PHP :: Bug #14784 :: shmop_write causes segfault

Bug #14784

shmop_write causes segfault

Submitted:

2001-12-31 21:20 UTC

Modified:

2002-01-09 03:26 UTC

Votes:	1
Avg. Score:	5.0 ± 0.0
Reproduced:	1 of 1 (100.0%)
Same Version:	1 (100.0%)
Same OS:	1 (100.0%)

From:

markhers at thinkbug dot com

Assigned:

Status:

Closed

Package:

Reproducible crash

PHP Version:

4.1.1

OS:

Linux (RH 6.2 / 2.4.3)

Private report:

CVE-ID:

None

View Add Comment Developer Edit

[2001-12-31 21:20 UTC] markhers at thinkbug dot com

I have been experimenting with semaphores/shmop to provide 
query caching for an application I am working on. The 
purpose, of course, bears no bearing on the issue I am 
reporting however as I am just doing testing of the two 
extensions at this point.

I used this article as the starting point for my testing - 
http://zez.org/article/articleprint/46/.

So I put together this script:

----------

	function mtime()
	{
		return array_sum( explode( " ", microtime() ) );
	}

	function supecho( $text )
	{
		echo "<P><b>$text</b></p>\r\n";
		flush();
	}

	function subecho( $text )
	{
		echo "<P><b> -->> $text</b></p>\r\n";
		flush();
	}

	supecho( "Starting semaphore testing..." );
	
	// Start semaphore handling
	
	$semaphoreID	=	sem_get( 0xee3 , 1 , 0666 ); // Get a 
semaphore named "0xee3"

	supecho( "Attempting to get a semaphore" );
	
	if( $semaphoreID )
	{
		subecho( "success" );

		supecho( "Attempt to obtain our shared memory segment" );
		
		$testID	=	shmop_open( 0xff3, "ac", 0, 0);
		
		if( $testID ) // Already exists
		{
			subecho( "Success (opening with 'a' flag)" );

			$sharedID	=	shmop_open( 0xff3, "a", 0, 0);
		}
		else // create it
		{
			subecho( "Does not exist..." );
			
			supecho( "Attempting to create shared memory section 
with 'c' flag and 0xxf3 address" );

			$sharedID	=	shmop_open( 0xff3, "c", 0644, 100);
			
			if( $sharedID )
			{
				subecho( "Success" );
			}
			else
			{
				subecho( "Failure" );
			}
		}
		
		if( $sharedID )
		{
			subecho( "Attempt to obtain a shared memory segment 
success" );
			
			supecho( "Going for a semaphore acquisition" );
			
			sem_acquire( $semaphoreID );

			subecho( "Semaphore acquired" );

			$myString	=	"a";
			
			supecho( "Shared mem segment size (in bytes): 
".shmop_size( $sharedID ) );

			supecho( "Starting to read total segment" );
			
			$start	=	mtime();

			subecho( "Reading shared memory segment into memory --| 
".shmop_read( $sharedID, 0, shmop_size( $sharedID ) ) );
			subecho( ( ( shmop_size( $sharedID )) / ( mtime() - 
$start ) )." bytes/second" );

			/* THIS WRITE STATEMENT CAUSES A SEGFAULT

			    +
			    +
			    +
			  \\ //
			    -
			    
			*/
			
			subecho( "Writing ".shmop_write( $sharedID, $myString, 0 
)." bytes to block" );

			/*

			    ^
			  // \\
			    +
			    +
			    +
			  
			   THIS WRITE STATEMENT CAUSES A SEGFAULT  
			*/
			
			supecho( "Closing shmop segment" );
			shmop_close( $sharedID );
			subecho( "Done" );
			
			supecho( "Going for a semaphore release" );
			sem_release( $semaphoreID );
			subecho( "Semaphore released" );
		}
		else
		{
			subecho( "Attempt to obtain a shared memory segment 
failed" );
		}
	}
	else
	{
		subecho( "Attempt to get a semaphore failed" );
	}


----------

When I run the script with the smhop_write call commented 
out, it runs fine and releases both the shmop segment and 
semaphore at the end. However, when it runs with the 
shmop_write call, it segfaults immediately after calling 
shmop_write, which all other actions are successful.

My server is running RedHat 6.2 and kernel 2.4.3 - I tested 
the script against:

	Apache/1.3.22 + 4.0.6
	Apache/1.3.22 + 4.1.1
	4.0.6 CGI (run on command line, not CGI interface)
	4.1.1 CGI (run on command line, not CGI interface)
	
When I looked at ipcs, I see:

< start >

------ Shared Memory Segments --------
key       shmid     owner     perms     bytes     nattch    
status      
0x00000000 1114112   nobody    600       368644    31        
dest        
0x00000ff3 1146881   nobody    644       100       0                     

------ Semaphore Arrays --------
key       semid     owner     perms     nsems     status      
0x00000000 2064384   nobody    600       1         
0x00000000 3178497   nobody    600       1         
0x00000000 3211266   nobody    600       1         
0x00000000 3440643   nobody    600       1         
0x00000ee3 3473412   nobody    666       3         
0x00000000 3506181   nobody    600       1         

------ Message Queues --------
key       msqid     owner     perms     used-bytes  
messages    

< end >

So, the memory segment is created, and the script can 
proper identify that it has a size of 100.

I straced (didn't know what else to do to include here) one 
of the commandline invocations with the following as it's 
output:

< start >

execve("/usr/local/php/bin/php", ["/usr/local/php/bin/php", 
"/home/sites/www.hotelgeneral.com/docroot/shm.php"], [/* 26 
vars */]) = 0
brk(0)                                  = 0x815ddb4
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|
MAP_ANONYMOUS, -1, 0) = 0x40014000
open("/etc/ld.so.preload", O_RDONLY)    = -1 ENOENT (No 
such file or directory)
open("/usr/local/mysql/lib/mysql/i686/mmx/libdl.so.2", 
O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/usr/local/mysql/lib/mysql/i686/mmx", 0xbffff364) = -
1 ENOENT (No such file or directory)
open("/usr/local/mysql/lib/mysql/i686/libdl.so.2", 
O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/usr/local/mysql/lib/mysql/i686", 0xbffff364) = -1 
ENOENT (No such file or directory)
open("/usr/local/mysql/lib/mysql/mmx/libdl.so.2", O_RDONLY) 
= -1 ENOENT (No such file or directory)
stat("/usr/local/mysql/lib/mysql/mmx", 0xbffff364) = -1 
ENOENT (No such file or directory)
open("/usr/local/mysql/lib/mysql/libdl.so.2", O_RDONLY) = -
1 ENOENT (No such file or directory)
stat("/usr/local/mysql/lib/mysql", {st_mode=S_IFDIR|
S_ISGID|0755, st_size=4096, ...}) = 0
open("/usr/local/db4/lib/i686/mmx/libdl.so.2", O_RDONLY) = 
-1 ENOENT (No such file or directory)
stat("/usr/local/db4/lib/i686/mmx", 0xbffff364) = -1 ENOENT 
(No such file or directory)
open("/usr/local/db4/lib/i686/libdl.so.2", O_RDONLY) = -1 
ENOENT (No such file or directory)
stat("/usr/local/db4/lib/i686", 0xbffff364) = -1 ENOENT (No 
such file or directory)
open("/usr/local/db4/lib/mmx/libdl.so.2", O_RDONLY) = -1 
ENOENT (No such file or directory)
stat("/usr/local/db4/lib/mmx", 0xbffff364) = -1 ENOENT (No 
such file or directory)
open("/usr/local/db4/lib/libdl.so.2", O_RDONLY) = -1 ENOENT 
(No such file or directory)
stat("/usr/local/db4/lib", {st_mode=S_IFDIR|0755, st_size=
4096, ...}) = 0
open("/usr/lib/i686/mmx/libdl.so.2", O_RDONLY) = -1 ENOENT 
(No such file or directory)
stat("/usr/lib/i686/mmx", 0xbffff364)   = -1 ENOENT (No 
such file or directory)
open("/usr/lib/i686/libdl.so.2", O_RDONLY) = -1 ENOENT (No 
such file or directory)
stat("/usr/lib/i686", 0xbffff364)       = -1 ENOENT (No 
such file or directory)
open("/usr/lib/mmx/libdl.so.2", O_RDONLY) = -1 ENOENT (No 
such file or directory)
stat("/usr/lib/mmx", 0xbffff364)        = -1 ENOENT (No 
such file or directory)
open("/usr/lib/libdl.so.2", O_RDONLY)   = -1 ENOENT (No 
such file or directory)
stat("/usr/lib", {st_mode=S_IFDIR|0755, st_size=8192, ...}) 
= 0
open("/usr/local/lib/i686/mmx/libdl.so.2", O_RDONLY) = -1 
ENOENT (No such file or directory)
stat("/usr/local/lib/i686/mmx", 0xbffff364) = -1 ENOENT (No 
such file or directory)
open("/usr/local/lib/i686/libdl.so.2", O_RDONLY) = -1 
ENOENT (No such file or directory)
stat("/usr/local/lib/i686", 0xbffff364) = -1 ENOENT (No 
such file or directory)
open("/usr/local/lib/mmx/libdl.so.2", O_RDONLY) = -1 ENOENT 
(No such file or directory)
stat("/usr/local/lib/mmx", 0xbffff364)  = -1 ENOENT (No 
such file or directory)
open("/usr/local/lib/libdl.so.2", O_RDONLY) = -1 ENOENT (No 
such file or directory)
stat("/usr/local/lib", {st_mode=S_IFDIR|0755, st_size=4096, 
...}) = 0
open("/etc/ld.so.cache", O_RDONLY)      = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=13712, ...}) = 0
old_mmap(NULL, 13712, PROT_READ, MAP_PRIVATE, 3, 0) = 
0x40015000
close(3)                                = 0
open("/lib/libdl.so.2", O_RDONLY)       = 3
fstat(3, {st_mode=S_IFREG|0755, st_size=75131, ...}) = 0
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\
340\34"..., 4096) = 4096
old_mmap(NULL, 12428, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 
0) = 0x40019000
mprotect(0x4001b000, 4236, PROT_NONE)   = 0
old_mmap(0x4001b000, 8192, PROT_READ|PROT_WRITE, 
MAP_PRIVATE|MAP_FIXED, 3, 0x1000) = 0x4001b000
close(3)                                = 0
open("/usr/local/mysql/lib/mysql/libz.so.1", O_RDONLY) = -1 
ENOENT (No such file or directory)
open("/usr/local/db4/lib/libz.so.1", O_RDONLY) = -1 ENOENT 
(No such file or directory)
open("/usr/lib/libz.so.1", O_RDONLY)    = 3
fstat(3, {st_mode=S_IFREG|0755, st_size=63492, ...}) = 0
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\
240\31"..., 4096) = 4096
old_mmap(NULL, 58700, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 
0) = 0x4001d000
mprotect(0x4002a000, 5452, PROT_NONE)   = 0
old_mmap(0x4002a000, 8192, PROT_READ|PROT_WRITE, 
MAP_PRIVATE|MAP_FIXED, 3, 0xc000) = 0x4002a000
close(3)                                = 0
open("/usr/local/mysql/lib/mysql/libcrypt.so.1", O_RDONLY) 
= -1 ENOENT (No such file or directory)
open("/usr/local/db4/lib/libcrypt.so.1", O_RDONLY) = -1 
ENOENT (No such file or directory)
open("/usr/lib/libcrypt.so.1", O_RDONLY) = -1 ENOENT (No 
such file or directory)
open("/usr/local/lib/libcrypt.so.1", O_RDONLY) = -1 ENOENT 
(No such file or directory)
open("/lib/libcrypt.so.1", O_RDONLY)    = 3
fstat(3, {st_mode=S_IFREG|0755, st_size=66231, ...}) = 0
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0@\
17\0\000"..., 4096) = 4096
old_mmap(NULL, 184412, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 
0) = 0x4002c000
mprotect(0x40031000, 163932, PROT_NONE) = 0
old_mmap(0x40031000, 4096, PROT_READ|PROT_WRITE, 
MAP_PRIVATE|MAP_FIXED, 3, 0x4000) = 0x40031000
old_mmap(0x40032000, 159836, PROT_READ|PROT_WRITE, 
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x40032000
close(3)                                = 0
open("/usr/local/mysql/lib/mysql/libresolv.so.2", O_RDONLY) 
= -1 ENOENT (No such file or directory)
open("/usr/local/db4/lib/libresolv.so.2", O_RDONLY) = -1 
ENOENT (No such file or directory)
open("/usr/lib/libresolv.so.2", O_RDONLY) = -1 ENOENT (No 
such file or directory)
open("/usr/local/lib/libresolv.so.2", O_RDONLY) = -1 ENOENT 
(No such file or directory)
open("/lib/libresolv.so.2", O_RDONLY)   = 3
fstat(3, {st_mode=S_IFREG|0755, st_size=169720, ...}) = 0
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\
340&\0"..., 4096) = 4096
old_mmap(NULL, 60956, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 
0) = 0x4005a000
mprotect(0x40066000, 11804, PROT_NONE)  = 0
old_mmap(0x40066000, 4096, PROT_READ|PROT_WRITE, 
MAP_PRIVATE|MAP_FIXED, 3, 0xb000) = 0x40066000
old_mmap(0x40067000, 7708, PROT_READ|PROT_WRITE, 
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x40067000
close(3)                                = 0
open("/usr/local/mysql/lib/mysql/libpam.so.0", O_RDONLY) = 
-1 ENOENT (No such file or directory)
open("/usr/local/db4/lib/libpam.so.0", O_RDONLY) = -1 
ENOENT (No such file or directory)
open("/usr/lib/libpam.so.0", O_RDONLY)  = -1 ENOENT (No 
such file or directory)
open("/usr/local/lib/libpam.so.0", O_RDONLY) = -1 ENOENT 
(No such file or directory)
open("/lib/libpam.so.0", O_RDONLY)      = 3
fstat(3, {st_mode=S_IFREG|0755, st_size=33718, ...}) = 0
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\
320\25"..., 4096) = 4096
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|
MAP_ANONYMOUS, -1, 0) = 0x40069000
old_mmap(NULL, 32024, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 
0) = 0x4006a000
mprotect(0x40071000, 3352, PROT_NONE)   = 0
old_mmap(0x40071000, 4096, PROT_READ|PROT_WRITE, 
MAP_PRIVATE|MAP_FIXED, 3, 0x6000) = 0x40071000
close(3)                                = 0
open("/usr/local/mysql/lib/mysql/libmysqlclient.so.10", 
O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0755, st_size=138499, ...}) = 0
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\
0000_\0\000"..., 4096) = 4096
old_mmap(NULL, 114720, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 
0) = 0x40072000
mprotect(0x4008a000, 16416, PROT_NONE)  = 0
old_mmap(0x4008a000, 16384, PROT_READ|PROT_WRITE, 
MAP_PRIVATE|MAP_FIXED, 3, 0x17000) = 0x4008a000
old_mmap(0x4008e000, 32, PROT_READ|PROT_WRITE, MAP_PRIVATE|
MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x4008e000
close(3)                                = 0
open("/usr/local/mysql/lib/mysql/libdb-4.0.so", O_RDONLY) = 
-1 ENOENT (No such file or directory)
open("/usr/local/db4/lib/libdb-4.0.so", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0444, st_size=591985, ...}) = 0
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0p\
320\0"..., 4096) = 4096
old_mmap(NULL, 533644, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 
0) = 0x4008f000
mprotect(0x40110000, 5260, PROT_NONE)   = 0
old_mmap(0x40110000, 8192, PROT_READ|PROT_WRITE, 
MAP_PRIVATE|MAP_FIXED, 3, 0x80000) = 0x40110000
close(3)                                = 0
open("/usr/local/mysql/lib/mysql/libgdbm.so.2", O_RDONLY) = 
-1 ENOENT (No such file or directory)
open("/usr/local/db4/lib/libgdbm.so.2", O_RDONLY) = -1 
ENOENT (No such file or directory)
open("/usr/lib/libgdbm.so.2", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0755, st_size=29265, ...}) = 0
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0@\
25\0\000"..., 4096) = 4096
old_mmap(NULL, 23692, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 
0) = 0x40112000
mprotect(0x40117000, 3212, PROT_NONE)   = 0
old_mmap(0x40117000, 4096, PROT_READ|PROT_WRITE, 
MAP_PRIVATE|MAP_FIXED, 3, 0x4000) = 0x40117000
close(3)                                = 0
open("/usr/local/mysql/lib/mysql/libm.so.6", O_RDONLY) = -1 
ENOENT (No such file or directory)
open("/usr/local/db4/lib/libm.so.6", O_RDONLY) = -1 ENOENT 
(No such file or directory)
open("/usr/lib/libm.so.6", O_RDONLY)    = -1 ENOENT (No 
such file or directory)
open("/usr/local/lib/libm.so.6", O_RDONLY) = -1 ENOENT (No 
such file or directory)
open("/lib/libm.so.6", O_RDONLY)        = 3
fstat(3, {st_mode=S_IFREG|0755, st_size=527442, ...}) = 0
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\
320F\0"..., 4096) = 4096
old_mmap(NULL, 117208, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 
0) = 0x40118000
mprotect(0x40134000, 2520, PROT_NONE)   = 0
old_mmap(0x40134000, 4096, PROT_READ|PROT_WRITE, 
MAP_PRIVATE|MAP_FIXED, 3, 0x1b000) = 0x40134000
close(3)                                = 0
open("/usr/local/mysql/lib/mysql/libnsl.so.1", O_RDONLY) = 
-1 ENOENT (No such file or directory)
open("/usr/local/db4/lib/libnsl.so.1", O_RDONLY) = -1 
ENOENT (No such file or directory)
open("/usr/lib/libnsl.so.1", O_RDONLY)  = -1 ENOENT (No 
such file or directory)
open("/usr/local/lib/libnsl.so.1", O_RDONLY) = -1 ENOENT 
(No such file or directory)
open("/lib/libnsl.so.1", O_RDONLY)      = 3
fstat(3, {st_mode=S_IFREG|0755, st_size=370141, ...}) = 0
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\
20?\0\000"..., 4096) = 4096
old_mmap(NULL, 88104, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 
0) = 0x40135000
mprotect(0x40147000, 14376, PROT_NONE)  = 0
old_mmap(0x40147000, 8192, PROT_READ|PROT_WRITE, 
MAP_PRIVATE|MAP_FIXED, 3, 0x11000) = 0x40147000
old_mmap(0x40149000, 6184, PROT_READ|PROT_WRITE, 
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x40149000
close(3)                                = 0
open("/usr/local/mysql/lib/mysql/libc.so.6", O_RDONLY) = -1 
ENOENT (No such file or directory)
open("/usr/local/db4/lib/libc.so.6", O_RDONLY) = -1 ENOENT 
(No such file or directory)
open("/usr/lib/libc.so.6", O_RDONLY)    = -1 ENOENT (No 
such file or directory)
open("/usr/local/lib/libc.so.6", O_RDONLY) = -1 ENOENT (No 
such file or directory)
open("/lib/libc.so.6", O_RDONLY)        = 3
fstat(3, {st_mode=S_IFREG|0755, st_size=4101836, ...}) = 0
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\
210\212"..., 4096) = 4096
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|
MAP_ANONYMOUS, -1, 0) = 0x4014b000
old_mmap(NULL, 1001532, PROT_READ|PROT_EXEC, MAP_PRIVATE, 
3, 0) = 0x4014c000
mprotect(0x40239000, 30780, PROT_NONE)  = 0
old_mmap(0x40239000, 16384, PROT_READ|PROT_WRITE, 
MAP_PRIVATE|MAP_FIXED, 3, 0xec000) = 0x40239000
old_mmap(0x4023d000, 14396, PROT_READ|PROT_WRITE, 
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x4023d000
close(3)                                = 0
mprotect(0x4014c000, 970752, PROT_READ|PROT_WRITE) = 0
mprotect(0x4014c000, 970752, PROT_READ|PROT_EXEC) = 0
munmap(0x40015000, 13712)               = 0
personality(PER_LINUX)                  = 0
getpid()                                = 14983
rt_sigaction(SIGPIPE, {SIG_IGN}, {SIG_DFL}, 8) = 0
brk(0)                                  = 0x815ddb4
brk(0x815ddec)                          = 0x815ddec
brk(0x815e000)                          = 0x815e000
brk(0x815f000)                          = 0x815f000
brk(0x8160000)                          = 0x8160000
brk(0x8161000)                          = 0x8161000
open("/usr/share/locale/locale.alias", O_RDONLY) = 3
fstat64(0x3, 0xbfffb534)                = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|
MAP_ANONYMOUS, -1, 0) = 0x40015000
read(3, "# Locale name alias data base.\n#"..., 4096) = 
2265
read(3, "", 4096)                       = 0
close(3)                                = 0
munmap(0x40015000, 4096)                = 0
open("/usr/share/i18n/locale.alias", O_RDONLY) = -1 ENOENT 
(No such file or directory)
open("/usr/share/locale/en_US/LC_CTYPE", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=87756, ...}) = 0
old_mmap(NULL, 87756, PROT_READ, MAP_PRIVATE, 3, 0) = 
0x40241000
close(3)                                = 0
open("./php.ini", O_RDONLY)             = -1 ENOENT (No 
such file or directory)
open("/usr/local/lib/php.ini", O_RDONLY) = 3
getcwd("/usr/local/src/php-4.1.1", 4095) = 25
lstat("/usr", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 
0
lstat("/usr/local", {st_mode=S_IFDIR|S_ISGID|0755, st_size=
4096, ...}) = 0
lstat("/usr/local/lib", {st_mode=S_IFDIR|0755, st_size=
4096, ...}) = 0
lstat("/usr/local/lib/php.ini", {st_mode=S_IFREG|0644, 
st_size=24226, ...}) = 0
brk(0x8166000)                          = 0x8166000
ioctl(3, TCGETS, 0xbffff6f8)            = -1 ENOTTY 
(Inappropriate ioctl for device)
read(3, "[PHP]\n; $Id: php.ini-dist,v 1.78"..., 8192) = 
8192
read(3, "n to end users, such as file pat"..., 8192) = 8192
brk(0x8167000)                          = 0x8167000
read(3, " use\n; the $MYSQL_TCP_PORT or th"..., 8192) = 
7842
read(3, "", 350)                        = 0
brk(0x8168000)                          = 0x8168000
brk(0x8169000)                          = 0x8169000
read(3, "", 8192)                       = 0
ioctl(3, TCGETS, 0xbfffeb60)            = -1 ENOTTY 
(Inappropriate ioctl for device)
close(3)                                = 0
brk(0x816a000)                          = 0x816a000
brk(0x816b000)                          = 0x816b000
brk(0x816c000)                          = 0x816c000
brk(0x816d000)                          = 0x816d000
brk(0x816e000)                          = 0x816e000
brk(0x816f000)                          = 0x816f000
brk(0x8170000)                          = 0x8170000
brk(0x8171000)                          = 0x8171000
brk(0x8172000)                          = 0x8172000
brk(0x8173000)                          = 0x8173000
brk(0x8174000)                          = 0x8174000
brk(0x8175000)                          = 0x8175000
brk(0x8176000)                          = 0x8176000
brk(0x8177000)                          = 0x8177000
brk(0x8178000)                          = 0x8178000
brk(0x8179000)                          = 0x8179000
brk(0x817a000)                          = 0x817a000
brk(0x817b000)                          = 0x817b000
brk(0x817c000)                          = 0x817c000
brk(0x817d000)                          = 0x817d000
brk(0x817e000)                          = 0x817e000
brk(0x817f000)                          = 0x817f000
brk(0x8180000)                          = 0x8180000
brk(0x8182000)                          = 0x8182000
brk(0x8183000)                          = 0x8183000
brk(0x8184000)                          = 0x8184000
brk(0x8185000)                          = 0x8185000
setitimer(ITIMER_PROF, {it_interval={0, 0}, it_value={30, 
0}}, NULL) = 0
rt_sigaction(SIGPROF, {0x80f0178, [], SA_RESTART|
0x4000000}, {SIG_DFL}, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [PROF], NULL, 8) = 0
brk(0x8186000)                          = 0x8186000
brk(0x8187000)                          = 0x8187000
brk(0x8188000)                          = 0x8188000
brk(0x8189000)                          = 0x8189000
time(NULL)                              = 1009843196
getpid()                                = 14983
getpid()                                = 14983
open("/home/sites/www.hotelgeneral.com/docroot/shm.php", 
O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0777, st_size=2963, ...}) = 0
getcwd("/usr/local/src/php-4.1.1", 4095) = 25
lstat("/home", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 
0
lstat("/home/sites", {st_mode=S_IFDIR|0771, st_size=4096, 
...}) = 0
lstat("/home/sites/www.hotelgeneral.com", {st_mode=S_IFDIR|
0771, st_size=4096, ...}) = 0
lstat("/home/sites/www.hotelgeneral.com/docroot", {st_mode=
S_IFDIR|0777, st_size=4096, ...}) = 0
lstat("/home/sites/www.hotelgeneral.com/docroot/shm.php", 
{st_mode=S_IFREG|0777, st_size=2963, ...}) = 0
chdir("/home/sites/www.hotelgeneral.com/docroot") = 0
fstat64(0x3, 0xbffff7a0)                = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|
MAP_ANONYMOUS, -1, 0) = 0x40015000
read(3, "<?php\n\n\tfunction mtime()\n\t{\n\t\tre"..., 
4096) = 2963
_llseek(3, 0, [0], SEEK_SET)            = 0
brk(0x818e000)                          = 0x818e000
ioctl(3, TCGETS, 0xbfffe65c)            = -1 ENOTTY 
(Inappropriate ioctl for device)
read(3, "<?php\n\n\tfunction mtime()\n\t{\n\t\tre"..., 
8192) = 2963
read(3, "", 4096)                       = 0
brk(0x818f000)                          = 0x818f000
brk(0x8190000)                          = 0x8190000
brk(0x8194000)                          = 0x8194000
read(3, "", 8192)                       = 0
ioctl(3, TCGETS, 0xbfffd180)            = -1 ENOTTY 
(Inappropriate ioctl for device)
close(3)                                = 0
munmap(0x40015000, 4096)                = 0
write(1, "X-Powered-By: PHP/4.1.1", 23X-Powered-By: PHP/
4.1.1) = 23
write(1, "\r\n", 2
)                     = 2
write(1, "Content-type: text/html", 23Content-type: text/
html) = 23
write(1, "\r\n", 2
)                     = 2
write(1, "\r\n", 2
)                     = 2
write(1, "<P><b>Starting semaphore testing"..., 45<P><b>
Starting semaphore testing...</b></p>
) = 45
semget(3811, 3, IPC_CREAT|0x1b6|0666)   = 3473412
semop(3473412, 0xbfffdedc, 3)           = 0
semctl(3473412, 1, GETVAL, 0xbfffde98)  = 1
semctl(3473412, 0, SETVAL, 0xbfffde98)  = 0
semop(3473412, 0xbfffdedc, 1)           = 0
write(1, "<P><b> -->> Attempting to get a "..., 51<P><b> --
>> Attempting to get a semaphore</b></p>
) = 51
write(1, "<P><b> -->> Attempt to get a sem"..., 58<P><b> --
>> Attempt to get a semaphore succeeded</b></p>
) = 58
write(1, "<P><b> -->> Attempt to obtain a "..., 63<P><b> --
>> Attempt to obtain a shared memory segment</b></p>
) = 63
shmget(4083, 0, IPC_EXCL|0)             = 1146881
shmctl(1146881, IPC_STAT, 0xbfffdec0)   = 0
shmat(1146881, 0, SHM_RDONLY)           = 0x40015000
write(1, "<P><b> -->> This shared memory s"..., 86<P><b> --
>> This shared memory segment already exists. opening with 
'a' flag</b></p>
) = 86
shmget(4083, 0, IPC_EXCL|0)             = 1146881
shmctl(1146881, IPC_STAT, 0xbfffdec0)   = 0
shmat(1146881, 0, SHM_RDONLY)           = 0x40016000
write(1, "<P><b> -->> Attempt to obtain a "..., 71<P><b> --
>> Attempt to obtain a shared memory segment success</b></
p>
) = 71
write(1, "<P><b> -->> Going for a semaphor"..., 55<P><b> --
>> Going for a semaphore acquisition</b></p>
) = 55
semop(3473412, 0xbfffdec8, 1)           = 0
write(1, "<P><b> -->> Semaphore acquired</"..., 40<P><b> --
>> Semaphore acquired</b></p>
) = 40
write(1, "<P><b> -->> Shared mem segment s"..., 61<P><b> --
>> Shared mem segment size (in bytes): 100</b></p>
) = 61
write(1, "<P><b> -->> Starting to read tot"..., 52<P><b> --
>> Starting to read total segment</b></p>
) = 52
gettimeofday({1009843196, 627504}, NULL) = 0
lstat("/usr", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 
0
lstat("/usr/lib", {st_mode=S_IFDIR|0755, st_size=8192, 
...}) = 0
lstat("/usr/lib/gconv", {st_mode=S_IFDIR|0755, st_size=
4096, ...}) = 0
open("/usr/lib/gconv/gconv-modules", O_RDONLY) = 3
fstat64(0x3, 0xbfffc0e4)                = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|
MAP_ANONYMOUS, -1, 0) = 0x40017000
read(3, "# GNU libc iconv configuration.\n"..., 4096) = 
4096
read(3, "20-1969-RO//\nmodule\tJIS_C6220-19"..., 4096) = 
4096
read(3, "RNAL\t\tISO8859-3\t1\nmodule\tINTERNA"..., 4096) = 
4096
read(3, "SO_6937-2\t1\n\n#\tfrom\t\t\tto\t\t\tmodul"..., 
4096) = 4096
brk(0x8195000)                          = 0x8195000
brk(0x8196000)                          = 0x8196000
read(3, "M256//\nmodule\tIBM256//\t\tINTERNAL"..., 4096) = 
4096
brk(0x8197000)                          = 0x8197000
brk(0x8198000)                          = 0x8198000
read(3, "module\t\tcost\nalias\tCP855//\t\t\tIBM"..., 4096) 
= 4096
brk(0x8199000)                          = 0x8199000
brk(0x819a000)                          = 0x819a000
read(3, "IBM1004//\nalias\tOS2LATIN1//\t\tIBM"..., 4096) = 
4096
brk(0x819b000)                          = 0x819b000
brk(0x819c000)                          = 0x819c000
brk(0x819d000)                          = 0x819d000
read(3, "_P27-1\t1\nmodule\tINTERNAL\t\tIEC_P2"..., 4096) = 
4096
brk(0x819e000)                          = 0x819e000
brk(0x819f000)                          = 0x819f000
read(3, "le\tINTERNAL\t\tNATS-DANO//\t\tNATS-D"..., 4096) = 
943
read(3, "", 4096)                       = 0
close(3)                                = 0
munmap(0x40017000, 4096)                = 0
brk(0x81a0000)                          = 0x81a0000
open("/usr/lib/gconv/ISO8859-1.so", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0755, st_size=32197, ...}) = 0
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\
260\7\0"..., 4096) = 4096
old_mmap(NULL, 7456, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 
0) = 0x40017000
mprotect(0x40018000, 3360, PROT_NONE)   = 0
old_mmap(0x40018000, 4096, PROT_READ|PROT_WRITE, 
MAP_PRIVATE|MAP_FIXED, 3, 0) = 0x40018000
close(3)                                = 0
write(1, "<P><b> -->> Reading shared memor"..., 168<P><b> -
->> Reading shared memory segment into memory --| </b></p>
) = 168
gettimeofday({1009843196, 637330}, NULL) = 0
write(1, "<P><b> -->> Geez...10177.0148131"..., 57<P><b> --
>> Geez...10177.014813107 bytes/second</b></p>
) = 57
write(1, "<P><b> -->> Writing string (\'a\')"..., 85<P><b> 
-->> Writing string ('a') | result is bytes written to 
block... --> </b></p>
) = 85
--- SIGSEGV (Segmentation fault) ---
+++ killed by SIGSEGV +++

< end >

=-=-=-

I wouldn't even know where to wager the issue could be, 
though I figure it could be a kernel issue.

=-=-=-=

I did a GDB backtrace and found this:

Program received signal SIGSEGV, Segmentation fault.
0x40103493 in memcpy (dstpp=0x40319000, srcpp=0x81ea444, 
len=1) at ../sysdeps/generic/memcpy.c:61
61      ../sysdeps/generic/memcpy.c: No such file or 
directory.

That's all there was, so I don't know if this is the 
kernel, Apache, or PHP complaining, but I'm sure you all 
do. :)

Any help in fixing this would be greatly appreciated!

  Mark J. Hershenson
  Director of Application Development
  Thinkbug Interactive, Inc.
  markhers@thinkbug.com

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2002-01-01 15:17 UTC] markhers at thinkbug dot com

Sorry. I forgot to include the backtrace:

< start >

Program received signal SIGSEGV, Segmentation fault.
0x40103493 in memcpy (dstpp=0x40319000, srcpp=0x81ea42c, 
len=1) at ../sysdeps/generic/memcpy.c:61
61      ../sysdeps/generic/memcpy.c: No such file or 
directory.
(gdb) bt
#0  0x40103493 in memcpy (dstpp=0x40319000, srcpp=
0x81ea42c, len=1) at ../sysdeps/generic/memcpy.c:61
#1  0x40583745 in ?? () from /usr/local/apache/libexec/
libphp4.so
#2  0x4053f235 in ?? () from /usr/local/apache/libexec/
libphp4.so
#3  0x4054e22b in ?? () from /usr/local/apache/libexec/
libphp4.so
#4  0x4055f861 in ?? () from /usr/local/apache/libexec/
libphp4.so
#5  0x4055c1f2 in ?? () from /usr/local/apache/libexec/
libphp4.so
#6  0x4055cb56 in ?? () from /usr/local/apache/libexec/
libphp4.so
#7  0x4055cb88 in ?? () from /usr/local/apache/libexec/
libphp4.so
#8  0x80550f3 in ap_invoke_handler ()
#9  0x8069529 in process_request_internal ()
#10 0x806958c in ap_process_request ()
#11 0x8060a6e in child_main ()
#12 0x8060c20 in make_child ()
#13 0x8060d79 in startup_children ()
#14 0x80613d6 in standalone_main ()
#15 0x8061ba3 in main ()
#16 0x400bb9cb in __libc_start_main (main=0x806184c <main>, 
argc=2, argv=0xbffffa2c, init=0x804f47c <_init>, 
    fini=0x809858c <_fini>, rtld_fini=0x4000aea0 <_dl_fini>
, stack_end=0xbffffa24) at ../sysdeps/generic/libc-
start.c:92

< end >

  mjh

[2002-01-01 15:19 UTC] mfischer@php.net

A backtrace without --enable-debug is pretty useless. Can you recompile and paste the backtrace again?

Also, please don't wrap the lines.

[2002-01-01 23:53 UTC] markhers at thinkbug dot com

Backtrace with --with-debug:

==============

Program received signal SIGSEGV, Segmentation fault.
0x40103487 in memcpy (dstpp=0x4040a000, srcpp=0x81f990c, 
len=96) at ../sysdeps/generic/memcpy.c:55
55      ../sysdeps/generic/memcpy.c: No such file or 
directory.
(gdb) bt
#0  0x40103487 in memcpy (dstpp=0x4040a000, srcpp=
0x81f990c, len=96) at ../sysdeps/generic/memcpy.c:55
#1  0x40285c37 in zif_arsort (ht=3, return_value=0x81f96bc, 
this_ptr=0x0, return_value_used=1) at array.c:444
#2  0x4022df34 in execute (op_array=0x81eeb74) at ./
zend_execute.c:1799
#3  0x4024051b in zend_parse_arg_impl (arg=0x8, va=0x0, 
spec=0x3) at zend_API.c:387
#4  0x40252582 in php_fopen_primary_script (file_handle=
0xbffff704) at fopen_wrappers.c:305
#5  0x4024d50e in should_overwrite_per_dir_entry 
(orig_per_dir_entry=0x8122fec, new_per_dir_entry=0x0) at 
mod_php4.c:646
#6  0x4024e350 in zm_info_apache (zend_module=0x8122fec) at 
php_apache.c:289
#7  0x4024e3cc in zif_virtual (ht=135409644, return_value=
0x805d55c, this_ptr=0x1f4, return_value_used=23) at 
php_apache.c:315
#8  0x80550f3 in ap_invoke_handler ()
#9  0x8069529 in process_request_internal ()
#10 0x806958c in ap_process_request ()
#11 0x8060a6e in child_main ()
#12 0x8060c20 in make_child ()
#13 0x8060d79 in startup_children ()
#14 0x80613d6 in standalone_main ()
#15 0x8061ba3 in main ()
#16 0x400bb9cb in __libc_start_main (main=0x806184c <main>, 
argc=2, argv=0xbffffa1c, init=0x804f47c <_init>, 
    fini=0x809858c <_fini>, rtld_fini=0x4000aea0 <_dl_fini>
, stack_end=0xbffffa14) at ../sysdeps/generic/libc-
start.c:92

===============

And it's not me who's wrapping the text...

[2002-01-09 03:26 UTC] yohgaki@php.net

Supposed to be fixed in CVS.
Please reopen bug if there is problem still.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sun Jul 07 21:01:28 2024 UTC