Bug 192959 - archivers/php5-zip: zipArchive seg fault on archive read
Summary: archivers/php5-zip: zipArchive seg fault on archive read
Status: Closed Feedback Timeout
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: amd64 Any
: --- Affects Only Me
Assignee: VK
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-08-24 03:26 UTC by Gerard J. Cerchio
Modified: 2016-12-12 02:13 UTC (History)
1 user (show)

See Also:


Attachments
test.zip for demonstrating ZipArchive crash (1.69 KB, application/octet-stream)
2014-08-24 17:21 UTC, Gerard J. Cerchio
no flags Details
PHP report of machine (58.69 KB, text/html)
2014-08-25 14:25 UTC, Gerard J. Cerchio
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Gerard J. Cerchio 2014-08-24 03:26:26 UTC
I have several Word Press websites.

9.3-PRERELEASE FreeBSD 9.3-PRERELEASE #4: Thu Jul 10 00:17:20 PDT 2014     monkey@cabrillo2012.monkeybrains.net:/usr/obj/usr/src/sys/MONKEY9  amd64

mod_php5-5.4.31_1,1            PHP Scripting Language
php5-5.4.31_1                  PHP Scripting Language
php5-ctype-5.4.31_1            The ctype shared extension for php
php5-dom-5.4.31_1              The dom shared extension for php
php5-extensions-1.7            "meta-port" to install PHP extensions
php5-filter-5.4.31_1           The filter shared extension for php
php5-gd-5.4.31_1               The gd shared extension for php
php5-hash-5.4.31_1             The hash shared extension for php
php5-iconv-5.4.31_1            The iconv shared extension for php
php5-json-5.4.31_1             The json shared extension for php
php5-mysql-5.4.31_1            The mysql shared extension for php
php5-openssl-5.4.31_1          The openssl shared extension for php
php5-pdo-5.4.31_1              The pdo shared extension for php
php5-pdo_sqlite-5.4.31_1       The pdo_sqlite shared extension for php
php5-phar-5.4.31_1             The phar shared extension for php
php5-posix-5.4.31_1            The posix shared extension for php
php5-session-5.4.31_1          The session shared extension for php
php5-simplexml-5.4.31_1        The simplexml shared extension for php
php5-sqlite3-5.4.31_1          The sqlite3 shared extension for php
php5-tokenizer-5.4.31_1        The tokenizer shared extension for php
php5-xml-5.4.31_1              The xml shared extension for php
php5-xmlreader-5.4.31_1        The xmlreader shared extension for php
php5-xmlwriter-5.4.31_1        The xmlwriter shared extension for php
php5-xsl-5.4.31_1              The xsl shared extension for php
php5-zip-5.4.31_1              The zip shared extension for php
php5-zlib-5.4.31_1             The zlib shared extension for php

apache24-2.4.10_1              Version 2.4.x of Apache web server

I updated all the php modules and now php's zipArchive seg faults its Apache daemon when it reads the contents of a zip archive.

I traced the Word Press archive code.

php successfully opens the archive assays the size and creates necessary directories.

The segfault occurs on 

 $contents = $z->getFromIndex($i);

I have seen no one else reporting this problem. I have not duplicated the error with a small test program.
Comment 1 John Marino freebsd_committer freebsd_triage 2014-08-24 08:46:30 UTC
That's not really a lot of information to go on, so I wish Alex (the maintainer) luck...
Comment 2 Gerard J. Cerchio 2014-08-24 17:21:56 UTC
Created attachment 146221 [details]
test.zip for demonstrating ZipArchive crash
Comment 3 Gerard J. Cerchio 2014-08-24 17:22:52 UTC
Here is a small program testZipArchive.php that duplicates the crash, /tmp/test.zip attached:

<?php

	$z = new ZipArchive();

	$zopen = $z->open( "/tmp/test.zip", ZIPARCHIVE::CHECKCONS  );

	if ( true != $zopen )
	{
		print( "  can't open  ");
		return;
	}
	print( "<br>  archive open  <br>");
	flush();

	if (  $info = $z->statIndex( 0 ) )
	{
		print( "<br>  archive stat  <br>");
		$size = $info['size'];
		print( "<br>  archive size $size  <br>");
		flush();
		$data = $z->getFromIndex( 0 );  // crashes process here
		print( "<br>  archive read  <br>");
		flush();
	} 

	$z->close();
?>
Comment 4 Gerard J. Cerchio 2014-08-25 14:25:16 UTC
Created attachment 146256 [details]
PHP report of machine
Comment 5 Gerard J. Cerchio 2014-09-06 15:17:44 UTC
Updated to the new php ports still have the crash with the simple test file.

The problem is no core files are being generated. I moved httpd's core fire directory to /tmp still no core file being generated.

    ulimit -c
    unlimited

How do I enable core files in apache 2.4?
Comment 6 Gerard J. Cerchio 2014-09-06 15:39:53 UTC
never mind, the jail I am running in is stopping any form of core dump
Comment 7 Alex Dupre freebsd_committer freebsd_triage 2014-09-09 13:15:26 UTC
Unable to reproduce:

$ php testZipArchive.php
<br>  archive open  <br><br>  archive stat  <br><br>  archive size 17715  <br><br>  archive read  <br>
Comment 8 Gerard J. Cerchio 2014-09-09 13:45:39 UTC
@John,  did yu run it in a restricted jail environment?
Comment 9 Rene Ladan freebsd_committer freebsd_triage 2016-02-14 19:33:20 UTC
Note that archivers/php5-zip (the PHP 5.4 version) has been removed, is this problem relevant for archivers/php55-zip or archivers/php56-zip ?
Comment 10 VK freebsd_triage 2016-12-12 02:13:35 UTC
Closing for lack of feedback, and the port expired. Please reopen if you think this was a mistake, or even better please file a new report against newer PHP port version, if the problem still exists.