Fixed possible memory corruption inside mb_strcut().
だそうで(1・2・3)。何気なくCVSを見ていたら気がつきました。
PHP_4_4とPHP_5_1のBranchには適用されているので、次のリリースでは修正済み。
% ./php-4.4.2RC1 -v
PHP 4.4.2RC1 (cli) (built: Dec 16 2005 15:31:24) (DEBUG)
Copyright (c) 1997-2004 The PHP Group
Zend Engine v1.3.0, Copyright (c) 1998-2004 Zend Technologies
% less -N ./mb_strcut.php
1 <?php
2
3 $IN = str_repeat( "AAAAAAAAAAAAA", "256" );
4 $OT = mb_strcut( $IN, 200000000 );
5 var_dump( $OT );
6
7 ?>
% ./php-4.4.2RC1 ./mb_strcut.php
Segmentation fault
% ./php4-STABLE-200512160536 -v
PHP 4.4.2RC2-dev (cli) (built: Dec 16 2005 16:00:44) (DEBUG)
Copyright (c) 1997-2004 The PHP Group
Zend Engine v1.3.0, Copyright (c) 1998-2004 Zend Technologies
% ./php4-STABLE-200512160536 ./mb_strcut.php
bool(false)
% gdb ./php-4.4.2RC1
(gdb) r ./mb_strcut.php
Starting program: /home/masugata/php-4.4.2RC1 ./mb_strcut.php
Program received signal SIGSEGV, Segmentation fault.
0x080aef4a in mbfl_strcut (string=0xbfffbe80, result=0xbfffbe70, from=200000000, length=3328)
at /usr/local/src/php-4.4.2RC1/ext/mbstring/libmbfl/mbfl/mbfilter.c:1207
1207 m = mbtab[*p];
(gdb) bt
#0 0x080aef4a in mbfl_strcut (string=0xbfffbe80, result=0xbfffbe70, from=200000000, length=3328)
at /usr/local/src/php-4.4.2RC1/ext/mbstring/libmbfl/mbfl/mbfilter.c:1207
#1 0x08086e6d in zif_mb_strcut (ht=2, return_value=0x83879e4, this_ptr=0x0, return_value_used=1)
at /usr/local/src/php-4.4.2RC1/ext/mbstring/mbstring.c:2488
#2 0x081a0400 in execute (op_array=0x838cb6c) at /usr/local/src/php-4.4.2RC1/Zend/zend_execute.c:1675
#3 0x0818e4b1 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /usr/local/src/php-4.4.2RC1/Zend/zend.c:934
#4 0x0815c85d in php_execute_script (primary_file=0xbfffe450) at /usr/local/src/php-4.4.2RC1/main/main.c:1743
#5 0x081a638a in main (argc=2, argv=0xbfffe4e4) at /usr/local/src/php-4.4.2RC1/sapi/cli/php_cli.c:830
#6 0x42015574 in __libc_start_main () from /lib/tls/libc.so.6っていうか、早く4.4.2をリリースして欲しい。。。
