Make WordPress Core

Opened 4 years ago

Closed 3 years ago

#13437 closed defect (bug) (worksforme)

Segfault in function admin_url when not using casting (string)

Reported by: dz0ny Owned by:
Milestone: Priority: normal
Severity: normal Version: 3.0
Component: Multisite Keywords: has-patch reporter-feedback
Focuses: Cc:

Description (last modified by nacin)


there is unresolved bug with php 5.2.x(see http://bugs.php.net/bug.php?id=47522), which causes segfault in all distributions and with multiple frameworks(Zend, qubit-toolkit...), the solution so far is to cast return value as string.

Solution is:
in wp-includes/link-template.php

function admin_url( $path = '', $scheme = 'admin' ) {
	return (string)get_admin_url(null, $path, $scheme);

Attachments (2)

13437.patch (532 bytes) - added by hakre 4 years ago.
dz0ny.patch (501 bytes) - added by dz0ny 4 years ago.
Proper patch

Download all attachments as: .zip

Change History (15)

comment:1 dz0ny4 years ago

  • Milestone changed from Unassigned to 3.0
  • Resolution set to worksforme
  • Severity changed from normal to major
  • Status changed from new to closed

comment:2 follow-up: nacin4 years ago

  • Description modified (diff)

get_admin_url() should never return anything but a string that I know of. If it did, no WordPress objects have a toString() method and thus this bug does not apply.

I have edited out your phpinfo.php link. I would delete that file immediately.

comment:3 nacin4 years ago

  • Milestone 3.0 deleted
  • Severity changed from major to normal

comment:4 dz0ny4 years ago

Ok, but casting does solve the problem(php chrashing), when trying to access admin section of site, I can give you FTP access(shared hosting), an you could try it yourself. The wp 2.9.X works fine.

comment:5 in reply to: ↑ 2 hakre4 years ago

  • Keywords has-patch added
  • Resolution worksforme deleted
  • Status changed from closed to reopened

Replying to nacin:

get_admin_url() should never return anything but a string that I know of.

That's incorrect:

return apply_filters('admin_url', $url, $path, $blog_id);

The apply_filters() function does not have any specified return type. Since filters per se aren't properly documented, I think it's pretty valid to add a cast here in admin_url() so that at least admin_url() matches it's own specs.

That is obviously something usefull in PHP because PHP is not that strong typed. I'll add a patch and re-open.

My Milesonte suggestion is none but a simple and quick fix for such a easy to solve issue is preferable the commit right away.

comment:6 nacin4 years ago


Can you intercept the return value of <span class="Apple-style-span" style="white-space: pre; ">get_admin_url() there and var_dump() it before it causes a fatal error? Then probably run a backtrace, var_dump( debug_backtrace() ).</span>

hakre4 years ago

comment:7 nacin4 years ago

Looks like that got pasted in with some goofy browser formatting:

Can you intercept the return value of get_admin_url() there and var_dump() it before it causes a fatal error? Then probably run a backtrace, var_dump( debug_backtrace() ).

comment:8 hakre4 years ago

En contraire to the original fix-suggestion by the reporter, I ensured in the function above to return the right type by casting it in the patch.

Please let know if that solves the issue as well.

comment:9 nacin4 years ago

It's not the issue of casting it to a string as much as its *why* it's not a string. That usually screams bug.

comment:10 dz0ny4 years ago

@hakre, no patch doesn't work, I've even tried,

function get_admin_url( $blog_id = null, $path = '', $scheme = 'admin' ) {
	return "";

and it would still chrash the php process.

@nacin backlog before crash http://pastebin.org/250792
vardump of get_admin_url

string(61) "http://www.prirocnikporoka.si/wp-admin/css/colors-classic.css"
string(59) "http://www.prirocnikporoka.si/wp-admin/css/colors-fresh.css"

I can't give you the backlog after chrash, becouse even loading the page without casting chrashes the php process.

I think the problem lies somewhere in PHP stack, as php developer puts it

When convert_to_string in function() is called to convert object to string,
function::__toString is called and on the course of the execution the
variable stack is reallocated. However haystack variable still points to the
old stack location, which means any access to it will produce the UMR.

comment:11 dz0ny4 years ago

Or maybe even with eAccelerator http://eaccelerator.net/ticket/307, as said I can't do real debuging because of shared hosting.

dz0ny4 years ago

Proper patch

comment:12 hakre4 years ago

  • Keywords reporter-feedback added

Can you still reproduce the crash on current trunk?

comment:13 nacin3 years ago

  • Resolution set to worksforme
  • Status changed from reopened to closed
Note: See TracTickets for help on using tickets.