php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #15607 Apache Crash
Submitted: 2002-02-18 16:32 UTC Modified: 2010-11-15 21:13 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: fedelman at claxson dot com Assigned: felipe (profile)
Status: Closed Package: Pspell related
PHP Version: 4.1.1 OS: Solaris 5.7
Private report: No CVE-ID: None
 [2002-02-18 16:32 UTC] fedelman at claxson dot com
I'm Sys Admin of El Sitio (www.elsitio.com). I developed de Web Mail of the Site (freemail.elsitio.com).

The Web Mail frontend run on Sun Netra t1 with Solaris 7 (patched 7 recommended). I use gnu gcc and ld (/usr/ccs/bin/ld).

I compile pspell and aspell with CC=gcc and CXX=g++.

My php include oci8 (Oracle 8.1.6), imap (imap-2001a), pspell (pspell-.12.2) and aspell (aspell-.33.7).

PHP 4.0.5 works, but imap_mime_header_decode isn?t work, httpd crash.
PHP 4.0.6 works fine.

PHP is 4.1.0 and 4.1.1 segmentation fault when httpd start.
I was testing on Apache 1.3.19 and Apache 1.3.23.

When I compile, I don't get any error.

PHP is buggy buggy buggy :)

thanks and good luck!

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-02-19 04:20 UTC] yohgaki@php.net
To properly diagnose this bug, we need a backtrace to see what is
happening behind the scenes. To find out how to generate a backtrace,
please read http://bugs.php.net/bugs-generating-backtrace.php

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open".

Yes, there are bugs. That's why I got a CVS account :)
BTW, could you try snapshot also?

http://snaps.php.net/
 [2002-02-21 20:08 UTC] dustin at cs dot uchicago dot edu
I believe I have found the bug.  I'm no PHP coder, but I believe that a {NULL, NULL, NULL} is required at the end of pspell_functions.  The backtrace *I saw* on a similar system (Solaris 8) indicates a segfault in strlen() as called from zend_register_functions.  The auto variable ptr in that function was pointing one element past the end of the pspell_functions array, and ptr->name was a bogus (but non-null) pointer.

Seems likely that this lack of termination of the array works on "most" platforms, by random chance of having NULLs there when PHP starts up.  But certain compiler/linker/config combinations put something other than NULL there, and zend_register_functions runs amok all over the process space.

Adding the terminator allowed Apache to start, and phpinfo() renders correctly.  Still waiting on more in-depth testing.
 [2002-02-22 06:43 UTC] yohgaki@php.net
Thanks for you report. I've added function entry terminator.
If you still have problem(s), let us know.
 [2010-11-15 21:13 UTC] felipe@php.net
-Package: *Spelling functions +Package: Pspell related -Assigned To: +Assigned To: felipe
 
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Sat Jul 04 16:01:27 2020 UTC