|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #14776 httpd crashes with 4.1.1 (and 4.1.0) when safe-mode=on and header();
Submitted: 2001-12-30 14:20 UTC Modified: 2002-01-14 22:10 UTC
Avg. Score:4.9 ± 0.3
Reproduced:12 of 12 (100.0%)
Same Version:12 (100.0%)
Same OS:2 (16.7%)
From: fabio at isec dot com dot br Assigned:
Status: Closed Package: Reproducible crash
PHP Version: 4.1.1 OS: FreeBSD 4.4-stable
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Bug Type:
From: fabio at isec dot com dot br
New email:
PHP Version: OS:


 [2001-12-30 14:20 UTC] fabio at isec dot com dot br
I'm running FreeBSD 4.4-stable, Apache 1.3.22 and PHP 4.1.1 (this bug comes since 4.1.0, I've hoped it would be fixed in 4.1.1, but it hasn't). (php 4.0.6 works without problems)

The httpd crashes ONLY when php.ini is running with SAFE-MODE ENABLED ( When safe-mode is OFF, it works flawlessly)!! the function seems to be header()

Be SURE safe-mode is ON, and run this example :

  if(!isset($HTTP_SERVER_VARS['PHP_AUTH_USER'])) {
    header("WWW-Authenticate: Basic realm=\"My Realm\"");
    header("HTTP/1.0 401 Unauthorized");
    echo "Text to send if user hits Cancel button\n";
  } else {
    echo "<p>Hello {$HTTP_SERVER_VARS['PHP_AUTH_USER']} .</p>";
    echo "<p>You entered {$HTTP_SERVER_VARS['PHP_AUTH_PW']} as your password.</p>";

Here's a gdb backtrace

Starting program: /usr/local/apache/bin/httpd -X
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...
Program received signal SIGSEGV, Segmentation fault.
0x28167a5a in memcpy () from /usr/lib/
(gdb) bt
#0  0x28167a5a in memcpy () from /usr/lib/
#1  0x4 in ?? ()
#2  0x281bbafe in _mem_block_check (ptr=0x2829b0e0, silent=1, 
    __zend_filename=0x2829deb2 "SAPI.c", __zend_lineno=505, 
    __zend_orig_filename=0x0, __zend_orig_lineno=0) at zend_alloc.c:659
#3  0x281ba994 in _efree (ptr=0x2829b0e0, __zend_filename=0x2829deb2 "SAPI.c", 
    __zend_lineno=505, __zend_orig_filename=0x0, __zend_orig_lineno=0)
    at zend_alloc.c:224
#4  0x281f0024 in sapi_add_header_ex (
    header_line=0x81495a4 'Z' <repeats 41 times>, "\204?\217*", 
    header_line_len=40, duplicate=1 '\001', replace=1 '\001') at SAPI.c:505
#5  0x282472b0 in zif_header (ht=1, return_value=0x8141fa4, this_ptr=0x0, 
    return_value_used=0) at head.c:56
#6  0x281c81a3 in execute (op_array=0x8143ea4) at ./zend_execute.c:1590
#7  0x281d96a0 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at zend.c:814
#8  0x281ec311 in php_execute_script (primary_file=0xbfbff8ac) at main.c:1307
#9  0x281e6f52 in apache_php_module_main (r=0x813e034, display_source_mode=0)
    at sapi_apache.c:90
#10 0x281e7e44 in send_php (r=0x813e034, display_source_mode=0, 
    filename=0x813eadc "/usr/home2/www-galeriadev/teste.php") at mod_php4.c:575
#11 0x281e7eb7 in send_parsed_php (r=0x813e034) at mod_php4.c:590
#12 0x806b82d in ap_invoke_handler ()
#13 0x8080164 in process_request_internal ()
---Type <return> to continue, or q <return> to quit---
#14 0x80801ce in ap_process_request ()
#15 0x807713b in child_main ()
#16 0x80772fd in make_child ()
#17 0x8077476 in startup_children ()
#18 0x8077aa8 in standalone_main ()
#19 0x80782f8 in main ()
#20 0x804ef1d in _start ()

If I you need any more information, just let me know.

Fabio Vilan - Duwde


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2002-01-14 08:15 UTC] a dot mayrhofer at kpnqwest dot at
there are a bunch of related bug reports. see

maybe #14389
maybe #14733
 [2002-01-14 08:46 UTC]
I just fixed it in CVS
(atleast I cannot crash it here anymore)

Please check with latest CVS version.
 [2002-01-14 22:10 UTC]
User reported it works. Closed
PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Mon Oct 03 02:03:44 2022 UTC