PHP :: Bug #9940 :: php cgi crashes when using ob

Bug #9940	php cgi crashes when using ob_start callback function
Submitted:	2001-03-22 15:51 UTC	Modified:	2001-04-28 14:49 UTC
From:	danbeck at dealnews dot com	Assigned:
Status:	Closed	Package:	Reproducible Crash
PHP Version:	4.0 Latest CVS (22/03/2001)	OS:	linux 2.2.16
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

Quick Fix:	(description)
	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	danbeck at dealnews dot com
New email:
PHP Version:		OS:

New/Additional Comment:

[2001-03-22 15:51 UTC] danbeck at dealnews dot com

The following script causes php to segfault when run in CGI mode.  The segfaults do not happen if you remove the output callback function parameter of ob_start().  Please note that this does not happen when using php4.0.4pl1.

#!/usr/local/bin/php -qe
<?

  function compress_output ($output) {
    return($output);
  }

  ob_start("compress_output");

  echo "test\n";

?>


Here is a backtrace of the core file.  

GNU gdb 4.18
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-redhat-linux"...

warning: core file may not match specified executable file.
Core was generated by `php4 -qe ./test.php'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /lib/libpam.so.0...done.
Reading symbols from /lib/libdl.so.2...done.
Reading symbols from /usr/lib/libz.so.1...done.
Reading symbols from /usr/lib/mysql/libmysqlclient.so.10...done.
Reading symbols from /usr/local/lib/libpng.so.2...done.
Reading symbols from /usr/lib/libbz2.so.1.0...done.
Reading symbols from /lib/libresolv.so.2...done.
Reading symbols from /lib/libm.so.6...done.
Reading symbols from /lib/libcrypt.so.1...done.
Reading symbols from /lib/libnsl.so.1...done.
Reading symbols from /lib/libc.so.6...done.
Reading symbols from /lib/ld-linux.so.2...done.
Reading symbols from /lib/libnss_files.so.2...done.
#0  chunk_free (ar_ptr=0x819ebd0, p=0x81d6020) at malloc.c:2985
2985    malloc.c: No such file or directory.
(gdb) bt
#0  chunk_free (ar_ptr=0x819ebd0, p=0x81d6020) at malloc.c:2985
#1  0x40156d75 in __libc_free (mem=0x81d6028) at malloc.c:2959
#2  0x80e31f0 in _efree (ptr=0x81d604c, __zend_filename=0x814612f "output.c", __zend_lineno=227, 
    __zend_orig_filename=0x0, __zend_orig_lineno=0) at zend_alloc.c:238
#3  0x80cdacc in php_end_ob_buffer (send_buffer=1 '\001', just_flush=0 '\000') at output.c:227
#4  0x80cdb5f in php_end_ob_buffers (send_buffer=1 '\001') at output.c:250
#5  0x8060db7 in php_request_shutdown (dummy=0x0) at main.c:643
#6  0x805fc01 in main (argc=3, argv=0xbffffb24) at cgi_main.c:763

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2001-04-28 14:49 UTC] jmoore@php.net

I cant reproduce this anylonger. Please try with latest CVS and 4.0.5 when it comes out on monday and reopen the report on monday if the problem persists

- James

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Mon Jul 07 07:01:33 2025 UTC