This is happening with a script that takes a http POST file upload.  It then inserts the uploaded file into a SQL database using the ADOdb abstraction layer.  This project is over 40,000 lines, so it is difficult to rip one page out of it.  I try to get this into a reasonablely small packaged script later.

Here is the script:
http://php.red-illusions.dk/pasteit.php?id=191
(again, much of it won't make sense since much of the stuff is done outside this file.)

This happens everytime using:
Server version: Apache/2.0.45-dev
Server built:   Mar  8 2003 14:55:15

And PHP Snaps from:
2003-03-08 06:30
2003-05-04 21:30 (newest one)(and --enable-debug)

After starting httpd in GDB using httpd -X -k start, 
and as soon as I visit this page and upload any file, 
I get my segfault. I do not get it by just visiting the page by itself, without any upload POSTs.

Here is a full backtrace:

(gdb) bt full
#0  0x4021a92c in vfprintf () from /lib/libc.so.6
No symbol table info available.
#1  0x4023741c in vsprintf () from /lib/libc.so.6
No symbol table info available.
#2  0x40224d3d in sprintf () from /lib/libc.so.6
No symbol table info available.
#3  0x40445a38 in _convert_to_string (op=0x82af4a0, __zend_filename=0x40498720 "/home/httpd/src/php4-STABLE-200305042130/Zend/zend_execute.c",
    __zend_lineno=2446) at /home/httpd/src/php4-STABLE-200305042130/Zend/zend_operators.c:453
        lval = -1086320020
        dval = 2.08422883873882e-269
        tsrm_ls = (void ***) 0xbf40126c
#4  0x4045e481 in execute (op_array=0x8339fe8, tsrm_ls=0x81d64e0) at /home/httpd/src/php4-STABLE-200305042130/Zend/zend_execute.c:2446

        restored_error_reporting = {value = {lval = 137032864, dval = 1.7871824991067897e-262, str = {val = 0x82af4a0 'Z' <repeats 19 times>, "\204?\217*",
      len = 160858800}, ht = 0x82af4a0, obj = {ce = 0x82af4a0, properties = 0x99682b0}}, type = 1 '\001', is_ref = 23 '\027', refcount = 48960}
        execute_data = {opline = 0x833aa20, function_state = {function_symbol_table = 0x0, function = 0x8339fe8, reserved = {0x404511c5, 0x9968330,
      0x40477f9c, 0x5}}, fbc = 0x0, ce = 0x0, object = {ptr = 0x0}, Ts = 0xbf4013a8, original_in_execution = 1 '\001', op_array = 0x8339fe8,
  prev_execute_data = 0xbf401e8c}
#5  0x4045eecf in execute (op_array=0x82c26e0, tsrm_ls=0x81d64e0) at /home/httpd/src/php4-STABLE-200305042130/Zend/zend_execute.c:1650
        execute_data = {opline = 0x8302054, function_state = {function_symbol_table = 0x99682b0, function = 0x8339fe8, reserved = {0x404511c5, 0x9968098,
      0x40477f9c, 0x5}}, fbc = 0x8339fe8, ce = 0x0, object = {ptr = 0x99668f8}, Ts = 0xbf401818, original_in_execution = 1 '\001', op_array = 0x82c26e0,
  prev_execute_data = 0xbf403e9c}

...continued execute....

I noticed a simular backtrace in bug #20388 and they suggested trying to catch this in Xdebug ( http://xdebug.derickrethans.nl/ ) if i was entering a recursive function calling loop.  Loading this made no difference for me.

Configure Line:
'./configure' \
'--enable-sysvmsg' \
'--enable-sysvsem' \
'--enable-sysvshm' \
'--enable-sockets' \
'--with-mysql=/home/mysql/mysql-4' \
'--enable-ftp' \
'--enable-ipv6' \
'--with-gd' \
'--enable-gd-native-ttf' \
'--with-jpeg-dir=/usr/local/lib' \
'--with-freetype-dir=/usr' \
'--with-apxs2=/home/httpd/apache2/bin/apxs' \
'--with-zlib-dir=/usr/lib' \
'--enable-debug' \


-chip