u -r1.5 cgi_main.c
--- sapi/cgi/cgi_main.c 16 Apr 2010 19:15:31 -0000 1.5
+++ sapi/cgi/cgi_main.c 28 Apr 2010 20:12:25 -0000
@@ -750,8 +750,10 @@ static void php_cgi_ini_activate_user_co
zend_hash_clean(entry->user_config);
if (!IS_ABSOLUTE_PATH(path, path_len)) {
+ fprintf(stderr, "MZ1 2.3, path is %s\n", path);
real_path = tsrm_realpath(path, NULL TSRMLS_CC);
- real_path_len = strlen(real_path);
+ fprintf(stderr, "MZ1 2.4, real_path is %s\n", real_path ?
real_path : "(MZ nil)");
+ real_path_len = real_path ? strlen(real_path) : 0;
path = real_path;
path_len = real_path_len;
}
========================================================
And here is the resultant error_log info from Apache:
----------------------
[Wed Apr 28 14:13:29 2010] [error] [client 192.168.6.63] MZ1 2.3, path is
redirect:/per_site_html_root/mzoellerapache/euf/application/gonow/widgets/standard/navigation/NavigationTab2/logic.js/gonow/widgets/standard/navigation/NavigationTab2/
[Wed Apr 28 14:13:29 2010] [error] [client 192.168.6.63] MZ1 2.4, real_path
is (MZ nil)
--------------
The process would fail on the call to strlen(real_path), as real_path was a
NULL pointer. This might also be classified as Junk In, Junk Out, as we
were passing a messed up path due to the Apache rewrite rule.
It looks like this error was introduced by pajoye with Revision 282336 :
https://cvs.php.net/viewvc/php/php-src/branches/PHP_5_3/sapi/cgi/cgi_main.c?r1=282335&r2=282336&;
--
Edit bug report at http://bugs.php.net/bug.php?id=51688&edit=1
--
Try a snapshot (PHP 5.2):
http://bugs.php.net/fix.php?id=51688&r=trysnapshot52
Try a snapshot (PHP 5.3):
http://bugs.php.net/fix.php?id=51688&r=trysnapshot53
Try a snapshot (PHP 6.0):
http://bugs.php.net/fix.php?id=51688&r=trysnapshot60
Fixed in SVN:
http://bugs.php.net/fix.php?id=51688&r=fixed
Fixed in SVN and need be documented:
http://bugs.php.net/fix.php?id=51688&r=needdocs
Fixed in release:
http://bugs.php.net/fix.php?id=51688&r=alreadyfixed
Need backtrace:
http://bugs.php.net/fix.php?id=51688&r=needtrace
Need Reproduce Script:
http://bugs.php.net/fix.php?id=51688&r=needscript
Try newer version:
http://bugs.php.net/fix.php?id=51688&r=oldversion
Not developer issue:
http://bugs.php.net/fix.php?id=51688&r=support
Expected behavior:
http://bugs.php.net/fix.php?id=51688&r=notwrong
Not enough info:
http://bugs.php.net/fix.php?id=51688&r=notenoughinfo
Submitted twice:
http://bugs.php.net/fix.php?id=51688&r=submittedtwice
register_globals:
http://bugs.php.net/fix.php?id=51688&r=globals
PHP 4 support discontinued: http://bugs.php.net/fix.php?id=51688&r=php4
Daylight Savings: http://bugs.php.net/fix.php?id=51688&r=dst
IIS Stability:
http://bugs.php.net/fix.php?id=51688&r=isapi
Install GNU Sed:
http://bugs.php.net/fix.php?id=51688&r=gnused
Floating point limitations:
http://bugs.php.net/fix.php?id=51688&r=float
No Zend Extensions:
http://bugs.php.net/fix.php?id=51688&r=nozend
MySQL Configuration Error:
http://bugs.php.net/fix.php?id=51688&r=mysqlcfg
