I am fixing bug #32614: Problem, on the solaris platform fdopen() can fail
even if fd is a correct file descriptor, when fd>255 (the well-known
solaris stdio problem). The webserver of the user crashes because the
return value of fdopen() is not checked for NULL when casting a stream from
posix to stdio. After this fd==-1 and fp==NULL ==> further calls to
fread/fwrite with this fp segfault.
I committed the patches for PHP but I have no karme for "ZendEngine2". Can
someone with karma submit this patch?
According to this it would be interesting, WHEN some PHP/Zend code tries to
cast a POSIX stream to stdio? In which extension/functions? Can this be
fixed to only use posix IO? The zend engine itself should be safe since
4.3.3 and since PHP5.
Does stream casts apply if a user uses the PHP user functions fopen, fread,
fwrite? Since Saschas fix in PHP4 there this does not happen. What about PHP5?
I would try to fix this everywhere in the future.
Uwe Schindler
thetaphi@php.net - http://www.php.net
NSAPI SAPI developer
Erlangen, Germany
OK - I found out that the fdopen() code is never called in the PHP
environment, so patch is not needed (PHP sets zend_file_handle always to
STREAM). But I still want to know for what extensions/functions the casts
from posix to stdio are needed- Will casting appear somewhere when the user
calls the userlevel-file-functions starting with fopen()?. It is hard work
to find out with simple search through CVS.
The only position I know is because of popen() etc. in the exec functions
which are stdio (posix variants are more complicated), which is the cause
for the bug report I mentioned.
At 09:40 07.04.2005, Uwe Schindler wrote:
I am fixing bug #32614: Problem, on the solaris platform fdopen() can fail
even if fd is a correct file descriptor, when fd>255 (the well-known
solaris stdio problem). The webserver of the user crashes because the
return value of fdopen() is not checked forNULLwhen casting a stream
from posix to stdio. After this fd==-1 and fp==NULL ==> further calls to
fread/fwrite with this fp segfault.
I committed the patches for PHP but I have no karme for "ZendEngine2". Can
someone with karma submit this patch?According to this it would be interesting, WHEN some PHP/Zend code tries
to cast a POSIX stream to stdio? In which extension/functions? Can this be
fixed to only use posix IO? The zend engine itself should be safe since
4.3.3 and since PHP5.Does stream casts apply if a user uses the PHP user functions fopen,
fread, fwrite? Since Saschas fix in PHP4 there this does not happen. What
about PHP5?I would try to fix this everywhere in the future.
Uwe Schindler
thetaphi@php.net - http://www.php.net
NSAPI SAPI developer
Erlangen, Germany--
Uwe Schindler
thetaphi@php.net - http://www.php.net
NSAPI SAPI developer
Bremen, Germany
Yeah, popen is tricky to replace.
A workaround for solaris is to use proc_open() in the scripts instead.
Other extensions that might have issues are those that will accept a
stream to use as a source for data. Off the top of my head, you'll
want to check the PDFlib and ming extensions. Actually, you be able
to grep the php source to see where the php_stream_cast function is
called; that'll highlight problem areas pretty easily I should think.
--Wez.
OK - I found out that the fdopen() code is never called in the PHP
environment, so patch is not needed (PHP sets zend_file_handle always to
STREAM). But I still want to know for what extensions/functions the casts
from posix to stdio are needed- Will casting appear somewhere when the user
calls the userlevel-file-functions starting withfopen()?. It is hard work
to find out with simple search through CVS.
The only position I know is because ofpopen()etc. in the exec functions
which are stdio (posix variants are more complicated), which is the cause
for the bug report I mentioned.At 09:40 07.04.2005, Uwe Schindler wrote:
I am fixing bug #32614: Problem, on the solaris platform fdopen() can fail
even if fd is a correct file descriptor, when fd>255 (the well-known
solaris stdio problem). The webserver of the user crashes because the
return value of fdopen() is not checked forNULLwhen casting a stream
from posix to stdio. After this fd==-1 and fp==NULL ==> further calls to
fread/fwrite with this fp segfault.
I committed the patches for PHP but I have no karme for "ZendEngine2". Can
someone with karma submit this patch?According to this it would be interesting, WHEN some PHP/Zend code tries
to cast a POSIX stream to stdio? In which extension/functions? Can this be
fixed to only use posix IO? The zend engine itself should be safe since
4.3.3 and since PHP5.Does stream casts apply if a user uses the PHP user functions fopen,
fread, fwrite? Since Saschas fix in PHP4 there this does not happen. What
about PHP5?I would try to fix this everywhere in the future.
Uwe Schindler
thetaphi@php.net - http://www.php.net
NSAPI SAPI developer
Erlangen, Germany--
Uwe Schindler
thetaphi@php.net - http://www.php.net
NSAPI SAPI developer
Bremen, Germany
Not sure. Wez or Sara know that part of the code best.
I'll refrain from applying to the Zend Engine then or should I apply that
patch anyway? It seems quite harmless either way...
Andi
At 04:58 PM 4/8/2005 +0200, Uwe Schindler wrote:
OK - I found out that the fdopen() code is never called in the PHP
environment, so patch is not needed (PHP sets zend_file_handle always to
STREAM). But I still want to know for what extensions/functions the casts
from posix to stdio are needed- Will casting appear somewhere when the
user calls the userlevel-file-functions starting withfopen()?. It is hard
work to find out with simple search through CVS.
The only position I know is because ofpopen()etc. in the exec functions
which are stdio (posix variants are more complicated), which is the cause
for the bug report I mentioned.At 09:40 07.04.2005, Uwe Schindler wrote:
I am fixing bug #32614: Problem, on the solaris platform fdopen() can
fail even if fd is a correct file descriptor, when fd>255 (the well-known
solaris stdio problem). The webserver of the user crashes because the
return value of fdopen() is not checked forNULLwhen casting a stream
from posix to stdio. After this fd==-1 and fp==NULL ==> further calls to
fread/fwrite with this fp segfault.
I committed the patches for PHP but I have no karme for "ZendEngine2".
Can someone with karma submit this patch?According to this it would be interesting, WHEN some PHP/Zend code tries
to cast a POSIX stream to stdio? In which extension/functions? Can this
be fixed to only use posix IO? The zend engine itself should be safe
since 4.3.3 and since PHP5.Does stream casts apply if a user uses the PHP user functions fopen,
fread, fwrite? Since Saschas fix in PHP4 there this does not happen. What
about PHP5?I would try to fix this everywhere in the future.
Uwe Schindler
thetaphi@php.net - http://www.php.net
NSAPI SAPI developer
Erlangen, Germany--
Uwe Schindler
thetaphi@php.net - http://www.php.net
NSAPI SAPI developer
Bremen, Germany
It should probably go into the engine.
--Wez.
Not sure. Wez or Sara know that part of the code best.
I'll refrain from applying to the Zend Engine then or should I apply that
patch anyway? It seems quite harmless either way...Andi
At 04:58 PM 4/8/2005 +0200, Uwe Schindler wrote:
OK - I found out that the fdopen() code is never called in the PHP
environment, so patch is not needed (PHP sets zend_file_handle always to
STREAM). But I still want to know for what extensions/functions the casts
from posix to stdio are needed- Will casting appear somewhere when the
user calls the userlevel-file-functions starting withfopen()?. It is hard
work to find out with simple search through CVS.
The only position I know is because ofpopen()etc. in the exec functions
which are stdio (posix variants are more complicated), which is the cause
for the bug report I mentioned.At 09:40 07.04.2005, Uwe Schindler wrote:
I am fixing bug #32614: Problem, on the solaris platform fdopen() can
fail even if fd is a correct file descriptor, when fd>255 (the well-known
solaris stdio problem). The webserver of the user crashes because the
return value of fdopen() is not checked forNULLwhen casting a stream
from posix to stdio. After this fd==-1 and fp==NULL ==> further calls to
fread/fwrite with this fp segfault.
I committed the patches for PHP but I have no karme for "ZendEngine2".
Can someone with karma submit this patch?According to this it would be interesting, WHEN some PHP/Zend code tries
to cast a POSIX stream to stdio? In which extension/functions? Can this
be fixed to only use posix IO? The zend engine itself should be safe
since 4.3.3 and since PHP5.Does stream casts apply if a user uses the PHP user functions fopen,
fread, fwrite? Since Saschas fix in PHP4 there this does not happen. What
about PHP5?I would try to fix this everywhere in the future.
Uwe Schindler
thetaphi@php.net - http://www.php.net
NSAPI SAPI developer
Erlangen, Germany--
Uwe Schindler
thetaphi@php.net - http://www.php.net
NSAPI SAPI developer
Bremen, Germany