php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #14433 Segmentation fault
Submitted: 2001-12-11 15:03 UTC Modified: 2002-04-06 20:33 UTC
Votes:1
Avg. Score:4.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: michael at daimi dot au dot dk Assigned:
Status: Closed Package: Apache2 related
PHP Version: 4.1.0 OS: Linux 2.4.16
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: michael at daimi dot au dot dk
New email:
PHP Version: OS:

 

 [2001-12-11 15:03 UTC] michael at daimi dot au dot dk
It's very hard to tell why this happens, because it only does occationally. I've included a back trace:

I'm running Apache 2.0.28 in prefork mode. As you can see the error occurs when I'm just trying to write something to the client. It doesn't seem to be associated with any particular operation. If I reload the same page 10 times, only 0-2 segfaults occur. However, most of the time there simply is no PHP output on the pages, but there are no segfaults either.

#0  0x08254789 in ?? ()
#1  0x4025a9cf in php_apache_sapi_ub_write (str=0x825477b "", str_length=0, tsrm_ls=0x8217070) at sapi_apache2.c:66
#2  0x402663af in php_ub_body_write_no_header (str=0x825475c "<option value=\"18\">18</option>\n", str_length=31, 
    tsrm_ls=0x8217070) at output.c:450
#3  0x4026582a in php_body_write (str=0x825475c "<option value=\"18\">18</option>\n", str_length=31, 
    tsrm_ls=0x8217070) at output.c:100
#4  0x4025d136 in php_body_write_wrapper (str=0x825475c "<option value=\"18\">18</option>\n", str_length=31)
    at main.c:757
#5  0x4024e050 in zend_print_zval_ex (write_func=0x4025d104 <php_body_write_wrapper>, expr=0xbfffb010, indent=0)
    at zend.c:187
#6  0x4024dff1 in zend_print_zval (expr=0xbfffb010, indent=0) at zend.c:168
#7  0x4024dc88 in zend_print_variable (var=0xbfffb010) at zend_variables.c:172
#8  0x4023bd57 in execute (op_array=0x8252d84, tsrm_ls=0x8217070) at ./zend_execute.c:1217
#9  0x4024f7ea in zend_execute_scripts (type=8, tsrm_ls=0x8217070, retval=0x0, file_count=3) at zend.c:814
#10 0x4025e821 in php_execute_script (primary_file=0xbfffd658, tsrm_ls=0x8217070) at main.c:1309
#11 0x4025b201 in php_output_filter (f=0x8264f34, bb=0x82650cc) at sapi_apache2.c:361
#12 0x0811e065 in ap_pass_brigade (next=0x8264f34, bb=0x82650cc) at util_filter.c:276
#13 0x081245c8 in default_handler (r=0x825ce84) at core.c:2785
#14 0x0811300b in ap_run_handler (r=0x825ce84) at config.c:185
#15 0x081135b6 in ap_invoke_handler (r=0x825ce84) at config.c:344
#16 0x08102109 in ap_process_request (r=0x825ce84) at http_request.c:286
#17 0x080fe2c5 in ap_process_http_connection (c=0x81ce484) at http_core.c:289
#18 0x0811c81b in ap_run_process_connection (c=0x81ce484) at connection.c:82
#19 0x0811c9d9 in ap_process_connection (c=0x81ce484) at connection.c:219
#20 0x08111bec in child_main (child_num_arg=0) at prefork.c:803
#21 0x08111c9e in make_child (s=0x8170b2c, slot=0) at prefork.c:839
#22 0x08111db6 in startup_children (number_to_start=10) at prefork.c:913
#23 0x081121a5 in ap_mpm_run (_pconf=0x816f52c, plog=0x81a36cc, s=0x8170b2c) at prefork.c:1129
#24 0x0811774d in main (argc=4, argv=0xbffff9e4) at main.c:432
#25 0x400fd65f in __libc_start_main () from /lib/libc.so.6

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2001-12-11 15:08 UTC] michael at daimi dot au dot dk
Update: I have reproduced what I believe is the same error under Apache 1.3.22. It was compiled without debug information, so no backtrace this time :(
 [2001-12-12 11:13 UTC] sniper@php.net
Does this happen with latest CVS snapshot from http://snaps.php.net/ ?
And do you have some short example script to include here which
can be used to reproduce this problem?

 [2001-12-12 11:19 UTC] michael at daimi dot au dot dk
I am in the progress of trying to figure out if anything in particular will cause this problem. When/if I do, I will post a short test program. I have not tried with the latest CVS version, but I will do that when I find a small test program to reproduce the problem.
 [2001-12-12 13:42 UTC] michael at daimi dot au dot dk
ok, it seems that it occurs when it outputs some text. Perhaps only when it's stressed with multiple connections at the same time. Just pressing reload in my browser, waiting for the page to load and press reload again would not give me a segfault (this does not mean that it couldn't have happened though), but pressing reload multiple times after another would eventually cause it to segfault. Here's the test program (very simple):

----------------------------
<html>
<body>
<?php
  echo "SEGFAULT !";
?>
</body>
</html>
----------------------------

That's all...

And here's the output from gdb when running this program and getting a segfault:

0x4025a96a in php_apache_sapi_ub_write (str=0x824c054 "SEGFAULT !", str_length=10, tsrm_ls=0x8217070) at sapi_apache2.c:58
58              bb = apr_brigade_create(ctx->f->r->pool);
(gdb) bt
#0  0x4025a96a in php_apache_sapi_ub_write (str=0x824c054 "SEGFAULT !", str_length=10, tsrm_ls=0x8217070) at sapi_apache2.c:58
#1  0x402663af in php_ub_body_write_no_header (str=0x824c054 "SEGFAULT !", str_length=10, tsrm_ls=0x8217070) at output.c:450
#2  0x4026582a in php_body_write (str=0x824c054 "SEGFAULT !", str_length=10, tsrm_ls=0x8217070) at output.c:100
#3  0x4025d136 in php_body_write_wrapper (str=0x824c054 "SEGFAULT !", str_length=10) at main.c:757
#4  0x4024e050 in zend_print_zval_ex (write_func=0x4025d104 <php_body_write_wrapper>, expr=0x82819f8, indent=0) at zend.c:187
#5  0x4024dff1 in zend_print_zval (expr=0x82819f8, indent=0) at zend.c:168
#6  0x4024dc88 in zend_print_variable (var=0x82819f8) at zend_variables.c:172
#7  0x4023be47 in execute (op_array=0x827194c, tsrm_ls=0x8217070) at ./zend_execute.c:1223
#8  0x4024f7ea in zend_execute_scripts (type=8, tsrm_ls=0x8217070, retval=0x0, file_count=3) at zend.c:814
#9  0x4025e821 in php_execute_script (primary_file=0xbfffd648, tsrm_ls=0x8217070) at main.c:1309
#10 0x4025b201 in php_output_filter (f=0x82532ec, bb=0x825346c) at sapi_apache2.c:361
#11 0x0811e065 in ap_pass_brigade (next=0x82532ec, bb=0x825346c) at util_filter.c:276
#12 0x081245c8 in default_handler (r=0x825069c) at core.c:2785
#13 0x0811300b in ap_run_handler (r=0x825069c) at config.c:185
#14 0x081135b6 in ap_invoke_handler (r=0x825069c) at config.c:344
#15 0x08102109 in ap_process_request (r=0x825069c) at http_request.c:286
#16 0x080fe2c5 in ap_process_http_connection (c=0x81ce484) at http_core.c:289
#17 0x0811c81b in ap_run_process_connection (c=0x81ce484) at connection.c:82
#18 0x0811c9d9 in ap_process_connection (c=0x81ce484) at connection.c:219
#19 0x08111bec in child_main (child_num_arg=0) at prefork.c:803
#20 0x08111c9e in make_child (s=0x8170b2c, slot=0) at prefork.c:839
#21 0x08111db6 in startup_children (number_to_start=10) at prefork.c:913
#22 0x081121a5 in ap_mpm_run (_pconf=0x816f52c, plog=0x81a36cc, s=0x8170b2c) at prefork.c:1129
#23 0x0811774d in main (argc=4, argv=0xbffff9d4) at main.c:432
#24 0x400fd65f in __libc_start_main () from /lib/libc.so.6

This was made with the latest CVS snapshot...
 [2002-04-06 11:06 UTC] sniper@php.net
You need latest CVS versions of both PHP and Apache2.
As you well know, apache2 is still beta and a moving target.

 [2002-04-06 19:12 UTC] michael at daimi dot au dot dk
Funny that a reply to my very old bug report would be posted just one hour after an annoucement from the Apache team that version 2 is no longer beta :)

I will see if I can reproduce with Apache 2.0.35
 [2002-04-06 20:33 UTC] sniper@php.net
I wasn't aware of it being released as 'stable' today..
Reopen if you get this _same_ crash with the Apache 2.0.35.
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Sun Sep 19 02:03:37 2021 UTC