PHP :: Bug #3508 :: apache crashes with php

Bug #3508	apache crashes with php
Submitted:	2000-02-16 22:31 UTC	Modified:	2000-07-30 09:55 UTC
From:	k at les dot cz	Assigned:
Status:	Closed	Package:	Reproducible Crash
PHP Version:	4.0 Beta 3	OS:	RedHat 6.1, Linux 2.2.12-20
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	k at les dot cz
New email:
PHP Version:		OS:

New Comment:

[2000-02-16 22:31 UTC] k at les dot cz

apache 1.3.9 or 1.3.11
glibc 2.1.12-11 (from rpm)

Apache compiled with PHP4 crashes with segmentation fault.

These crashes usually don't happen too often in common use,
but if I compiled Apache with ElectricFence, it crashes 
on every request (even on request for a simle HTML page
with clean Apache configuration - without any PHP configuration directives, even without php related AddType
directives).

If I compile Apache with efence and without PHP, it
doesn't crash.

Configuration:
PHP: ./configure --with-apache=../apache_1.3.11
Apache: ./configure \
"--with-layout=Apache" \
"--prefix=/home/koles/local/apache" \
"--activate-module=src/modules/php4/libphp4.a" 

bin/httpd -X crashes with first request

gdb bin/httpd core says:

(no debugging symbols found)...
Core was generated by `bin/httpd -X'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /lib/libdl.so.2...done.
Reading symbols from /usr/lib/libgd.so.1...done.
Reading symbols from /lib/libm.so.6...done.
Reading symbols from /lib/libresolv.so.2...done.
Reading symbols from /lib/libnsl.so.1...done.
Reading symbols from /lib/libcrypt.so.1...done.
Reading symbols from /usr/lib/libgdbm.so.2...done.
Reading symbols from /lib/libpam.so.0...done.
Reading symbols from /lib/libc.so.6...done.
Reading symbols from /lib/ld-linux.so.2...done.
Reading symbols from /lib/libnss_files.so.2...done.
Reading symbols from /usr/lib/gconv/ISO8859-1.so...done.
#0  gconv (step=0x41752fc8, data=0xbfffd9b8, inbuf=0xbfffd9ac, 
    inbufend=0x401afd24 "", written=0xbfffd9b0, do_flush=0)
    at ../iconv/skeleton.c:204
204	../iconv/skeleton.c: No such file or directory.
(gdb) bt
#0  gconv (step=0x41752fc8, data=0xbfffd9b8, inbuf=0xbfffd9ac, 
    inbufend=0x401afd24 "", written=0xbfffd9b0, do_flush=0)
    at ../iconv/skeleton.c:204
#1  0x4013193b in __mbrtowc (pwc=0xbfffdaa0, s=0x401afd23 ".", n=1, 
    ps=0xbfffdaa4) at mbrtowc.c:67
#2  0x4011c0f6 in _IO_vfscanf (s=0xbfffdb10, format=0x813ba6d "HTTP/%u.%u", 
    argptr=0xbfffdbd8, errp=0x0) at vfscanf.c:254
#3  0x4012196e in _IO_vsscanf (string=0x40a4f748 "HTTP/1.0", 
    format=0x813ba6d "HTTP/%u.%u", args=0xbfffdbd8) at iovsscanf.c:44
#4  0x4011f73f in sscanf (s=0x40a4f748 "HTTP/1.0", 
    format=0x813ba6d "HTTP/%u.%u") at sscanf.c:38
#5  0x80e0dab in strcpy () at ../sysdeps/generic/strcpy.c:30
#6  0x80e11e5 in strcpy () at ../sysdeps/generic/strcpy.c:30
#7  0x80de3c2 in strcpy () at ../sysdeps/generic/strcpy.c:30
#8  0x80de58c in strcpy () at ../sysdeps/generic/strcpy.c:30
#9  0x80de6e9 in strcpy () at ../sysdeps/generic/strcpy.c:30
#10 0x80ded16 in strcpy () at ../sysdeps/generic/strcpy.c:30
#11 0x80df4a3 in strcpy () at ../sysdeps/generic/strcpy.c:30
#12 0x400e71eb in __libc_start_main (main=0x80df15c <strcpy+602940>, argc=2, 
    argv=0xbffffd44, init=0x804afa0 <_init>, fini=0x8113d1c <_fini>, 
    rtld_fini=0x4000a610 <_dl_fini>, stack_end=0xbffffd3c)
    at ../sysdeps/generic/libc-start.c:90

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2000-02-17 20:58 UTC] andi at cvs dot php dot net

Please try to a CVS snapshot from http://va.php.net/~sas/snapshots and let us know if this solves your problem

[2000-02-17 22:49 UTC] k at les dot cz

no, it doesn't :(

i'm not a c programmer, so i may be totally wrong, but 
i'm just curious about this bug because it happens only
with php but i gdb says nothing about php...

btw i see i posted gdb backtracking from httpd compiled with
efence, but striped :) - here is the gdb output from unstripped
binary (i dont know if it helps)...

#0  gconv (step=0x4182ffc8, data=0xbfffd57c, inbuf=0xbfffd570, 
    inbufend=0x401ab4c4 "", written=0xbfffd574, do_flush=0)
    at ../iconv/skeleton.c:204
#1  0x401307eb in __mbrtowc (pwc=0xbfffd660, s=0x401ab4c3 ".", n=1, 
    ps=0xbfffd664) at mbrtowc.c:67
#2  0x4011b8a6 in _IO_vfscanf (s=0xbfffd6d0, format=0x81405cd "HTTP/%u.%u", 
    argptr=0xbfffd798, errp=0x0) at vfscanf.c:254
#3  0x4012113e in _IO_vsscanf (string=0x40ca0748 "HTTP/1.0", 
    format=0x81405cd "HTTP/%u.%u", args=0xbfffd798) at iovsscanf.c:44
#4  0x4011ef1f in sscanf (s=0x40ca0748 "HTTP/1.0", 
    format=0x81405cd "HTTP/%u.%u") at sscanf.c:38
#5  0x80e998b in read_request_line (r=0x40ca0028) at http_protocol.c:888
#6  0x80e9dc5 in ap_read_request (conn=0x40c9d000) at http_protocol.c:1001
#7  0x80e6fa2 in child_main (child_num_arg=0) at http_main.c:4166
#8  0x80e716c in make_child (s=0x401c4028, slot=0, now=950823638)
    at http_main.c:4281
#9  0x80e72c9 in startup_children (number_to_start=5) at http_main.c:4363
#10 0x80e78f6 in standalone_main (argc=2, argv=0xbffff904) at http_main.c:4651
#11 0x80e8083 in main (argc=2, argv=0xbffff904) at http_main.c:4973
#12 0x400e6cb3 in __libc_start_main (main=0x80e7d3c <main>, argc=2, 
    argv=0xbffff904, init=0x805c5f4 <_init>, fini=0x8115f3c <_fini>, 
    rtld_fini=0x4000a350 <_dl_fini>, stack_end=0xbffff8fc)
    at ../sysdeps/generic/libc-start.c:78

[2000-02-19 13:11 UTC] k at les dot cz

it may be bug in glibc - i've just tried to recompile it
with glibc taken from redhat-6.2b (2.1.3-6) and it works...

[2000-07-30 09:55 UTC] zak@php.net

See last comments by user.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Sat Jul 12 13:01:33 2025 UTC