PHP :: Bug #40232 :: Apache segfaults when using openssl_pkcs7

Bug #40232	Apache segfaults when using openssl_pkcs7_encrypt()
Submitted:	2007-01-25 09:36 UTC	Modified:	2007-02-03 01:00 UTC
From:	schotte at mayflower dot de	Assigned:
Status:	No Feedback	Package:	Reproducible crash
PHP Version:	5.2.0	OS:	RedHat Linux 3.4.4-2 64-bit
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	schotte at mayflower dot de
New email:
PHP Version:		OS:

New Comment:

[2007-01-25 09:36 UTC] schotte at mayflower dot de

Description:
------------
Apache 1.3 with PHP 5.2.0 segfaults when using openssl_pkcs7_encrypt() (used in an application that encrypts a mail body with a X.509 certificate).

A gdb backtrace is attached.

Actual result:
--------------
(gdb) bt full
#0  0x0000000000534ec9 in BN_BLINDING_free ()
No symbol table info available.
#1  0x00000000004ef35b in RSA_free ()
No symbol table info available.
#2  0x00000000004fefe6 in EVP_PKEY_free ()
No symbol table info available.
#3  0x000000000054b91f in pubkey_cb ()
No symbol table info available.
#4  0x00000000005066d7 in asn1_item_combine_free ()
No symbol table info available.
#5  0x0000000000506955 in asn1_item_combine_free ()
No symbol table info available.
#6  0x0000000000506955 in asn1_item_combine_free ()
No symbol table info available.
#7  0x0000000000506a72 in ASN1_item_free ()
No symbol table info available.
#8  0x00000000004f7acb in sk_pop_free ()
No symbol table info available.
#9  0x0000002a957c4a0e in zif_openssl_pkcs7_encrypt (ht=5, return_value=0x2a9cc6b8d8, return_value_ptr=0x0, this_ptr=0x0,
    return_value_used=1) at /usr/local/src/lamp-test/php-5.2.0_9090/ext/openssl/openssl.c:2654
        zrecipcerts = (zval **) 0x2a9cc7a2a0
        zheaders = (zval *) 0x2a9cc785f0
        recipcerts = (STACK *) 0x922630
        infile = (BIO *) 0x77a410
        outfile = (BIO *) 0x921cc0
        flags = 0
        p7 = (PKCS7 *) 0x928960
        hpos = 0x0
        zcertval = (zval **) 0x60
        cert = (X509 *) 0x9238a0
        cipher = (const EVP_CIPHER *) 0x595de0
        cipherid = 0
        strindexlen = 42
        intindex = 96
        strindex = 0x7165bbf00000008 <Address 0x7165bbf00000008 out of bounds>
        infilename = 0x2a9cc69620 "/home/web/htdocs/temp/eby_17971241774001_encode_infile_0016.txt"
        infilename_len = 63
        outfilename = 0x2a9cc6e248 "/home/web/htdocs/temp/eby_17971241774001_encode_outfile_0016.txt"
        outfilename_len = 64
#10 0x0000002a95aa9f7a in zend_do_fcall_common_helper_SPEC (execute_data=0x7fbffd85a0)
    at /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:200
        return_reference = 0 '\0'
        opline = (zend_op *) 0x2a99b355f8
---Type <return> to continue, or q <return> to quit---
        original_return_value = (zval **) 0xd08dc427f1498234
        current_scope = (zend_class_entry *) 0x0
        current_this = (zval *) 0x0
        return_value_used = 1
        should_change_scope = 0 '\0'
        ctor_opline = (zend_op *) 0x2a95a91840
#11 0x0000002a95aafbbf in ZEND_DO_FCALL_SPEC_CONST_HANDLER (execute_data=0x7fbffd85a0)
    at /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:1681
        opline = (zend_op *) 0x2a99b355f8
        fname = (zval *) 0x2a99b35628
#12 0x0000002a95aa9a12 in execute (op_array=0x77f4a0) at /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:92
        execute_data = {opline = 0x2a99b355f8, function_state = {function_symbol_table = 0x2a9cd10848,
    function = 0x7fea90, reserved = {0x0, 0x7fbffd86d0, 0x2a95a7ee49, 0x7fbffd8600}}, fbc = 0x0, op_array = 0x77f4a0,
  object = 0x0, Ts = 0x7fbffd7730, CVs = 0x7fbffd76d0, original_in_execution = 1 '\001', symbol_table = 0x2a99e2db00,
  prev_execute_data = 0x7fbffd8fd0, old_error_reporting = 0x0}
#13 0x0000002a95aaa11f in zend_do_fcall_common_helper_SPEC (execute_data=0x7fbffd8fd0)
    at /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:234
        opline = (zend_op *) 0x2a99b67920
        original_return_value = (zval **) 0x7fbffdc0f0
        current_scope = (zend_class_entry *) 0x0
        current_this = (zval *) 0x0
        return_value_used = 1
        should_change_scope = 1 '\001'
        ctor_opline = (zend_op *) 0x2a95a91840
#14 0x0000002a95aafbbf in ZEND_DO_FCALL_SPEC_CONST_HANDLER (execute_data=0x7fbffd8fd0)
    at /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:1681
        opline = (zend_op *) 0x2a99b67920
        fname = (zval *) 0x2a99b67950
#15 0x0000002a95aa9a12 in execute (op_array=0x77f9e0) at /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:92
        execute_data = {opline = 0x2a99b67920, function_state = {function_symbol_table = 0x2a99e2db00,
    function = 0x77f4a0, reserved = {0x739738, 0x2a9cbedd80, 0x739540, 0x7fbffd90d0}}, fbc = 0x0, op_array = 0x77f9e0,
  object = 0x0, Ts = 0x7fbffd87c0, CVs = 0x7fbffd8760, original_in_execution = 1 '\001', symbol_table = 0x2a99db28e8,
  prev_execute_data = 0x7fbffdd320, old_error_reporting = 0x0}
#16 0x0000002a95aaa11f in zend_do_fcall_common_helper_SPEC (execute_data=0x7fbffdd320)
    at /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:234
        opline = (zend_op *) 0x2a992c1370
        original_return_value = (zval **) 0x7fbffe98e0
        current_scope = (zend_class_entry *) 0x0
        current_this = (zval *) 0x0
        return_value_used = 1
        should_change_scope = 1 '\001'
        ctor_opline = (zend_op *) 0x2a95f2ae80
#17 0x0000002a95aaacd4 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0x7fbffdd320)
    at /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:322
No locals.
#18 0x0000002a95aa9a12 in execute (op_array=0x7819a0) at /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:92
        execute_data = {opline = 0x2a992c1370, function_state = {function_symbol_table = 0x2a99db28e8,
    function = 0x77f9e0, reserved = {0x2a95aab1d1, 0x2a9cbbc731, 0x100000058, 0x0}}, fbc = 0x77f9e0, op_array = 0x7819a0,
  object = 0x0, Ts = 0x7fbffd9320, CVs = 0x7fbffd9180, original_in_execution = 1 '\001', symbol_table = 0x2a99848bd0,
  prev_execute_data = 0x7fbffe9f50, old_error_reporting = 0x0}
#19 0x0000002a95aaa11f in zend_do_fcall_common_helper_SPEC (execute_data=0x7fbffe9f50)
    at /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:234
        opline = (zend_op *) 0x2a9927b380
        original_return_value = (zval **) 0x7fbffeb318
        current_scope = (zend_class_entry *) 0x0
        current_this = (zval *) 0x0
        return_value_used = 1
        should_change_scope = 1 '\001'
        ctor_opline = (zend_op *) 0x2a95f2ae80
#20 0x0000002a95aaacd4 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0x7fbffe9f50)
    at /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:322
No locals.
#21 0x0000002a95aa9a12 in execute (op_array=0x781850) at /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:92
        execute_data = {opline = 0x2a9927b380, function_state = {function_symbol_table = 0x2a99848bd0,
    function = 0x7819a0, reserved = {0x19f95a72a80, 0x2a95c30688, 0x9500739540, 0x2a99db5130}}, fbc = 0x7819a0,
  op_array = 0x781850, object = 0x0, Ts = 0x7fbffdd6a0, CVs = 0x7fbffdd4d0, original_in_execution = 1 '\001',
  symbol_table = 0x2a99b70e40, prev_execute_data = 0x7fbffeb760, old_error_reporting = 0x0}
#22 0x0000002a95aaa11f in zend_do_fcall_common_helper_SPEC (execute_data=0x7fbffeb760)
    at /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:234
        opline = (zend_op *) 0x2a996fb5e8
        original_return_value = (zval **) 0x7fbffec250
        current_scope = (zend_class_entry *) 0x0
        current_this = (zval *) 0x0
        return_value_used = 0
        should_change_scope = 1 '\001'
        ctor_opline = (zend_op *) 0x2a95a91840
#23 0x0000002a95aafbbf in ZEND_DO_FCALL_SPEC_CONST_HANDLER (execute_data=0x7fbffeb760)
    at /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:1681
        opline = (zend_op *) 0x2a996fb5e8
        fname = (zval *) 0x2a996fb618
#24 0x0000002a95aa9a12 in execute (op_array=0x78a220) at /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:92
        execute_data = {opline = 0x2a996fb5e8, function_state = {function_symbol_table = 0x2a99b70e40,
    function = 0x781850, reserved = {0x2a95c31770, 0x2dbffeb890, 0x2a95c34b08, 0x8}}, fbc = 0x0, op_array = 0x78a220,
  object = 0x0, Ts = 0x7fbffea1e0, CVs = 0x7fbffea110, original_in_execution = 1 '\001', symbol_table = 0x2a99626050,
  prev_execute_data = 0x7fbfff6b20, old_error_reporting = 0x0}
#25 0x0000002a95aaa11f in zend_do_fcall_common_helper_SPEC (execute_data=0x7fbfff6b20)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2007-01-25 09:37 UTC] schotte at mayflower dot de

PHP was compiled with --enable-debug and --with-openssl which linked to OpenSSL from 0.9.7 up to the most actual 0.9.8d version.

[2007-01-25 09:38 UTC] schotte at mayflower dot de

Regarding 64-bit: the same code works without any problems on a 32-bit machine.

[2007-01-25 09:45 UTC] tony2001@php.net

What configure line did you use? Did you enable MySQL?

[2007-01-25 09:48 UTC] schotte at mayflower dot de

'./configure' '--with-apxs=/usr/local/apache_9090/bin/apxs' '--with-mysql=/usr/local/mysql' '--with-freetype-dir=/usr/lib' '--with-ttf=/usr/lib' '--with-zlib' '--with-gd' '--with-gettext' '--with-kerberos' '--enable-track-vars=yes' '--enable-sysvshm=yes' '--enable-sysvsem=yes' '--with-jpeg-dir=/usr/lib' '--with-png' '--with-config-file-path=/usr/local/etc/9090' '--without-ldap' '--with-ttf=yes' '--enable-sigchild' '--enable-calendar' '--enable-memory-limit' '--enable-debug' '--prefix=/usr/local/php-5.2.0_9090' '--with-openssl'


mysql_version.h tells me:

#define MYSQL_SERVER_VERSION            "5.0.27"
#define MYSQL_BASE_VERSION              "mysqld-5.0"

[2007-01-25 09:56 UTC] tony2001@php.net

This issue is caused by conflict between OpenSSL and YaSSL used in MySQL binary builds.
As far as I know, it is fixed in latest MySQL versions.
Another solution is to rebuild MySQL from sources.
Anyway, we cannot fix a problem in MySQL.

[2007-01-26 12:45 UTC] schotte at mayflower dot de

We compiled PHP without MySQL (--without-mysql) and using Oracle instead. It did not help, same backtrace:

#0  0x0000000000534ec9 in BN_BLINDING_free ()
No symbol table info available.
#1  0x00000000004ef35b in RSA_free ()
No symbol table info available.
#2  0x00000000004fefe6 in EVP_PKEY_free ()
No symbol table info available.
#3  0x000000000054b91f in pubkey_cb ()
No symbol table info available.
#4  0x00000000005066d7 in asn1_item_combine_free ()
No symbol table info available.
#5  0x0000000000506955 in asn1_item_combine_free ()
No symbol table info available.
#6  0x0000000000506955 in asn1_item_combine_free ()
No symbol table info available.
#7  0x0000000000506a72 in ASN1_item_free ()
No symbol table info available.
#8  0x00000000004f7acb in sk_pop_free ()
No symbol table info available.
#9  0x0000002a95783792 in zif_openssl_pkcs7_encrypt (ht=5, return_value=0x2a9e269078, return_value_ptr=0x0, this_ptr=0x0, return_value_used=1)
    at /usr/local/src/lamp-test/php-5.2.0_9090/ext/openssl/openssl.c:2654
        zrecipcerts = (zval **) 0x2a9e30d1d8
        zheaders = (zval *) 0x2a9e2f5320
        recipcerts = (STACK *) 0x9a0340
        infile = (BIO *) 0x9427f0
        outfile = (BIO *) 0x9a15b0
        flags = 0
        p7 = (PKCS7 *) 0x9a3490
        hpos = 0x0
        zcertval = (zval **) 0x60
        cert = (X509 *) 0x9a1630
        cipher = (const EVP_CIPHER *) 0x595de0
        cipherid = 0
        strindexlen = 42
        intindex = 96
        strindex = 0xf15cdbf00000008 <Address 0xf15cdbf00000008 out of bounds>
        infilename = 0x2a9afd8db8 "/home/web/htdocs/temp/eby_17971241774001_encode_infile_0020.txt"
        infilename_len = 63
        outfilename = 0x2a9e268580 "/home/web/htdocs/temp/eby_17971241774001_encode_outfile_0020.txt"
        outfilename_len = 64
#10 0x0000002a95a76b0a in zend_do_fcall_common_helper_SPEC (execute_data=0x7fbffd8580) at /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:200
        return_reference = 0 '\0'
        opline = (zend_op *) 0x2a9b1b23b8
        original_return_value = (zval **) 0xd08dc427f1498234
        current_scope = (zend_class_entry *) 0x0
        current_this = (zval *) 0x0
        return_value_used = 1
        should_change_scope = 0 '\0'
        ctor_opline = (zend_op *) 0x2a95a5e3d0
#11 0x0000002a95a7c74f in ZEND_DO_FCALL_SPEC_CONST_HANDLER (execute_data=0x7fbffd8580) at /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:1681
        opline = (zend_op *) 0x2a9b1b23b8
        fname = (zval *) 0x2a9b1b23e8
#12 0x0000002a95a765a2 in execute (op_array=0x91fb30) at /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:92
        execute_data = {opline = 0x2a9b1b23b8, function_state = {function_symbol_table = 0x2a9e38d078, function = 0x803ed0, reserved = {0x0, 0x7fbffd86b0, 0x2a95a4b9d9,
      0x7fbffd85e0}}, fbc = 0x0, op_array = 0x91fb30, object = 0x0, Ts = 0x7fbffd7710, CVs = 0x7fbffd76b0, original_in_execution = 1 '\001', symbol_table = 0x2a9b4b5608,
  prev_execute_data = 0x7fbffd8fb0, old_error_reporting = 0x0}
#13 0x0000002a95a76caf in zend_do_fcall_common_helper_SPEC (execute_data=0x7fbffd8fb0) at /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:234
        opline = (zend_op *) 0x2a9b1e41e8
        original_return_value = (zval **) 0x7fbffdc0d0
        current_scope = (zend_class_entry *) 0x0
        current_this = (zval *) 0x0
        return_value_used = 1
        should_change_scope = 1 '\001'
        ctor_opline = (zend_op *) 0x2a95a5e3d0
---Type <return> to continue, or q <return> to quit---
#14 0x0000002a95a7c74f in ZEND_DO_FCALL_SPEC_CONST_HANDLER (execute_data=0x7fbffd8fb0) at /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:1681
        opline = (zend_op *) 0x2a9b1e41e8
        fname = (zval *) 0x2a9b1e4218
#15 0x0000002a95a765a2 in execute (op_array=0x920070) at /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:92
        execute_data = {opline = 0x2a9b1e41e8, function_state = {function_symbol_table = 0x2a9b4b5608, function = 0x91fb30, reserved = {0x73a040, 0x2a9e2de880, 0x739e20,
      0x7fbffd90b0}}, fbc = 0x0, op_array = 0x920070, object = 0x0, Ts = 0x7fbffd87a0, CVs = 0x7fbffd8740, original_in_execution = 1 '\001', symbol_table = 0x2a9b46b790,
  prev_execute_data = 0x7fbffdd300, old_error_reporting = 0x0}
#16 0x0000002a95a76caf in zend_do_fcall_common_helper_SPEC (execute_data=0x7fbffdd300) at /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:234
        opline = (zend_op *) 0x2a974f6370
        original_return_value = (zval **) 0x7fbffe98c0
        current_scope = (zend_class_entry *) 0x0
        current_this = (zval *) 0x0
        return_value_used = 1
        should_change_scope = 1 '\001'
        ctor_opline = (zend_op *) 0x2a95d616e0
#17 0x0000002a95a77864 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0x7fbffdd300) at /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:322
No locals.
#18 0x0000002a95a765a2 in execute (op_array=0x91cec0) at /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:92
        execute_data = {opline = 0x2a974f6370, function_state = {function_symbol_table = 0x2a9b46b790, function = 0x920070, reserved = {0x2a95a77d61, 0x2a9e38ebd9,
      0x100000058, 0x0}}, fbc = 0x920070, op_array = 0x91cec0, object = 0x0, Ts = 0x7fbffd9300, CVs = 0x7fbffd9160, original_in_execution = 1 '\001',
  symbol_table = 0x2a9afd75d0, prev_execute_data = 0x7fbffe9f30, old_error_reporting = 0x0}
#19 0x0000002a95a76caf in zend_do_fcall_common_helper_SPEC (execute_data=0x7fbffe9f30) at /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:234
        opline = (zend_op *) 0x2a974b0380
        original_return_value = (zval **) 0x7fbffeb2f8
        current_scope = (zend_class_entry *) 0x0
        current_this = (zval *) 0x0
        return_value_used = 1
        should_change_scope = 1 '\001'
        ctor_opline = (zend_op *) 0x2a95d616e0
#20 0x0000002a95a77864 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0x7fbffe9f30) at /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:322
No locals.
#21 0x0000002a95a765a2 in execute (op_array=0x91cd70) at /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:92
        execute_data = {opline = 0x2a974b0380, function_state = {function_symbol_table = 0x2a9afd75d0, function = 0x91cec0, reserved = {0x19f95a3f610, 0x2a95b90948,
      0x9500739e20, 0x2a9b46e2a0}}, fbc = 0x91cec0, op_array = 0x91cd70, object = 0x0, Ts = 0x7fbffdd680, CVs = 0x7fbffdd4b0, original_in_execution = 1 '\001',
  symbol_table = 0x2a9afd6e58, prev_execute_data = 0x7fbffeb740, old_error_reporting = 0x0}
#22 0x0000002a95a76caf in zend_do_fcall_common_helper_SPEC (execute_data=0x7fbffeb740) at /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:234
        opline = (zend_op *) 0x2a9ad775e8
        original_return_value = (zval **) 0x7fbffec230
        current_scope = (zend_class_entry *) 0x0
        current_this = (zval *) 0x0
        return_value_used = 0
        should_change_scope = 1 '\001'
        ctor_opline = (zend_op *) 0x2a95a5e3d0
#23 0x0000002a95a7c74f in ZEND_DO_FCALL_SPEC_CONST_HANDLER (execute_data=0x7fbffeb740) at /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:1681
        opline = (zend_op *) 0x2a9ad775e8
        fname = (zval *) 0x2a9ad77618
#24 0x0000002a95a765a2 in execute (op_array=0x77a930) at /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:92
        execute_data = {opline = 0x2a9ad775e8, function_state = {function_symbol_table = 0x2a9afd6e58, function = 0x91cd70, reserved = {0x2a95b91a30, 0x2dbffeb870,
      0x2a95b94dc8, 0x8}}, fbc = 0x0, op_array = 0x77a930, object = 0x0, Ts = 0x7fbffea1c0, CVs = 0x7fbffea0f0, original_in_execution = 1 '\001',
  symbol_table = 0x2a9aca26e0, prev_execute_data = 0x7fbfff6b00, old_error_reporting = 0x0}
#25 0x0000002a95a76caf in zend_do_fcall_common_helper_SPEC (execute_data=0x7fbfff6b00) at /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:234
        opline = (zend_op *) 0x2a9e31a210
        original_return_value = (zval **) 0x7fbfffa1c8
        current_scope = (zend_class_entry *) 0x0
        current_this = (zval *) 0x0
        return_value_used = 1
        should_change_scope = 1 '\001'
        ctor_opline = (zend_op *) 0x2a95a5e3d0
#26 0x0000002a95a7c74f in ZEND_DO_FCALL_SPEC_CONST_HANDLER (execute_data=0x7fbfff6b00) at /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:1681
        opline = (zend_op *) 0x2a9e31a210
        fname = (zval *) 0x2a9e31a240
#27 0x0000002a95a765a2 in execute (op_array=0x2a970f33b8) at /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:92
        execute_data = {opline = 0x2a9e31a210, function_state = {function_symbol_table = 0x2a9aca26e0, function = 0x77a930, reserved = {0x2a970f34a8, 0x2a9c9c1758,
---Type <return> to continue, or q <return> to quit---
      0x2a970f3378, 0xbfff6b05}}, fbc = 0x0, op_array = 0x2a970f33b8, object = 0x0, Ts = 0x7fbffebc10, CVs = 0x7fbffeb900, original_in_execution = 1 '\001',
  symbol_table = 0x2a95d61868, prev_execute_data = 0x7fbfffa200, old_error_reporting = 0x0}
#28 0x0000002a95a834a5 in ZEND_INCLUDE_OR_EVAL_SPEC_TMP_HANDLER (execute_data=0x7fbfffa200) at /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:4572
        saved_object = (zval *) 0x0
        saved_function = (zend_function *) 0x2a970ef6d8
        opline = (zend_op *) 0x2a97123828
        new_op_array = (zend_op_array *) 0x2a970f33b8
        original_return_value = (zval **) 0x7fbfffb540
        return_value_used = 0
        free_op1 = {var = 0x7fbfffa198}
        inc_filename = (zval *) 0x7fbfffa198
        tmp_inc_filename = {value = {lval = 182900575688, dval = 9.0364891052027516e-313, str = {
      val = 0x2a95b94dc8 "/usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_variables.h", len = -1073766032}, ht = 0x2a95b94dc8, obj = {handle = 2511949256,
      handlers = 0x7fbfffa170}}, refcount = 3221191808, type = 127 '\177', is_ref = 0 '\0'}
        failure_retval = 0 '\0'
#29 0x0000002a95a765a2 in execute (op_array=0x2a970ef6d8) at /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:92
        execute_data = {opline = 0x2a97123828, function_state = {function_symbol_table = 0x2a9aca26e0, function = 0x2a970f33b8, reserved = {0x774348, 0x774354,
      0x2a00000001, 0x7fbfffa205}}, fbc = 0x0, op_array = 0x2a970ef6d8, object = 0x0, Ts = 0x7fbfff7d30, CVs = 0x7fbfff7ce0, original_in_execution = 1 '\001',
  symbol_table = 0x2a95d61868, prev_execute_data = 0x7fbfffb570, old_error_reporting = 0x0}
#30 0x0000002a95a834a5 in ZEND_INCLUDE_OR_EVAL_SPEC_TMP_HANDLER (execute_data=0x7fbfffb570) at /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:4572
        saved_object = (zval *) 0x0
        saved_function = (zend_function *) 0x2a970eca30
        opline = (zend_op *) 0x2a970ed150
        new_op_array = (zend_op_array *) 0x2a970ef6d8
        original_return_value = (zval **) 0x7fbfffc7f0
        return_value_used = 0
        free_op1 = {var = 0x7fbfffb510}
        inc_filename = (zval *) 0x7fbfffb510
        tmp_inc_filename = {value = {lval = 182900575688, dval = 9.0364891052027516e-313, str = {
      val = 0x2a95b94dc8 "/usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_variables.h", len = -1073761048}, ht = 0x2a95b94dc8, obj = {handle = 2511949256,
      handlers = 0x7fbfffb4e8}}, refcount = 3221205888, type = 127 '\177', is_ref = 0 '\0'}
        failure_retval = 0 '\0'
#31 0x0000002a95a765a2 in execute (op_array=0x2a970eca30) at /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:92
        execute_data = {opline = 0x2a970ed150, function_state = {function_symbol_table = 0x0, function = 0x2a970ef6d8, reserved = {0x2a970ebc58, 0xbfffb5d0, 0x0,
      0x807bfffb505}}, fbc = 0x0, op_array = 0x2a970eca30, object = 0x0, Ts = 0x7fbfffb420, CVs = 0x7fbfffb3e0, original_in_execution = 1 '\001',
  symbol_table = 0x2a95d61868, prev_execute_data = 0x7fbfffc820, old_error_reporting = 0x0}
#32 0x0000002a95a7d655 in ZEND_INCLUDE_OR_EVAL_SPEC_CONST_HANDLER (execute_data=0x7fbfffc820) at /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:2033
        saved_object = (zval *) 0x0
        saved_function = (zend_function *) 0x2a970ebbb8
        opline = (zend_op *) 0x2a970ec438
        new_op_array = (zend_op_array *) 0x2a970eca30
        original_return_value = (zval **) 0x7fbfffc9b8
        return_value_used = 0
        inc_filename = (zval *) 0x2a970ec468
        tmp_inc_filename = {value = {lval = 182922953744, dval = 9.0375947280717828e-313, str = {val = 0x2a970ec410 "�\004\017\227*", len = -1760639992},
    ht = 0x2a970ec410, obj = {handle = 2534327312, handlers = 0x2a970ec408}}, refcount = 2534327272, type = 42 '*', is_ref = 0 '\0'}
        failure_retval = 0 '\0'
#33 0x0000002a95a765a2 in execute (op_array=0x2a970ebbb8) at /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:92
        execute_data = {opline = 0x2a970ec438, function_state = {function_symbol_table = 0x0, function = 0x2a970eca30, reserved = {0x6395a23674, 0x2a95b91100,
      0x2a970ec0a0, 0x7fbfffc890}}, fbc = 0x0, op_array = 0x2a970ebbb8, object = 0x0, Ts = 0x7fbfffc770, CVs = 0x7fbfffc740, original_in_execution = 0 '\0',
  symbol_table = 0x2a95d61868, prev_execute_data = 0x0, old_error_reporting = 0x0}
#34 0x0000002a95a50c61 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend.c:1097
        files = {{gp_offset = 40, fp_offset = 48, overflow_arg_area = 0x7fbfffcaf0, reg_save_area = 0x7fbfffca20}}
        i = 1
        file_handle = (zend_file_handle *) 0x7fbfffee20
        orig_op_array = (zend_op_array *) 0x0
        orig_retval_ptr_ptr = (zval **) 0x0
        local_retval = (zval *) 0x0
#35 0x0000002a959f7b82 in php_execute_script (primary_file=0x7fbfffee20) at /usr/local/src/lamp-test/php-5.2.0_9090/main/main.c:1758
        realfile = " p\v\233*\000\000\000��p\000\000\000\000\000����\177\000\000\000\200\034V\000\000\000\000\000@���\177", '\0' <repeats 27 times>, " ���\177\000\000\000��\022s\001\000\000\000@���\177", '\0' <repeats 19 times>, "��p\000\000\000\000\000\204�\017\227*\000\000\000\200\034V\000\001", '\0' <repeats 11 times>, "@�\017\227*\000\000\0000\032�\225*\000\000\000@N\000\000#\000\000\000\2204C\227*\000\000\000x\237s\000\000\000\000\000\220�\017\227*\000\000\000 \236s\000\000\000\000\000p���\177\000\000\000��\225*\000\000\000$\000\000\000*\000\000\000��p\000\000\000\000\000���"...
---Type <return> to continue, or q <return> to quit---
        __orig_bailout = (jmp_buf *) 0x7fbfffef80
        __bailout = {{__jmpbuf = {7401680, 548682067184, 5643392, 548682069056, 0, 0, 548682058480, 182898882860}, __mask_was_saved = 0, __saved_mask = {__val = {
        182902444560, 548682066848, 182896477906, 353, 4294967324, 548682066880, 182899278338, 182900567152, 8406784, 548682066928, 182899301238, 72057776938381216, 0,
        182899278284, 182902463424, 548682066944}}}}
        prepend_file_p = (zend_file_handle *) 0x0
        append_file_p = (zend_file_handle *) 0x0
        prepend_file = {type = 0 '\0', filename = 0x0, opened_path = 0x0, handle = {fd = 0, fp = 0x0, stream = {handle = 0x0, reader = 0, closer = 0, fteller = 0,
      interactive = 0}}, free_filename = 0 '\0'}
        append_file = {type = 0 '\0', filename = 0x0, opened_path = 0x0, handle = {fd = 0, fp = 0x0, stream = {handle = 0x0, reader = 0, closer = 0, fteller = 0,
      interactive = 0}}, free_filename = 0 '\0'}
        old_cwd = 0x7fbfffcb10 "/usr/local/apache_9090/bin"
        retval = 0
#36 0x0000002a95ac7b9f in apache_php_module_main (r=0x70f0d0, display_source_mode=0) at /usr/local/src/lamp-test/php-5.2.0_9090/sapi/apache/sapi_apache.c:53
        retval = 0
        file_handle = {type = 5 '\005', filename = 0x774700 "//usr/local/apache_9090/htdocs/pages.eby/eds.php",
  opened_path = 0x2a970ebce8 "config;service;eds;contact;shop;support;check", handle = {fd = -1760641432, fp = 0x2a970ebe68, stream = {handle = 0x2a970ebe68,
      reader = 0x2a95a0d5be <_php_stream_read>, closer = 0x2a959f5f08 <stream_closer_for_zend>, fteller = 0x2a959f5f24 <stream_fteller_for_zend>, interactive = 0}},
  free_filename = 0 '\0'}
#37 0x0000002a95ac8b25 in send_php (r=0x70f0d0, display_source_mode=0, filename=0x774700 "//usr/local/apache_9090/htdocs/pages.eby/eds.php")
    at /usr/local/src/lamp-test/php-5.2.0_9090/sapi/apache/mod_php5.c:660
        __orig_bailout = (jmp_buf *) 0x0
        __bailout = {{__jmpbuf = {0, 548682068208, 5643392, 548682069056, 0, 0, 548682067600, 182899738907}, __mask_was_saved = 0, __saved_mask = {__val = {7401608,
        7817760, 0, 5683212, 7817800, 0, 651061555542690057, 548682068096, 4530537, 1, 7817736, 7817008, 7401608, 7817736, 7404312, 548682068096}}}}
        retval = 0
        per_dir_conf = (HashTable *) 0x734920
#38 0x0000002a95ac8b81 in send_parsed_php (r=0x70f0d0) at /usr/local/src/lamp-test/php-5.2.0_9090/sapi/apache/mod_php5.c:675
        result = 127
#39 0x000000000048ce58 in ap_invoke_handler ()
No symbol table info available.
#40 0x00000000004a4cc2 in process_request_internal ()
No symbol table info available.
#41 0x00000000004a4d17 in ap_process_request ()
No symbol table info available.
#42 0x000000000049af7a in child_main ()
No symbol table info available.
#43 0x000000000049b1ae in make_child ()
No symbol table info available.
#44 0x000000000049b32d in startup_children ()
No symbol table info available.
#45 0x000000000049ba2e in standalone_main ()
No symbol table info available.
#46 0x000000000049c22b in main ()
No symbol table info available.

[2007-01-26 12:51 UTC] tony2001@php.net

ldd /path/to/libphp5.so

[2007-01-26 13:02 UTC] schotte at mayflower dot de

ldd libphp5.so:

        libcrypt.so.1 => /lib64/libcrypt.so.1 (0x0000002a95c3c000)
        librt.so.1 => /lib64/tls/librt.so.1 (0x0000002a95d70000)
        libfreetype.so.6 => /usr/lib64/libfreetype.so.6 (0x0000002a95e8a000)
        libpng12.so.0 => /usr/lib64/libpng12.so.0 (0x0000002a96015000)
        libz.so.1 => /usr/lib64/libz.so.1 (0x0000002a9613c000)
        libjpeg.so.62 => /usr/lib64/libjpeg.so.62 (0x0000002a9624f000)
        libresolv.so.2 => /lib64/libresolv.so.2 (0x0000002a96371000)
        libm.so.6 => /lib64/tls/libm.so.6 (0x0000002a96486000)
        libdl.so.2 => /lib64/libdl.so.2 (0x0000002a9660c000)
        libnsl.so.1 => /lib64/libnsl.so.1 (0x0000002a96710000)
        libssl.so.4 => /lib64/libssl.so.4 (0x0000002a96827000)
        libcrypto.so.4 => /lib64/libcrypto.so.4 (0x0000002a96963000)
        libgssapi_krb5.so.2 => /usr/lib64/libgssapi_krb5.so.2 (0x0000002a96b93000)
        libkrb5.so.3 => /usr/lib64/libkrb5.so.3 (0x0000002a96ca9000)
        libcom_err.so.2 => /lib64/libcom_err.so.2 (0x0000002a96e1a000)
        libk5crypto.so.3 => /usr/lib64/libk5crypto.so.3 (0x0000002a96f1d000)
        libclntsh.so.10.1 => /ora10/client/lib/libclntsh.so.10.1 (0x0000002a97040000)
        libxml2.so.2 => /usr/lib64/libxml2.so.2 (0x0000002a9838e000)
        libc.so.6 => /lib64/tls/libc.so.6 (0x0000002a9859d000)
        libpthread.so.0 => /lib64/tls/libpthread.so.0 (0x0000002a987d0000)
        /lib64/ld-linux-x86-64.so.2 (0x000000552aaaa000)
        libnnz10.so => /ora10/client/lib/libnnz10.so (0x0000002a988e6000)

[2007-01-26 13:06 UTC] tony2001@php.net

Does it work with just ./configure --disable-all --with-opensll ?

[2007-01-26 14:32 UTC] pajoye@php.net

Do you have a script to reproduce the crash?

[2007-01-26 14:33 UTC] pajoye@php.net

A script and the necessary data (sample cert, mail data, anything you use in the script)

[2007-02-03 01:00 UTC] php-bugs at lists dot php dot net

No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Thu Nov 06 22:00:01 2025 UTC