[Bug 239513] [NEW] stack smashing detected when calling xmlrpc_set_type

Russ Brown pickscrape at gmail.com
Thu Jun 12 18:45:05 BST 2008


Public bug reported:

Binary package hint: php5-xmlrpc

$ lsb_release -rd
Description:    Ubuntu 8.04
Release:        8.04

php5-xmlrpc:
  Installed: 5.2.4-2ubuntu5.1
  Candidate: 5.2.4-2ubuntu5.1
  Version table:
 *** 5.2.4-2ubuntu5.1 0
        500 http://us.archive.ubuntu.com hardy-updates/main Packages
        100 /var/lib/dpkg/status
     5.2.4-2ubuntu5 0
        500 http://us.archive.ubuntu.com hardy/main Packages

The following script reproduces:

<?php
        $params = array(new DateTime());

        $params[0] = $params[0]->format(DATE_ISO8601);

        xmlrpc_set_type($params[0], 'datetime');
?>

$ php xmlrpc_datetime.php
*** stack smashing detected ***: php terminated
======= Backtrace: =========
/lib/tls/i686/cmov/libc.so.6(__fortify_fail+0x48)[0xb7a38138]
/lib/tls/i686/cmov/libc.so.6(__fortify_fail+0x0)[0xb7a380f0]
/usr/lib/php5/20060613+lfs/xmlrpc.so[0xb71fc1c4]
/usr/lib/php5/20060613+lfs/xmlrpc.so[0xb71f990e]
/usr/lib/php5/20060613+lfs/xmlrpc.so(XMLRPC_CreateValueDateTime_ISO8601+0x37)[0xb71fa247]
/usr/lib/php5/20060613+lfs/xmlrpc.so(set_zval_xmlrpc_type+0x108)[0xb71f1238]
/usr/lib/php5/20060613+lfs/xmlrpc.so(zif_xmlrpc_set_type+0xf4)[0xb71f2ed4]
php[0x82f35eb]
php(execute+0x188)[0x82e4048]
php(zend_execute_scripts+0x183)[0x82c2f13]
php(php_execute_script+0x210)[0x8278d90]
php(main+0x19da)[0x83553ea]
/lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe0)[0xb7961450]
php[0x8097ec1]
======= Memory map: ========
08048000-0855e000 r-xp 00000000 08:04 323708     /usr/bin/php5
0855e000-08594000 rw-p 00516000 08:04 323708     /usr/bin/php5
08594000-08732000 rw-p 08594000 00:00 0          [heap]
b7178000-b717c000 r-xp 00000000 08:04 2997       /lib/tls/i686/cmov/libnss_dns-2.7.so
b717c000-b717e000 rw-p 00003000 08:04 2997       /lib/tls/i686/cmov/libnss_dns-2.7.so
b717e000-b7187000 r-xp 00000000 08:04 2994       /lib/tls/i686/cmov/libnss_files-2.7.so
b7187000-b7189000 rw-p 00008000 08:04 2994       /lib/tls/i686/cmov/libnss_files-2.7.so
b7189000-b71bc000 r-xp 00000000 08:04 40256      /usr/lib/libxslt.so.1.1.22
b71bc000-b71bd000 rw-p 00033000 08:04 40256      /usr/lib/libxslt.so.1.1.22
b71bd000-b71cd000 r-xp 00000000 08:04 27924      /usr/lib/libexslt.so.0.8.13
b71cd000-b71ce000 rw-p 0000f000 08:04 27924      /usr/lib/libexslt.so.0.8.13
b71e6000-b71ec000 r-xp 00000000 08:04 323704     /usr/lib/php5/20060613+lfs/xsl.so
b71ec000-b71ed000 rw-p 00005000 08:04 323704     /usr/lib/php5/20060613+lfs/xsl.so
b71ed000-b71ff000 r-xp 00000000 08:04 323720     /usr/lib/php5/20060613+lfs/xmlrpc.so
b71ff000-b7200000 rw-p 00012000 08:04 323720     /usr/lib/php5/20060613+lfs/xmlrpc.so
b7200000-b721e000 r-xp 00000000 08:04 32549      /usr/lib/libpq.so.5.1
b721e000-b721f000 rw-p 0001e000 08:04 32549      /usr/lib/libpq.so.5.1
b721f000-b7236000 r-xp 00000000 08:04 323735     /usr/lib/php5/20060613+lfs/pgsql.so
b7236000-b7237000 rw-p 00017000 08:04 323735     /usr/lib/php5/20060613+lfs/pgsql.so
b7237000-b724e000 r-xp 00000000 08:04 323746     /usr/lib/php5/20060613+lfs/mysqli.so
b724e000-b7250000 rw-p 00016000 08:04 323746     /usr/lib/php5/20060613+lfs/mysqli.so
b7250000-b73ec000 r-xp 00000000 08:04 90534      /usr/lib/libmysqlclient.so.15.0.0
b73ec000-b742f000 rw-p 0019b000 08:04 90534      /usr/lib/libmysqlclient.so.15.0.0
b742f000-b7430000 rw-p b742f000 00:00 0
b7433000-b7446000 r-xp 00000000 08:04 323769     /usr/lib/php5/20060613+lfs/pdo.so
b7446000-b7448000 rw-p 00012000 08:04 323769     /usr/lib/php5/20060613+lfs/pdo.so
b7448000-b7493000 r-xp 00000000 08:04 3077       /lib/libgcrypt.so.11.2.3
b7493000-b7495000 rw-p 0004a000 08:04 3077       /lib/libgcrypt.so.11.2.3
b7495000-b74a4000 r-xp 00000000 08:04 39957      /usr/lib/libtasn1.so.3.0.12
b74a4000-b74a5000 rw-p 0000e000 08:04 39957      /usr/lib/libtasn1.so.3.0.12
b74a5000-b7516000 r-xp 00000000 08:04 627694     /usr/lib/libgnutls.so.13.9.1
b7516000-b751b000 rw-p 00071000 08:04 627694     /usr/lib/libgnutls.so.13.9.1
b751b000-b7531000 r-xp 00000000 08:04 30923      /usr/lib/libsasl2.so.2.0.22
b7531000-b7532000 rw-p 00015000 08:04 30923      /usr/lib/libsasl2.so.2.0.22
b7532000-b753e000 r-xp 00000000 08:04 358399     /usr/lib/liblber-2.4.so.2.0.3
b753e000-b753f000 rw-p 0000b000 08:04 358399     /usr/lib/liblber-2.4.so.2.0.3
b753f000-b757b000 r-xp 00000000 08:04 358400     /usr/lib/libldap_r-2.4.so.2.0.3
b757b000-b757d000 rw-p 0003b000 08:04 358400     /usr/lib/libldap_r-2.4.so.2.0.3
b757d000-b757e000 rw-p b757d000 00:00 0
b757e000-b75ae000 r-xp 00000000 08:04 41008      /usr/lib/libidn.so.11.5.30
b75ae000-b75af000 rw-p 0002f000 08:04 41008      /usr/lib/libidn.so.11.5.30
b75af000-b75ea000 r-xp 00000000 08:04 41074      /usr/lib/libcurl.so.4.0.1
b75ea000-b75eb000 rw-p 0003b000 08:04 41074      /usr/lib/libcurl.so.4.0.1
b75f0000-b75f6000 r-xp 00000000 08:04 323736     /usr/lib/php5/20060613+lfs/pdo_pgsql.so
b75f6000-b75f7000 rw-p 00005000 08:04 323736     /usr/lib/php5/20060613+lfs/pdo_pgsql.so
b75f7000-b7602000 r-xp 00000000 08:04 323745     /usr/lib/php5/20060613+lfs/mysql.so
b7602000-b7603000 rw-p 0000a000 08:04 323745     /usr/lib/php5/20060613+lfs/mysql.so
b7603000-b7628000 r-xp 00000000 08:04 39913      /usr/lib/libmcrypt.so.4.4.7
b7628000-b762a000 rw-p 00025000 08:04 39913      /usr/lib/libmcrypt.so.4.4.7
b762a000-b7630000 rw-p b762a000 00:00 0
b7633000-b7639000 r-xp 00000000 08:04 323747     /usr/lib/php5/20060613+lfs/pdo_mysql.so
b7639000-b763a000 rw-p 00005000 08:04 323747     /usr/lib/php5/20060613+lfs/pdo_mysql.so
b763a000-b7647000 r-xp 00000000 08:04 323754     /usr/lib/php5/20060613+lfs/curl.so
b7647000-b7648000 rw-p 0000d000 08:04 323754     /usr/lib/php5/20060613+lfs/curl.so
b7648000-b7651000 r-xp 00000000 08:04 91233      /lib/libpam.so.0.81.6
b7651000-b7652000 rw-p 00008000 08:04 91233      /lib/libpam.so.0.81.6
b7652000-b7755000 r-xp 00000000 08:04 32594      /usr/lib/libc-client.so.2007.0
b7755000-b775c000 rw-p 00102000 08:04 32594      /usr/lib/libc-client.so.2007.0
b775c000-b775d000 rw-p b775c000 00:00 0
b775d000-b7773000 r-xp 00000000 08:04 29854      /usr/lib/php5/20060613+lfs/imap.so
b7773000-b7774000 rw-p 00016000 08:04 29854      /usr/lib/php5/20060613+lfs/imap.so
b7774000-b777b000 r--s 00000000 08:04 31126      /usr/lib/gconv/gconv-modules.cache
b777b000-b77ba000 r--p 00000000 08:04 35546      /usr/lib/locale/en_US.utf8/LC_CTYPE
b77d5000-b77df000 r-xp 00000000 08:04 3693       /lib/libgcc_s.so.1
b77df000-b77e0000 rw-p 0000a000 08:04 3693       /lib/libgcc_s.so.1
b77f8000-b77fa000 rw-p b77f8000 00:00 0
bAborted

** Affects: php5 (Ubuntu)
     Importance: Undecided
         Status: New

-- 
stack smashing detected when calling xmlrpc_set_type 
https://bugs.launchpad.net/bugs/239513
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to php5 in ubuntu.



More information about the Ubuntu-server-bugs mailing list