The following function is inside an object that has $auth_host defined as some host.

  function member_verify($member_name,$password) {
    $member_name = urlencode($member_name);
    $password    = urlencode($password);
    if ($fp = fopen('http://'.$this->auth_host."/member_verify?partner_key=key&member_name=$member_name&password=$password",'r')) {
      $s = intval(fgets($fp,3));
      fclose($fp);
      if ($s == 1) { return true; } else { return false; }
    } else { 
      return false;
    }
  }

This makes PHP (as apache module with 1.3.6) segfault. This worked fine with 3.0.7. 

The backtrace looks like:

(gdb) run -X
Starting program: /usr/sbin/apache -X

Program received signal SIGSEGV, Segmentation fault.
0x806a6ca in php3_fopen_url_wrapper (path=Cannot access memory at address 0x7.
) at fopen-wrappers.c:945
945     }
(gdb) bt
#0  0x806a6ca in php3_fopen_url_wrapper (path=
Cannot access memory at address 0x7.
) at fopen-wrappers.c:945
Cannot access memory at address 0xffffffff.

I get the same results from gdb whether or not I build PHP with debugging symbols enabled.

The URL is being retrieved OK, the access logs on the remote server indicate that everything went OK, and the strace output before the segfault looks like:

send(23, "GET ", 4, 0)                  = 4
send(23, "/member_verify", 14, 0) = 14 
send(23, "?", 1, 0)                     = 1
send(23, "partner_key=key&member_name=&"..., 41, 0) = 41
send(23, " HTTP/1.0\n", 10, 0)          = 10
send(23, "Host: ", 6, 0)                = 6
send(23, "anchor.student.net", 18, 0)   = 18
send(23, "\n", 1, 0)                    = 1
send(23, "User-Agent: PHP/", 16, 0)     = 16
send(23, "3.0.8", 5, 0)                 = 5
send(23, "\n", 1, 0)                    = 1
send(23, "\n", 1, 0)                    = 1
recv(23, "HTTP/1.1 200 OK\r\nDate: Wed, 02"..., 2048, 0) = 312
recv(23, "", 2048, 0)                   = 0
close(23)                               = 0
--- SIGSEGV (Segmentation fault) ---
+++ killed by SIGSEGV +++