PHP :: Bug #46434 :: session.save_handler=mm causes crash during garbage collection

Bug #46434

session.save_handler=mm causes crash during garbage collection

Submitted:

2008-10-31 15:04 UTC

Modified:

2009-12-16 01:00 UTC

Votes:	2
Avg. Score:	3.0 ± 2.0
Reproduced:	1 of 1 (100.0%)
Same Version:	0 (0.0%)
Same OS:	1 (100.0%)

From:

charlie dot orford at gmail dot com

Assigned:

Status:

No Feedback

Package:

Session related

PHP Version:

5.2CVS-2008-10-31

OS:

Debian 4/Etch

Private report:

CVE-ID:

None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	charlie dot orford at gmail dot com
New email:
PHP Version:		OS:

New Comment:

[2008-10-31 15:04 UTC] charlie dot orford at gmail dot com

Description:
------------
When mm is used as session.save_handler, apache child processes begin to segfault shortly after session.gc_maxlifetime is reached. The work around is to change session.save_handler to "files". This bug is reproducible (for me at least).


Apache version: 2.2.10, compiled from source using:

./configure --prefix=/usr/local/apache --disable-cgi --disable-cgid --disable-charset-lite --disable-env --disable-include --disable-autoindex --disable-asis --disable-negotiation --disable-imagemap --disable-actions --disable-userdir --enable-nonportable-atomics --enable-deflate --enable-proxy-ftp=shared --enable-proxy=shared --enable-proxy-connect=shared --enable-proxy-http=shared --enable-cache=shared --enable-setenvif --enable-expires --enable-headers --enable-rewrite --enable-unique-id --enable-dav=shared --enable-dav-fs=shared --enable-ssl --enable-so --with-ssl=/etc/ssl --with-mpm=prefork --with-dbm=db4 --with-berkeley-db=/usr/include:/usr/lib


httpd -l output:

Compiled in modules:
  core.c
  mod_authn_file.c
  mod_authn_default.c
  mod_authz_host.c
  mod_authz_groupfile.c
  mod_authz_user.c
  mod_authz_default.c
  mod_auth_basic.c
  mod_filter.c
  mod_deflate.c
  mod_log_config.c
  mod_expires.c
  mod_headers.c
  mod_unique_id.c
  mod_setenvif.c
  mod_ssl.c
  prefork.c
  http_core.c
  mod_mime.c
  mod_status.c
  mod_dir.c
  mod_alias.c
  mod_rewrite.c
  mod_so.c


PHP version 5.2.6, compiled from source using:

./configure --disable-ipv6 --disable-short-tags --disable-cgi --enable-versioning --enable-url-includes --enable-sysvshm --enable-sysvsem --enable-ftp --enable-calendar --enable-gd-native-ttf --enable-mbstring --enable-libxml --enable-cli --enable-xml --enable-sockets --with-pdflib=/usr/src/PDFlib-6.0.4-Linux-x86_64/bind/c --with-apxs2=/usr/local/apache/bin/apxs --with-mysql=/usr/local/mysql --with-mysql-sock=/var/run/mysqld/mysqld.sock --with-mm=/usr/local/mm-1.4.2 --with-zlib --with-zlib-dir=/usr/lib/ --with-pear --with-gd --with-freetype-dir=/usr/local/lib/ --with-png-dir=/usr/lib/ --with-jpeg-dir=/usr/lib/ --with-ttf --with-libtiff-dir=/usr/lib/ --with-openssl=/usr


mm-1.4.2, compiled from source using:

./configure --prefix=/usr/local/mm-1.4.2






Reproduce code:
---------------
See: http://pastebin.com/f38b947b

Expected result:
----------------
A session marked for garbage collection should be destroyed by the garbage collector.

Actual result:
--------------
Garbage collection results in an apache child process segfault. I have included two backtraces from two separate child process crashes.

Both seem to suggest php-5.2.6/ext/session/mod_mm.c is where the bug resides.


GDB backtrace #1:
===================================

Core was generated by `/usr/local/apache/bin/httpd -k start'.
Program terminated with signal 11, Segmentation fault.
#0  zm_shutdown_ps_mm (type=<value optimized out>,
    module_number=<value optimized out>)
    at /usr/src/lamp/php-5.2.6/ext/session/mod_mm.c:243
243                             next = sd->next;
(gdb) bt full
#0  zm_shutdown_ps_mm (type=<value optimized out>,
    module_number=<value optimized out>)
    at /usr/src/lamp/php-5.2.6/ext/session/mod_mm.c:243
No locals.
#1  0x00002b814cef0234 in zm_shutdown_session (type=1, module_number=12)
    at /usr/src/lamp/php-5.2.6/ext/session/session.c:1983
No locals.
#2  0x00002b814d00bea1 in module_destructor (module=0x7460f0)
    at /usr/src/lamp/php-5.2.6/Zend/zend_API.c:1921
No locals.
#3  0x00002b814d012642 in zend_hash_apply_deleter (ht=0x2b814d6ab320,
    p=0x746090) at /usr/src/lamp/php-5.2.6/Zend/zend_hash.c:611
        retval = <value optimized out>
#4  0x00002b814d0128b8 in zend_hash_graceful_reverse_destroy (
    ht=0x2b814d6ab320) at /usr/src/lamp/php-5.2.6/Zend/zend_hash.c:646
        p = (Bucket *) 0x657469735f666572
#5  0x00002b814d008247 in zend_shutdown ()
    at /usr/src/lamp/php-5.2.6/Zend/zend.c:733
No locals.
#6  0x00002b814cfc666a in php_module_shutdown ()
    at /usr/src/lamp/php-5.2.6/main/main.c:1888
No locals.
#7  0x00002b814cfc6709 in php_module_shutdown_wrapper (sapi_globals=0x1)
---Type <return> to continue, or q <return> to quit---
    at /usr/src/lamp/php-5.2.6/main/main.c:1859
No locals.
#8  0x00002b814d0898e1 in php_apache_server_shutdown (
    tmp=<value optimized out>)
    at /usr/src/lamp/php-5.2.6/sapi/apache2handler/sapi_apache2.c:352
No locals.
#9  0x00002b814c43c62d in run_cleanups (cref=0x5b5158)
    at memory/unix/apr_pools.c:2306
        c = (cleanup_t *) 0x2b814f630058
#10 0x00002b814c43d0b7 in apr_pool_destroy (pool=0x5b5138)
    at memory/unix/apr_pools.c:774
        active = <value optimized out>
        allocator = <value optimized out>
#11 0x00002b814c43d0a5 in apr_pool_destroy (pool=0x5b3128)
    at memory/unix/apr_pools.c:771
        active = <value optimized out>
        allocator = <value optimized out>
#12 0x00000000004296a6 in destroy_and_exit_process (process=0x5b3220,
    process_exit_value=0) at main.c:270
No locals.
#13 0x000000000042a179 in main (argc=3, argv=0x7fff5f238e78) at main.c:747
        c = 0 '\0'
        configtestonly = 0
---Type <return> to continue, or q <return> to quit---
        confname = 0x47d51f "conf/httpd.conf"
        def_server_root = 0x47d52f "/usr/local/apache"
        temp_error_log = 0x0
        error = <value optimized out>
        process = (process_rec *) 0x5b3220
        server_conf = <value optimized out>
        pglobal = (apr_pool_t *) 0x5b3128
        pconf = (apr_pool_t *) 0x5b5138
        plog = (apr_pool_t *) 0x5f9358
        ptemp = (apr_pool_t *) 0x5c1198
        pcommands = (apr_pool_t *) 0x5b7148
        opt = (apr_getopt_t *) 0x5b7240
        rv = 0
        optarg = 0x2b814c9aa170 "?'"
(gdb)



GDB backtrace #2:
===================================

Core was generated by `/usr/local/apache/bin/httpd -k start'.
Program terminated with signal 11, Segmentation fault.
#0  ps_sd_lookup (data=<value optimized out>, key=0x2b814b91d488 "ufc77adjfgtmpfcju2mgiejf20l6bsd5", rw=0) at /usr/src/lamp/php-5.2.6/ext/session/mod_mm.c:189
189                     if (ret->hv == hv && !strcmp(ret->key, key))
(gdb) bt full
#0  ps_sd_lookup (data=<value optimized out>, key=0x2b814b91d488 "ufc77adjfgtmpfcju2mgiejf20l6bsd5", rw=0) at /usr/src/lamp/php-5.2.6/ext/session/mod_mm.c:189
        hv = 17287314
        ret = (ps_sd *) 0x490
        prev = (ps_sd *) 0x0
#1  0x00002b814cef68d7 in ps_read_mm (mod_data=<value optimized out>, key=0x2b814b91d488 "ufc77adjfgtmpfcju2mgiejf20l6bsd5", val=0x7fff5f2315b0, vallen=0x7fff5f2315cc) at /usr/src/lamp/php-5.2.6/ext/session/mod_mm.c:334
        data = (ps_mm *) 0x78b1e0
        sd = <value optimized out>
        ret = -1
#2  0x00002b814cef321e in php_session_start () at /usr/src/lamp/php-5.2.6/ext/session/session.c:844
        value = <value optimized out>
        ppid = (zval **) 0x2b814b91c2c0
        data = (zval **) 0x2b814b91cc58
        p = <value optimized out>
        lensess = <value optimized out>
#3  0x00002b814cef3b69 in zif_session_start (ht=1267848328, return_value=0x2b814b91d488, return_value_ptr=0x20, this_ptr=0x20, return_value_used=-16843009) at /usr/src/lamp/php-5.2.6/ext/session/session.c:1815
No locals.
#4  0x00002b814d037117 in zend_do_fcall_common_helper_SPEC (execute_data=0x7fff5f232ee0) at /usr/src/lamp/php-5.2.6/Zend/zend_vm_execute.h:200
        i = 32767
        p = <value optimized out>
        arg_count = 47834416506944
        return_reference = 0 '\0'
        opline = (zend_op *) 0x2b8151676930
        original_return_value = <value optimized out>
        current_scope = (zend_class_entry *) 0x0
        current_this = (zval *) 0x0
        return_value_used = -16843009
        should_change_scope = 0 '\0'
#5  0x00002b814d026f93 in execute (op_array=0x2b814b9232f8) at /usr/src/lamp/php-5.2.6/Zend/zend_vm_execute.h:92
        execute_data = {opline = 0x2b8151676930, function_state = {function_symbol_table = 0x0, function = 0x746f70, reserved = {0x2b814cfda2cc, 0x2b814b920948, 0x0, 0x2b814b920948}}, fbc = 0x0, op_array = 0x2b814b9232f8, object = 0x0,
  Ts = 0x7fff5f231710, CVs = 0x7fff5f2316f0, original_in_execution = 1 '\001', symbol_table = 0x2b814d6aafc8, prev_execute_data = 0x7fff5f236400, old_error_reporting = 0x0}
#6  0x00002b814d0298e5 in ZEND_INCLUDE_OR_EVAL_SPEC_CONST_HANDLER (execute_data=0x7fff5f236400) at /usr/src/lamp/php-5.2.6/Zend/zend_vm_execute.h:2037
        saved_object = (zval *) 0x0
        saved_function = (zend_function *) 0x2b814b91ce70
        opline = (zend_op *) 0x2b815164e4d0
        new_op_array = (zend_op_array *) 0x2b814b9232f8
        original_return_value = (zval **) 0x7fff5f236520
        inc_filename = <value optimized out>
        tmp_inc_filename = {value = {lval = 140734789529624, dval = 6.9532224681285584e-310, str = {val = 0x7fff5f233018 "\200?\220K\201+", len = 1267783040}, ht = 0x7fff5f233018, obj = {handle = 1596141592, handlers = 0x2b814b90d580}},
  refcount = 0, type = 0 '\0', is_ref = 0 '\0'}
        failure_retval = 255 '?'
#7  0x00002b814d026f93 in execute (op_array=0x2b814b91ce70) at /usr/src/lamp/php-5.2.6/Zend/zend_vm_execute.h:92
        execute_data = {opline = 0x2b815164e4d0, function_state = {function_symbol_table = 0x0, function = 0x2b814b9232f8, reserved = {0x2b814cfda2cc, 0x2b814b91d258, 0x0, 0x2b814b91d258}}, fbc = 0x0, op_array = 0x2b814b91ce70,
  object = 0x0, Ts = 0x7fff5f233170, CVs = 0x7fff5f233090, original_in_execution = 0 '\0', symbol_table = 0x2b814d6aafc8, prev_execute_data = 0x0, old_error_reporting = 0x0}
#8  0x00002b814d007ccd in zend_execute_scripts (type=8, retval=<value optimized out>, file_count=3) at /usr/src/lamp/php-5.2.6/Zend/zend.c:1134
        files = {{gp_offset = 40, fp_offset = 0, overflow_arg_area = 0x7fff5f236620, reg_save_area = 0x7fff5f236530}}
        i = 1
        file_handle = (zend_file_handle *) 0x7fff5f2388d0
        orig_op_array = (zend_op_array *) 0x0
        orig_retval_ptr_ptr = (zval **) 0x0
        local_retval = (zval *) 0x0
#9  0x00002b814cfc6508 in php_execute_script (primary_file=0x7fff5f2388d0) at /usr/src/lamp/php-5.2.6/main/main.c:2005
        realfile = "\000\000\000\000\000\000\000\000nQ?K\201+\000\000xv#_?\177", '\0' <repeats 18 times>, "\200q\210\000\000\000\000\000\020w#_?\177\000\000JN?K\201+\000\000\200q\210\000\000\000\000\000\020w#_?\177\000\000\237\017\000\000\000\000\000\000?\212\bM\201+\000\000?\v\000\000\000\000\000\000f'", '\0' <repeats 15 times>, "?jM\201+\000\000@?jM\201+\000\000??jM\201+\000\000\000?jM\201+\000\000@?jM\201+\000\000\000?jM\201+\000\000???L\201+\000\000?\021\000\000\000\000\000\000o \000\000\000\000\000\000+\036\000\000\000\000\000\000e\"\000\000\000\000\000\000?$\000\000\000"...
        prepend_file_p = (zend_file_handle *) 0x0
        append_file_p = (zend_file_handle *) 0x0
        prepend_file = {type = 0 '\0', filename = 0x0, opened_path = 0x0, handle = {fd = 0, fp = 0x0, stream = {handle = 0x0, reader = 0, closer = 0, fteller = 0, interactive = 0}}, free_filename = 0 '\0'}
        append_file = {type = 0 '\0', filename = 0x0, opened_path = 0x0, handle = {fd = 0, fp = 0x0, stream = {handle = 0x0, reader = 0, closer = 0, fteller = 0, interactive = 0}}, free_filename = 0 '\0'}
        old_cwd = 0x7fff5f236630 "/"
        retval = 0
#10 0x00002b814d08975d in php_handler (r=0x885f38) at /usr/src/lamp/php-5.2.6/sapi/apache2handler/sapi_apache2.c:629
        __bailout = {{__jmpbuf = {120, 3, 8937272, 6052448, 8912520, 140734789552784, 140734789552112, 47834343182899}, __mask_was_saved = 0, __saved_mask = {__val = {0, 0, 17179869184, 8937144, 4623373, 8995888, 16, 8937144, 8994104,
        8937144, 8937272, 8871352, 6002672, 8937904, 0, 8937144}}}}
        ctx = (php_struct * volatile) 0x894540
        conf = (void *) 0x604a98
        brigade = (apr_bucket_brigade * volatile) 0x895220
        bucket = <value optimized out>
        rv = <value optimized out>
        parent_req = (request_rec * volatile) 0x0
#11 0x000000000043c179 in ap_run_handler (r=0x885f38) at config.c:157
        n = 3
---Type <return> to continue, or q <return> to quit---
        rv = 32
#12 0x000000000043f25c in ap_invoke_handler (r=0x885f38) at config.c:372
        handler = 0x65ae80 "application/x-httpd-php"
        result = 0
        old_handler = 0x0
        ignore = <value optimized out>
#13 0x0000000000464598 in ap_process_request (r=0x885f38) at http_request.c:258
        access_status = 1168
#14 0x0000000000461a3c in ap_process_http_connection (c=0x875db8) at http_core.c:190
        r = (request_rec *) 0x885f38
        csd = (apr_socket_t *) 0x0
#15 0x0000000000442e11 in ap_run_process_connection (c=0x875db8) at connection.c:43
        n = 0
        rv = 32
#16 0x00000000004736b6 in child_main (child_num_arg=<value optimized out>) at prefork.c:650
        numdesc = 1
        pdesc = (const apr_pollfd_t *) 0x873e20
        current_conn = (conn_rec *) 0x875db8
        csd = (void *) 0x875bc8
        ptrans = (apr_pool_t *) 0x875b48
        allocator = (apr_allocator_t *) 0x873a40
        status = <value optimized out>
        i = <value optimized out>
        lr = <value optimized out>
        pollset = (apr_pollset_t *) 0x873d68
        sbh = (ap_sb_handle_t *) 0x873d60
        bucket_alloc = (apr_bucket_alloc_t *) 0x87fe88
        last_poll_idx = 1
#17 0x0000000000473934 in make_child (s=0x5bef68, slot=5) at prefork.c:746
        pid = 0
#18 0x00000000004741d6 in ap_mpm_run (_pconf=<value optimized out>, plog=<value optimized out>, s=<value optimized out>) at prefork.c:881
        pidfile = <value optimized out>
        active_children = <value optimized out>
        cutoff = <value optimized out>
        index = <value optimized out>
        remaining_children_to_start = 0
        rv = <value optimized out>
#19 0x000000000042a167 in main (argc=3, argv=0x7fff5f238e78) at main.c:740
        c = 0 '\0'
        configtestonly = 0
        confname = 0x47d51f "conf/httpd.conf"
        def_server_root = 0x47d52f "/usr/local/apache"
        temp_error_log = 0x0
        error = <value optimized out>
        process = (process_rec *) 0x5b3220
        server_conf = <value optimized out>
        pglobal = (apr_pool_t *) 0x5b3128
        pconf = (apr_pool_t *) 0x5b5138
        plog = (apr_pool_t *) 0x5f9358
        ptemp = (apr_pool_t *) 0x5c1198
        pcommands = (apr_pool_t *) 0x5b7148
        opt = (apr_getopt_t *) 0x5b7240
        rv = 0
        optarg = 0x2b814c9aa170 "?'"
(gdb)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2008-10-31 15:10 UTC] charlie dot orford at gmail dot com

Forgot to include hardware and kernel version (in case it is helpful):

Linux kernel: 2.6.20.3

Hardware: Dual AMD Opteron 252 with 4GB RAM

Memory status at time of segfault:

#free -m
             total       used       free     shared    buffers     cached
Mem:          3903       3804         99          0        210       1707
-/+ buffers/cache:       1885       2017
Swap:         7632        271       7360

[2008-10-31 21:20 UTC] charlie dot orford at gmail dot com

GDB backtrace #3:
===================================

Core was generated by `/usr/local/apache/bin/httpd -k start'.
Program terminated with signal 11, Segmentation fault.
#0  0x00002b121af85f7d in ps_gc_mm (mod_data=<value optimized out>,
    maxlifetime=1800, nrdels=0x7fff911a30bc)
    at /usr/src/lamp/php5.2-200810311530/ext/session/mod_mm.c:422
422                             if (sd->ctime < limit) {
(gdb) bt full
#0  0x00002b121af85f7d in ps_gc_mm (mod_data=<value optimized out>,
    maxlifetime=1800, nrdels=0x7fff911a30bc)
    at /usr/src/lamp/php5.2-200810311530/ext/session/mod_mm.c:422
        data = (ps_mm *) 0x78b210
        limit = 1225485826
        ohash = (ps_sd **) 0x2b121d6c2060
        ehash = (ps_sd **) 0x2b121d6c3058
        sd = (ps_sd *) 0x7c65707989b73ff3
        next = (ps_sd *) 0x708
#1  0x00002b121af82e04 in php_session_start ()
    at /usr/src/lamp/php5.2-200810311530/ext/session/session.c:1344
        nrdels = 0
        ppid = (zval **) 0x2b12199abaa8
        data = (zval **) 0x2b12199ac630
        p = 0x2b12199b28c0 "X,\233\031\022+"
        lensess = 429598912
#2  0x00002b121af83689 in zif_session_start (ht=26,
    return_value=0x7c65707989b73ff3, return_value_ptr=0x2b121b841960,
    this_ptr=0x2b121a82834a, return_value_used=460575968)
    at /usr/src/lamp/php5.2-200810311530/ext/session/session.c:1824
No locals.
#3  0x00002b121b0c7177 in zend_do_fcall_common_helper_SPEC (
    execute_data=0x7fff911a49d0)
---Type <return> to continue, or q <return> to quit---
    at /usr/src/lamp/php5.2-200810311530/Zend/zend_vm_execute.h:200
        i = 32767
        p = <value optimized out>
        arg_count = 47356836608064
        return_reference = 0 '\0'
        opline = (zend_op *) 0x2b121f6c7930
        original_return_value = <value optimized out>
        current_scope = (zend_class_entry *) 0x0
        current_this = (zval *) 0x0
        return_value_used = 460575968
        should_change_scope = 0 '\0'
#4  0x00002b121b0b6fa3 in execute (op_array=0x2b12199b1030)
    at /usr/src/lamp/php5.2-200810311530/Zend/zend_vm_execute.h:92
        execute_data = {opline = 0x2b121f6c7930, function_state = {
    function_symbol_table = 0x0, function = 0x746fa0, reserved = {
      0x2b121b06a12c, 0x2b12199b1138, 0x0, 0x2b12199b1138}}, fbc = 0x0,
  op_array = 0x2b12199b1030, object = 0x0, Ts = 0x7fff911a3200,
  CVs = 0x7fff911a31e0, original_in_execution = 1 '\001',
  symbol_table = 0x2b121b73d668, prev_execute_data = 0x7fff911a60f0,
  old_error_reporting = 0x0}
#5  0x00002b121b0b991f in ZEND_INCLUDE_OR_EVAL_SPEC_CONST_HANDLER (
    execute_data=0x7fff911a60f0)
    at /usr/src/lamp/php5.2-200810311530/Zend/zend_vm_execute.h:2087
---Type <return> to continue, or q <return> to quit---
        saved_object = (zval *) 0x0
        saved_function = (zend_function *) 0x2b12199ad2e8
        opline = (zend_op *) 0x2b12199b5308
        new_op_array = (zend_op_array *) 0x2b12199b1030
        original_return_value = (zval **) 0x7fff911a6358
        inc_filename = <value optimized out>
        tmp_inc_filename = {value = {lval = 47356769981664,
    dval = 2.3397353145946181e-310, str = {
      val = 0x2b121b73d4e0 "(N\032\221?\177", len = 454017753},
    ht = 0x2b121b73d4e0, obj = {handle = 460575968,
      handlers = 0x2b121b0fc2d9}}, refcount = 0, type = 0 '\0',
  is_ref = 0 '\0'}
        failure_retval = 224 '?'
#6  0x00002b121b0b6fa3 in execute (op_array=0x2b12199ad2e8)
    at /usr/src/lamp/php5.2-200810311530/Zend/zend_vm_execute.h:92
        execute_data = {opline = 0x2b12199b5308, function_state = {
    function_symbol_table = 0x0, function = 0x2b12199b1030, reserved = {
      0x2b121b06a12c, 0x2b12199addb8, 0x0, 0x2b12199addb8}}, fbc = 0x0,
  op_array = 0x2b12199ad2e8, object = 0x0, Ts = 0x7fff911a4ba0,
  CVs = 0x7fff911a4b80, original_in_execution = 1 '\001',
  symbol_table = 0x2b121b73d668, prev_execute_data = 0x7fff911a6390,
  old_error_reporting = 0x0}
#7  0x00002b121b0b991f in ZEND_INCLUDE_OR_EVAL_SPEC_CONST_HANDLER (
---Type <return> to continue, or q <return> to quit---
    execute_data=0x7fff911a6390)
    at /usr/src/lamp/php5.2-200810311530/Zend/zend_vm_execute.h:2087
        saved_object = (zval *) 0x0
        saved_function = (zend_function *) 0x2b12199ac848
        opline = (zend_op *) 0x2b12199acf48
        new_op_array = (zend_op_array *) 0x2b12199ad2e8
        original_return_value = (zval **) 0x7fff911a64b0
        inc_filename = <value optimized out>
        tmp_inc_filename = {value = {lval = 3, dval = 1.4821969375237396e-323,
    str = {val = 0x3 <Address 0x3 out of bounds>, len = 454017753}, ht = 0x3,
    obj = {handle = 3, handlers = 0x2b121b0fc2d9}}, refcount = 0,
  type = 0 '\0', is_ref = 0 '\0'}
        failure_retval = 224 '?'
#8  0x00002b121b0b6fa3 in execute (op_array=0x2b12199ac848)
    at /usr/src/lamp/php5.2-200810311530/Zend/zend_vm_execute.h:92
        execute_data = {opline = 0x2b12199acf48, function_state = {
    function_symbol_table = 0x0, function = 0x2b12199ad2e8, reserved = {
      0x2b121b06a12c, 0x2b12199acc10, 0x0, 0x2b12199acc10}}, fbc = 0x0,
  op_array = 0x2b12199ac848, object = 0x0, Ts = 0x7fff911a62b0,
  CVs = 0x7fff911a62a0, original_in_execution = 0 '\0',
  symbol_table = 0x2b121b73d668, prev_execute_data = 0x0,
  old_error_reporting = 0x0}
#9  0x00002b121b097c6d in zend_execute_scripts (type=8,
---Type <return> to continue, or q <return> to quit---
    retval=<value optimized out>, file_count=3)
    at /usr/src/lamp/php5.2-200810311530/Zend/zend.c:1134
        files = {{gp_offset = 40, fp_offset = 0,
    overflow_arg_area = 0x7fff911a65b0, reg_save_area = 0x7fff911a64c0}}
        i = 1
        file_handle = (zend_file_handle *) 0x7fff911a8860
        orig_op_array = (zend_op_array *) 0x0
        orig_retval_ptr_ptr = (zval **) 0x0
        local_retval = (zval *) 0x0
#10 0x00002b121b055f58 in php_execute_script (primary_file=0x7fff911a8860)
    at /usr/src/lamp/php5.2-200810311530/main/main.c:2011
        realfile = "?\024\000\000\000\000\000\000;\000\000\000\000\000\000\000##\000\000\000\000\000\000b\020\000\000\000\000\000\000m\024\000\000\000\000\000\000?!\000\000\000\000\000\000?\005\000\000\000\000\000\000\237\032\000\000\000\000\000\000?\036\000\000\000\000\000\000Z\v\000\000\000\000\000\000?,\000\000\000\000\000\000V\017\000\000\000\000\000\000\231\032\000\000\000\000\000\000i$\000\000\000\000\000\000\033#\000\000\000\000\000\000b\"\000\000\000\000\000\000?#\000\000\000\000\000\000?\035\000\000\000\000\000\000\001\n\000\000\000\000\000\000W&\000\000\000\000\000\000d&\000\000\000\000\000\000\203\006\000\000\000\000\000\000?\n\000\000\000\000\000\000?\031\000\000\000\000\000\000?\b\000\000\000\000\000\000"...
        prepend_file_p = (zend_file_handle *) 0x0
        append_file_p = (zend_file_handle *) 0x2b1200000000
---Type <return> to continue, or q <return> to quit---
        prepend_file = {type = 0 '\0', filename = 0x0, opened_path = 0x0,
  handle = {fd = 0, fp = 0x0, stream = {handle = 0x0, reader = 0, closer = 0,
      fteller = 0, interactive = 0}}, free_filename = 0 '\0'}
        append_file = {type = 0 '\0', filename = 0x0, opened_path = 0x0,
  handle = {fd = 0, fp = 0x0, stream = {handle = 0x0, reader = 0, closer = 0,
      fteller = 0, interactive = 0}}, free_filename = 0 '\0'}
        old_cwd = 0x7fff911a65c0 "/"
        retval = 0
#11 0x00002b121b119885 in php_handler (r=0x881fe8)
    at /usr/src/lamp/php5.2-200810311530/sapi/apache2handler/sapi_apache2.c:629
        __bailout = {{__jmpbuf = {120, 3, 8921064, 6052448, 8912728,
      140735627823648, 140735627822976, 47356763542355}, __mask_was_saved = 0,
    __saved_mask = {__val = {0, 0, 17179869184, 8920936, 4623373,
        47356750571568, 47356747237712, 8920936, 5921512, 6053712, 8921064,
        8912728, 140735627823648, 0, 47356738320017, 8920936}}}}
        ctx = (php_struct * volatile) 0x8867c0
        conf = (void *) 0x604a98
        brigade = (apr_bucket_brigade * volatile) 0x887478
        bucket = <value optimized out>
        rv = <value optimized out>
        parent_req = (request_rec * volatile) 0x0
#12 0x000000000043c179 in ap_run_handler (r=0x881fe8) at config.c:157
        n = 3
---Type <return> to continue, or q <return> to quit---
        rv = 461642080
#13 0x000000000043f25c in ap_invoke_handler (r=0x881fe8) at config.c:372
        handler = 0x65ae80 "application/x-httpd-php"
        result = 0
        old_handler = 0x0
        ignore = <value optimized out>
#14 0x0000000000464598 in ap_process_request (r=0x881fe8) at http_request.c:258
        access_status = 1225485826
#15 0x0000000000461a3c in ap_process_http_connection (c=0x875e88)
    at http_core.c:190
        r = (request_rec *) 0x881fe8
        csd = (apr_socket_t *) 0x0
#16 0x0000000000442e11 in ap_run_process_connection (c=0x875e88)
    at connection.c:43
        n = 0
        rv = 461642080
#17 0x00000000004736b6 in child_main (child_num_arg=<value optimized out>)
    at prefork.c:650
        numdesc = 1
        pdesc = (const apr_pollfd_t *) 0x873ef0
        current_conn = (conn_rec *) 0x875e88
        csd = (void *) 0x875c98
        ptrans = (apr_pool_t *) 0x875c18
---Type <return> to continue, or q <return> to quit---
        allocator = (apr_allocator_t *) 0x873b10
        status = <value optimized out>
        i = <value optimized out>
        lr = <value optimized out>
        pollset = (apr_pollset_t *) 0x873e38
        sbh = (ap_sb_handle_t *) 0x873e30
        bucket_alloc = (apr_bucket_alloc_t *) 0x87ff58
        last_poll_idx = 1
#18 0x0000000000473934 in make_child (s=0x5bef68, slot=5) at prefork.c:746
        pid = 0
#19 0x00000000004741d6 in ap_mpm_run (_pconf=<value optimized out>,
    plog=<value optimized out>, s=<value optimized out>) at prefork.c:881
        pidfile = <value optimized out>
        active_children = <value optimized out>
        cutoff = <value optimized out>
        index = <value optimized out>
        remaining_children_to_start = 0
        rv = <value optimized out>
#20 0x000000000042a167 in main (argc=3, argv=0x7fff911a8e08) at main.c:740
        c = 0 '\0'
        configtestonly = 0
        confname = 0x47d51f "conf/httpd.conf"
        def_server_root = 0x47d52f "/usr/local/apache"
---Type <return> to continue, or q <return> to quit---
        temp_error_log = 0x0
        error = <value optimized out>
        process = (process_rec *) 0x5b3220
        server_conf = <value optimized out>
        pglobal = (apr_pool_t *) 0x5b3128
        pconf = (apr_pool_t *) 0x5b5138
        plog = (apr_pool_t *) 0x5f9358
        ptemp = (apr_pool_t *) 0x5c1198
        pcommands = (apr_pool_t *) 0x5b7148
        opt = (apr_getopt_t *) 0x5b7240
        rv = 0
        optarg = 0x2b121aa3a170 "?'"
(gdb)

[2009-12-08 20:47 UTC] felipe@php.net

Please try using this snapshot:

  http://snaps.php.net/php5.2-latest.tar.gz
 
For Windows:

  http://windows.php.net/snapshots/

[2009-12-16 01:00 UTC] php-bugs at lists dot php dot net

No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Fri Dec 27 03:01:28 2024 UTC