php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #38534 segmentation fault
Submitted: 2006-08-21 13:15 UTC Modified: 2006-08-28 20:00 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: dgehl at inverse dot ca Assigned:
Status: Closed Package: Reproducible crash
PHP Version: 4.4.4 OS: RHEL 4
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: dgehl at inverse dot ca
New email:
PHP Version: OS:

 

 [2006-08-21 13:15 UTC] dgehl at inverse dot ca 
Description:
------------
PHP segfaults on the setlocale function. I can reproduce this bug also with php 4.3.9

Here are the PHP and apache versions:

# httpd -v
Server version: Apache/2.0.52
Server built:   Aug  2 2006 05:21:10

# php -v
PHP 4.4.4 (cgi) (built: Aug 21 2006 08:52:53) (DEBUG)
Copyright (c) 1997-2006 The PHP Group
Zend Engine v1.3.0, Copyright (c) 1998-2004 Zend Technologies



Reproduce code:
---------------
1. Install Horde 3.1.3, IMP 4.1.3 (http://www.horde.org)
2. Configure horde with
$conf['log']['priority'] = PEAR_LOG_DEBUG
$conf['sessionhandler']['type'] = 'pgsql';
3. Open the Horde login page in a browser, followed by several other pages. The bug is not related to one particular page, but will appear sometime ...

Expected result:
----------------
no segfault

Actual result:
--------------
PHP was compiled with
'./configure' '--host=i686-redhat-linux-gnu' '--build=i686-redhat-linux-gnu' '--target=i386-redhat-linux' '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib' '--libexecdir=/usr/libexec' '--localstatedir=/var' '--sharedstatedir=/usr/com' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--cache-file=../config.cache' '--with-config-file-path=/etc' '--with-config-file-scan-dir=/etc/php.d' '--enable-force-cgi-redirect' '--enable-debug' '--enable-pic' '--disable-rpath' '--enable-inline-optimization' '--with-bz2' '--with-db4=/usr' '--with-exec-dir=/usr/bin' '--with-freetype-dir=/usr' '--with-png-dir=/usr' '--with-gd=shared' '--enable-gd-native-ttf' '--without-gdbm' '--with-gettext' '--with-ncurses=shared' '--with-gmp' '--with-iconv' '--with-jpeg-dir=/usr' '--with-openssl' '--with-png' '--with-pspell' '--with-xml' '--with-expat-dir=/usr' '--with-dom=shared,/usr' '--with-dom-xslt=/usr' '--with-dom-exslt=/usr' '--with-xmlrpc=shared' '--with-pcre-regex=/usr' '--with-zlib' '--with-mcrypt' '--with-layout=GNU' '--enable-exif' '--enable-ftp' '--enable-magic-quotes' '--enable-sockets' '--enable-sysvsem' '--enable-sysvshm' '--enable-track-vars' '--enable-trans-sid' '--with-pear=/usr/share/pear' '--with-imap=shared' '--with-imap-ssl' '--with-kerberos' '--with-ldap=shared' '--with-mysql=shared,/usr' '--with-pgsql=shared' '--with-snmp=shared,/usr' '--with-snmp=shared' '--enable-ucd-snmp-hack' '--with-unixODBC=shared,/usr' '--disable-memory-limit' '--disable-ipv6' '--enable-shmop' '--enable-calendar' '--enable-dbx' '--enable-dio' '--enable-mbstring=shared' '--enable-mbstr-enc-trans' '--enable-mbregex' '--with-mime-magic=/usr/share/file/magic.mime' '--with-apxs2=/usr/sbin/apxs'



And here's a gdb backtrace:

(gdb) bt
#0  0x00377a2c in memcpy () from /lib/tls/libc.so.6
#1  0x01125795 in _mem_block_check (ptr=0x9a286dc, silent=0,
    __zend_filename=0x116a1f0 "/usr/src/redhat/BUILD/php-4.4.4/ext/standard/stri
ng.c", __zend_lineno=3153, __zend_orig_filename=0x0, __zend_orig_lineno=0)
    at /usr/src/redhat/BUILD/php-4.4.4/Zend/zend_alloc.c:698
#2  0x01125757 in _mem_block_check (ptr=0x9a286dc, silent=1,
    __zend_filename=0x116a1f0 "/usr/src/redhat/BUILD/php-4.4.4/ext/standard/stri
ng.c", __zend_lineno=3153, __zend_orig_filename=0x0, __zend_orig_lineno=0)
    at /usr/src/redhat/BUILD/php-4.4.4/Zend/zend_alloc.c:690
#3  0x01124aa4 in _efree (ptr=0x9a286dc,
    __zend_filename=0x116a1f0 "/usr/src/redhat/BUILD/php-4.4.4/ext/standard/stri
ng.c", __zend_lineno=3153, __zend_orig_filename=0x0, __zend_orig_lineno=0)
    at /usr/src/redhat/BUILD/php-4.4.4/Zend/zend_alloc.c:258
#4  0x010d6c42 in zif_setlocale (ht=2, return_value=0x9a7045c, this_ptr=0x0,
    return_value_used=0)
    at /usr/src/redhat/BUILD/php-4.4.4/ext/standard/string.c:3153
#5  0x0114bd8a in execute (op_array=0x95d9cb4)
    at /usr/src/redhat/BUILD/php-4.4.4/Zend/zend_execute.c:1675
#6  0x0114bfb6 in execute (op_array=0x979af2c)
    at /usr/src/redhat/BUILD/php-4.4.4/Zend/zend_execute.c:1719
#7  0x0112d7ab in call_user_function_ex (function_table=0x97ac060,
    object_pp=0x97a4610, function_name=0x979b6fc, retval_ptr_ptr=0xbff187b8,
    param_count=2, params=0x9a68f9c, no_separation=1, symbol_table=0x0)
---Type <return> to continue, or q <return> to quit---
    at /usr/src/redhat/BUILD/php-4.4.4/Zend/zend_execute_API.c:570
#8  0x0112ce4d in call_user_function (function_table=0x94a9140, object_pp=0x0,
    function_name=0x97a46ec, retval_ptr=0x9ad6de4, param_count=2,
    params=0xbff18838)
    at /usr/src/redhat/BUILD/php-4.4.4/Zend/zend_execute_API.c:407
#9  0x01076fad in ps_call_handler (func=0x97a46ec, argc=2, argv=0xbff18838)
    at /usr/src/redhat/BUILD/php-4.4.4/ext/session/mod_user.c:60
#10 0x01077576 in ps_write_user (mod_data=0x1195b50,
    key=0x97509a4 "0c603dda253af1e1e712d42b20dfb3c7",
    val=0x9b27f0c "imp|a:29:{s:5:\"cache\";a:0:{}s:4:\"pass\";s:8:\"\200&\224_\2
36\036L\";s:11:\"_logintasks\";i:0;s:4:\"user\";s:11:\"xxxxxxxxxxx\";s:8:\"uniqu
ser\";s:23:\"xxxxxxxxxxx@xxxxxxx.xxx\";s:6:\"server\";s:9:\"localhost\";s:3:\"ac
l\";b:0;s:5:"..., vallen=80442)
    at /usr/src/redhat/BUILD/php-4.4.4/ext/session/mod_user.c:148
#11 0x01072f90 in php_session_save_current_state ()
    at /usr/src/redhat/BUILD/php-4.4.4/ext/session/session.c:727
#12 0x0107610c in php_session_flush ()
    at /usr/src/redhat/BUILD/php-4.4.4/ext/session/session.c:1683
#13 0x01076150 in zm_deactivate_session (type=1, module_number=8)
    at /usr/src/redhat/BUILD/php-4.4.4/ext/session/session.c:1697
#14 0x0113a76c in module_registry_cleanup (module=0x9546760)
    at /usr/src/redhat/BUILD/php-4.4.4/Zend/zend_API.c:1168
#15 0x0113d57e in zend_hash_apply (ht=0x1199f60,
---Type <return> to continue, or q <return> to quit---
    apply_func=0x113a729 <module_registry_cleanup>)
    at /usr/src/redhat/BUILD/php-4.4.4/Zend/zend_hash.c:703
#16 0x011369bf in zend_deactivate_modules ()
    at /usr/src/redhat/BUILD/php-4.4.4/Zend/zend.c:674
#17 0x010fe32b in php_request_shutdown (dummy=0x0)
    at /usr/src/redhat/BUILD/php-4.4.4/main/main.c:984
#18 0x01151543 in php_apache_request_dtor (r=0x95adf30)
    at /usr/src/redhat/BUILD/php-4.4.4/sapi/apache2handler/sapi_apache2.c:443
#19 0x01151baf in php_handler (r=0x95adf30)
    at /usr/src/redhat/BUILD/php-4.4.4/sapi/apache2handler/sapi_apache2.c:598
#20 0x00f7c9d7 in ap_run_handler () from /usr/sbin/httpd
#21 0x00f7ce43 in ap_invoke_handler () from /usr/sbin/httpd
#22 0x00f798c5 in ap_process_request () from /usr/sbin/httpd
#23 0x00f7463f in _start () from /usr/sbin/httpd
#24 0x095adf30 in ?? ()
#25 0x00000004 in ?? ()
#26 0x095adf30 in ?? ()
#27 0x095a1a38 in ?? ()
#28 0x095a1ee7 in ?? ()
#29 0x00000000 in ?? ()
(gdb) frame 5
#5  0x0114bd8a in execute (op_array=0x95d9cb4)
    at /usr/src/redhat/BUILD/php-4.4.4/Zend/zend_execute.c:1675
1675    /usr/src/redhat/BUILD/php-4.4.4/Zend/zend_execute.c: No such file or directory.
        in /usr/src/redhat/BUILD/php-4.4.4/Zend/zend_execute.c

(gdb) print (char *)(executor_globals.function_state_ptr->function)->common.function_name
$1 = 0x1161c1d "setlocale"

(gdb) print (char *)executor_globals.active_op_array->function_name
$2 = 0x95d1bc4 "logmessage"

(gdb) print (char *)executor_globals.active_op_array->filename
$3 = 0x95d8a2c "/var/www/html/horde-3.1.3/lib/Horde.php"

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-08-21 13:17 UTC] tony2001@php.net 
Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves. 

A proper reproducing script starts with <?php and ends with ?>,
is max. 10-20 lines long and does not require any external 
resources such as databases, etc. If the script requires a 
database to demonstrate the issue, please make sure it creates 
all necessary tables, stored procedures etc.

Please avoid embedding huge scripts into the report.
 [2006-08-28 17:21 UTC] dgehl at inverse dot ca 
<?php

session_set_save_handler('open', 'close', 'read', 'write', 'destroy', 'gc');
@session_start();

$lang_charset='en_US.UTF8';
setlocale(LC_ALL, $lang_charset);
@putenv('LANG=' . $lang_charset);
@putenv('LANGUAGE=' . $lang_charset);


$locale = setlocale(LC_TIME, 0);
setlocale(LC_TIME, 'C');
setlocale(LC_TIME, $locale);



function open($save_path, $session_name) {
  return true;
}

function close() {
  return true;
}

function read($id) {
  $locale = setlocale(LC_TIME, 0);
  setlocale(LC_TIME, 'C');
  setlocale(LC_TIME, $locale);
}

function write($id, $session_data) {
  $locale = setlocale(LC_TIME, 0);
  setlocale(LC_TIME, 'C');
  setlocale(LC_TIME, $locale);
}

function destroy($id) {
  $locale = setlocale(LC_TIME, 0);
  setlocale(LC_TIME, 'C');
  setlocale(LC_TIME, $locale);
}

function gc($maxlifetime = 300) {
  $locale = setlocale(LC_TIME, 0);
  setlocale(LC_TIME, 'C');
  setlocale(LC_TIME, $locale);
}
?>
 [2006-08-28 20:00 UTC] tony2001@php.net 
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Nov 21 13:01:29 2024 UTC