Last modified: 2014-05-09 17:47:05 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T53551, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 51551 - Wikimedia wikis with $wgLanguageCode = 'zh' error with certain input
Wikimedia wikis with $wgLanguageCode = 'zh' error with certain input
Status: PATCH_TO_REVIEW
Product: MediaWiki
Classification: Unclassified
Internationalization (Other open bugs)
1.24rc
All All
: Normal major (vote)
: ---
Assigned To: Nobody - You can work on this!
: i18n
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2013-07-17 16:32 UTC by MZMcBride
Modified: 2014-05-09 17:47 UTC (History)
13 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description MZMcBride 2013-07-17 16:32:23 UTC 
Steps to reproduce:

1. Go to a wiki with $wgLanguageCode = 'zh' (for example <https://zh.wiktionary.org>).

2. Enter the string "-{H|=>zh-hans:SOMETHING;}-[[Category:Test]][[A]]" on a page and attempt to save the page.

User is immediately presented with an error:

---
WIKIMEDIA FOUNDATION
Error

[...]

Request: POST http://test.wikipedia.org/w/index.php?title=Zh&action=submit, from 10.64.0.133 via cp1011.eqiad.wmnet (squid/2.7.STABLE9) to 10.64.0.47 (10.64.0.47)
Error: ERR_ZERO_SIZE_OBJECT, errno [No Error] at Wed, 17 Jul 2013 16:29:51 GMT
---

(test.wikipedia.org was temporarily set to $wgLanguageCode = 'zh' for debugging this issue.)

Alexandros K. helpfully provided a gdb output:

#0  0x00007f6230670be4 in _zval_ptr_dtor () from /usr/lib/apache2/modules/libphp5.so
#1  0x00007f6228760082 in _php_fss_close (rsrc=<optimized out>) at /root/fw-ports/php5-fss/php5-fss-0.0.1/fss.c:339
#2  0x00007f623068efee in ?? () from /usr/lib/apache2/modules/libphp5.so
#3  0x00007f623068cd71 in zend_hash_del_key_or_index () from /usr/lib/apache2/modules/libphp5.so
#4  0x00007f623068f107 in _zend_list_delete () from /usr/lib/apache2/modules/libphp5.so
#5  0x00007f6230670c21 in _zval_ptr_dtor () from /usr/lib/apache2/modules/libphp5.so
#6  0x00007f62306a3478 in ?? () from /usr/lib/apache2/modules/libphp5.so
#7  0x00007f62306de437 in ?? () from /usr/lib/apache2/modules/libphp5.so
#8  0x00007f62306ded36 in ?? () from /usr/lib/apache2/modules/libphp5.so
#9  0x00007f62306a546b in execute () from /usr/lib/apache2/modules/libphp5.so
#10 0x00007f62306729ac in zend_call_function () from /usr/lib/apache2/modules/libphp5.so
#11 0x00007f62305b5318 in ?? () from /usr/lib/apache2/modules/libphp5.so
#12 0x00007f62306f48fd in ?? () from /usr/lib/apache2/modules/libphp5.so
#13 0x00007f62306a546b in execute () from /usr/lib/apache2/modules/libphp5.so
#14 0x00007f62306809d0 in zend_execute_scripts () from /usr/lib/apache2/modules/libphp5.so
#15 0x00007f623062d043 in php_execute_script () from /usr/lib/apache2/modules/libphp5.so
#16 0x00007f623070fedd in ?? () from /usr/lib/apache2/modules/libphp5.so
#17 0x00007f6232b0e508 in ap_run_handler ()
#18 0x00007f6232b0e97e in ap_invoke_handler ()
#19 0x00007f6232b1e570 in ap_process_request ()
#20 0x00007f6232b1b398 in ?? ()
#21 0x00007f6232b14fa8 in ap_run_process_connection ()
#22 0x00007f6232b231d0 in ?? ()
#23 0x00007f6232b2393a in ?? ()
#24 0x00007f6232b244e7 in ap_mpm_run ()
#25 0x00007f6232af94a4 in main ()
Comment 1 Gerrit Notification Bot 2013-07-17 18:38:12 UTC 
Change 74186 had a related patch set uploaded by Hoo man:
Fix the calculation of fss_resource_t->replace_size

https://gerrit.wikimedia.org/r/74186
Comment 2 Tim Starling 2013-07-18 01:53:59 UTC 
I confirmed in gdb that this test case generates a replacement array with an empty search string, and thus leads to res->replace[i] being set to NULL, which leads to a null pointer dereference in _php_fss_close(). The only other read of res->replace was already appropriately guarded.
Comment 3 Gerrit Notification Bot 2013-07-18 01:54:49 UTC 
Change 74186 merged by jenkins-bot:
Fix a segfault with zval_ptr_dtor

https://gerrit.wikimedia.org/r/74186
Comment 4 Liangent 2013-07-18 01:57:28 UTC 
(In reply to comment #2)
> I confirmed in gdb that this test case generates a replacement array with an
> empty search string,

This doesn't sound good as strtr() fails on it too (with unwanted output) IIRC.
Comment 5 Liangent 2013-08-21 13:57:03 UTC 
Is it deployed now?
Comment 6 Marius Hoch 2013-08-21 18:11:01 UTC 
(In reply to comment #5)
> Is it deployed now?

I guess so, but you can easily try it with the above wikitext snippet on any zh language wiki...
Comment 7 Liangent 2013-08-21 18:15:30 UTC 
(In reply to comment #6)
> (In reply to comment #5)
> > Is it deployed now?
> 
> I guess so, but you can easily try it with the above wikitext snippet on any
> zh
> language wiki...

It still fails so I wonder whether it's not deployed yet or it doesn't fix the error.
Comment 8 Marius Hoch 2013-08-21 18:38:20 UTC 
(In reply to comment #7)
> (In reply to comment #6)
> > (In reply to comment #5)
> > > Is it deployed now?
> > 
> > I guess so, but you can easily try it with the above wikitext snippet on any
> > zh
> > language wiki...
> 
> It still fails so I wonder whether it's not deployed yet or it doesn't fix
> the error.

I (of course) tested my patch locally and with it applied I've been able to save the snippet... so if you aren't, the fast string search probably isn't up to date on the WMF installations.
Comment 9 Sam Reed (reedy) 2013-08-21 18:49:53 UTC 
This will require proper intervention to be deployed - It won't happen automagically. It needs to be built, packaged, inserted in the WMF deb repo, all the apaches to be updated and then for them to be gracefuled.

We're apparently running a version that doesn't have a changelog entry. Needless to say, I'm fairly sure this means it has not been deployed yet. Needs to be done by opsen or Tim

reedy@tin:/a/common$ dpkg -l | grep fss
ii  php5-fss                         0.0.1-5                             FastStringSearch extension used for MediaWiki
Comment 10 Andre Klapper 2014-03-13 13:19:05 UTC 
(In reply to MZMcBride from comment #0)
> 1. Go to a wiki with $wgLanguageCode = 'zh' (for example
> <https://zh.wiktionary.org>).
> 2. Enter the string "-{H|=>zh-hans:SOMETHING;}-[[Category:Test]][[A]]" on a
> page and attempt to save the page.
> User is immediately presented with an error:

I tried on https://zh.wiktionary.org/w/index.php?title=User:AKlapper_%28WMF%29/bug51551&action=edit and I did not get any error.

Is this obsolete now, or are my steps wrong?
Comment 11 Marius Hoch 2014-03-13 13:22:25 UTC 
(In reply to Andre Klapper from comment #10)
> Is this obsolete now, or are my steps wrong?

Well on WMF sites it should be fine (as I've patched that with https://gerrit.wikimedia.org/r/74186). But for sites which don't use our php fss extension there might still be some unwanted behaviour.
Comment 12 Andre Klapper 2014-03-14 11:26:09 UTC 
(In reply to Marius Hoch from comment #11)
> Well on WMF sites it should be fine (as I've patched that with
> https://gerrit.wikimedia.org/r/74186). But for sites which don't use our php
> fss extension there might still be some unwanted behaviour.

Ah. Thanks. 
So I wonder if this ticket should be moved to the MediaWiki product.
Comment 13 Liangent 2014-05-06 15:33:23 UTC 
(In reply to Marius Hoch from comment #11)
> But for sites which don't use our php
> fss extension there might still be some unwanted behaviour.

For the record, on other sites a page with "-{H|=>zh-hans:SOMETHING;}-[[Category:Test]][[A]]" appears completely empty in zh-hans, because strtr() returns false when there's a key of empty string.
Comment 14 Gerrit Notification Bot 2014-05-06 16:16:52 UTC 
Change 131717 had a related patch set uploaded by Liangent:
LanguageConverter fix of empty and numeric strings

https://gerrit.wikimedia.org/r/131717
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links