php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #28422 Apache Crash with segmentation fault (11)
Submitted: 2004-05-17 17:41 UTC Modified: 2005-01-18 01:00 UTC
Votes:8
Avg. Score:4.2 ± 1.0
Reproduced:8 of 8 (100.0%)
Same Version:2 (25.0%)
Same OS:5 (62.5%)
From: Enrico dot Simetti at ingegneria dot studenti dot unige Assigned:
Status: No Feedback Package: Reproducible crash
PHP Version: 5.0.0RC2 OS: Linux/WinXP
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: Enrico dot Simetti at ingegneria dot studenti dot unige
New email:
PHP Version: OS:

 

 [2004-05-17 17:41 UTC] Enrico dot Simetti at ingegneria dot studenti dot unige 
Description:
------------
OS:     Linux 2.6.0
Apache: Apache/1.3.29 (Unix)
PHP:    5.0.0RC2 (compiled with "--with-mysql --with-debug")

The following script makes my apache crash with this error:
"[notice] child pid 13748 exit signal Segmentation fault (11)"

OS:     Windows XP SP1
Apache: Apache/2.0.49 (and 1.3.31 too)
PHP:    5.0.0RC2

The same script makes my apache crash with this error:
"[notice] Parent: child process exited with status 3221225477 -- Restarting."

Reproduce code:
---------------
http://matfors.net/tupac/exception.php.txt

Expected result:
----------------
A few notes...
If i dont use my error_class, everything works fine, and PHP gives me this warning
"Warning: call_user_func_array() [function.call-user-func-array]: Unable
to call my_class::throw_exception() in C:\Programmi\Apache
Group\Apache2\htdocs\testfield\exception.php on line 40"
problably since i threw an exception in that function.

If i use my error_class and i dont use the call_user_func_array, but instead i call $test->throw_exception() everything works fine again (because no Warning is generated?)

If i use my error class and call call_user_func_array then everything blows up 

Actual result:
--------------
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 16384 (LWP 13800)]
0x00000000 in ?? ()
(gdb) bt
#0  0x00000000 in ?? ()
#1  0x403d2fb5 in execute (op_array=0xbfffcca0) at /root/php-5.0.0RC2/Zend/zend_execute.c:1391
#2  0x403ac282 in zend_call_function (fci=0xbfffcca0, fci_cache=0x0)
    at /root/php-5.0.0RC2/Zend/zend_execute_API.c:835
#3  0x403abbb5 in call_user_function_ex (function_table=0x80c8f78, object_pp=0x80c8f78,
    function_name=0x80c8f78, retval_ptr_ptr=0x80c8f78, param_count=135040888, params=0x80c8f78,
    no_separation=135040888, symbol_table=0x80c8f78)
    at /root/php-5.0.0RC2/Zend/zend_execute_API.c:550
#4  0x403b5f63 in zend_error (type=2, format=0x403fbb8e "%s") at /root/php-5.0.0RC2/Zend/zend.c:975
#5  0x4037f6a8 in php_verror (docref=0x80c3f4c "", params=0x403e0774 "", type=2,
    format=0x403ecdcf "Unable to call %s()", args=0xbfffce0c "\214>\f\b?NC@\002")
    at /root/php-5.0.0RC2/main/main.c:544
#6  0x4037f9df in php_error_docref0 (docref=0x0, type=2, format=0x403ecdcf "Unable to call %s()")
    at /root/php-5.0.0RC2/main/main.c:564
#7  0x40327d55 in zif_call_user_func_array (ht=2, return_value=0x80c3e6c, this_ptr=0x0,
    return_value_used=0) at /root/php-5.0.0RC2/ext/standard/basic_functions.c:1949
#8  0x403d6660 in zend_do_fcall_common_helper (execute_data=0xbfffd090, opline=0x80c3ac0,
    op_array=0x80c30e4) at /root/php-5.0.0RC2/Zend/zend_execute.c:2699
#9  0x403d67da in zend_do_fcall_handler (execute_data=0xbfffd090, opline=0x80c3ac0,
    op_array=0x80c30e4) at /root/php-5.0.0RC2/Zend/zend_execute.c:2828
#10 0x403d2fb5 in execute (op_array=0x80c30e4) at /root/php-5.0.0RC2/Zend/zend_execute.c:1391
#11 0x403b629d in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at /root/php-5.0.0RC2/Zend/zend.c:1058
#12 0x403817c8 in php_execute_script (primary_file=0xbffff3f0) at /root/php-5.0.0RC2/main/main.c:1630
#13 0x403dd1ae in apache_php_module_main (r=0x8178af4, display_source_mode=0)
    at /root/php-5.0.0RC2/sapi/apache/sapi_apache.c:54
#14 0x403ddcda in send_php (r=0x8178af4, display_source_mode=0, filename=0x0)
    at /root/php-5.0.0RC2/sapi/apache/mod_php5.c:621
#15 0x403dde83 in send_parsed_php (r=0x8178af4) at /root/php-5.0.0RC2/sapi/apache/mod_php5.c:636
#16 0x080548df in ap_invoke_handler ()
#17 0x080698a7 in ap_some_auth_required ()
#18 0x08069906 in ap_process_request ()
#19 0x0806093d in ap_child_terminate ()
#20 0x08060b0b in ap_child_terminate ()
#21 0x08060c71 in ap_child_terminate ()
#22 0x08061317 in ap_child_terminate ()
#23 0x08061b4f in main ()
#24 0x400bed06 in __libc_start_main () from /lib/libc.so.6

(gdb) frame 1
#1  0x403d2fb5 in execute (op_array=0xbfffcca0) at /root/php-5.0.0RC2/Zend/zend_execute.c:1391
1391                    if (EX(opline)->handler(&execute_data, EX(opline), op_array TSRMLS_CC)) {
(gdb) print (char *)(executor_globals.function_state_ptr->function)->common.function_name
$2 = 0x80c80f4 "handler"

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-01-10 15:24 UTC] sniper@php.net 
Please try using this CVS snapshot:

  http://snaps.php.net/php5-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5-win32-latest.zip
 [2005-01-18 01:00 UTC] php-bugs at lists dot php dot net 
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 [2005-01-31 10:59 UTC] volker dot buzek at rrze dot uni-erlangen dot de 
verified also on
SunOS BOX 5.9 Generic_112233-11 sun4u sparc SUNW,Ultra-4
PHP 5.0.3 (cgi-fcgi) (built: Jan 14 2005 09:06:17)
Apache/2.0.52 (Server built: Jan 18 2005 12:56:09)
suPHP-0.5.2

using the code from
http://matfors.net/tupac/exception.php.txt

when executed with line 34 in place: core dump, but _without_ any notice in any of the following log files: apache-, php-, suphp-log

when executed with line 35 in place and line 34 commented out: works fine
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Fri May 09 15:01:27 2025 UTC