PHP :: Bug #20388 :: Segmentation Fault

Bug #20388	Segmentation Fault
Submitted:	2002-11-12 08:05 UTC	Modified:	2002-11-13 07:41 UTC
From:	mike dot hall at opencube dot co dot uk	Assigned:
Status:	Closed	Package:	*XML functions
PHP Version:	4.2.3	OS:	FreeBSD 4.6
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	mike dot hall at opencube dot co dot uk
New email:
PHP Version:		OS:

New Comment:

[2002-11-12 08:05 UTC] mike dot hall at opencube dot co dot uk

Afternoon:
 
I'm having problems with PHP CGI crashing and I have no idea why. The script I'm running hasn't changed, nor has the server setup. It ran fine for several weeks and then started crashing. I rebooted the server and it was fine for a couple of days... now its crashing again.

The script is a daemon that listens on a port for incoming XML fragments (you can see pieces of this XML at the end of the backtrace) - so this could be Socket or XML related.
 
I was running PHP 4.2.1. I upgraded to 4.2.3 and its still doing it. I have also upgraded to the latest snapshot and ran this through PHP 4.3.0-cli - same result.

./configure --with-mysql --enable-debug --enable-shared=yes --without-apache --enable-ftp --with-mcrypt --with-curl --enable-sockets
 
Here is a backtrace, but its all greek to me. Can anyone explain what on earth all this means?

#0  0x28353386 in localeconv () from /usr/lib/libc.so.4
#1  0x28364ee1 in strtod () from /usr/lib/libc.so.4
#2  0x8127ac1 in is_numeric_string (str=0x81fe224 "SELECT", length=6, lval=0xbbc00164, dval=0xbbc00158, allow_errors=0 '\000')
    at zend_operators.h:94
#3  0x81276fa in zendi_smart_strcmp (result=0xbbc00348, s1=0xbe84f24, s2=0x82bd4fc) at zend_operators.c:1653
#4  0x8126346 in compare_function (result=0xbbc00348, op1=0xbe84f24, op2=0x82bd4fc) at zend_operators.c:1128
#5  0x8126c2a in is_equal_function (result=0xbbc00348, op1=0xbe84f24, op2=0x82bd4fc) at zend_operators.c:1276
#6  0x814d64f in execute (op_array=0x82b9d24) at ./zend_execute.c:1114
#7  0x8150337 in execute (op_array=0x82ca224) at ./zend_execute.c:1638
#8  0x8150337 in execute (op_array=0x82065a4) at ./zend_execute.c:1638
#9  0x8150337 in execute (op_array=0x82065a4) at ./zend_execute.c:1638

.... (another 59,052 of these) ...

#59061 0x8150337 in execute (op_array=0x82065a4) at ./zend_execute.c:1638
#59062 0x8150337 in execute (op_array=0x82065a4) at ./zend_execute.c:1638
#59063 0x8150337 in execute (op_array=0x82065a4) at ./zend_execute.c:1638
#59064 0x8150337 in execute (op_array=0x82065a4) at ./zend_execute.c:1638
#59065 0x8150337 in execute (op_array=0x82065a4) at ./zend_execute.c:1638
#59066 0x8150337 in execute (op_array=0x8206b24) at ./zend_execute.c:1638
#59067 0x81208b3 in call_user_function_ex (function_table=0x821a698, object_pp=0x81fcc30, function_name=0x81fdd24,
    retval_ptr_ptr=0xbfbfd810, param_count=3, params=0x826bc64, no_separation=1, symbol_table=0x0) at zend_execute_API.c:517
#59068 0x812019d in call_user_function (function_table=0x81ac040, object_pp=0x82a6b60, function_name=0x821eae4,
    retval_ptr=0x826bda4, param_count=3, params=0xbfbfd8a8) at zend_execute_API.c:373
#59069 0x80f1f21 in xml_call_handler (parser=0x82a6b24, handler=0x821eae4, argc=3, argv=0xbfbfd8a8) at xml.c:375



#59070 0x80f2922 in _xml_startElementHandler (userData=0x82a6b24, name=0x81f3a40 "event", attributes=0x82a6c10) at xml.c:657
#59071 0x80f7b53 in doContent (parser=0x81bfc00, startTagLevel=0, enc=0x816ebc0,
    s=0x82e617a "<event date=\"20021112 16:15:00\" venue=\"Newmarket\"><outcome price=\"SP\" id=\"31,PAI370676\" saddlecloth=\"1\" /><outcome price=\"SP\" id=\"31,PAI370677\" saddlecloth=\"2\" /><outcome price=\"NR\" id=\"31,PAI370678\" "...,
end=0x82e9779 "",
    nextPtr=0x0) at xmlparse.c:1659
#59072 0x80f705a in contentProcessor (parser=0x81bfc00,
    start=0x82e504a "<bdml memberid=\"11\" password=\"good9top\"><event date=\"20021112 13:05:00\" venue=\"Huntingdon\"><outcome price=\"SP\" id=\"31,PAI370737\" saddlecloth=\"1\" /><outcome price=\"SP\" id=\"31,PAI370738\" saddlecloth=\"2\""...,
    end=0x82e9779 "", endPtr=0x0) at xmlparse.c:1349
#59073 0x80f9ee2 in doProlog (parser=0x81bfc00, enc=0x816ebc0,
    s=0x82e504a "<bdml memberid=\"11\" password=\"good9top\"><event date=\"20021112 13:05:00\" venue=\"Huntingdon\"><outcome price=\"SP\" id=\"31,PAI370737\" saddlecloth=\"1\" /><outcome price=\"SP\" id=\"31,PAI370738\" saddlecloth=\"2\""..., end=0x82e9779 "",
    tok=29,
    next=0x82e504a "<bdml memberid=\"11\" password=\"good9top\"><event date=\"20021112 13:05:00\" venue=\"Huntingdon\"><outcome price=\"SP\" id=\"31,PAI370737\" saddlecloth=\"1\" /><outcome price=\"SP\" id=\"31,PAI370738\" saddlecloth=\"2\""..., nextPtr=0x0)
---Type <return> to continue, or q <return> to quit---
    at xmlparse.c:2687
#59074 0x80f9a54 in prologProcessor (parser=0x81bfc00,
    s=0x82e5024 "<?xml version=\"1.0\" encoding=\"utf-8\"?><bdml memberid=\"11\" password=\"good9top\"><event date=\"20021112 13:05:00\" venue=\"Huntingdon\"><outcome price=\"SP\" id=\"31,PAI370737\" saddlecloth=\"1\" /><outcome price="..., end=0x82e9779 "",
    nextPtr=0x0) at xmlparse.c:2523
#59075 0x80f99ea in prologInitProcessor (parser=0x81bfc00,
    s=0x82e5024 "<?xml version=\"1.0\" encoding=\"utf-8\"?><bdml memberid=\"11\" password=\"good9top\"><event date=\"20021112 13:05:00\" venue=\"Huntingdon\"><outcome price=\"SP\" id=\"31,PAI370737\" saddlecloth=\"1\" /><outcome price="..., end=0x82e9779 "",
    nextPtr=0x0) at xmlparse.c:2512
#59076 0x80f68c8 in php_XML_Parse (parser=0x81bfc00,
    s=0x82e5024 "<?xml version=\"1.0\" encoding=\"utf-8\"?><bdml memberid=\"11\" password=\"good9top\"><event date=\"20021112 13:05:00\" venue=\"Huntingdon\"><outcome price=\"SP\" id=\"31,PAI370737\" saddlecloth=\"1\" /><outcome price="..., len=18261, isFinal=1)
    at xmlparse.c:1103
#59077 0x80f4864 in zif_xml_parse (ht=3, return_value=0x81fdc24, this_ptr=0x0, return_value_used=1) at xml.c:1341
#59078 0x8150156 in execute (op_array=0x82060a4) at ./zend_execute.c:1598
#59079 0x8150337 in execute (op_array=0x81f6f24) at ./zend_execute.c:1638
#59080 0x8129bd5 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at zend.c:812
#59081 0x8063bed in php_execute_script (primary_file=0xbfbffab8) at main.c:1383
#59082 0x80612a4 in main (argc=4, argv=0xbfbffb34) at cgi_main.c:778
#59083 0x80603bd in _start ()

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2002-11-12 10:33 UTC] nicos@php.net

It looks that it's XML related and not sockets.

Did you try it with the latest snapshoot ?
http://snaps.php.net

[2002-11-12 10:36 UTC] mike dot hall at opencube dot co dot uk

Yes, I tried with php4-STABLE-200211121230 from snaps. Same result.

[2002-11-12 10:40 UTC] sniper@php.net

Please try using this CVS snapshot:

  http://snaps.php.net/php4-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php4-win32-latest.zip

and NOT the 'STABLE' ones..

[2002-11-12 10:40 UTC] derick@php.net

Hello,

I think you're recursivley calling a function somewhere, would it be possible to tar the whole package up so that we can try to reproduce it?

Derick

[2002-11-12 11:06 UTC] mike dot hall at opencube dot co dot uk

I tried with http://snaps.php.net/php4-latest.tar.gz and the system is still seg faulting. The strange thing is - I ran exactly the same code for several weeks without trouble.

I can look at packaging up the code, but it is part of a very large application. I will try and put something together though. I don't think I am recursively calling any functions though!

Backtrace is a little different this time.

#0  0x283d9faf in isatty () from /usr/lib/libc.so.4
(gdb) bt
#0  0x283d9faf in isatty () from /usr/lib/libc.so.4
#1  0x283da6cd in malloc () from /usr/lib/libc.so.4
#2  0x8183e61 in _emalloc (size=43, __zend_filename=0x82001a0 "/usr/custom/src/php4-200211121630/Zend/zend_hash.c",
    __zend_lineno=262, __zend_orig_filename=0x0, __zend_orig_lineno=0) at /usr/custom/src/php4-200211121630/Zend/zend_alloc.c:154
#3  0x81999f1 in zend_hash_add_or_update (ht=0xbecf2a4, arKey=0x8346a64 "newhost", nKeyLength=8, pData=0xbbc00114, nDataSize=4,
    pDest=0xbbc00128, flag=1) at /usr/custom/src/php4-200211121630/Zend/zend_hash.c:262
#4  0x81a2500 in zend_fetch_var_address (opline=0x8349024, Ts=0xbbc0014c, type=1)
    at /usr/custom/src/php4-200211121630/Zend/zend_execute.c:575
#5  0x81a43f6 in execute (op_array=0x8347324) at /usr/custom/src/php4-200211121630/Zend/zend_execute.c:1231
#6  0x81a65f4 in execute (op_array=0x83473a4) at /usr/custom/src/php4-200211121630/Zend/zend_execute.c:1639
#7  0x81a65f4 in execute (op_array=0x83478a4) at /usr/custom/src/php4-200211121630/Zend/zend_execute.c:1639

...

#58241 0x81a65f4 in execute (op_array=0x828eba4) at /usr/custom/src/php4-200211121630/Zend/zend_execute.c:1639
#58242 0x81a65f4 in execute (op_array=0x828eba4) at /usr/custom/src/php4-200211121630/Zend/zend_execute.c:1639
#58243 0x81a65f4 in execute (op_array=0x828eba4) at /usr/custom/src/php4-200211121630/Zend/zend_execute.c:1639
#58244 0x81a65f4 in execute (op_array=0x82a0124) at /usr/custom/src/php4-200211121630/Zend/zend_execute.c:1639
#58245 0x818c52f in call_user_function_ex (function_table=0x82a0c98, object_pp=0x82882b0, function_name=0x82b32e4,
    retval_ptr_ptr=0xbfbfd3e4, param_count=3, params=0x828b024, no_separation=1, symbol_table=0x0)
    at /usr/custom/src/php4-200211121630/Zend/zend_execute_API.c:561
#58246 0x818bdcd in call_user_function (function_table=0x8224040, object_pp=0x8331d60, function_name=0x82b30a4,
    retval_ptr=0x8345da4, param_count=3, params=0xbfbfd47c) at /usr/custom/src/php4-200211121630/Zend/zend_execute_API.c:403
#58247 0x813bbad in xml_call_handler (parser=0x8331d24, handler=0x82b30a4, argc=3, argv=0xbfbfd47c)
    at /usr/custom/src/php4-200211121630/ext/xml/xml.c:377


#58248 0x813c5ae in _xml_startElementHandler (userData=0x8331d24, name=0x827a820 "event", attributes=0x8331e10)
    at /usr/custom/src/php4-200211121630/ext/xml/xml.c:659
#58249 0x81417bf in doContent (parser=0x8237c00, startTagLevel=0, enc=0x81e5780,
    s=0x837617a "<event date=\"20021112 16:15:00\" venue=\"Newmarket\"><outcome price=\"SP\" id=\"31,PAI370676\" saddlecloth=\"1\" /><outcome price=\"SP\" id=\"31,PAI370677\" saddlecloth=\"2\" /><outcome price=\"NR\" id=\"31,PAI370678\" "..., end=0x8379779 "",
    nextPtr=0x0) at /usr/custom/src/php4-200211121630/ext/xml/expat/xmlparse.c:1659
#58250 0x8140cc6 in contentProcessor (parser=0x8237c00,
    start=0x837504a "<bdml memberid=\"11\" password=\"good9top\"><event date=\"20021112 13:05:00\" venue=\"Huntingdon\"><outcome price=\"SP\" id=\"31,PAI370737\" saddlecloth=\"1\" /><outcome price=\"SP\" id=\"31,PAI370738\" saddlecloth=\"2\""...,
    end=0x8379779 "", endPtr=0x0) at /usr/custom/src/php4-200211121630/ext/xml/expat/xmlparse.c:1349
#58251 0x8143b4e in doProlog (parser=0x8237c00, enc=0x81e5780,
    s=0x837504a "<bdml memberid=\"11\" password=\"good9top\"><event date=\"20021112 13:05:00\" venue=\"Huntingdon\"><outcome price=\"SP\" id=\"31,PAI370737\" saddlecloth=\"1\" /><outcome price=\"SP\" id=\"31,PAI370738\" saddlecloth=\"2\""..., end=0x8379779 "",
    tok=29,
    next=0x837504a "<bdml memberid=\"11\" password=\"good9top\"><event date=\"20021112 13:05:00\" venue=\"Huntingdon\"><outcome price=\"SP\" id=\"31,PAI370737\" saddlecloth=\"1\" /><outcome price=\"SP\" id=\"31,PAI370738\" saddlecloth=\"2\""..., nextPtr=0x0)
    at /usr/custom/src/php4-200211121630/ext/xml/expat/xmlparse.c:2687
---Type <return> to continue, or q <return> to quit---
#58252 0x81436c0 in prologProcessor (parser=0x8237c00,
    s=0x8375024 "<?xml version=\"1.0\" encoding=\"utf-8\"?><bdml memberid=\"11\" password=\"good9top\"><event date=\"20021112 13:05:00\" venue=\"Huntingdon\"><outcome price=\"SP\" id=\"31,PAI370737\" saddlecloth=\"1\" /><outcome price="..., end=0x8379779 "",
    nextPtr=0x0) at /usr/custom/src/php4-200211121630/ext/xml/expat/xmlparse.c:2523
#58253 0x8143656 in prologInitProcessor (parser=0x8237c00,
    s=0x8375024 "<?xml version=\"1.0\" encoding=\"utf-8\"?><bdml memberid=\"11\" password=\"good9top\"><event date=\"20021112 13:05:00\" venue=\"Huntingdon\"><outcome price=\"SP\" id=\"31,PAI370737\" saddlecloth=\"1\" /><outcome price="..., end=0x8379779 "",
    nextPtr=0x0) at /usr/custom/src/php4-200211121630/ext/xml/expat/xmlparse.c:2512
#58254 0x8140534 in php_XML_Parse (parser=0x8237c00,
    s=0x8375024 "<?xml version=\"1.0\" encoding=\"utf-8\"?><bdml memberid=\"11\" password=\"good9top\"><event date=\"20021112 13:05:00\" venue=\"Huntingdon\"><outcome price=\"SP\" id=\"31,PAI370737\" saddlecloth=\"1\" /><outcome price="..., len=18261, isFinal=1)
    at /usr/custom/src/php4-200211121630/ext/xml/expat/xmlparse.c:1103
#58255 0x813e4d0 in zif_xml_parse (ht=3, return_value=0x82be8a4, this_ptr=0x0, return_value_used=1)
    at /usr/custom/src/php4-200211121630/ext/xml/xml.c:1342
#58256 0x81a63fb in execute (op_array=0x828e6a4) at /usr/custom/src/php4-200211121630/Zend/zend_execute.c:1595
#58257 0x81a65f4 in execute (op_array=0x8282524) at /usr/custom/src/php4-200211121630/Zend/zend_execute.c:1639
#58258 0x8195a0d in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /usr/custom/src/php4-200211121630/Zend/zend.c:840
#58259 0x816441b in php_execute_script (primary_file=0xbfbffac8) at /usr/custom/src/php4-200211121630/main/main.c:1560
#58260 0x81abedb in main (argc=4, argv=0xbfbffb38) at /usr/custom/src/php4-200211121630/sapi/cli/php_cli.c:701
#58261 0x8064a0d in _start ()

[2002-11-12 12:05 UTC] derick@php.net

it would be cool if you could try the following to see if you're calling recursive functions:

1. Download xdebug from 
http://xdebug.derickrethans.nl/link.php?url=xdebug100rc1-422-f46
2. enable it in your php.ini file:
zend_extension=/path/to/module/xdebug.so

and restart your webserver and try the script, or start your command line script. It should give you a warning if you're
trying to recursively call functions (with a full trace of all function calls).

regards,
Derick

[2002-11-13 07:41 UTC] mike dot hall at opencube dot co dot uk

I installed xdebug, then the software stopped crashing! I took xdebug off again and it still isn't crashing. Very odd.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sun Dec 22 02:01:28 2024 UTC