Skip to content

Fix GH-19685: Segfault when bzip2 filter has invalid parameters #19702

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: PHP-8.3
Choose a base branch
from
Open

Fix GH-19685: Segfault when bzip2 filter has invalid parameters #19702

wants to merge 1 commit into from

Conversation

alexandre-daubois
Copy link
Member

Fix #19685

When blocks or work have invalid values, it currently let the function execution continue. Instead, we should free some resources and return null to avoid the segfault.

@alexandre-daubois alexandre-daubois changed the base branch from master to PHP-8.3 September 4, 2025 14:42
iluuu1994
iluuu1994 reviewed Sep 4, 2025
View reviewed changes
@alexandre-daubois alexandre-daubois force-pushed the stream-append-bz2-failure branch from e6d35d8 to 4c88e07 Compare September 4, 2025 15:01
@alexandre-daubois alexandre-daubois marked this pull request as ready for review September 4, 2025 15:24
devnexen
devnexen reviewed Sep 4, 2025
View reviewed changes
ext/bz2/bz2_filter.c
zend_long blocks = zval_get_long(tmpzval);
if (blocks < 1 || blocks > 9) {
php_error_docref(NULL, E_WARNING, "Invalid parameter given for number of blocks to allocate (" ZEND_LONG_FMT ")", blocks);
pefree(data->strm.next_in, persistent);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: only if you want, on master only maybe, making a goto label to cover the 3 cases.

@bukka
Copy link
Member

bukka commented Sep 4, 2025
edited
Loading

It should be ok in this case but breaking filter chain is sometimes not safe (might cause breaks) so I will need to review it properly - I should be properly looking to filters in 2 or 3 weeks time.

bukka
bukka requested changes Oct 2, 2025
View reviewed changes
Copy link
Member

@bukka bukka left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So I just spent some time to getting to know bzip2 extension to see if I'm missing anything by any chance but I'm not sure I understand what the point of this PR is.

You claim (in the PR title) that this is fixes the segfault but from the stacktrace in #19685 (comment), this looks to me that the fix for that is in #19708 because it's segfaulting due to trying to use ops write on data stream (that has got write ops NULL). That bug GH-19685 is really just a duplicate of GH-19705 - the only difference is that it's using bzip2 filter which also as got some buffered rubbish to write. Basically if you changed the blocks to 4 and work to 0, it would still segfault so this really doesn't fix anything and it's completely unrelated to that bug. In fact this is not a bug at all but just a BC break because currently it's just warning and then using defaults. But you changed it to not use defaults and fails. This should really go through deprecation.

So at least you need to change the branch, titles and description and then add it to the deprecation RFC for 8.6.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@iluuu1994 iluuu1994 iluuu1994 left review comments

@devnexen devnexen devnexen left review comments

@bukka bukka bukka requested changes

Assignees

No one assigned

Labels

Extension: bz2

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

segmentation fault

4 participants

@alexandre-daubois @bukka @iluuu1994 @devnexen