[php-maint] Bug#459020: php5-recode crashes on amd64, after eating up all memory

Bart Cortooms bart at kumina.nl
Thu Jan 24 14:00:54 UTC 2008 

Op 4-jan-2008, om 9:48 heeft Thomas Stegbauer het volgende geschreven:
> php5-recode crashes on amd64, so all program, which need it, are  
> unusable

This happens for me as well.  It's especially troublesome in  
combination with squirrelmail and squirrelmail-decode - a specially  
crafted email could be made into a potential Denial of Service  
attack.  We're seeing this problem when a mail with big5 encoding  
gets opened with Squirrelmail.  The php5-cgi process eats up all  
memory when the inbox gets opened.

Some more info:

(amd64-etch)bart at builder:~$ cat > test.php
<?php
         echo recode_string("utf-8..flat","aaaa");
?>

(amd64-etch)bart at builder:~$ php5 test.php
Segmentation fault (core dumped)


Using the recode utility works fine:

(amd64-etch)bart at builder:~$ echo "aaaa" | recode "utf-8..flat"
aaaa


(amd64-etch)bart at builder:~$ gdb -c core /usr/bin/php5
GNU gdb 6.4.90-debian
Copyright (C) 2006 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and  
you are
welcome to change it and/or distribute copies of it under certain  
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for  
details.
This GDB was configured as "x86_64-linux-gnu"...(no debugging symbols  
found)
Using host libthread_db library "/lib/libthread_db.so.1".

Reading symbols from /lib/libcrypt.so.1...(no debugging symbols  
found)...done.
Loaded symbols for /lib/libcrypt.so.1
Reading symbols from /usr/lib/libz.so.1...(no debugging symbols  
found)...done.
Loaded symbols for /usr/lib/libz.so.1
Reading symbols from /usr/lib/libpanel.so.5...(no debugging symbols  
found)...done.
Loaded symbols for /usr/lib/libpanel.so.5
Reading symbols from /lib/libncurses.so.5...(no debugging symbols  
found)...done.
Loaded symbols for /lib/libncurses.so.5
Reading symbols from /usr/lib/libssl.so.0.9.8...
(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libssl.so.0.9.8
Reading symbols from /usr/lib/libpcre.so.3...(no debugging symbols  
found)...done.
Loaded symbols for /usr/lib/libpcre.so.3
Reading symbols from /usr/lib/libdb-4.4.so...(no debugging symbols  
found)...done.
Loaded symbols for /usr/lib/libdb-4.4.so
Reading symbols from /lib/libbz2.so.1.0...(no debugging symbols  
found)...done.
Loaded symbols for /lib/libbz2.so.1.0
Reading symbols from /lib/libresolv.so.2...
(no debugging symbols found)...done.
Loaded symbols for /lib/libresolv.so.2
Reading symbols from /lib/libm.so.6...(no debugging symbols  
found)...done.
Loaded symbols for /lib/libm.so.6
Reading symbols from /lib/libdl.so.2...(no debugging symbols  
found)...done.
Loaded symbols for /lib/libdl.so.2
Reading symbols from /lib/libnsl.so.1...(no debugging symbols  
found)...done.
Loaded symbols for /lib/libnsl.so.1
Reading symbols from /usr/lib/libgssapi_krb5.so.2...
(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libgssapi_krb5.so.2
Reading symbols from /usr/lib/libkrb5.so.3...(no debugging symbols  
found)...done.
Loaded symbols for /usr/lib/libkrb5.so.3
Reading symbols from /usr/lib/libk5crypto.so.3...(no debugging  
symbols found)...done.
Loaded symbols for /usr/lib/libk5crypto.so.3
Reading symbols from /lib/libcom_err.so.2...(no debugging symbols  
found)...done.
Loaded symbols for /lib/libcom_err.so.2
Reading symbols from /usr/lib/libxml2.so.2...
(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libxml2.so.2
Reading symbols from /lib/libc.so.6...(no debugging symbols  
found)...done.
Loaded symbols for /lib/libc.so.6
Reading symbols from /usr/lib/libcrypto.so.0.9.8...(no debugging  
symbols found)...done.
Loaded symbols for /usr/lib/libcrypto.so.0.9.8
Reading symbols from /lib/ld-linux-x86-64.so.2...(no debugging  
symbols found)...done.
Loaded symbols for /lib64/ld-linux-x86-64.so.2
Reading symbols from /usr/lib/libkrb5support.so.0...
(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libkrb5support.so.0
Reading symbols from /usr/lib/php5/20060613/pdo.so...(no debugging  
symbols found)...done.
Loaded symbols for /usr/lib/php5/20060613/pdo.so
Reading symbols from /usr/lib/php5/20060613/recode.so...(no debugging  
symbols found)...done.
Loaded symbols for /usr/lib/php5/20060613/recode.so
Reading symbols from /usr/lib/librecode.so.0...(no debugging symbols  
found)...done.
Loaded symbols for /usr/lib/librecode.so.0
Reading symbols from /lib/libnss_files.so.2...
(no debugging symbols found)...done.
Loaded symbols for /lib/libnss_files.so.2
Core was generated by `php5 test.php'.
Program terminated with signal 11, Segmentation fault.
#0  0x00002b19bb7c012e in transform_with_libiconv () from /usr/lib/ 
librecode.so.0
(gdb) bt
#0  0x00002b19bb7c012e in transform_with_libiconv () from /usr/lib/ 
librecode.so.0
#1  0x00002b19bb7cb4a0 in transform_byte_to_variable () from /usr/lib/ 
librecode.so.0
#2  0x00002b19bb7cbcde in recode_perform_task () from /usr/lib/ 
librecode.so.0
#3  0x00002b19bb7cadc0 in recode_buffer_to_buffer () from /usr/lib/ 
librecode.so.0
#4  0x00002b19bb6184b1 in zif_recode_string () from /usr/lib/ 
php5/20060613/recode.so
#5  0x000000000065fcd7 in execute ()
#6  0x000000000064f6f3 in execute ()
#7  0x00000000006326f9 in zend_execute_scripts ()
#8  0x00000000005f2ec8 in php_execute_script ()
#9  0x00000000006b8fe5 in main ()
(gdb)

-- 
	Bart

More information about the pkg-php-maint mailing list