php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #13034 Apache segfaults when acessing certain scripts
Submitted: 2001-08-29 11:43 UTC Modified: 2002-03-05 00:00 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: dk at webcluster dot at Assigned:
Status: No Feedback Package: Reproducible crash
PHP Version: 4.1.1 OS: RedHat Linux 7.0.
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2001-08-29 11:43 UTC] dk at webcluster dot at
hello,

i am using apache 1.3.20 with php-4.0.6
since my update to the 1.3.20 i have strange segmentation faults when i access some scripts.
error_log:
[notice] child pid 9707 exit signal Segmentation fault (11)

PLEASE NOTICE:
i have also tryed it with the latest development snapshot - the same

here is my configuration: 
'./configure' '--prefix=/usr' '--with-config-file-path=/etc' '--enable-debug' '--with-apxs' '--disable-debug' '--enable-discard-path' '--with-exec-dir=/usr/bin' '--with-regex=system' '--with-gettext' '--with-gd=shared' '--with-jpeg-dir=/usr' '--with-png' '--with-zlib' '--with-db2' '--with-db3' '--with-gdbm' '--enable-magic-quotes' '--enable-safe-mode' '--enable-sysvsem' '--enable-sysvshm' '--enable-track-vars' '--enable-yp' '--enable-ftp' '--with-mysql=/usr' '--without-oracle' '--without-oci8' '--with-recode' '--with-xml'

i have allready tryed to disable things like xml or regex or recode - the same...

here is a short demo script to reproduce the error:

<?
$ar = array("hund","katze","schwein","kuh","kamel");

function ar1($ar)
{
	reset($ar);
	foreach($ar as $key => $val)
	{
		if($val != "kuh")
		{
			echo "f1 $key => $val<br>";
		}
		else
		{
			ar2($ar);
		}
	}
}

function ar2($ar)
{
	foreach($ar as $key=>$val)
	{	
		if($val=="kuh")
		{
			echo "f2 $key => $val<br>";
		}
		else
		{
			ar1($ar);
		}
	} 
}

ar1($ar);
?>

infortunately apache refuses to produce a core dump in this case

please help
daniel

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2001-08-29 12:11 UTC] dk at webcluster dot at
here is the core dump (i managed it with the cgi version):
so the error isn't anymore apache related i guess - i'll move the type...

/*note: this error comes while loading the symbols --- 

(before i started the actual backtrace
*/

#0  0x40362c2c in _IO_vfprintf (s=0xbf800500, format=0x816a2f3 "%ld", ap=0xbf8005e8) at vfprintf.c:231
231     vfprintf.c: No such file or directory.

/*after the bt command it follows endlessly...

#0  0x40362c2c in _IO_vfprintf (s=0xbf800500, format=0x816a2f3 "%ld", ap=0xbf8005e8) at vfprintf.c:231
#1  0x40380432 in _IO_vsprintf (string=0x8cd4bb4 'Z' <repeats 19 times>, "\204?\217**", format=0x816a2f3 "%ld", args=0xbf8005e8)
    at iovsprintf.c:47
#2  0x4036ccb7 in sprintf (s=0x8cd4bb4 'Z' <repeats 19 times>, "\204?\217**", format=0x816a2f3 "%ld") at sprintf.c:38
#3  0x810f7e5 in _convert_to_string (op=0xbf800980, __zend_filename=0x816a51d "zend.c", __zend_lineno=154) at zend_operators.c:442
#4  0x8115517 in zend_make_printable_zval (expr=0x8cd4b14, expr_copy=0xbf800980, use_copy=0xbf800998) at zend.c:154
#5  0x814fe98 in execute (op_array=0x8295b08) at ./zend_execute.c:1365
#6  0x815082f in execute (op_array=0x8295ff0) at ./zend_execute.c:1544
#7  0x815082f in execute (op_array=0x8295b08) at ./zend_execute.c:1544
#8  0x815082f in execute (op_array=0x8295ff0) at ./zend_execute.c:1544
#9  0x815082f in execute (op_array=0x8295b08) at ./zend_execute.c:1544
#10 0x815082f in execute (op_array=0x8295ff0) at ./zend_execute.c:1544
#11 0x815082f in execute (op_array=0x8295b08) at ./zend_execute.c:1544
#12 0x815082f in execute (op_array=0x8295ff0) at ./zend_execute.c:1544
#13 0x815082f in execute (op_array=0x8295b08) at ./zend_execute.c:1544

..........


daniel
 [2001-08-30 10:05 UTC] sniper@php.net
What was the script used to generate that backtrace?
Also, could you try and check if this happens with
latest CVS snapshot: http://snaps.php.net/

 [2001-08-30 13:28 UTC] dk at webcluster dot at
hello,

please read the whole thread - i have included the script AND i have also tried it with the latest development snapshot. i really have included all i have :)
for me it looks like a bug in the echo function (vfprintf.c). the script doesn't crash without the echo funtions. it also crashes with "print".

regards

daniel
 [2001-08-30 16:59 UTC] sniper@php.net
You didn't say with what version this backtrace was generated with, also is it with that script you said
you could NOT get the crash? Please be clear about these things.


 [2001-08-30 17:00 UTC] sniper@php.net
I can not reproduce this.

 [2001-08-30 17:10 UTC] dk at webcluster dot at
yes - i couldn't get the crash over apache - then i tried via CGI and it crashed.
it crashes with php 4.0.6 and the dev snap of 29th of august.

 [2002-01-06 07:39 UTC] sander@php.net
Does this problem still occur with 4.1.1 and/or the latest CVS?
 [2002-01-06 10:15 UTC] dk at webcluster dot at
Well that problem occured some time ago.
As far as I can say it doesn't occur with php-4.1.1, but it occured only under some circumstances:
Accessing Arrays or Objects in a recursive way.

Well with 4.1.1 there are other problems now:
When I use the builtin sessionmanagement with register_globals off it doesn't work at all (I followed the release notes) - but that is another story and I don't have the time right now to do debugging on that.

best regards

Daniel [datenPUNK] Khan
 [2002-02-04 02:18 UTC] yohgaki@php.net
Could you identify which function call is causing this segfault?

http://bugs.php.net/bugs-generating-backtrace.php
 [2002-03-05 00:00 UTC] php-bugs at lists dot php dot net
No feedback was provided for this bug for over a month, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Mar 28 21:01:27 2024 UTC