PHP :: Bug #15607 :: Apache Crash

Bug #15607

Apache Crash

Submitted:

2002-02-18 16:32 UTC

Modified:

2010-11-15 21:13 UTC

Votes:	1
Avg. Score:	5.0 ± 0.0
Reproduced:	1 of 1 (100.0%)
Same Version:	0 (0.0%)
Same OS:	0 (0.0%)

From:

fedelman at claxson dot com

Assigned:

felipe (profile)

Status:

Closed

Package:

Pspell related

PHP Version:

4.1.1

OS:

Solaris 5.7

Private report:

CVE-ID:

None

View Developer Edit

[2002-02-18 16:32 UTC] fedelman at claxson dot com

I'm Sys Admin of El Sitio (www.elsitio.com). I developed de Web Mail of the Site (freemail.elsitio.com).

The Web Mail frontend run on Sun Netra t1 with Solaris 7 (patched 7 recommended). I use gnu gcc and ld (/usr/ccs/bin/ld).

I compile pspell and aspell with CC=gcc and CXX=g++.

My php include oci8 (Oracle 8.1.6), imap (imap-2001a), pspell (pspell-.12.2) and aspell (aspell-.33.7).

PHP 4.0.5 works, but imap_mime_header_decode isn?t work, httpd crash.
PHP 4.0.6 works fine.

PHP is 4.1.0 and 4.1.1 segmentation fault when httpd start.
I was testing on Apache 1.3.19 and Apache 1.3.23.

When I compile, I don't get any error.

PHP is buggy buggy buggy :)

thanks and good luck!

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2002-02-19 04:20 UTC] yohgaki@php.net

To properly diagnose this bug, we need a backtrace to see what is
happening behind the scenes. To find out how to generate a backtrace,
please read http://bugs.php.net/bugs-generating-backtrace.php

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open".

Yes, there are bugs. That's why I got a CVS account :)
BTW, could you try snapshot also?

http://snaps.php.net/

[2002-02-21 20:08 UTC] dustin at cs dot uchicago dot edu

I believe I have found the bug.  I'm no PHP coder, but I believe that a {NULL, NULL, NULL} is required at the end of pspell_functions.  The backtrace *I saw* on a similar system (Solaris 8) indicates a segfault in strlen() as called from zend_register_functions.  The auto variable ptr in that function was pointing one element past the end of the pspell_functions array, and ptr->name was a bogus (but non-null) pointer.

Seems likely that this lack of termination of the array works on "most" platforms, by random chance of having NULLs there when PHP starts up.  But certain compiler/linker/config combinations put something other than NULL there, and zend_register_functions runs amok all over the process space.

Adding the terminator allowed Apache to start, and phpinfo() renders correctly.  Still waiting on more in-depth testing.

[2002-02-22 06:43 UTC] yohgaki@php.net

Thanks for you report. I've added function entry terminator.
If you still have problem(s), let us know.

[2010-11-15 21:13 UTC] felipe@php.net

-Package: *Spelling functions +Package: Pspell related -Assigned To: +Assigned To: felipe

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Wed Feb 05 14:01:32 2025 UTC