PHP :: Bug #1177 :: pg_fetch_array($res,0) crashing Apache when query empty

Bug #1177	pg_fetch_array($res,0) crashing Apache when query empty
Submitted:	1999-02-22 07:41 UTC	Modified:	2002-06-16 08:28 UTC
From:	hendrik at sdn dot co dot za	Assigned:
Status:	Not a bug	Package:	Reproducible Crash
PHP Version:	3.0.6	OS:	Solaris 2.6
Private report:	No	CVE-ID:	None

View Developer Edit

[1999-02-22 07:41 UTC] hendrik at sdn dot co dot za

Have a problem getting phplib-6.1 to work under Solaris 2.6 
Althought it's working under Linux with the same configuration...

At First I thought it was pgsql.c related, and added a few
php3_error(E_NOTICE,"at this stage..."); messages.

Sofar I can't get my finger on the part in phplib that triggers the error, but it's sending and receiving cooking info, and then when it's suppose to display something, it crashes.

Suspecting PostgresSQL, I changed to MySQL, with the same problem :((

What I DO noticed, however, is that php3_error() & a strlen which SEGFLT,  appears to be a common denominator of this
problem.

When I used Postgress (with a php3_error() right before the call to pg_fetch_hash) the following dbx backtrace info:

signal SEGV (no mapping at the fault address) in strlen at 0xef524614
0xef524614: strlen+0x0080:      ld      [%o1], %o2
Current function is ap_invoke_handler
  505               result = (*handp->hr.handler) (r);
(dbx) frame -v
0xef21c0b8: send_parsed_php3+0x0018:    call    0xef28854c [PLT 21: send_php3]
(dbx) frame
13
(dbx) where -v
  [1] strlen(0x0, 0x0, 0xefffbd18, 0x7efefeff, 0x81010100, 0xff0000), at 0xef524614
  [2] _doprnt(0xef260cf0, 0x0, 0x0, 0x0, 0x81010100, 0xff0000), at 0xef55a4c4
  [3] snprintf(0xefffbd90, 0x400, 0xef260ce0, 0xef2aaa00, 0x325b8, 0x3104), at 0xef563900
  [4] debugger_send_string(0xef260d70, 0x0, 0xef260d58, 0xefffc208, 0xb2550, 0x11), at 0xef227858
  [5] php3_debugger_frame_location(0x98b98, 0x0, 0x0, 0xb15b0, 0x97b58, 0x3e), at 0xef227b3c
  [6] php3_debugger_error(0x0, 0xef2cca20, 0x97b58, 0x3e, 0xef2cc990, 0x0), at 0xef227d9c
  [7] php3_error(0x8, 0xef2654c0, 0xefffd738, 0xef2cc870, 0x97b58, 0x970b8), at 0xef21d530
  [8] php3_pgsql_fetch_array(0x9d768, 0xef2bbb00, 0xef2cc600, 0xef2cc9cc, 0xef241330, 0x39), at 0xef241344
  [9] phpparse(0xc6, 0xefffea5c, 0x0, 0xefffe9c0, 0xc8, 0xefffdd40), at 0xef252bfc
  [10] php3_parse(0x1, 0xef28c430, 0xef2cca2c, 0x2, 0x0, 0x0), at 0xef21ee04
  [11] apache_php3_module_main(0x54dc8, 0x13, 0x0, 0x0, 0x0, 0xef2cc870), at 0xef21f110
  [12] send_php3(0x54dc8, 0x0, 0x0, 0x0, 0x0, 0x559b8), at 0xef21c028
=>[13] send_parsed_php3(0x54dc8, 0xef25f430, 0x0, 0x0, 0x70687033, 0x70687033), at 0xef21c0b8
  [14] ap_invoke_handler(r = 0x54dc8), line 505 in "http_config.c"
  [15] process_request_internal(r = 0x54dc8), line 1201 in "http_request.c"
  [16] ap_process_request(r = 0x54dc8), line 1217 in "http_request.c"
  [17] child_main(child_num_arg = 0), line 3852 in "http_main.c"
  [18] make_child(s = 0x20ca0, slot = 0, now = 919686539), line 3924 in "http_main.c"
  [19] startup_children(number_to_start = 2), line 4004 in "http_main.c"
  [20] standalone_main(argc = 2, argv = 0xeffff1f4), line 4291 in "http_main.c"
  [21] ap_main(argc = 2, argv = 0xeffff1f4), line 4592 in "http_main.c"
  [22] main(argc = 2, argv = 0xeffff1f4), line 6021 in "http_main.c"


A fuller trace back with MySQL running:
# echo "runargs -X \n run \n cont \n where \n "|dbx /apps/apache/bin/httpd
Reading symbolic information for httpd
Reading symbolic information for rtld /usr/lib/ld.so.1
Reading symbolic information for libc.so.1
Reading symbolic information for libdl.so.1
Reading symbolic information for libc_psr.so.1
Running: httpd -X 
(process id 16569)
dbx: process 16569 about to exec("/apps/apache/libexec/libhttpd.ep")
dbx: program "/apps/apache/libexec/libhttpd.ep" just exec'ed
dbx: to go back to the original program use "debug $oprog"
Reading symbolic information for libhttpd.ep
Skipping ld.so.1, already read
Reading symbolic information for libhttpd.so
Reading symbolic information for libsocket.so.1
Reading symbolic information for libnsl.so.1
Skipping libdl.so.1, already read
Skipping libc.so.1, already read
Reading symbolic information for libmp.so.2
Skipping libc_psr.so.1, already read
stopped in main at line 6021 in file "http_main.c"
 6021       return ap_main(argc, argv);
Reading symbolic information for mod_env.so
Reading symbolic information for mod_log_config.so
Reading symbolic information for mod_mime.so
Reading symbolic information for mod_negotiation.so
Reading symbolic information for mod_status.so
Reading symbolic information for mod_include.so
Reading symbolic information for mod_autoindex.so
Reading symbolic information for mod_dir.so
Reading symbolic information for mod_cgi.so
Reading symbolic information for mod_asis.so
Reading symbolic information for mod_imap.so
Reading symbolic information for mod_actions.so
Reading symbolic information for mod_userdir.so
Reading symbolic information for mod_alias.so
Reading symbolic information for mod_access.so
Reading symbolic information for mod_auth.so
Reading symbolic information for mod_setenvif.so
Reading symbolic information for libphp3.so
Reading symbolic information for libmysqlclient.so.6
Reading symbolic information for libpq.so
Reading symbolic information for libgdbm.so
Reading symbolic information for libresolv.so.2
Reading symbolic information for libm.so.1
Reading symbolic information for en_US.so.1
Reading symbolic information for nss_nisplus.so.1
Reading symbolic information for libdoor.so.1
Reading symbolic information for nss_files.so.1
Skipping mod_env.so, already read
Skipping mod_log_config.so, already read
Skipping mod_mime.so, already read
Skipping mod_negotiation.so, already read
Skipping mod_status.so, already read
Skipping mod_include.so, already read
Skipping mod_autoindex.so, already read
Skipping mod_dir.so, already read
Skipping mod_cgi.so, already read
Skipping mod_asis.so, already read
Skipping mod_imap.so, already read
Skipping mod_actions.so, already read
Skipping mod_userdir.so, already read
Skipping mod_alias.so, already read
Skipping mod_access.so, already read
Skipping mod_auth.so, already read
Skipping mod_setenvif.so, already read
Skipping libphp3.so, already read
Skipping libmysqlclient.so.6, already read
Skipping libpq.so, already read
Skipping libgdbm.so, already read
Skipping libresolv.so.2, already read
Skipping libm.so.1, already read
signal SEGV (no mapping at the fault address) in strlen at 0xef524614
0xef524614: strlen+0x0080:      ld      [%o1], %o2
Current function is ap_invoke_handler
  505               result = (*handp->hr.handler) (r);
  [1] strlen(0x0, 0x0, 0xefffbd10, 0x7efefeff, 0x81010100, 0xff0000), at 0xef524614
  [2] _doprnt(0xef265020, 0x0, 0x0, 0x0, 0x81010100, 0xff0000), at 0xef55a4c4
  [3] snprintf(0xefffbd88, 0x400, 0xef265010, 0xef2afc00, 0x325d8, 0x40b9), at 0xef563900
  [4] debugger_send_string(0xef2650a0, 0x0, 0xef265088, 0xefffc200, 0x9e7d0, 0x11), at 0xef228e58
  [5] php3_debugger_frame_location(0x9e1f8, 0x0, 0x0, 0xb7d50, 0xb88e0, 0x3f), at 0xef22913c
  [6] php3_debugger_error(0x0, 0xef2d1c20, 0xb88e0, 0x3f, 0xef2d1b90, 0x0), at 0xef22939c
  [7] php3_error(0x8, 0xef2647e0, 0xefffd730, 0xef2d1a70, 0xb88e0, 0xa0d28), at 0xef21eb30
  [8] read_pointer_value(0xefffdd20, 0xefffe210, 0x57c0, 0xffffffff, 0x101ff, 0x15a), at 0xef226218
  [9] phpparse(0xec, 0xefffea5a, 0x0, 0xefffe9c0, 0xc8, 0xefffdd40), at 0xef257880
  [10] php3_parse(0x1, 0xef291688, 0xef2d1c2c, 0x2, 0x0, 0x0), at 0xef220404
  [11] apache_php3_module_main(0x5c508, 0x13, 0x0, 0x0, 0x0, 0xef2d1a70), at 0xef220710
  [12] send_php3(0x5c508, 0x0, 0x0, 0x0, 0x0, 0x5d0f8), at 0xef21d628
  [13] send_parsed_php3(0x5c508, 0xef263760, 0x0, 0x0, 0x70687033, 0x70687033), at 0xef21d6b8
=>[14] ap_invoke_handler(r = 0x5c508), line 505 in "http_config.c"
  [15] process_request_internal(r = 0x5c508), line 1201 in "http_request.c"
  [16] ap_process_request(r = 0x5c508), line 1217 in "http_request.c"
  [17] child_main(child_num_arg = 0), line 3852 in "http_main.c"
  [18] make_child(s = 0x20ca0, slot = 0, now = 919693489), line 3924 in "http_main.c"
  [19] startup_children(number_to_start = 2), line 4004 in "http_main.c"
  [20] standalone_main(argc = 2, argv = 0xeffff1f4), line 4291 in "http_main.c"
  [21] ap_main(argc = 2, argv = 0xeffff1f4), line 4592 in "http_main.c"
  [22] main(argc = 2, argv = 0xeffff1f4), line 6021 in "http_main.c"

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2002-06-16 08:28 UTC] sander@php.net

Thank you for taking the time to report a problem with PHP.
Unfortunately, PHP 3 is no longer supported. Please download
the latest version of PHP 4 from http://www.php.net/downloads.php

If you are able to reproduce the bug with one of the latest
versions of PHP, please change the PHP version on this bug report
to the version you tested and change the status back to "Open".
Again, thank you for your continued support of PHP.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Mon Nov 03 17:00:01 2025 UTC