|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #11316 segfault, possibly in xml functions
Submitted: 2001-06-06 14:25 UTC Modified: 2002-02-26 00:00 UTC
From: olivier at lx dot student dot wau dot nl Assigned:
Status: No Feedback Package: XML related
PHP Version: 4.0.5 OS: Debian/stable Linux 2.2.19
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2001-06-06 14:25 UTC] olivier at lx dot student dot wau dot nl
I get reproducable bug reports in a large PHP application using a wide scale of functions. All the code apart from each other works without a problem, but combined generates a segfault (according to error.log from Apache). The code uses a session handler based on interbase functions, a xml parser, and a lot of objects. PHP 4.0.5 is used.

After compiling PHP with debugging, I didn't get a segfault anymore, but the XML parsing code complains that it can't access the data and element handlers anymore. Probably the xml parsers internal memory is trashed the same way as the segfault is caused with the normal PHP module. 

Since it is a large application it is very hard to pinpoint the problem. When altering the code, the segfault can be avoided by making the XML file smaller, but also by removing an unserialize() at some specific part of the code. My conclusion is that there is a buffer overrun somewhere long before in the code, which is only causing problems when the application is using a lot of memory (perhaps the PHP garbage collector is activated at some stage?)

A backtrace with a regular PHP module can be provided if it is useful, just let me know. If there is a way to pinpoint the problem please let me know. I can't reproduce the crash in a short script, and since the application is rather large I decided not to include it in this posting. I realize this is not much information, but I will help you in any way if you can tell me what to do (should I try a CVS version?). The bugs looks a little like bug #10254.



Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2001-06-07 04:39 UTC]
Please attache the gdb backtrace you get. It might help at
least little bit. 
 [2001-06-07 11:36 UTC] olivier at lx dot student dot wau dot nl
Here's the backtrace, without debugging compiled (because I get weird errors instead of a segfault when enabling debug info):

Program received signal SIGSEGV, Segmentation fault.
0xbfffdee8 in ?? ()
(gdb) bt
#0  0xbfffdee8 in ?? ()
#1  0x4022a803 in add_function () from /usr/lib/apache/1.3/
#2  0x4022a589 in add_function () from /usr/lib/apache/1.3/
#3  0x402a303c in php_if_utf8_decode () from /usr/lib/apache/1.3/
#4  0x402a3786 in php_if_utf8_decode () from /usr/lib/apache/1.3/
#5  0x402b53c1 in php_XML_ErrorString () from /usr/lib/apache/1.3/
#6  0x402b4bcd in php_XML_ErrorString () from /usr/lib/apache/1.3/
#7  0x402b6b25 in virtual_file_ex () from /usr/lib/apache/1.3/
#8  0x402b6822 in virtual_file_ex () from /usr/lib/apache/1.3/
#9  0x402b4749 in php_XML_ErrorString () from /usr/lib/apache/1.3/
#10 0x402a4b1a in php_if_utf8_decode () from /usr/lib/apache/1.3/
#11 0x40224299 in execute () from /usr/lib/apache/1.3/
#12 0x402244ec in execute () from /usr/lib/apache/1.3/
#13 0x4023260f in zend_hash_quick_add_or_update ()
   from /usr/lib/apache/1.3/
#14 0x402441c4 in destroy_uploaded_files_hash ()
   from /usr/lib/apache/1.3/
#15 0x4024095f in php_module_shutdown () from /usr/lib/apache/1.3/
#16 0x402412f0 in php_handle_auth_data () from /usr/lib/apache/1.3/
#17 0x4024132e in php_lint_script () from /usr/lib/apache/1.3/
#18 0x8053e64 in ap_invoke_handler ()
#19 0x80626ec in ap_some_auth_required ()
#20 0x8062748 in ap_process_request ()
#21 0x805c4d9 in ap_child_terminate ()
#22 0x805c66c in ap_child_terminate ()
#23 0x805c789 in ap_child_terminate ()
#24 0x805cc3b in ap_child_terminate ()
#25 0x805d2ed in main ()
#26 0x400c0a42 in __libc_start_main () from /lib/

 [2002-01-14 09:58 UTC]
Can you try with 4.1.1? With debug, and provide the wierd errors.
 [2002-02-26 00:00 UTC] php-bugs at lists dot php dot net
No feedback was provided for this bug for over a month, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Tue May 11 11:01:23 2021 UTC