[php-maint] Bug#613960: PHP may crash when executing strval when `precision' setting is very high
Ronan
mr_platelet+jin6vr at fastmail.fm
Fri Feb 18 14:11:33 UTC 2011
Package: php5-cli
Version: 5.3.3-7
Severity: normal
The included terminal transcript runs a small PHP
script which calls strval. The script is run in a loop,
at successively higher values of `precision', until a
precision is found which causes PHP to crash.
Although it's very unlikely to be relevant, I am also
including a copy of /proc/cpuinfo on the system on which
the terminal transcript was taken. It is a 32-bit machine.
*** transcript.strval-bug
Script started on Fri 18 Feb 2011 13:30:58 GMT
bash$ cat show-bug
#!/bin/bash
for precision in `seq 500 1073`; do
php5 -n -d precision=$precision -r 'strval(pow(2, -1073));' ||
{
echo
echo PROGRAM CRASHED WHEN PRECISION SET TO $precision
break
}
done
bash$ bash show-bug
*** stack smashing detected ***: php5 terminated
======= Backtrace: =========
/lib/libc.so.6(__fortify_fail+0x40)[0xb71b31f0]
/lib/libc.so.6(+0xe01aa)[0xb71b31aa]
php5[0x838d5e4]
php5[0x82a1f4f]
php5(vspprintf+0x30)[0x82a1f80]
php5[0x830ff25]
php5(zend_locale_sprintf_double+0x4a)[0x82ef00a]
php5(zend_make_printable_zval+0x1b2)[0x82f7d32]
php5[0x8251e19]
php5[0x834a18a]
php5(execute+0x1ce)[0x8320a3e]
php5(zend_eval_stringl+0x133)[0x82eab83]
php5(zend_eval_stringl_ex+0x32)[0x82ead22]
php5(zend_eval_string_ex+0x43)[0x82eada3]
php5[0x838cae3]
/lib/libc.so.6(__libc_start_main+0xe6)[0xb70e9c76]
php5[0x806bb81]
======= Memory map: ========
08048000-0871e000 r-xp 00000000 08:05 2274762 /usr/bin/php5
0871e000-0875d000 r--p 006d6000 08:05 2274762 /usr/bin/php5
0875d000-08763000 rw-p 00715000 08:05 2274762 /usr/bin/php5
08763000-0877a000 rw-p 08763000 00:00 0
0a199000-0a33f000 rw-p 0a199000 00:00 0 [heap]
b6d52000-b6d5c000 r-xp 00000000 08:05 2387892 /lib/libnss_files-2.11.2.so
b6d5c000-b6d5d000 r--p 00009000 08:05 2387892 /lib/libnss_files-2.11.2.so
b6d5d000-b6d5e000 rw-p 0000a000 08:05 2387892 /lib/libnss_files-2.11.2.so
b6d63000-b6d8b000 rw-p b6d63000 00:00 0
b6d8b000-b6f00000 r--p 00000000 08:05 2387764 /usr/lib/locale/locale-archive
b6f1c000-b6f39000 r-xp 00000000 08:05 2389105 /lib/libgcc_s.so.1
b6f39000-b6f3a000 rw-p 0001c000 08:05 2389105 /lib/libgcc_s.so.1
b6f3f000-b6f43000 rw-p b6f3f000 00:00 0
b6f43000-b6f45000 r-xp 00000000 08:05 2387833 /lib/libkeyutils.so.1.3
b6f45000-b6f46000 rw-p 00001000 08:05 2387833 /lib/libkeyutils.so.1.3
b6f46000-b6f4c000 r-xp 00000000 08:05 2372026 /usr/lib/libkrb5support.so.0.1
b6f4c000-b6f4d000 rw-p 00005000 08:05 2372026 /usr/lib/libkrb5support.so.0.1
b6f4d000-b6f61000 r-xp 00000000 08:05 2387883 /lib/libpthread-2.11.2.so
b6f61000-b6f62000 ---p 00014000 08:05 2387883 /lib/libpthread-2.11.2.so
b6f62000-b6f63000 r--p 00014000 08:05 2387883 /lib/libpthread-2.11.2.so
b6f63000-b6f64000 rw-p 00015000 08:05 2387883 /lib/libpthread-2.11.2.so
b6f64000-b6f67000 rw-p b6f64000 00:00 0
b6f67000-b6f77000 r-xp 00000000 08:05 2387723 /lib/libresolv-2.11.2.so
b6f77000-b6f78000 r--p 00010000 08:05 2387723 /lib/libresolv-2.11.2.so
b6f78000-b6f79000 rw-p 00011000 08:05 2387723 /lib/libresolv-2.11.2.so
b6f79000-b6f7b000 rw-p b6f79000 00:00 0
b6f7b000-b70b8000 r-xp 00000000 08:05 2391067 /usr/lib/i686/cmov/libcrypto.so.0.9.8
b70b8000-b70d0000 rw-p 0013c000 08:05 2391067 /usr/lib/i686/cmov/libcrypto.so.0.9.8
b70d0000-b70d3000 rw-p b70d0000 00:00 0
b70d3000-b7211000 r-xp 00000000 08:05 2387896 /lib/libc-2.11.2.so
b7211000-b7212000 ---p 0013e000 08:05 2387896 /lib/libc-2.11.2.so
b7212000-b7214000 r--p 0013e000 08:05 2387896 /lib/libc-2.11.2.so
b7214000-b7215000 rw-p 00140000 08:05 2387896 /lib/libc-2.11.2.so
b7215000-b7218000 rw-p b7215000 00:00 0
b7218000-b733c000 r-xp 00000000 08:05 2371989 /usr/lib/libxml2.so.2.7.8
b733c000-b7341000 rw-p 00124000 08:05 2371989 /usr/lib/libxml2.so.2.7.8
b7341000-b7342000 rw-p b7341000 00:00 0
b7342000-b7344000 r-xp 00000000 08:05 2388993 /lib/libcom_err.so.2.1
b7344000-b7345000 rw-p 00001000 08:05 2388993 /lib/libcom_err.so.2.1
b7345000-b7346000 rw-p b7345000 00:00 0
b7346000-b7368000 r-xp 00000000 08:05 2372028 /usr/lib/libk5crypto.so.3.1
b7368000-b7369000 rw-p 00022000 08:05 2372028 /usr/lib/libk5crypto.so.3.1
b7369000-b7415000 r-xp 00000000 08:05 2372030 /usr/lib/libkrb5.so.3.3
b7415000-b741b000 rw-p 000ac000 08:05 2372030 /usr/lib/libkrb5.so.3.3
b741b000-b7449000 r-xp 00000000 08:05 2372032 /usr/lib/libgssapi_krb5.so.2.2
b7449000-b744a000 rw-p 0002d000 08:05 2372032 /usr/lib/libgssapi_krb5.so.2.2
b744a000-b745d000 r-xp 00000000 08:05 2387893 /lib/libnsl-2.11.2.so
b745d000-b745e000 r--p 00012000 08:05 2387893 /lib/libnsl-2.11.2.so
b745e000-b745f000 rw-p 00013000 08:05 2387893 /lib/libnsl-2.11.2.so
b745f000-b7461000 rw-p b745f000 00:00 0
b7461000-b7463000 r-xp 00000000 08:05 2387886 /lib/libdl-2.11.2.so
b7463000-b7464000 r--p 00001000 08:05 2387886 /lib/libdl-2.11.2.so
b7464000-b7465000 rw-p 00002000 08:05 2387886 /lib/libdl-2.11.2.so
b7465000-b7489000 r-xp 00000000 08:05 2387722 /lib/libm-2.11.2.so
b7489000-b748a000 r--p 00023000 08:05 2387722 /lib/libm-2.11.2.so
b748a000-b748b000 rw-p 00024000 08:05 2387722 /lib/libm-2.11.2.so
b748b000-b748c000 rw-p b748b000 00:00 0
b748c000-b74be000 r-xp 00000000 08:05 2387836 /lib/libpcre.so.3.12.1
b74be000-b74bf000 rw-p 00031000 08:05 2387836 /lib/libpcre.so.3.12.1
b74bf000-b74cf000 r-xp 00000000 08:05 2389109 /lib/libbz2.so.1.0.4
b74cf000-b74d0000 rw-p 00010000 08:05 2389109 /lib/libbz2.so.1.0.4
b74d0000-b7519000 r-xp 00000000 08:05 2373538 /usr/lib/libqdbm.so.14.13.0
b7519000-b751a000 rw-p 00049000 08:05 2373538 /usr/lib/libqdbm.so.14.13.0
b751a000-b767d000 r-xp 00000000 08:05 2372666 /usr/lib/libdb-4.8.so
b767d000-b7680000 rw-p 00163000 08:05 2372666 /usr/lib/libdb-4.8.so
b7680000-b76c6000 r-xp 00000000 08:05 2391066 /usr/lib/i686/cmov/libssl.so.0.9.8
b76c6000-b76ca000 rw-p 00046000 08:05 2391066 /usr/lib/i686/cmov/libssl.so.0.9.8
b76ca000-b770e000 r-xp 00000000 08:05 2373183 /usr/lib/libonig.so.2.0.0
b770e000-b7710000 rw-p 00044000 08:05 2373183 /usr/lib/libonig.so.2.0.0
b7710000-b7711000 rw-p b7710000 00:00 0
b7711000-b7724000 r-xp 00000000 08:05 2372648 /usr/lib/libz.so.1.2.3.4
b7724000-b7725000 rw-p 00013000 08:05 2372648 /usr/lib/libz.so.1.2.3.4
b7725000-b772e000 r-xp 00000000 08:05 2387720 /lib/libcrypt-2.11.2.so
b772e000-b772f000 r--p 00008000 08:05 2387720 /lib/libcrypt-2.11.2.so
b772f000-b7730000 rw-p 00009000 08:05 2387720 /lib/libcrypt-2.11.2.so
b7730000-b7757000 rw-p b7730000 00:00 0
b775b000-b775c000 r--p b775b000 00:00 0
b775c000-b775e000 rw-p b775c000 00:00 0
b775e000-b775f000 r-xp b775e000 00:00 0 [vdso]
b775f000-b777a000 r-xp 00000000 08:05 2388799 /lib/ld-2.11.2.so
b777a000-b777b000 r--p 0001a000 08:05 2388799 /lib/ld-2.11.2.so
b777b000-b777c000 rw-p 0001b000 08:05 2388799 /lib/ld-2.11.2.so
bfe7f000-bfe94000 rw-p bffea000 00:00 0 [stack]
show-bug: line 3: 14892 Aborted php5 -n -d precision=$precision -r 'strval(pow(2, -1073));'
PROGRAM CRASHED WHEN PRECISION SET TO 506
bash$ exit
Script done on Fri 18 Feb 2011 13:31:06 GMT
*** cpuinfo
processor : 0
vendor_id : GenuineIntel
cpu family : 15
model : 4
model name : Intel(R) Celeron(R) CPU 2.66GHz
stepping : 9
cpu MHz : 2660.106
cache size : 256 KB
fdiv_bug : no
hlt_bug : no
f00f_bug : no
coma_bug : no
fpu : yes
fpu_exception : yes
cpuid level : 5
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe lm constant_tsc up pebs bts pni monitor ds_cpl tm2 cid cx16 xtpr lahf_lm
bogomips : 5325.59
clflush size : 64
power management:
-- System Information:
Debian Release: 6.0
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.26-2-686 (SMP w/1 CPU core)
Locale: LANG=en_IE.UTF-8, LC_CTYPE=en_IE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages php5-cli depends on:
ii libbz2-1.0 1.0.5-6 high-quality block-sorting file co
ii libc6 2.11.2-10 Embedded GNU C Library: Shared lib
ii libcomerr2 1.41.12-2 common error description library
ii libdb4.8 4.8.30-2 Berkeley v4.8 Database Libraries [
ii libgssapi-krb5-2 1.8.3+dfsg-4 MIT Kerberos runtime libraries - k
ii libk5crypto3 1.8.3+dfsg-4 MIT Kerberos runtime libraries - C
ii libkrb5-3 1.8.3+dfsg-4 MIT Kerberos runtime libraries
ii libmagic1 5.04-5 File type determination library us
ii libonig2 5.9.1-1 Oniguruma regular expressions libr
ii libpcre3 8.02-1.1 Perl 5 Compatible Regular Expressi
ii libqdbm14 1.8.77-4 QDBM Database Libraries [runtime]
ii libssl0.9.8 0.9.8o-4squeeze1 SSL shared libraries
ii libxml2 2.7.8.dfsg-2 GNOME XML library
ii mime-support 3.48-1 MIME files 'mime.types' & 'mailcap
ii php5-common 5.3.3-7 Common files for packages built fr
ii tzdata 2010o-1 time zone and daylight-saving time
ii ucf 3.0025+nmu1 Update Configuration File: preserv
ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime
php5-cli recommends no packages.
Versions of packages php5-cli suggests:
ii php-pear 5.3.3-7 PEAR - PHP Extension and Applicati
-- no debconf information
More information about the pkg-php-maint
mailing list