Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:27971
Return-Path: <stas@zend.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 17532 invoked by uid 1010); 10 Feb 2007 00:31:52 -0000
Delivered-To: ezmlm-scan-internals@lists.php.net
Delivered-To: ezmlm-internals@lists.php.net
Received: (qmail 17517 invoked from network); 10 Feb 2007 00:31:52 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 10 Feb 2007 00:31:52 -0000
Authentication-Results: pb1.pair.com header.from=stas@zend.com; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=stas@zend.com; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain zend.com designates 63.205.162.114 as permitted sender)
X-PHP-List-Original-Sender: stas@zend.com
X-Host-Fingerprint: 63.205.162.114 unknown Windows 2000 SP4, XP SP1
Received: from [63.205.162.114] ([63.205.162.114:17052] helo=mx2.zend.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 68/6D-03629-5721DC54 for <internals@lists.php.net>; Fri, 09 Feb 2007 19:31:51 -0500
Received: from [127.0.0.1] ([192.168.16.109]) by mx2.zend.com with Microsoft SMTPSVC(6.0.3790.1830);
	 Fri, 9 Feb 2007 16:31:47 -0800
Message-ID: <45CD1271.1090704@zend.com>
Date: Fri, 09 Feb 2007 16:31:45 -0800
Organization: Zend Technologies
User-Agent: Thunderbird 2.0b2 (Windows/20070116)
MIME-Version: 1.0
To: Thomas Hruska <thruska@cubiclesoft.com>
CC:  internals@lists.php.net
References: <45CCC024.8070405@cubiclesoft.com>
In-Reply-To: <45CCC024.8070405@cubiclesoft.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-OriginalArrivalTime: 10 Feb 2007 00:31:47.0147 (UTC) FILETIME=[D8F589B0:01C74CAA]
Subject: Re: [PHP-DEV] PHP 5.2.1 crashing Apache/IIS...
From: stas@zend.com (Stanislav Malyshev)

> This script crashes PHP 5.2.1 everywhere.  Command-line and web server 
> (module and CGI modes).  IMO, there's a bug somewhere in str_ireplace(). 
>  But it could be also more fundamental with how Zend treats variables. 
>  All that showing data around assigning a variable to itself.

I can reproduce it. Seems to be off-by-one here:

Z_STRVAL_P(result) = target = safe_emalloc(char_count, to_len, len);

introduced by this patch:

http://cvs.php.net/viewvc.cgi/php-src/ext/standard/string.c?r1=1.445.2.14.2.36&r2=1.445.2.14.2.37
If I replace len with len+1, it seems to be OK.
-- 
Stanislav Malyshev, Zend Products Engineer
stas@zend.com  http://www.zend.com/