php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #44946 crashes in ini_set()
Submitted: 2008-05-08 12:05 UTC Modified: 2008-07-21 01:00 UTC
Votes:2
Avg. Score:4.5 ± 0.5
Reproduced:2 of 2 (100.0%)
Same Version:1 (50.0%)
Same OS:0 (0.0%)
From: gryzman at gmail dot com Assigned:
Status: No Feedback Package: Reproducible crash
PHP Version: 5.2.6 OS: centos 4.6 itanium
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: gryzman at gmail dot com
New email:
PHP Version: OS:

 

 [2008-05-08 12:05 UTC] gryzman at gmail dot com
Description:
------------
it looks like it crashes on ini_set() , with no exception as to which 
param I want to change. 

Reproduce code:
---------------
<?PHP
ini_set('session.save_handler', 'user');
?>



Expected result:
----------------
no crashes

Actual result:
--------------
crash


[root@yunnan ~]# gdb php
GNU gdb Red Hat Linux (6.3.0.0-1.153.el4rh)
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and 
you are
welcome to change it and/or distribute copies of it under certain 
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for 
details.
This GDB was configured as "ia64-redhat-linux-gnu"...(no debugging 
symbols found)
Using host libthread_db library "/lib/tls/libthread_db.so.1".

(gdb) r
Starting program: /usr/bin/php 
Reading symbols from shared object read from target memory...(no 
debugging symbols found)...done.
Loaded system supplied DSO at 0xa000000000000000
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
[Thread debugging using libthread_db enabled]
[New Thread 2305843009231854656 (LWP 13379)]
<?PHP
ini_set('session.save_handler', 'user');
?>

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 2305843009231854656 (LWP 13379)]
0x4000000000379a61 in _zval_ptr_dtor ()
(gdb) bt
#0  0x4000000000379a61 in _zval_ptr_dtor ()
#1  0x40000000003ee300 in zend_do_fcall_common_helper_SPEC ()
#2  0x40000000003ed8f0 in execute ()
#3  0x40000000003a1c60 in zend_execute_scripts ()
#4  0x4000000000304010 in php_execute_script ()
#5  0x4000000000533ed0 in main ()




or for instance:

(vanillia 5.2.6 php, with debug symbols:)

[root@yunnan php-5.2.6]# gdb ./sapi/cli/php
GNU gdb Red Hat Linux (6.3.0.0-1.153.el4rh)
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and 
you are
welcome to change it and/or distribute copies of it under certain 
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for 
details.
This GDB was configured as "ia64-redhat-linux-gnu"...Using host 
libthread_db library "/lib/tls/libthread_db.so.1".

warning: not using untrusted file ".gdbinit"
(gdb) r
Starting program: /tmp/php-5.2.6/sapi/cli/php 
Reading symbols from shared object read from target memory...done.
Loaded system supplied DSO at 0xa000000000000000
[Thread debugging using libthread_db enabled]
[New Thread 2305843009230556256 (LWP 16212)]
<?PHP
ini_set('session.save_handler', 'user');
?>

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 2305843009230556256 (LWP 16212)]
_zval_ptr_dtor (zval_ptr=0x60000fffffff8d00) at /tmp/php-
5.2.6/Zend/zend_execute_API.c:412
412		(*zval_ptr)->refcount--;
(gdb) bt
#0  _zval_ptr_dtor (zval_ptr=0x60000fffffff8d00) at /tmp/php-
5.2.6/Zend/zend_execute_API.c:412
#1  0x40000000003e5b70 in zend_do_fcall_common_helper_SPEC 
(execute_data=0x60000fffffff8d60) at /tmp/php-
5.2.6/Zend/zend_execute.h:155
#2  0x40000000003e5160 in execute (op_array=0x20000000010b9e20) at 
/tmp/php-5.2.6/Zend/zend_vm_execute.h:92
#3  0x40000000003994d0 in zend_execute_scripts (type=8, retval=0x0, 
file_count=3) at /tmp/php-5.2.6/Zend/zend.c:1134
#4  0x40000000002fb800 in php_execute_script (primary_file=Cannot 
access memory at address 0x1
) at /tmp/php-5.2.6/main/main.c:2005
#5  0x400000000052a650 in main (argc=Cannot access memory at address 
0x10
) at /tmp/php-5.2.6/sapi/cli/php_cli.c:1140
(gdb) 




Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2008-05-08 12:22 UTC] gj at zlew dot org
'./configure' '--host=ia64-redhat-linux-gnu' '--build=ia64-redhat-
linux-gnu' '--target=ia64-redhat-linux' '--program-prefix=' '--
prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--
sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--
includedir=/usr/include' '--libdir=/usr/lib' '--
libexecdir=/usr/libexec' '--localstatedir=/var' '--
sharedstatedir=/usr/com' '--mandir=/usr/share/man' '--
infodir=/usr/share/info' '--cache-file=../config.cache' '--with-
libdir=lib' '--with-config-file-path=/etc' '--with-config-file-scan-
dir=/etc/php.d' '--disable-debug' '--with-pic' '--disable-rpath' '--
without-pear' '--with-bz2' '--with-curl' '--with-exec-dir=/usr/bin' '-
-with-freetype-dir=/usr' '--with-png-dir=/usr' '--enable-gd-native-
ttf' '--without-gdbm' '--with-gettext' '--with-gmp' '--with-iconv' '--
with-jpeg-dir=/usr' '--with-openssl' '--with-png' '--with-pspell' '--
with-expat-dir=/usr' '--with-pcre-regex=/usr' '--with-zlib' '--with-
layout=GNU' '--enable-exif' '--enable-ftp' '--enable-magic-quotes' '--
enable-sockets' '--enable-sysvsem' '--enable-sysvshm' '--enable-
sysvmsg' '--enable-track-vars' '--enable-trans-sid' '--enable-yp' '--
enable-wddx' '--with-kerberos' '--enable-ucd-snmp-hack' '--with-
unixODBC=shared,/usr' '--enable-memory-limit' '--enable-shmop' '--
enable-calendar' '--enable-dbx' '--enable-dio' '--without-mime-magic' 
'--without-sqlite' '--with-libxml-dir=/usr' '--with-xml' '--with-
apxs2=/usr/sbin/apxs' '--without-mysql' '--without-gd' '--without-
odbc' '--disable-dom' '--disable-dba' '--without-unixODBC' '--disable-
pdo' '--disable-xmlreader' '--disable-xmlwriter' '--disable-json'


was used to compile it.

It doesn't crash, if I compile it with just --enable-debug, but that 
doesn't prove anything - me guesses.
 [2008-05-08 12:54 UTC] gj at zlew dot org
compiling with --enable-debug causes it not to crash, 
it doesn't crash on teh same code on 32bit machine.
 [2008-05-08 13:16 UTC] gj at zlew dot org
looks like optimization bug of GCC, 
export CFLAGS="-O0" does the job...
 [2008-07-13 16:55 UTC] jani@php.net
What gcc version does it happen with? Have you tried to upgrade?
 [2008-07-21 01:00 UTC] php-bugs at lists dot php dot net
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Dec 26 18:01:31 2024 UTC