Binary package hint: php5
$ lsb_release -rd
Description: Ubuntu 10.04.1 LTS
Release: 10.04
$ LC_ALL=C apt-cache policy php5
php5:
Installed: (none)
Candidate: 5.3.2-1ubuntu4.2
Version table:
5.3.2-1ubuntu4.2 0
500 http://ua.archive.ubuntu.com/ubuntu/ lucid-updates/main Packages
5.3.2-1ubuntu4 0
500 http://ua.archive.ubuntu.com/ubuntu/ lucid/main Packages
The script seems to crash on imap_fetchbody().
Will try to produce a minimal test case.
ProblemType: Crash
DistroRelease: Ubuntu 10.04
Package: php5-cli 5.3.2-1ubuntu4.2
ProcVersionSignature: Ubuntu 2.6.32-24.39-server 2.6.32.15+drm33.5
Uname: Linux 2.6.32-24-server x86_64
NonfreeKernelModules: fglrx
Architecture: amd64
CrashCounter: 1
Date: Sat Aug 14 17:12:50 2010
ExecutablePath: /usr/bin/php5
ProcCmdline: php parse.php
ProcEnviron:
SHELL=/bin/bash
LANG=ru_RU.UTF-8
LANGUAGE=ru_RU:ru
SegvAnalysis:
Segfault happened at: 0x7f0a2e6ccefa <memcpy+666>: mov 0x30(%rsi),%r13
PC (0x7f0a2e6ccefa) ok
source "0x30(%rsi)" (0x7f0a2b600000) in non-readable VMA region: 0x7f0a2b600000-0x7f0a2b800000 ---p /usr/lib/libc-client.so.2007e.0
destination "%r13" ok
SegvReason: reading VMA /usr/lib/libc-client.so.2007e.0
Signal: 11
SourcePackage: php5
StacktraceTop:
memcpy () at ../sysdeps/x86_64/memcpy.S:398
_estrndup (s=0x7f0a2b5f2f4e "", length=676989824) at /usr/include/bits/string3.h:52
zif_imap_fetchbody () from /usr/lib/php5/20090626/imap.so
zend_do_fcall_common_helper_SPEC (execute_data=0x7f0a2850f0a0) at /build/buildd/php5-5.3.2/Zend/zend_vm_execute.h:313
execute (op_array=0x7f0a31361b58) at /build/buildd/php5-5.3.2/Zend/zend_vm_execute.h:104
Title: php5 crashed with SIGSEGV in memcpy()
UserGroups: adm admin cdrom dialout lpadmin plugdev sambashare vboxusers
The problem seems to be either in php5-imap or libc-client2007
Due to a bug, my script passes invalid $section value to imap_fetchbody(), something like:
imap_fetchbody(
That extra-long section number crashes php.
Crash happens in php_imap.c on line
RETVAL_
in imap_fetchbody function.