|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
[2018-07-19 05:52 UTC] nicolas dot dermine at gmail dot com
Description: ------------ When using `output_add_rewrite_var` our PHP page served by Apache is not displayed and we have this error in the logs: [Tue Jul 10 08:03:08.884730 2018] [core:notice] [pid 1] AH00052: child pid 220 exit signal Segmentation fault (11) Thea app is running in a docker container based on the docker 7.2.7-apache image. I tried storing the HTML output to a file and then running a script that just calls `output_add_rewrite_var` and includes the HTML but could not reproduce the error that way. I will try to narrow it down to a reproducible script but our app is pretty complex so I am not sure I will succeed. If I comment the call to `output_add_rewrite_var` the page is displayed correctly. I'll paste a gdb session in the 'Actual result' section, hoping this can help you see where the problem is. (to get this gdb session working I rebuilt the docker container to configure PHP with --enable-debug and not strip the symbols. In that case I do not get a segmentation fault any more, but it complains that something is inconsistent) Actual result: -------------- root@414dbe04e97b:/var/www/html/allegro# gdb php GNU gdb (Debian 7.12-6) 7.12.0.20161007-git Copyright (C) 2016 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-linux-gnu". Type "show configuration" for configuration details. For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>. Find the GDB manual and other documentation resources online at: <http://www.gnu.org/software/gdb/documentation/>. For help, type "help". Type "apropos word" to search for commands related to "word"... Reading symbols from php...done. (gdb) break zend_output_debug_string Breakpoint 1 at 0x798253: file /usr/src/php/Zend/zend.c, line 1425. (gdb) run Public/System/Log/listErreur.php User_Login=ndermine Starting program: /usr/local/bin/php Public/System/Log/listErreur.php User_Login=ndermine [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". Breakpoint 1, zend_output_debug_string (trigger_break=1 '\001', format=0x555556536c98 "%s(%d) : ht=%p is inconsistent") at /usr/src/php/Zend/zend.c:1425 1425 /usr/src/php/Zend/zend.c: No such file or directory. (gdb) bt #0 zend_output_debug_string (trigger_break=1 '\001', format=0x555556536c98 "%s(%d) : ht=%p is inconsistent") at /usr/src/php/Zend/zend.c:1425 #1 0x0000555555cfe8c9 in _zend_is_inconsistent (ht=0x7fffee206508, file=0x555556536cb7 "/usr/src/php/Zend/zend_hash.c", line=1966) at /usr/src/php/Zend/zend_hash.c:61 #2 0x0000555555d04c2a in zend_hash_str_find (ht=0x7fffee206508, str=0x5555565038b7 "HTTP_HOST", len=9) at /usr/src/php/Zend/zend_hash.c:1966 #3 0x0000555555b9deaa in check_http_host (target=0x7fffe9083f90 "192.168.99.100") at /usr/src/php/ext/standard/url_scanner_ex.c:352 #4 0x0000555555b9e0f7 in check_host_whitelist (ctx=0x55555691e740 <basic_globals+3776>) at /usr/src/php/ext/standard/url_scanner_ex.c:401 #5 0x0000555555b9e1d8 in handle_form (ctx=0x55555691e740 <basic_globals+3776>, start=0x7fffe8c9522b ">\n", ' ' <repeats 28 times>, "<input type=\"hidden\" name=\"date_from\" id=\"date_from\" value=\"04-07-2018\" />\n", ' ' <repeats 28 times>, "<input type=\"hidden\" name=\"date_to\" id=\"date_to\" value=\"19-07-2018\""..., xp=0x7fffe8c9522c "\n", ' ' <repeats 28 times>, "<input type=\"hidden\" name=\"date_from\" id=\"date_from\" value=\"04-07-2018\" />\n", ' ' <repeats 28 times>, "<input type=\"hidden\" name=\"date_to\" id=\"date_to\" value=\"19-07-2018\" "...) at /usr/src/php/ext/standard/url_scanner_ex.c:426 #6 0x0000555555b9e882 in xx_mainloop (ctx=0x55555691e740 <basic_globals+3776>, newdata=0x7fffe8b88000 " <!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\"\n \"http://www.w3.org/TR/html4/loose.dtd\">\n <html lang=\"fr\">\n <head>\n \n\n <title>Tracer les erreurs</title>\n\n\t<m"..., newlen=74922) at /usr/src/php/ext/standard/url_scanner_ex.c:708 #7 0x0000555555b9ef84 in url_adapt_ext ( src=0x7fffe8b88000 " <!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\"\n \"http://www.w3.org/TR/html4/loose.dtd\">\n <html lang=\"fr\">\n <head>\n \n\n <title>Tracer les erreurs</title>\n\n\t<m"..., srclen=74922, newlen=0x7fffffffc690, do_flush=1 '\001', ctx=0x55555691e740 <basic_globals+3776>) at /usr/src/php/ext/standard/url_scanner_ex.c:998 #8 0x0000555555b9f21e in php_url_scanner_session_handler_impl ( output=0x7fffe8b88000 " <!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\"\n \"http://www.w3.org/TR/html4/loose.dtd\">\n <html lang=\"fr\">\n <head>\n \n\n <title>Tracer les erreurs</title>\n\n\t<m"..., output_len=74922, handled_output=0x7fffffffc710, handled_output_len=0x7fffffffc718, mode=9, type=0) at /usr/src/php/ext/standard/url_scanner_ex.c:1065 #9 0x0000555555b9f434 in php_url_scanner_output_handler ( output=0x7fffe8b88000 " <!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\"\n \"http://www.w3.org/TR/html4/loose.dtd\">\n <html lang=\"fr\">\n <head>\n \n\n <title>Tracer les erreurs</title>\n\n\t<m"..., output_len=74922, handled_output=0x7fffffffc710, handled_output_len=0x7fffffffc718, mode=9) at /usr/src/php/ext/standard/url_scanner_ex.c:1097 #10 0x0000555555c6b690 in php_output_handler_compat_func (handler_context=0x7fffe9309038, output_context=0x7fffffffc7e0) at /usr/src/php/main/output.c:1256 #11 0x0000555555c6adad in php_output_handler_op (handler=0x7fffe9309000, context=0x7fffffffc7e0) at /usr/src/php/main/output.c:984 #12 0x0000555555c6b57c in php_output_stack_pop (flags=1) at /usr/src/php/main/output.c:1221 #13 0x0000555555c6950e in php_output_end_all () at /usr/src/php/main/output.c:341 #14 0x0000555555c4ece3 in php_request_shutdown (dummy=0x0) at /usr/src/php/main/main.c:1867 #15 0x0000555555ddffb0 in do_cli (argc=3, argv=0x5555569555e0) at /usr/src/php/sapi/cli/php_cli.c:1178 #16 0x0000555555de081e in main (argc=3, argv=0x5555569555e0) at /usr/src/php/sapi/cli/php_cli.c:1404 (gdb) continue Continuing. /usr/src/php/Zend/zend_hash.c(1966) : ht=0x7fffee206508 is inconsistent [Inferior 1 (process 31) exited normally] PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
|
|||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Tue Oct 28 03:00:02 2025 UTC |
Simple reproducer: <?php $_SERVER = 'foo'; output_add_rewrite_var('bar', 'baz'); ?> <form action="http://example.com/"></form> Outputs in debug builds: php-src/Zend/zend_hash.c(2107) : ht=0x7f72ab202500 is being destroyed and segfaults on production builds. This is caused because we're currently assuming that _SERVER is an array[1]; adding a type check appears to solve the issue. Please try this patch: <https://gist.github.com/cmb69/26076c5bac9a1429a03be3eaca65fe0c>. [1] <https://github.com/php/php-src/blob/php-7.2.7/ext/standard/url_scanner_ex.re#L358>