php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #53243 Segfault on _zend_is_inconsistent
Submitted: 2010-11-05 00:04 UTC Modified: 2010-11-05 10:47 UTC
From: beber at meleeweb dot net Assigned:
Status: Not a bug Package: Scripting Engine problem
PHP Version: 5.3.3 OS: Gentoo GNU/Linux x86_64
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: beber at meleeweb dot net
New email:
PHP Version: OS:

 

 [2010-11-05 00:04 UTC] beber at meleeweb dot net 
Description:
------------
I'm getting segfault on function _zend_is_inconsistent while using a specific module that call zend_alter_ini_entry.

A check in _zend_is_inconsistent is done badly :

static void _zend_is_inconsistent(const HashTable *ht, const char *file, int line)
{
        if (ht->inconsistent==HT_OK) {
                return;
        }

ht here in 0x0, so segfault

A simple fix could be :

static void _zend_is_inconsistent(const HashTable *ht, const char *file, int line)
{
        if (!ht || ht->inconsistent==HT_OK) {
                return;
        }

Here is backtrace :
#0  0x00007ffff0bcb44c in _zend_is_inconsistent (ht=0x0, file=0x7ffff10e5168 "/var/tmp/portage/dev-lang/php-5.3.3-r3/work/sapis-build/apache2/Zend/zend_hash.c", line=875)
    at /var/tmp/portage/dev-lang/php-5.3.3-r3/work/sapis-build/apache2/Zend/zend_hash.c:53
#1  0x00007ffff0bce368 in zend_hash_find (ht=0x0, arKey=0x7ffff83362c0 "open_basedir", nKeyLength=13, pData=0x7fffffffdce8)
    at /var/tmp/portage/dev-lang/php-5.3.3-r3/work/sapis-build/apache2/Zend/zend_hash.c:875
#2  0x00007ffff0bd86de in zend_alter_ini_entry_ex (name=0x7ffff83362c0 "open_basedir", name_length=13, new_value=0x7ffff83a1b80 "/var/www:/var/www/otis.scabb:/var/tmp:/usr/share/php", 
    new_value_length=52, modify_type=4, stage=16, force_change=0) at /var/tmp/portage/dev-lang/php-5.3.3-r3/work/sapis-build/apache2/Zend/zend_ini.c:260
#3  0x00007ffff0bd866b in zend_alter_ini_entry (name=0x7ffff83362c0 "open_basedir", name_length=13, new_value=0x7ffff83a1b80 "/var/www:/var/www/otis.scabb:/var/tmp:/usr/share/php", 
    new_value_length=52, modify_type=4, stage=16) at /var/tmp/portage/dev-lang/php-5.3.3-r3/work/sapis-build/apache2/Zend/zend_ini.c:249
#4  0x00007ffff1401425 in vv_php_alter_ini (argc=<value optimized out>, argv=0x7ffff8252970, r=<value optimized out>) at mod_virtualvalue.c:347
#5  0x00007ffff140032d in vv_translate (r=0x7ffff83a5f30) at mod_virtualvalue.c:453
#6  0x00007ffff7fc6a2a in ap_run_translate_name (r=0x7ffff83a5f30) at request.c:74
#7  0x00007ffff7fc7ca3 in ap_process_request_internal (r=0x7ffff83a5f30) at request.c:150
#8  0x00007ffff7fe35fc in ap_process_request (r=0x7ffff83a5f30) at http_request.c:280
#9  0x00007ffff7fdfe63 in ap_process_http_connection (c=0x7ffff839fde0) at http_core.c:190
#10 0x00007ffff7fd9e0a in ap_run_process_connection (c=0x7ffff839fde0) at connection.c:43
#11 0x00007ffff7fda383 in ap_process_connection (c=0x7ffff839fde0, csd=0x7ffff839fbf0) at connection.c:178
#12 0x00007ffff7feadfc in child_main (child_num_arg=0) at prefork.c:662
#13 0x00007ffff7feaf1e in make_child (s=0x7ffff8213838, slot=0) at prefork.c:702
#14 0x00007ffff7feb601 in ap_mpm_run (_pconf=0x7ffff820e138, plog=0x7ffff82402c8, s=0x7ffff8213838) at prefork.c:978
#15 0x00007ffff7fb1254 in main (argc=4, argv=0x7fffffffe2e8) at main.c:740

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2010-11-05 00:09 UTC] pajoye@php.net
-Status: Open +Status: Feedback
 [2010-11-05 00:09 UTC] pajoye@php.net 
it should not reach this point if ht is not set. Do you have a script to reproduce this crash?
 [2010-11-05 00:09 UTC] pajoye@php.net
-Package: Apache2 related +Package: Scripting Engine problem
 [2010-11-05 00:12 UTC] beber at meleeweb dot net 
I don't have. Job in done is an apache module which simply does :

zend_alter_ini_entry("open_basedir", 13, "/var/www:/var/www/otis.scabb:/var/tmp:/usr/share/php", 52, PHP_INI_SYSTEM, PHP_INI_STAGE_RUNTIME);
 [2010-11-05 00:39 UTC] pajoye@php.net 
Looks like it is done wrongly then. It should not happen or not be called when ht is not set. Run your code through valgrind.

Btw, I suppose you meant a php extension, not an apache module :)
 [2010-11-05 09:55 UTC] beber at meleeweb dot net 
No, this is an apache module.

I have no hand on "ht". 

zend_alter_ini_entry("open_basedir", 13, 
"/var/www:/var/www/otis.scabb:/var/tmp:/usr/share/php", 52, PHP_INI_SYSTEM, 
PHP_INI_STAGE_RUNTIME); is the only function I call.
 [2010-11-05 10:47 UTC] pajoye@php.net
-Status: Feedback +Status: Bogus
 [2010-11-05 10:47 UTC] pajoye@php.net 
Anyway, as I said earlier this code is correct, but the code calling this function is not as it should never reach this point if the ht is not set or consistent. Report a bug to the author of this module instead.
 [2010-11-05 12:15 UTC] beber at meleeweb dot net 
I am the autor of the module and as I don't have hand on ht, I report the bug.

How could I known ht is zero ?
 
PHP Copyright © 2001-2026 The PHP Group
All rights reserved. 		Last updated: Mon Mar 30 08:00:02 2026 UTC