php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #6857 --enable-trans-sid and readfile() in function
Submitted: 2000-09-22 19:57 UTC Modified: 2000-12-07 11:41 UTC
From: vonrhein at GlobalPhasing dot com Assigned:
Status: Closed Package: Reproducible Crash
PHP Version: 4.0.2 OS: RedHat 6.2
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: vonrhein at GlobalPhasing dot com
New email:
PHP Version: OS:

 

 [2000-09-22 19:57 UTC] vonrhein at GlobalPhasing dot com
I'm running

 1. Apache 1.3.12 (with mod_ssl 2.6.5) configured like this:

    % ./configure --prefix=$WWW_home/apache \
              --with-apache=../apache_1.3.12 \
              --with-ssl=../openssl-0.9.5a \
              --enable-shared=ssl --enable-module=so --enable-rule=EAPI

  2. PHP 4.0.2 configured like this:
    ./configure --prefix=$WWW_home \
      --x-libraries=/usr/X11R6/lib \
      --x-includes=/usr/X11R6/include \ 
      --with-jpeg-dir=${WWW_home}/src/jpeg-6b \
      --with-tiff-dir=${WWW_home}/src/tiff-v3.5.5 \
      --with-zlib-dir=${WWW_home}/src/zlib-1.1.3 \
      --with-gd=${WWW_home}/src/gd-1.8.3 \
      --with-ttf=${WWW_home}/src/freetype-1.3.1 \
      --with-t1lib=${WWW_home} \
      --enable-freetype-4bit-antialias-hack \
      --with-xpm-dir \
      --without-mysql \
      --with-config-file-path=$WWW_home/etc \
      --with-openssl=${WWW_home} \
      --with-apxs=$WWW_home/apache/bin/apxs \
      --enable-trans-sid \
      --with-pgsql=${WWW_home}/pgsql

This produces the following error messages in the apache error_log:

[Fri Sep 22 10:47:26 2000] [notice] child pid 10401 exit signal Segmentation fault (11), possible coredump in /www/apache
[Fri Sep 22 10:47:27 2000] [notice] child pid 10402 exit signal Segmentation fault (11), possible coredump in /www/apache
[Fri Sep 22 10:47:29 2000] [notice] child pid 10408 exit signal Segmentation fault (11), possible coredump in /www/apache


Here is the backtracking from gdb on the coredump created by httpd -X:

  #0  0x400ca4a7 in memcpy (dstpp=0x8139018, srcpp=0x8139490, len=4294967292) at ../sysdeps/generic/memcpy.c:55
#1  0x400c495c in chunk_realloc (ar_ptr=0x40158d60, oldp=0x8139488, oldsize=0, nb=272) at malloc.c:3369
#2  0x400c4584 in __libc_realloc (oldmem=0x8139490, bytes=268) at malloc.c:3254
#3  0x401830c0 in _erealloc (ptr=0x813949c, size=256, allow_failure=0) at zend_alloc.c:260
#4  0x4020b718 in url_adapt (src=0x813e75f "\b,?\023\b\f?\023\b\214?\023\b?n\016\b\214?\023\bPG_host", srclen=21, 
    data=0xbfffcce0 "sid=9c3fd0dbe2bb69443cf0e0958eb2df49", newlen=0xbfffccdc) at url_scanner.c:149
#5  0x401d44d4 in session_adapt_uris (src=0x813e75c "??\023\b,?\023\b\f?\023\b\214?\023\b?n\016\b\214?\023\bPG_host", srclen=21, new=0xbfffcf04, 
    newlen=0xbfffcf08) at session.c:1260
#6  0x4020dd2c in php_ub_body_write_no_header (str=0x813e75c "??\023\b,?\023\b\f?\023\b\214?\023\b?n\016\b\214?\023\bPG_host", str_length=21)
    at output.c:305
#7  0x4020d944 in php_body_write (str=0x813e75c "??\023\b,?\023\b\f?\023\b\214?\023\b?n\016\b\214?\023\bPG_host", str_length=21) at output.c:81
#8  0x401a8ddf in php_body_write_wrapper (str=0x813e75c "??\023\b,?\023\b\f?\023\b\214?\023\b?n\016\b\214?\023\bPG_host", str_length=21) at main.c:693
#9  0x40199b58 in zend_print_zval_ex (write_func=0x401a8dc4 <php_body_write_wrapper>, expr=0xbfffd0d8, indent=0) at zend.c:189
#10 0x40199aff in zend_print_zval (expr=0xbfffd0d8, indent=0) at zend.c:170
#11 0x4019974a in zend_print_variable (var=0xbfffd0d8) at zend_variables.c:162
#12 0x40491eda in zend_oe_ex () from /www/lib/ZendOptimizer.so
#13 0x40497ce1 in zend_oe_ex () from /www/lib/ZendOptimizer.so
#14 0x40497ce1 in zend_oe_ex () from /www/lib/ZendOptimizer.so
#15 0x4048f3d5 in zend_oe () from /www/lib/ZendOptimizer.so
#16 0x4019a750 in zend_execute_scripts (type=8, file_count=3) at zend.c:712
#17 0x401a9ac2 in php_execute_script (primary_file=0xbffff878) at main.c:1173
#18 0x401a6759 in apache_php_module_main (r=0x811f4cc, display_source_mode=0) at sapi_apache.c:89
#19 0x401a701b in send_php (r=0x811f4cc, display_source_mode=0, filename=0x0) at mod_php4.c:503
#20 0x401a704c in send_parsed_php (r=0x811f4cc) at mod_php4.c:514
#21 0x806c9f3 in ap_invoke_handler ()
#22 0x8080399 in process_request_internal ()
#23 0x80807c8 in ap_internal_redirect ()
#24 0x806154d in handle_dir ()
#25 0x806c9f3 in ap_invoke_handler ()
#26 0x8080399 in process_request_internal ()
#27 0x80803fc in ap_process_request ()
#28 0x8077c0e in child_main ()
#29 0x8077dbc in make_child ()
#30 0x8077f19 in startup_children ()
#31 0x8078546 in standalone_main ()
#32 0x8078ce3 in main ()
#33 0x400829cb in __libc_start_main (main=0x807898c <main>, argc=2, argv=0xbffffab4, init=0x804f534 <_init>, fini=0x80aee4c <_fini>, 
    rtld_fini=0x4000ae60 <_dl_fini>, stack_end=0xbffffaac) at ../sysdeps/generic/libc-start.c:92

Here is the script that generates this core dump:

<?
// ----------------------------------------
$DocumentTitle="Home page";
// ----------------------------------------
require "/www/php/bdg.php";
echo (HtmlHeader($DocumentTitle));
echo (HtmlTopMenu());
echo (HtmlLeftMenu());
?>

The problematic function is HtmlTopMenu():

function HtmlTopMenu() {
  $result  = "";
  $result .= HtmlInclude("BDGTopMenu1");
  if ( IsLogin() ) {
    $result .= HtmlInclude("BDGTopMenu2");
  } else {
    $result .= HtmlInclude("BDGTopMenu3");
  }
  return $result;
}
function HtmlInclude ($id) {
  global $BDG_htmldir;
  $file = $BDG_htmldir . "/" . $id . ".html";
  $result = "";
  if ( is_file ($file) ) {
    readfile($file);
  }
  return $result;
}

This crashes PHP 4.0.2 (compiled with --enable-trans-sid) but NOT when I remove --enable-trans-sid.

If I change the HtmlInclude() function to:

function HtmlInclude ($id) {
  global $BDG_htmldir;
  $file = $BDG_htmldir . "/" . $id . ".html";
  $result = "";
  if ( is_file ($file) ) {
    $id = fopen($file,'r');
    $result .= fread ($id, filesize ($file));
    fclose($id);
  }
  return $result;
}

it will work with or without --enable-trans-sid.

Is this a bug/feature or is my PHP code just wrong? Anyway, I hope it helps ...

Clemens

PS: a short test with 4.0.3RC1 gave same result.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2000-11-01 12:53 UTC] sniper@php.net
Please try the latest CVS or snapshot from snaps.php.net
and report back whether this problem still exists
or not.

--Jani

 [2000-12-07 11:41 UTC] sniper@php.net
Reopen, if this still happens when using latest snapshot
from http://snaps.php.net/

--Jani
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved.
Last updated: Tue Jul 01 04:01:36 2025 UTC