PHP :: Bug #15607 :: Apache Crash

Bug #15607

Apache Crash

Submitted:

2002-02-18 16:32 UTC

Modified:

2010-11-15 21:13 UTC

Votes:	1
Avg. Score:	5.0 ± 0.0
Reproduced:	1 of 1 (100.0%)
Same Version:	0 (0.0%)
Same OS:	0 (0.0%)

From:

fedelman at claxson dot com

Assigned:

felipe (profile)

Status:

Closed

Package:

Pspell related

PHP Version:

4.1.1

OS:

Solaris 5.7

Private report:

CVE-ID:

None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	fedelman at claxson dot com
New email:
PHP Version:		OS:

New Comment:

[2002-02-18 16:32 UTC] fedelman at claxson dot com

I'm Sys Admin of El Sitio (www.elsitio.com). I developed de Web Mail of the Site (freemail.elsitio.com).

The Web Mail frontend run on Sun Netra t1 with Solaris 7 (patched 7 recommended). I use gnu gcc and ld (/usr/ccs/bin/ld).

I compile pspell and aspell with CC=gcc and CXX=g++.

My php include oci8 (Oracle 8.1.6), imap (imap-2001a), pspell (pspell-.12.2) and aspell (aspell-.33.7).

PHP 4.0.5 works, but imap_mime_header_decode isn?t work, httpd crash.
PHP 4.0.6 works fine.

PHP is 4.1.0 and 4.1.1 segmentation fault when httpd start.
I was testing on Apache 1.3.19 and Apache 1.3.23.

When I compile, I don't get any error.

PHP is buggy buggy buggy :)

thanks and good luck!

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2002-02-19 04:20 UTC] yohgaki@php.net

To properly diagnose this bug, we need a backtrace to see what is
happening behind the scenes. To find out how to generate a backtrace,
please read http://bugs.php.net/bugs-generating-backtrace.php

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open".

Yes, there are bugs. That's why I got a CVS account :)
BTW, could you try snapshot also?

http://snaps.php.net/

[2002-02-21 20:08 UTC] dustin at cs dot uchicago dot edu

I believe I have found the bug.  I'm no PHP coder, but I believe that a {NULL, NULL, NULL} is required at the end of pspell_functions.  The backtrace *I saw* on a similar system (Solaris 8) indicates a segfault in strlen() as called from zend_register_functions.  The auto variable ptr in that function was pointing one element past the end of the pspell_functions array, and ptr->name was a bogus (but non-null) pointer.

Seems likely that this lack of termination of the array works on "most" platforms, by random chance of having NULLs there when PHP starts up.  But certain compiler/linker/config combinations put something other than NULL there, and zend_register_functions runs amok all over the process space.

Adding the terminator allowed Apache to start, and phpinfo() renders correctly.  Still waiting on more in-depth testing.

[2002-02-22 06:43 UTC] yohgaki@php.net

Thanks for you report. I've added function entry terminator.
If you still have problem(s), let us know.

[2010-11-15 21:13 UTC] felipe@php.net

-Package: *Spelling functions +Package: Pspell related -Assigned To: +Assigned To: felipe

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Wed Feb 05 14:01:32 2025 UTC