PHP :: Bug #25099 :: DBA extension with DB2 handler crashing Apache

Bug #25099	DBA extension with DB2 handler crashing Apache
Submitted:	2003-08-15 12:37 UTC	Modified:	2003-08-17 05:10 UTC
From:	nathan at inimit dot com	Assigned:	helly (profile)
Status:	Wont fix	Package:	DBM/DBA related
PHP Version:	4.3.2	OS:	RedHat 7.2
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	nathan at inimit dot com
New email:
PHP Version:		OS:

New Comment:

[2003-08-15 12:37 UTC] nathan at inimit dot com

Description:
------------
When running the code below which uses the DBA extension and the DB2 handler, I have run across a problem which is replicable using the code below that causes a segfault in Apache. When I run the script via CLI, the code seems to work fine and no errors are produced. I have added the "-" on the last part of the flag due to the file locking mechanism described in a previous bug.

Server version: Apache/1.3.27 (Unix)  (Red-Hat/Linux)
Server built:   Oct 23 2002 14:52:50
Server's Module Magic Number: 19990320:13
Server compiled with....
 -D EAPI
 -D EAPI_MM
 -D EAPI_MM_CORE_PATH="/var/run/httpd.mm"
 -D HAVE_MMAP
 -D HAVE_SHMGET
 -D USE_SHMGET_SCOREBOARD
 -D USE_MMAP_FILES
 -D HAVE_FCNTL_SERIALIZED_ACCEPT
 -D HAVE_SYSVSEM_SERIALIZED_ACCEPT
 -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
 -D HARD_SERVER_LIMIT=256
 -D HTTPD_ROOT="/etc/httpd"
 -D SUEXEC_BIN="/usr/sbin/suexec"
 -D DEFAULT_PIDLOG="/var/run/httpd.pid"
 -D DEFAULT_SCOREBOARD="/var/run/httpd.scoreboard"
 -D DEFAULT_LOCKFILE="/var/run/httpd.lock"
 -D DEFAULT_ERRORLOG="/var/log/httpd/error_log"
 -D TYPES_CONFIG_FILE="conf/mime.types"
 -D SERVER_CONFIG_FILE="conf/httpd.conf"
 -D ACCESS_CONFIG_FILE="conf/access.conf"
 -D RESOURCE_CONFIG_FILE="conf/srm.conf"

PHP 4.3.2 Configure Options:
--exec-prefix=/usr
--bindir=/usr/bin
--sbindir=/usr/sbin
--sysconfdir=/etc
--datadir=/usr/share
--includedir=/usr/include
--libdir=/usr/lib
--libexecdir=/usr/libexec
--localstatedir=/var
--sharedstatedir=/usr/com
--mandir=/usr/share/man
--infodir=/usr/share/info
--prefix=/usr
--with-config-file-path=/etc
--with-apxs
--with-pear
--with-zlib
--enable-dba
--with-db2
--with-flatfile
--enable-exif
--enable-ftp
--with-gd
--with-ttf
--with-gettext
--with-mysql=shared,/usr

ldd /usr/src/redhat/SOURCES/php-4.3.2/sapi/cli/php
        libcrypt.so.1 => /lib/libcrypt.so.1 (0x4001b000)
        libnsl.so.1 => /lib/libnsl.so.1 (0x40049000)
        libexpat.so.0 => /usr/lib/libexpat.so.0 (0x4005e000)
        libmm.so.11 => /usr/lib/libmm.so.11 (0x4007d000)
        libpspell.so.4 => /usr/lib/libpspell.so.4 (0x40082000)
        libltdl.so.3 => /usr/lib/libltdl.so.3 (0x4009c000)
        libpspell-modules.so.1 => /usr/lib/libpspell-modules.so.1 (0x400a3000)
        libstdc++-libc6.2-2.so.3 => /usr/lib/libstdc++-libc6.2-2.so.3 (0x400a6000)
        libm.so.6 => /lib/i686/libm.so.6 (0x400e9000)
        libc.so.6 => /lib/i686/libc.so.6 (0x42000000)
        libpanel.so.5 => /usr/lib/libpanel.so.5 (0x4010b000)
        libncurses.so.5 => /usr/lib/libncurses.so.5 (0x4010f000)
        libgmp.so.3 => /usr/lib/libgmp.so.3 (0x4014d000)
        libpng.so.2 => /usr/lib/libpng.so.2 (0x40176000)
        libz.so.1 => /usr/lib/libz.so.1 (0x40198000)
        libjpeg.so.62 => /usr/lib/libjpeg.so.62 (0x401a6000)
        libdb.so.3 => /usr/lib/libdb.so.3 (0x401c4000)
        libbz2.so.1 => /usr/lib/libbz2.so.1 (0x40200000)
        libssl.so.2 => /lib/libssl.so.2 (0x40210000)
        libcrypto.so.2 => /lib/libcrypto.so.2 (0x4023e000)
        libresolv.so.2 => /lib/libresolv.so.2 (0x40302000)
        libdl.so.2 => /lib/libdl.so.2 (0x40313000)
        libxml2.so.2 => /usr/lib/libxml2.so.2 (0x40316000)
        /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)


Reproduce code:
---------------
<?php
$file = '/tmp/dba_open.test';

// check to see whether to create the file or update
$flag = (file_exists($file)) ? 'w-' : 'c-';

$dba = dba_open($file, $flag, 'db2');

if (!$dba) {
        die('no connection');
} else {
	dba_insert('key-'.substr(time(), -3), 'test-'.time(), $dba);
	dba_close($dba);
}
?>

Expected result:
----------------
When running the code above there is no expected output, but rather a new file to be created in the /tmp directory based on the DB2 handler and if the file exists from a previous execution then new row to be inserted .

Actual result:
--------------
When ran via CLI, the code above works perfectly fine. When the script is attempted to be loaded in Apache, the child proc dies.

> gdb /usr/sbin/httpd
(gdb) run -DHAVE_MYSQL -DHAVE_PHP4 -X
(gdb) bt
#0  0x00000000 in ?? ()
#1  0x4036b642 in __db_calloc () from /usr/lib/libdb.so.3
#2  0x4036481d in db_open () from /usr/lib/libdb.so.3
#3  0x40583b84 in dba_open_db2 (info=0x810bfd4, error=0xbfffc944) at 
    /usr/src/redhat/SOURCES/php-4.3.2/ext/dba/dba_db2.c:75
#4  0x40582941 in php_dba_open (ht=3, return_value=0x819466c, this_ptr=0x0, return_value_used=1, persistent=0)
    at /usr/src/redhat/SOURCES/php-4.3.2/ext/dba/dba.c:606
#5  0x40582ae5 in zif_dba_open (ht=3, return_value=0x819466c, this_ptr=0x0, return_value_used=1)
    at /usr/src/redhat/SOURCES/php-4.3.2/ext/dba/dba.c:648
#6  0x4065fab8 in execute (op_array=0x815727c) at /usr/src/redhat/SOURCES/php-4.3.2/Zend/zend_execute.c:1606
#7  0x4064d5c4 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at 
    /usr/src/redhat/SOURCES/php-4.3.2/Zend/zend.c:869
#8  0x40626b4c in php_execute_script (primary_file=0xbffff640) at /usr/src/redhat/SOURCES/php-4.3.2/main/main.c:1671
#9  0x40667066 in apache_php_module_main (r=0x80fd818, display_source_mode=0)
    at /usr/src/redhat/SOURCES/php-4.3.2/sapi/apache/sapi_apache.c:54
#10 0x40667c42 in send_php (r=0x80fd818, display_source_mode=0, filename=0x0)
    at /usr/src/redhat/SOURCES/php-4.3.2/sapi/apache/mod_php4.c:617
#11 0x40667c96 in send_parsed_php (r=0x80fd818) at /usr/src/redhat/SOURCES/php-4.3.2/sapi/apache/mod_php4.c:632
#12 0x080547cd in ap_invoke_handler ()
#13 0x0806769c in process_request_internal ()
#14 0x08067713 in ap_process_request ()
#15 0x0805f867 in child_main ()
#16 0x0805fa0a in make_child ()
#17 0x0805fb4d in startup_children ()
#18 0x080601a0 in standalone_main ()
#19 0x08060aa3 in main ()
#20 0x42017589 in __libc_start_main () from /lib/i686/libc.so.6

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2003-08-17 00:44 UTC] sniper@php.net

Note: there is also another crash when you have both gdbm and ndbm handlers enabled and you use the ndbm handler in the above mentioned script. Backtrace as follows:

0x40d9a6c8 in gdbm_store () from /usr/lib/libgdbm.so.2
(gdb) bt
#0  0x40d9a6c8 in gdbm_store () from /usr/lib/libgdbm.so.2
#1  0x40d99bcf in dbm_store () from /usr/lib/libgdbm.so.2
#2  0x80d1b4f in dba_update_ndbm (info=0x874f8b4, key=0x874fad4 "key-020", keylen=7, val=0x874f874 "test-1061099020", 
    vallen=15, mode=1) at /usr/src/web/php/php4_3/ext/dba/dba_ndbm.c:99
#3  0x80ce28f in php_dba_update (ht=3, return_value=0x874fb0c, this_ptr=0x0, return_value_used=0, mode=1)
    at /usr/src/web/php/php4_3/ext/dba/dba.c:480
#4  0x80d012c in zif_dba_insert (ht=3, return_value=0x874fb0c, this_ptr=0x0, return_value_used=0)
    at /usr/src/web/php/php4_3/ext/dba/dba.c:945

Some conflict with gdbm vs. ndbm funcs..

[2003-08-17 05:10 UTC] helly@php.net

To even make it harder db2 comes into this conflict, too. Mandrake is a nice platform where all works fine, so it's clearly a problem of how the libs where build on those platforms and not our problem or a problem we could solve.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Fri May 09 13:01:28 2025 UTC