PHP :: Bug #8186 :: PHP4 module causes Apache 1.3.14 to core dump with SIGBUS fault

Bug #8186	PHP4 module causes Apache 1.3.14 to core dump with SIGBUS fault
Submitted:	2000-12-09 16:17 UTC	Modified:	2001-04-16 05:18 UTC
From:	twb0 at lymenet dot org	Assigned:
Status:	Closed	Package:	Reproducible Crash
PHP Version:	4.0.3, 4.0.4	OS:	Solaris 7 x86
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

[2000-12-09 16:17 UTC] twb0 at lymenet dot org

Everything works fine with unpatched Solaris 7 x86.  Installing recent recommended patch cluster cuases same configuration to stop working.  Simply commenting out the php4 module in httpd.conf allows Apache to start properly.  Crash happens with both 4.0.3pl1 and 4.0.3.

Core dump available at ftp://ftp.proft.org/pub/62266205.core
Full truss output available at ftp://ftp.proft.org/pub/62266205.truss

Partial truss output:
26998:  open("/etc/hosts", O_RDONLY)                    = 5
26998:  fstat64(5, 0x08043700)                          = 0
26998:  ioctl(5, TCGETA, 0x080436D4)                    Err#25 ENOTTY
26998:  read(5, " #\n #   I n t e r n e t".., 8192)     = 2411
26998:  read(5, 0x080C8E3C, 8192)                       = 0
26998:  llseek(5, 0, SEEK_CUR)                          = 2411
26998:  close(5)                                        = 0
26998:      Incurred fault #5, FLTACCESS  %pc = 0xDF9796A4
26998:        siginfo: SIGBUS BUS_OBJERR addr=0xDF9796A4 errno=14(EFAULT)
26998:      Received signal #10, SIGBUS [default]
26998:        siginfo: SIGBUS BUS_OBJERR addr=0xDF9796A4 errno=14(EFAULT)
26998:          *** process killed ***

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2000-12-09 21:16 UTC] twb0 at lymenet dot org

GDB backtrace follows:

GNU gdb 5.0
Copyright 2000 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-pc-solaris2.7"...
Core was generated by `/opt/apache/bin/httpd -f /opt/apache/conf/httpd.conf'.
Program terminated with signal 10, Bus Error.
Reading symbols from /usr/lib/libsocket.so.1...done.
Loaded symbols for /usr/lib/libsocket.so.1
Reading symbols from /usr/lib/libnsl.so.1...done.
Loaded symbols for /usr/lib/libnsl.so.1
Reading symbols from /usr/lib/libdl.so.1...done.
Loaded symbols for /usr/lib/libdl.so.1
Reading symbols from /usr/lib/libc.so.1...done.
Loaded symbols for /usr/lib/libc.so.1
Reading symbols from /usr/lib/libmp.so.2...done.
Loaded symbols for /usr/lib/libmp.so.2
Reading symbols from /usr/lib/nss_files.so.1...done.
Loaded symbols for /usr/lib/nss_files.so.1
Reading symbols from /usr/lib/nss_dns.so.1...done.
Loaded symbols for /usr/lib/nss_dns.so.1
Reading symbols from /opt/apache/libexec/mod_log_agent.so...done.
Loaded symbols for /opt/apache/libexec/mod_log_agent.so
Reading symbols from /opt/apache/libexec/mod_log_referer.so...done.
Loaded symbols for /opt/apache/libexec/mod_log_referer.so
Reading symbols from /opt/apache/libexec/mod_mime_magic.so...done.
Loaded symbols for /opt/apache/libexec/mod_mime_magic.so
Reading symbols from /opt/apache/libexec/mod_info.so...done.
Loaded symbols for /opt/apache/libexec/mod_info.so
Reading symbols from /opt/apache/libexec/mod_speling.so...done.
Loaded symbols for /opt/apache/libexec/mod_speling.so
Reading symbols from /opt/apache/libexec/mod_rewrite.so...done.
Loaded symbols for /opt/apache/libexec/mod_rewrite.so
Reading symbols from /opt/apache/libexec/mod_auth_anon.so...done.
Loaded symbols for /opt/apache/libexec/mod_auth_anon.so
Reading symbols from /opt/apache/libexec/mod_cern_meta.so...done.
Loaded symbols for /opt/apache/libexec/mod_cern_meta.so
Reading symbols from /opt/apache/libexec/mod_expires.so...done.
Loaded symbols for /opt/apache/libexec/mod_expires.so
Reading symbols from /opt/apache/libexec/libphp4.so...done.
Loaded symbols for /opt/apache/libexec/libphp4.so
Reading symbols from /usr/lib/libpam.so.1...done.
Loaded symbols for /usr/lib/libpam.so.1
Reading symbols from /usr/lib/libintl.so.1...
warning: Lowest section in /usr/lib/libintl.so.1 is .hash at 00000074
done.
Loaded symbols for /usr/lib/libintl.so.1
Reading symbols from /usr/lib/libresolv.so.2...done.
Loaded symbols for /usr/lib/libresolv.so.2
Reading symbols from /usr/lib/libm.so.1...done.
Loaded symbols for /usr/lib/libm.so.1
Reading symbols from /usr/lib/libcrypt_i.so.1...done.
Loaded symbols for /usr/lib/libcrypt_i.so.1
Reading symbols from /usr/lib/libgen.so.1...done.
Loaded symbols for /usr/lib/libgen.so.1
#0  0xdf87e000 in ?? ()
(gdb) bt
#0  0xdf87e000 in ?? ()
#1  0xdfb0c39b in nss_search () from /usr/lib/libc.so.1
#2  0xdfb6edaf in _switch_gethostbyname_r () from /usr/lib/libnsl.so.1
#3  0xdfb81b2e in _door_gethostbyname_r () from /usr/lib/libnsl.so.1
#4  0xdfb6d379 in _get_hostserv_inetnetdir_byname () from /usr/lib/libnsl.so.1
#5  0xdfb815c0 in gethostbyname_r () from /usr/lib/libnsl.so.1
#6  0xdfb816d4 in gethostbyname () from /usr/lib/libnsl.so.1
#7  0x807a7e4 in get_addresses ()
#8  0x807a8c8 in ap_parse_vhost_addrs ()
#9  0x806cdb6 in ap_init_virtual_host ()
#10 0x806f276 in virtualhost_section ()
#11 0x806bca2 in invoke_cmd ()
#12 0x806c487 in ap_handle_command ()
#13 0x806c4d3 in ap_srm_command_loop ()
#14 0x806ca16 in ap_process_resource_config ()
#15 0x806d11c in ap_read_config ()
#16 0x8074544 in standalone_main ()
#17 0x8074cc7 in main ()
#18 0x8057383 in _start ()

[2000-12-09 22:08 UTC] sniper@php.net

Please try the latest snapshot from http://snaps.php.net/
as I think this has already been fixed.

--Jani

[2000-12-09 23:05 UTC] twb0 at lymenet dot org

Tried dev snapshot 200012091845 with same result.
FYI, also discovered that locale.h needed but not defined in ext/gettext.c...

[2000-12-11 10:53 UTC] sniper@php.net

The problem with gettext is now fixed in CVS.
Try latest snapshot (again :) and configure it
with adding --enable-debug to get better backtrace
of the crash..

--Jani

[2000-12-11 18:09 UTC] twb0 at lymenet dot org

New backtrace from dev200012111345 with PHP debugging enabled:
Raw corefile available in ftp://ftp.proft.org/pub/php4-200012111345.core

GNU gdb 5.0
Copyright 2000 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-pc-solaris2.7"...
Core was generated by `bin/httpd -X'.
Program terminated with signal 11, Segmentation Fault.
Reading symbols from /usr/lib/libsocket.so.1...done.
Loaded symbols for /usr/lib/libsocket.so.1
Reading symbols from /usr/lib/libnsl.so.1...done.
Loaded symbols for /usr/lib/libnsl.so.1
Reading symbols from /usr/lib/libdl.so.1...done.
Loaded symbols for /usr/lib/libdl.so.1
Reading symbols from /usr/lib/libc.so.1...done.
Loaded symbols for /usr/lib/libc.so.1
Reading symbols from /usr/lib/libmp.so.2...done.
Loaded symbols for /usr/lib/libmp.so.2
Reading symbols from /usr/lib/nss_files.so.1...done.
Loaded symbols for /usr/lib/nss_files.so.1
Reading symbols from /usr/lib/nss_dns.so.1...done.
Loaded symbols for /usr/lib/nss_dns.so.1
Reading symbols from /opt/apache/libexec/mod_log_agent.so...done.
Loaded symbols for /opt/apache/libexec/mod_log_agent.so
Reading symbols from /opt/apache/libexec/mod_log_referer.so...done.
Loaded symbols for /opt/apache/libexec/mod_log_referer.so
Reading symbols from /opt/apache/libexec/mod_mime_magic.so...done.
Loaded symbols for /opt/apache/libexec/mod_mime_magic.so
Reading symbols from /opt/apache/libexec/mod_info.so...done.
Loaded symbols for /opt/apache/libexec/mod_info.so
Reading symbols from /opt/apache/libexec/mod_speling.so...done.
Loaded symbols for /opt/apache/libexec/mod_speling.so
Reading symbols from /opt/apache/libexec/mod_rewrite.so...done.
Loaded symbols for /opt/apache/libexec/mod_rewrite.so
Reading symbols from /opt/apache/libexec/mod_auth_anon.so...done.
Loaded symbols for /opt/apache/libexec/mod_auth_anon.so
Reading symbols from /opt/apache/libexec/mod_cern_meta.so...done.
Loaded symbols for /opt/apache/libexec/mod_cern_meta.so
Reading symbols from /opt/apache/libexec/mod_expires.so...done.
Loaded symbols for /opt/apache/libexec/mod_expires.so
Reading symbols from /opt/apache/libexec/libphp4.so...done.
Loaded symbols for /opt/apache/libexec/libphp4.so
Reading symbols from /usr/lib/libpam.so.1...done.
Loaded symbols for /usr/lib/libpam.so.1
Reading symbols from /usr/lib/libintl.so.1...
warning: Lowest section in /usr/lib/libintl.so.1 is .hash at 00000074
done.
Loaded symbols for /usr/lib/libintl.so.1
Reading symbols from /usr/lib/libresolv.so.2...done.
Loaded symbols for /usr/lib/libresolv.so.2
Reading symbols from /usr/lib/libm.so.1...done.
Loaded symbols for /usr/lib/libm.so.1
Reading symbols from /usr/lib/libcrypt_i.so.1...done.
Loaded symbols for /usr/lib/libcrypt_i.so.1
Reading symbols from /usr/lib/libgen.so.1...done.
Loaded symbols for /usr/lib/libgen.so.1
#0  0xdf8596a4 in ?? () from /opt/apache/libexec/libphp4.so
(gdb) bt
#0  0xdf8596a4 in ?? () from /opt/apache/libexec/libphp4.so
#1  0xdfb0139b in nss_search () from /usr/lib/libc.so.1
#2  0xdfb61daf in _switch_gethostbyname_r () from /usr/lib/libnsl.so.1
#3  0xdfb74b2e in _door_gethostbyname_r () from /usr/lib/libnsl.so.1
#4  0xdfb60379 in _get_hostserv_inetnetdir_byname () from /usr/lib/libnsl.so.1
#5  0xdfb745c0 in gethostbyname_r () from /usr/lib/libnsl.so.1
#6  0xdfb746d4 in gethostbyname () from /usr/lib/libnsl.so.1
#7  0x807a7e4 in get_addresses ()
#8  0x807a8c8 in ap_parse_vhost_addrs ()
#9  0x806cdb6 in ap_init_virtual_host ()
#10 0x806f276 in virtualhost_section ()
#11 0x806bca2 in invoke_cmd ()
#12 0x806c487 in ap_handle_command ()
#13 0x806c4d3 in ap_srm_command_loop ()
#14 0x806ca16 in ap_process_resource_config ()
#15 0x806d11c in ap_read_config ()
#16 0x8074544 in standalone_main ()
#17 0x8074cc7 in main ()
#18 0x8057383 in _start ()
(gdb) q

[2001-01-07 19:05 UTC] sniper@php.net

What are the outputs for these commands:

# ldd /opt/apache/bin/httpd
# ldd /opt/apache/libexec/libphp4.so

--Janie

[2001-01-07 21:55 UTC] twb0 at lymenet dot org

# ldd /opt/apache/bin/httpd
        libsocket.so.1 =>        /usr/lib/libsocket.so.1
        libnsl.so.1 =>   /usr/lib/libnsl.so.1
        libdl.so.1 =>    /usr/lib/libdl.so.1
        libc.so.1 =>     /usr/lib/libc.so.1
        libmp.so.2 =>    /usr/lib/libmp.so.2
# ldd /opt/apache/libexec/libphp4.so
        libpam.so.1 =>   /usr/lib/libpam.so.1
        libdl.so.1 =>    /usr/lib/libdl.so.1
        libintl.so.1 =>  /usr/lib/libintl.so.1
        libresolv.so.2 =>        /usr/lib/libresolv.so.2
        libm.so.1 =>     /usr/lib/libm.so.1
        libcrypt_i.so.1 =>       /usr/lib/libcrypt_i.so.1
        libnsl.so.1 =>   /usr/lib/libnsl.so.1
        libsocket.so.1 =>        /usr/lib/libsocket.so.1
        libc.so.1 =>     /usr/lib/libc.so.1
        libgen.so.1 =>   /usr/lib/libgen.so.1
        libmp.so.2 =>    /usr/lib/libmp.so.2

[2001-03-16 00:03 UTC] sniper@php.net

Can you try the latest CVS snapshot from http://snaps.php.net/ to see if this is fixed now?

--Jani

[2001-04-16 05:18 UTC] jmoore@php.net

No feedback please reopen if the problem persists with the soon the be released 4.0.5

- James

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Apr 25 08:01:28 2024 UTC