Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:68367 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 49061 invoked from network); 4 Aug 2013 22:17:35 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 4 Aug 2013 22:17:35 -0000 Authentication-Results: pb1.pair.com header.from=kalle.php@gmail.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=kalle.php@gmail.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.128.171 as permitted sender) X-PHP-List-Original-Sender: kalle.php@gmail.com X-Host-Fingerprint: 209.85.128.171 mail-ve0-f171.google.com Received: from [209.85.128.171] ([209.85.128.171:37460] helo=mail-ve0-f171.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 79/F6-06453-EF2DEF15 for ; Sun, 04 Aug 2013 18:17:34 -0400 Received: by mail-ve0-f171.google.com with SMTP id pa12so2438982veb.16 for ; Sun, 04 Aug 2013 15:17:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type; bh=oxjP/cHSN05WMKw7JzBHZMnk4X8dBS6g+a3PkD9WvTc=; b=yD+VwAWUVXPFsJPMAmeYXrKvoTPEtOtdRah/A+p64KzgUq96nVWQcasDvZthy2unEg v0djeWXuzALryVEbl/9SZnz1PNpNMbkRfCWt1Q+Prm+KaKhG5e3uDusNMvMK6MKWO0KD GXRnnh+KcXoiWlvvY4u4OccxIMJhhe7keAFC2hAp+g1/gt92/llZ/6+h8YgHxTP/SB+l Itz98n1x9GX/HtjcJnQSIKtYkEmwB7DglmtO8FfEWNPDTDFHMug9jCGFbW9saUcHWxmT tahqleriouAgY0Wh5gwceRgbAKvQHKGhKPGbGsbim96ssf55dP/0UK7sLUsDW2WI4SVL dxaA== MIME-Version: 1.0 X-Received: by 10.220.92.68 with SMTP id q4mr4863876vcm.93.1375654651488; Sun, 04 Aug 2013 15:17:31 -0700 (PDT) Sender: kalle.php@gmail.com Received: by 10.58.200.104 with HTTP; Sun, 4 Aug 2013 15:17:31 -0700 (PDT) In-Reply-To: <51FD4324.7030507@lerdorf.com> References: <51FD4324.7030507@lerdorf.com> Date: Mon, 5 Aug 2013 00:17:31 +0200 X-Google-Sender-Auth: 4ESC6KrE02dbWlv4C3b-sZNCOVU Message-ID: To: Rasmus Lerdorf Cc: PHP internals , =?ISO-8859-1?Q?Johannes_Schl=FCter?= Content-Type: multipart/mixed; boundary=089e01538346d5efae04e3268e87 Subject: Re: [PHP-DEV] Segfault on mysqlnd stream cast From: kalle@php.net (Kalle Sommer Nielsen) --089e01538346d5efae04e3268e87 Content-Type: text/plain; charset=ISO-8859-1 Hey Rasmus 2013/8/3 Rasmus Lerdorf : > Hey Johannes, could you take a look at: > > https://gist.github.com/anonymous/6143477 > > You can reproduce in 5.5 with: > > sapi/cli/php ext/mysqli/tests/mysqli_poll_kill.php > > main/streams/cast.c:306 is: > > if (php_stream_is_filtered(stream)) { > > but php_stream_is_filtered is just a macro that isn't expecting stream > to be null and you get the segfault there because it is trying to > dereference it. We could just add a null check, of course, but I think > the problem is in mysqlnd. mysqlnd_stream_array_to_fd_set() shouldn't be > trying to cast null streams. I've attached a patch that should check for a NULL stream, it works as follows: mysqlnd_stream_array_to_fd_set() (& mysqlnd_stream_array_from_fd_set()) calls the get_stream method, which may return NULL, previously it was directly passed to php_stream_cast(), and not checked prior to that. However, I did not look into the mysqli_poll function, which may not properly set a stream or something in that way, so this patch *should* be just getting rid of the noise. I'm saying "should" as I did not have the time to configure a build env from where I currently am located as well as I'm rusty =( Patch is attached. -- regards, Kalle Sommer Nielsen kalle@php.net --089e01538346d5efae04e3268e87 Content-Type: text/plain; charset=US-ASCII; name="mysqlnd-diff.txt" Content-Disposition: attachment; filename="mysqlnd-diff.txt" Content-Transfer-Encoding: base64 X-Attachment-Id: f_hjyt8rja0 ZGlmZiAtLWdpdCAiYS9DOlxcVXNlcnNcXEthbGxlXFxBcHBEYXRhXFxMb2NhbFxcVGVtcFxcVG9y dG9pc2VHaXRcXG15c0EzQzQudG1wXFxteXNxbG5kLWI0OGY3ZTAtbGVmdC5jIiAiYi9DOlxcZGV2 XFxwaHAtc3JjXFxleHRcXG15c3FsbmRcXG15c3FsbmQuYyIKaW5kZXggMWE4OTg2OS4uMDgyYzY2 YSAxMDA2NDQKLS0tICJhL0M6XFxVc2Vyc1xcS2FsbGVcXEFwcERhdGFcXExvY2FsXFxUZW1wXFxU b3J0b2lzZUdpdFxcbXlzQTNDNC50bXBcXG15c3FsbmQtYjQ4ZjdlMC1sZWZ0LmMiCisrKyAiYi9D OlxcZGV2XFxwaHAtc3JjXFxleHRcXG15c3FsbmRcXG15c3FsbmQuYyIKQEAgLTEyNjEsNiArMTI2 MSw3IEBAIE1ZU1FMTkQgKiogbXlzcWxuZF9zdHJlYW1fYXJyYXlfY2hlY2tfZm9yX3JlYWRpbmVz cyhNWVNRTE5EICoqIGNvbm5fYXJyYXkgVFNSTUxTCiBzdGF0aWMgaW50IG15c3FsbmRfc3RyZWFt X2FycmF5X3RvX2ZkX3NldChNWVNRTE5EICoqIGNvbm5fYXJyYXksIGZkX3NldCAqIGZkcywgcGhw X3NvY2tldF90ICogbWF4X2ZkIFRTUk1MU19EQykKIHsKIAlwaHBfc29ja2V0X3QgdGhpc19mZDsK KwlwaHBfc3RyZWFtIHN0cmVhbTsKIAlpbnQgY250ID0gMDsKIAlNWVNRTE5EICoqcCA9IGNvbm5f YXJyYXk7CiAKQEAgLTEyNzAsNyArMTI3MSw5IEBAIHN0YXRpYyBpbnQgbXlzcWxuZF9zdHJlYW1f YXJyYXlfdG9fZmRfc2V0KE1ZU1FMTkQgKiogY29ubl9hcnJheSwgZmRfc2V0ICogZmRzLCBwCiAJ CSAqIHdoZW4gY2FzdGluZy4gIEl0IGlzIG9ubHkgdXNlZCBoZXJlIHNvIHRoYXQgdGhlIGJ1ZmZl cmVkIGRhdGEgd2FybmluZwogCQkgKiBpcyBub3QgZGlzcGxheWVkLgogCQkgKiAqLwotCQlpZiAo U1VDQ0VTUyA9PSBwaHBfc3RyZWFtX2Nhc3QoKCpwKS0+ZGF0YS0+bmV0LT5kYXRhLT5tLmdldF9z dHJlYW0oKCpwKS0+ZGF0YS0+bmV0IFRTUk1MU19DQyksIFBIUF9TVFJFQU1fQVNfRkRfRk9SX1NF TEVDVCB8IFBIUF9TVFJFQU1fQ0FTVF9JTlRFUk5BTCwKKwkJc3RyZWFtID0gKCpwKS0+ZGF0YS0+ bmV0LT5kYXRhLT5tLmdldF9zdHJlYW0oKCpwKS0+ZGF0YS0+bmV0IFRTUk1MU19DQyk7CisKKwkJ aWYgKHN0cmVhbSAmJiBTVUNDRVNTID09IHBocF9zdHJlYW1fY2FzdChzdHJlYW0sIFBIUF9TVFJF QU1fQVNfRkRfRk9SX1NFTEVDVCB8IFBIUF9TVFJFQU1fQ0FTVF9JTlRFUk5BTCwKIAkJCQkJCQkJ CQkodm9pZCopJnRoaXNfZmQsIDEpICYmIHRoaXNfZmQgPj0gMCkgewogCiAJCQlQSFBfU0FGRV9G RF9TRVQodGhpc19mZCwgZmRzKTsKQEAgLTEyODgsNiArMTI5MSw3IEBAIHN0YXRpYyBpbnQgbXlz cWxuZF9zdHJlYW1fYXJyYXlfdG9fZmRfc2V0KE1ZU1FMTkQgKiogY29ubl9hcnJheSwgZmRfc2V0 ICogZmRzLCBwCiBzdGF0aWMgaW50IG15c3FsbmRfc3RyZWFtX2FycmF5X2Zyb21fZmRfc2V0KE1Z U1FMTkQgKiogY29ubl9hcnJheSwgZmRfc2V0ICogZmRzIFRTUk1MU19EQykKIHsKIAlwaHBfc29j a2V0X3QgdGhpc19mZDsKKwlwaHBfc3RyZWFtIHN0cmVhbTsKIAlpbnQgcmV0ID0gMDsKIAl6ZW5k X2Jvb2wgZGlzcHJvcG9ydGlvbiA9IEZBTFNFOwogCkBAIC0xMjk1LDcgKzEyOTksOSBAQCBzdGF0 aWMgaW50IG15c3FsbmRfc3RyZWFtX2FycmF5X2Zyb21fZmRfc2V0KE1ZU1FMTkQgKiogY29ubl9h cnJheSwgZmRfc2V0ICogZmRzCiAJTVlTUUxORCAqKmZ3ZCA9IGNvbm5fYXJyYXksICoqYmNrd2Qg PSBjb25uX2FycmF5OwogCiAJd2hpbGUgKCpmd2QpIHsKLQkJaWYgKFNVQ0NFU1MgPT0gcGhwX3N0 cmVhbV9jYXN0KCgqZndkKS0+ZGF0YS0+bmV0LT5kYXRhLT5tLmdldF9zdHJlYW0oKCpmd2QpLT5k YXRhLT5uZXQgVFNSTUxTX0NDKSwgUEhQX1NUUkVBTV9BU19GRF9GT1JfU0VMRUNUIHwgUEhQX1NU UkVBTV9DQVNUX0lOVEVSTkFMLAorCQlzdHJlYW0gPSAoKmZ3ZCktPmRhdGEtPm5ldC0+ZGF0YS0+ bS5nZXRfc3RyZWFtKCgqZndkKS0+ZGF0YS0+bmV0IFRTUk1MU19DQyk7CisKKwkJaWYgKFNVQ0NF U1MgPT0gcGhwX3N0cmVhbV9jYXN0KHN0cmVhbSwgUEhQX1NUUkVBTV9BU19GRF9GT1JfU0VMRUNU IHwgUEhQX1NUUkVBTV9DQVNUX0lOVEVSTkFMLAogCQkJCQkJCQkJCSh2b2lkKikmdGhpc19mZCwg MSkgJiYgdGhpc19mZCA+PSAwKSB7CiAJCQlpZiAoUEhQX1NBRkVfRkRfSVNTRVQodGhpc19mZCwg ZmRzKSkgewogCQkJCWlmIChkaXNwcm9wb3J0aW9uKSB7Cg== --089e01538346d5efae04e3268e87--