Bug #63159 [Fbk->NoF]: Passing > 1 additional module to php_module_startup causes a segfault

Sun, 17 Feb 2013 16:55:02 -0800 

Edit report at https://bugs.php.net/bug.php?id=63159&edit=1

 ID:               63159
 Updated by:       php-bugs@lists.php.net
 Reported by:      slangley at google dot com
 Summary:          Passing > 1 additional module to php_module_startup
                   causes a segfault
-Status:           Feedback
+Status:           No Feedback
 Type:             Bug
 Package:          Reproducible crash
 Operating System: N/A
 PHP Version:      5.4.7

 New Comment:

No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Open". Thank you.


Previous Comments:
------------------------------------------------------------------------
[2013-01-28 10:46:47] slangley at google dot com

Well according to this I'm not :) 

http://marc.info/?l=php-internals&m=110121150631159&w=2

------------------------------------------------------------------------
[2013-01-28 10:44:00] paj...@php.net

oh, stupid me, coffee++ :-)

You must be the 1st to call it with more than one ;-)

------------------------------------------------------------------------
[2013-01-28 10:35:00] slangley at google dot com

I'll grab you a stack trace when I'm in to office tomorrow (need to remove my 
patch to get it to crash :)).... However you can pretty easily walk through the 
code.

int php_module_startup(sapi_module_struct *sf, zend_module_entry 
*additional_modules, uint num_additional_modules)

Takes a pointer to an array of zend_module_entry.

int php_register_extensions(zend_module_entry **ptr, int count TSRMLS_DC)


takes a pointer to an array of zend_module_entry pointers.

inside php_register_extensions it uses pointer arithmetic to enumerate the 
extensions. However, because php_module_startup has a pointer to an array of 
zend_module_entry rather than a pointer to an array of pointers of 
zend_module_entry it causes a segfault.

https://github.com/php/php-src/blob/master/main/main.c#L1961

https://github.com/php/php-src/blob/master/main/main.c#L1909

------------------------------------------------------------------------
[2013-01-28 10:28:53] paj...@php.net

http://lxr.php.net/xref/PHP_5_4/main/main.c#1910 looks perfectly fine to me.

Which value do you actually pass as count? Also provide a backtrace.

------------------------------------------------------------------------
[2013-01-28 10:25:44] slangley at google dot com

Suggest you look again - it is not possible to get past this line without 
segfaulting if there is more than one extension.

https://github.com/php/php-src/blob/master/main/main.c#L2191

------------------------------------------------------------------------


The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at

    https://bugs.php.net/bug.php?id=63159


-- 
Edit this bug report at https://bugs.php.net/bug.php?id=63159&edit=1

Reply via email to