php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #64047 segfault in request shutdown (server_context is NULL)
Submitted: 2013-01-22 14:00 UTC Modified: 2015-05-31 04:22 UTC
From: remi@php.net Assigned:
Status: No Feedback Package: Apache2 related
PHP Version: Irrelevant OS: GNU/Linux
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: remi@php.net
New email:
PHP Version: OS:

 

 [2013-01-22 14:00 UTC] remi@php.net
Description:
------------
We encounter, in specific race condition (seems http/500 error) a segfault in php_request_shutdown.

According to backtrace, server_context is NULL.

This backtrace is from php 5.3.3, but as I don't see any change in git history, I think it could occurs in latest php 5.3.

Core was generated by `/usr/sbin/httpd'.
Program terminated with signal 11, Segmentation fault.
#0  php_apache_sapi_header_handler (sapi_header=<value optimized out>, op=SAPI_HEADER_ADD, sapi_headers=<value optimized out>)
    at /usr/src/debug/php-5.3.3/sapi/apache2handler/sapi_apache2.c:124
124                                     if (ctx->content_type) {

(gdb) bt
#0  php_apache_sapi_header_handler (sapi_header=<value optimized out>, op=SAPI_HEADER_ADD, sapi_headers=<value optimized out>)
    at /usr/src/debug/php-5.3.3/sapi/apache2handler/sapi_apache2.c:124
#1  0x00007fe16f2127ce in sapi_header_op (op=<value optimized out>, arg=<value optimized out>) at /usr/src/debug/php-5.3.3/main/SAPI.c:756
#2  0x00007fe16f212d98 in sapi_add_header_ex (header_line=0x7fe17ddff728 "Content-type: text/html", header_line_len=<value optimized out>, 
    duplicate=0 '\000', replace=<value optimized out>) at /usr/src/debug/php-5.3.3/main/SAPI.c:515
#3  0x00007fe16f2135e2 in sapi_send_headers () at /usr/src/debug/php-5.3.3/main/SAPI.c:796
#4  0x00007fe16f1bbdd9 in php_header () at /usr/src/debug/php-5.3.3/ext/standard/head.c:69
#5  0x00007fe16f21b3e3 in php_ub_body_write (str=0x7fe17f65b400 "", str_length=0) at /usr/src/debug/php-5.3.3/main/output.c:719
#6  0x00007fe16f21b998 in php_end_ob_buffer (send_buffer=1 '\001', just_flush=0 '\000') at /usr/src/debug/php-5.3.3/main/output.c:298
#7  0x00007fe16f21c249 in php_end_ob_buffers (send_buffer=1 '\001') at /usr/src/debug/php-5.3.3/main/output.c:337
#8  0x00007fe16f20873f in php_request_shutdown (dummy=<value optimized out>) at /usr/src/debug/php-5.3.3/main/main.c:1598
#9  0x00007fe16f2e2997 in php_apache_request_dtor (r=0x7fe17db8dd18) at /usr/src/debug/php-5.3.3/sapi/apache2handler/sapi_apache2.c:509
#10 php_handler (r=0x7fe17db8dd18) at /usr/src/debug/php-5.3.3/sapi/apache2handler/sapi_apache2.c:681
#11 0x00007fe17c46ab00 in ap_run_handler (r=0x7fe17db8dd18) at /usr/src/debug/httpd-2.2.15/server/config.c:158
#12 0x00007fe17c46e3be in ap_invoke_handler (r=0x7fe17db8dd18) at /usr/src/debug/httpd-2.2.15/server/config.c:376
#13 0x00007fe17c479a30 in ap_process_request (r=0x7fe17db8dd18) at /usr/src/debug/httpd-2.2.15/modules/http/http_request.c:282
#14 0x00007fe17c4768f8 in ap_process_http_connection (c=0x7fe17da29518) at /usr/src/debug/httpd-2.2.15/modules/http/http_core.c:190
#15 0x00007fe17c472608 in ap_run_process_connection (c=0x7fe17da29518) at /usr/src/debug/httpd-2.2.15/server/connection.c:43
#16 0x00007fe17c47e807 in child_main (child_num_arg=<value optimized out>) at /usr/src/debug/httpd-2.2.15/server/mpm/prefork/prefork.c:667
#17 0x00007fe17c47eb1a in make_child (s=0x7fe17d1d4860, slot=1) at /usr/src/debug/httpd-2.2.15/server/mpm/prefork/prefork.c:763
#18 0x00007fe17c47f79c in perform_idle_server_maintenance (_pconf=<value optimized out>, plog=<value optimized out>, s=<value optimized out>)
    at /usr/src/debug/httpd-2.2.15/server/mpm/prefork/prefork.c:898
#19 ap_mpm_run (_pconf=<value optimized out>, plog=<value optimized out>, s=<value optimized out>)
    at /usr/src/debug/httpd-2.2.15/server/mpm/prefork/prefork.c:1102
#20 0x00007fe17c456900 in main (argc=1, argv=0x7fff82467b78) at /usr/src/debug/httpd-2.2.15/server/main.c:760
(gdb) print sapi_globals
$1 = {server_context = 0x0, request_info = {request_method = 0x7fe17db8f638 "GET", 
    query_string = 0x7fe17d734d88 "option=###############&view=main&article-id=################################################", post_data = 0x0, 
    raw_post_data = 0x0, cookie_data = 0x0, content_length = 0, post_data_length = 0, raw_post_data_length = 0, 
    path_translated = 0x7fe17d734df8 "/var/www/html/index.php", request_uri = 0x7fe17d734de8 "/index.php", content_type = 0x0, 
    headers_only = 0 '\000', no_headers = 0 '\000', headers_read = 0 '\000', post_entry = 0x0, content_type_dup = 0x0, auth_user = 0x0, 
    auth_password = 0x0, auth_digest = 0x0, argv0 = 0x0, current_user = 0x0, current_user_length = 0, argc = 0, argv = 0x0, proto_num = 1000}, 
  sapi_headers = {headers = {head = 0x7fe17f0ecb70, tail = 0x7fe17e588a48, count = 3, size = 16, dtor = 0x7fe16f212270 <sapi_free_header>, 
      persistent = 0 '\000', traverse_ptr = 0x0}, http_response_code = 500, send_default_content_type = 0 '\000', 
    mimetype = 0x7fe17ddff980 "text/html", http_status_line = 0x7fe17ddfb750 "HTTP/1.0 500 Internal Server Error"}, read_post_bytes = 0, 
  headers_sent = 0 '\000', global_stat = {st_dev = 0, st_ino = 0, st_nlink = 0, st_mode = 0, st_uid = 0, st_gid = 0, __pad0 = 0, st_rdev = 0, 
    st_size = 0, st_blksize = 0, st_blocks = 0, st_atim = {tv_sec = 0, tv_nsec = 0}, st_mtim = {tv_sec = 0, tv_nsec = 0}, st_ctim = {tv_sec = 0, 
      tv_nsec = 0}, __unused = {0, 0, 0}}, default_mimetype = 0x7fe17d8be530 "text/html", default_charset = 0x7fe16f2ea939 "", 
  rfc1867_uploaded_files = 0x0, post_max_size = 16777216, options = 0, sapi_started = 1 '\001', global_request_time = 1357194727, 
  known_post_content_types = {nTableSize = 8, nTableMask = 7, nNumOfElements = 2, nNextFreeElement = 0, pInternalPointer = 0x7fe17d43d9c0, 
    pListHead = 0x7fe17d43d9c0, pListTail = 0x7fe17d93e850, arBuckets = 0x7fe17d43b6b0, pDestructor = 0, persistent = 1 '\001', 
    nApplyCount = 0 '\000', bApplyProtection = 0 '\000'}}



Patches

temporary.patch (last revision 2013-01-22 14:01 UTC by remi@php.net)

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2013-01-22 14:01 UTC] remi@php.net
The following patch has been added/updated:

Patch Name: temporary.patch
Revision:   1358863274
URL:        https://bugs.php.net/patch-display.php?bug=64047&patch=temporary.patch&revision=1358863274
 [2013-01-22 14:02 UTC] remi@php.net
We are currently trying to run with the temporary patch applied to get more information about the segfault context.

I will update this bug as soon as I will get more debug information.
 [2015-05-19 21:08 UTC] cmb@php.net
-Status: Open +Status: Feedback
 [2015-05-19 21:08 UTC] cmb@php.net
Any news on this issue, Remy? Is it still relevant for current PHP versions?
 [2015-05-31 04:22 UTC] php-bugs at lists dot php dot net
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Re-Opened". Thank you.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri Dec 27 00:01:30 2024 UTC