php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #45352 Segmentation fault when executing bug41037.phpt on apache module
Submitted: 2008-06-25 11:19 UTC Modified: 2008-06-25 12:19 UTC
From: eyal at zend dot com Assigned: dmitry (profile)
Status: Closed Package: Scripting Engine problem
PHP Version: 5.2.6 OS: Linux
Private report: No CVE-ID: None
 [2008-06-25 11:19 UTC] eyal at zend dot com
Description:
------------
I executed bug41037.phpt on apache module.
The result I got is that first request passes successfully, but next requests causes segmentation fault.

To reproduce place the script from reproduction code section in your htdocs and request it as follows:
ab -n1000 -c10 [URL]


Note that all zend extensions were not loaded at the time of the test

Reproduce code:
---------------
<?php

function a() {
        echo "hello";
            unregister_tick_function('a');
}

declare (ticks=1);
register_tick_function('a');

echo "Done\n";
?>

Expected result:
----------------
hello
Warning\: unregister_tick_function\(\)\: Unable to delete tick function executed at the moment in
.+? on line [0-9]+
Done
hello
Warning\: unregister_tick_function\(\)\: Unable to delete tick function executed at the moment in
.+? on line [0-9]+
hello
Warning\: unregister_tick_function\(\)\: Unable to delete tick function executed at the moment in
.+? on line [0-9]+

Actual result:
--------------
Segmentation fault

BT:
(gdb) c
Continuing.

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1216579920 (LWP 23236)]
zend_llist_apply (l=0x0, func=0xb740a6f0 <user_tick_function_call>) at /php-5.2.6/Zend/zend_llist.c:192
192             for (element=l->head; element; element=element->next) {
(gdb) bt
#0  zend_llist_apply (l=0x0, func=0xb740a6f0 <user_tick_function_call>) at /php-5.2.6/Zend/zend_llist.c:192
#1  0xb7407f9c in run_user_tick_functions (tick_count=1) at /php-5.2.6/ext/standard/basic_functions.c:5364
#2  0xb747c068 in php_tick_iterator (data=0x83a3438, arg=0xbf8b77e0) at /php-5.2.6/main/php_ticks.c:64
#3  0xb74a42ec in zend_llist_apply_with_argument (l=0xb77a2444, func=0xb747c050 <php_tick_iterator>, arg=0xbf8b77e0) at /php-5.2.6/Zend/zend_llist.c:236
#4  0xb747c042 in php_run_ticks (count=1) at /php-5.2.6/main/php_ticks.c:71
#5  0xb74c98d5 in ZEND_TICKS_SPEC_CONST_HANDLER (execute_data=0xbf8b7850) at /php-5.2.6/Zend/zend_vm_execute.h:2377
#6  0xb74cae28 in execute (op_array=0x835ff88) at /php-5.2.6/Zend/zend_vm_execute.h:92
#7  0xb74ad404 in zend_execute_scripts (type=8, retval=<value optimized out>, file_count=3) at /php-5.2.6/Zend/zend.c:1134
#8  0xb746dc60 in php_execute_script (primary_file=0xbf8b9af8) at /php-5.2.6/main/main.c:2005
#9  0xb7528591 in php_handler (r=0x83a1478) at /php-5.2.6/sapi/apache2handler/sapi_apache2.c:629
#10 0x08079259 in ap_run_handler ()
#11 0x0807c5b7 in ap_invoke_handler ()
#12 0x08089998 in ap_process_request ()
#13 0x08086c9b in ?? ()
#14 0x083a1478 in ?? ()
#15 0x00000004 in ?? ()
#16 0x083a1478 in ?? ()
#17 0x00000000 in ?? ()


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2008-06-25 12:19 UTC] dmitry@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Nov 21 08:01:29 2024 UTC