php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #71764 LDAP and PDO_OCI causing segfault in Apache
Submitted: 2016-03-10 10:35 UTC Modified: 2016-08-10 09:18 UTC
Votes:5
Avg. Score:3.8 ± 1.2
Reproduced:4 of 4 (100.0%)
Same Version:2 (50.0%)
Same OS:-1 (-25.0%)
From: sking at psc dot ac dot uk Assigned:
Status: Open Package: Reproducible crash
PHP Version: 7.0.4 OS: SLES 11
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: sking at psc dot ac dot uk
New email:
PHP Version: OS:

 

 [2016-03-10 10:35 UTC] sking at psc dot ac dot uk
Description:
------------
I am using both the LDAP module and the PDO_OCI module and everything is fine until Apache is gracefully restarted (apache2ctl graceful).  Then on the 2nd page refresh, Apache will segfault.  

If I disable the pdo_oci module (even with the oci8 module still enabled), everything is fine.  It seems that it is the combination of the 2 modules that is the problem.  If I compile PHP with enable-debug, everything is fine also.  It won't segfault in those cases.

The ldap module is compiled to use the OpenLDAP library (version 2.4.26).  I know that the Oracle instant client comes with its own ldap library, and it's possible that is the problem.  I have tried compiling the ldap module to use the Oracle ldap library, but that just segfaults instantly on page load (a different segfault).

Ldap is configured with: "--with-ldap-sasl=/usr --with-libdir=lib64"
Pdo_oci is configured with: "--with-pdo-oci=instantclient,/usr,12.1 --with-libdir=lib64"


Test script:
---------------
<?php
$link=ldap_connect("ldap://ldap1.psc.ac.uk",636);
?>

Actual result:
--------------
#0  *__GI___libc_free (mem=0x59) at malloc.c:3704
#1  0x00007f099df6ad83 in ldap_ld_free (ld=0xc8f740, close=1, sctrls=<optimized out>, cctrls=0x0) at unbind.c:128
#2  0x00007f099df60afe in ldap_initialize (ldp=0x7fff6a07c7a0, url=0x7f098baa51e8 "ldap://ldap1.psc.ac.uk") at open.c:247
#3  0x00007f099c3bb384 in zif_ldap_connect (execute_data=<optimized out>, return_value=0x7f099ca180a0)
    at /usr/local/src/php-7.0.4/ext/ldap/ldap.c:374
#4  0x00007f09a29f4776 in ZEND_DO_ICALL_SPEC_HANDLER (execute_data=0x7f099ca18030) at /usr/local/src/php-7.0.4/Zend/zend_vm_execute.h:586
#5  0x00007f09a29cbad0 in execute_ex (ex=<optimized out>) at /usr/local/src/php-7.0.4/Zend/zend_vm_execute.h:417
#6  0x00007f09a2a22d5a in zend_execute (op_array=0x7f099ca6f000, return_value=0x0) at /usr/local/src/php-7.0.4/Zend/zend_vm_execute.h:458
#7  0x00007f09a298c713 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /usr/local/src/php-7.0.4/Zend/zend.c:1427
#8  0x00007f09a292c2e0 in php_execute_script (primary_file=0x7fff6a07ec10) at /usr/local/src/php-7.0.4/main/main.c:2484
#9  0x00007f09a2a25a0d in php_handler (r=0xc4d660) at /usr/local/src/php-7.0.4/sapi/apache2handler/sapi_apache2.c:678
#10 0x000000000045f8f3 in ap_run_handler (r=0xc4d660) at config.c:170
#11 0x00000000004602f5 in ap_invoke_handler (r=0xc4d660) at config.c:433
#12 0x000000000047f342 in ap_process_async_request (r=0xc4d660) at http_request.c:410
#13 0x000000000047f3ed in ap_process_request (r=0xc4d660) at http_request.c:445
#14 0x000000000047a838 in ap_process_http_sync_connection (c=0xc31170) at http_core.c:210
#15 0x000000000047a93b in ap_process_http_connection (c=0xc31170) at http_core.c:251
#16 0x000000000046e90a in ap_run_process_connection (c=0xc31170) at connection.c:41
#17 0x000000000046eddd in ap_process_connection (c=0xc31170, csd=0xc30f80) at connection.c:213
#18 0x000000000048b49e in child_main (child_num_arg=6, child_bucket=0) at prefork.c:723
#19 0x000000000048b6f1 in make_child (s=0x6ee678, slot=6, bucket=0) at prefork.c:824
#20 0x000000000048bbb8 in perform_idle_server_maintenance (p=0x6bb138) at prefork.c:932
#21 0x000000000048c417 in prefork_run (_pconf=0x6bb138, plog=0x6e8378, s=0x6ee678) at prefork.c:1128
#22 0x00000000004390fb in ap_run_mpm (pconf=0x6bb138, plog=0x6e8378, s=0x6ee678) at mpm_common.c:96
#23 0x0000000000431146 in main (argc=5, argv=0x7fff6a07f788) at main.c:777

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-03-10 12:15 UTC] sking at psc dot ac dot uk
I have upgraded my OpenLDAP libraries from the version that comes with my distro (2.4.26) to the latest version (2.4.44).  This seems to fix things (fingers crossed!)
 [2016-08-10 09:02 UTC] ere dot maijala at helsinki dot fi
Happens also with using GD functions to create a PNG. I can reproduce on CentOS 7 with PHP 7.0.9 and Apache 2.4.6 with the following script:

-----------------
<?php
header('Content-Type: image/png');
$img = imagecreatetruecolor(100, 100);
imagepng($img);
 [2016-08-10 09:18 UTC] requinix@php.net
@ere: That code has nothing to do with this. If you are getting a crash then you need to open a new bug report. https://bugs.php.net/how-to-report.php
 [2016-08-10 10:47 UTC] ere dot maijala at helsinki dot fi
It may be related that after a graceful restart of Apache, phpinfo() reports a different zlib version being linked. In my case before graceful restart:

Compiled Version => 1.2.7
Linked Version => 1.2.7

After graceful restart:

Compiled Version => 1.2.7
Linked Version => 1.2.3.f-ora-v2
 [2016-08-10 10:49 UTC] ere dot maijala at helsinki dot fi
@requinix: sorry, I thought it would be quite related since both involve PDO_OCI.
 [2017-04-24 17:57 UTC] perske at uni-muenster dot de
I am hit by the same bug (same stack trace) with PHP 7.1.4, Oracle Instant Client 12.1 on CentOS 7 with OpenLDAP 2.4.40.
 [2017-04-25 07:42 UTC] sking at psc dot ac dot uk
And the annoying thing is that I've been running a server with PHP compiled with debug mode enabled for a few weeks now and it won't crash.  As soon as I disable debug mode, it will crash within a day or two.

It's proving tricky to get more information on this bug.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Nov 21 15:01:30 2024 UTC