php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #16436 ereg causes apache crashes
Submitted: 2002-04-04 15:37 UTC Modified: 2002-04-08 02:55 UTC
From: lb at lamuella dot de Assigned:
Status: Closed Package: Regexps related
PHP Version: 4.0CVS-2002-04-0 OS: Linux
Private report: No CVE-ID: None
 [2002-04-04 15:37 UTC] lb at lamuella dot de
this line crashes the apache process with php 4.2.0RC2 as a module

<?php 
   if (ereg('foo', 'string with foo'))  echo 'got it';
?>

Lutz

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-04-04 20:03 UTC] sniper@php.net
I can not reproduce this with latest CVS or with 4.2.0RC2.
Please add the configure line used into this bug report.
Also, configure php with --enable-debug and generate
a GDB backtrace of the crash.


 [2002-04-05 16:18 UTC] lb at lamuella dot de
The crash don't happen when php is runing as a cgi or with the cli api. And I have no idea how to tell the apache to dump a core when the php-module crashes. So I'm not able to provide a backtrace.

This is the configure I've used:

'./configure' '--prefix=/usr/local' '--with-config-file-path=/etc' '--with-apxs=/usr/local/apache/bin/apxs' '--enable-shared' '--enable-sysvsem' '--enable-sysvshm' '--enable-inline-optimization' '--with-regex=system' '--with-mysql=/usr/local/mysql' '--with-interbase=/opt/interbase' '--enable-ftp' '--enable-sockets' '--with-zlib-dir=/usr/local' '--with-ttf' '--with-png-dir=/usr/local' '--with-gd=/usr/local' '--with-jpeg-dir=/usr/local' '--with-gettext' '--with-pdflib'


If I use '--with-regex=php' instead of 'system' everything works fine.

Lutz
 [2002-04-05 16:34 UTC] mfischer@php.net
Your last statement could easily lead to the assumption that your local regexp implementation/library is broken.

To produce a backtrace on apache, fire up gdb with the apache binary and start with the parameter '-X'.
 [2002-04-05 17:14 UTC] lb at lamuella dot de
thanks for your advice, this is the backtrace I've got:

(gdb) backtrace
#0  0x400a8ff1 in kill () from /lib/libc.so.6
#1  0x402637f5 in _emalloc () from /usr/local/apache/libexec/libphp4.so
#2  0x40263b9f in _ecalloc () from /usr/local/apache/libexec/libphp4.so
#3  0x403360c4 in php_reg_replace () from /usr/local/apache/libexec/libphp4.so
#4  0x40336b5c in php_reg_replace () from /usr/local/apache/libexec/libphp4.so
#5  0x40336cdd in zif_ereg_replace () from /usr/local/apache/libexec/libphp4.so
#6  0x40271797 in execute () from /usr/local/apache/libexec/libphp4.so
#7  0x402719bf in execute () from /usr/local/apache/libexec/libphp4.so
#8  0x402719bf in execute () from /usr/local/apache/libexec/libphp4.so
#9  0x402836f4 in zend_execute_scripts () from /usr/local/apache/libexec/libphp4.so
#10 0x40297415 in php_execute_script () from /usr/local/apache/libexec/libphp4.so
#11 0x40291990 in apache_php_module_main () from /usr/local/apache/libexec/libphp4.so
#12 0x40292910 in php_restore_umask () from /usr/local/apache/libexec/libphp4.so
#13 0x40292993 in php_restore_umask () from /usr/local/apache/libexec/libphp4.so
#14 0x8054e89 in ap_invoke_handler ()
#15 0x806a40f in process_request_internal ()
#16 0x806a482 in ap_process_request ()
#17 0x8061066 in child_main ()
#18 0x8061225 in make_child ()
#19 0x80613a6 in startup_children ()
#20 0x8061a2c in standalone_main ()
#21 0x806225c in main ()
#22 0x40098c5f in __libc_start_main () from /lib/libc.so.6

My installation is a more or less standard Suse Linux 7.2, kernel 2.4.4, etc.

Lutz
 [2002-04-05 17:25 UTC] sniper@php.net
Please reconfigure/compile PHP with --enable-debug added to the configure line. And generate a new gdb backtrace.

--Jani

 [2002-04-05 18:11 UTC] lb at lamuella dot de
sure, sorry  X-)

#0  0x400a8ff1 in kill () from /lib/libc.so.6
#1  0x402637f5 in _emalloc (size=1087286440, __zend_filename=0x403bec15 "reg.c", __zend_lineno=301,
    __zend_orig_filename=0x0, __zend_orig_lineno=0) at zend_alloc.c:173
#2  0x40263b9f in _ecalloc (nmemb=8, size=135910805, __zend_filename=0x403bec15 "reg.c",
    __zend_lineno=301, __zend_orig_filename=0x0, __zend_orig_lineno=0) at zend_alloc.c:257
#3  0x403360c4 in php_reg_replace (pattern=0x817430c "tbl_properties.php$",
    replace=0x81631bc "db_details.php",
    string=0x8178d24 "lang=en&amp;server=1&amp;db=test&amp;table=dates&amp;goto=tbl_properties.php",
icase=0, extended=1) at reg.c:301
#4  0x40336b5c in php_ereg_replace (ht=3, return_value=0x816327c, this_ptr=0x0,
    return_value_used=1, icase=0) at reg.c:475
#5  0x40336cdd in zif_ereg_replace (ht=3, return_value=0x816327c, this_ptr=0x0, return_value_used=1)
    at reg.c:493
#6  0x40271797 in execute (op_array=0x817b9cc) at ./zend_execute.c:1598
#7  0x402836f4 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at zend.c:810
#8  0x40297415 in php_execute_script (primary_file=0xbffff1b8) at main.c:1381
#9  0x40291990 in apache_php_module_main (r=0x810e044, display_source_mode=0) at sapi_apache.c:90
#10 0x40292910 in send_php (r=0x810e044, display_source_mode=0,
    filename=0x810ed04 "/var/www/htdocs/apps/phpMyAdmin/tbl_properties.php") at mod_php4.c:575
#11 0x40292993 in send_parsed_php (r=0x810e044) at mod_php4.c:590
#12 0x8054e89 in ap_invoke_handler ()
#13 0x806a40f in process_request_internal ()
#14 0x806a482 in ap_process_request ()
#15 0x8061066 in child_main ()
#16 0x8061225 in make_child ()
#17 0x80613a6 in startup_children ()
#18 0x8061a2c in standalone_main ()
#19 0x806225c in main ()
#20 0x40098c5f in __libc_start_main () from /lib/libc.so.6

because I can not reproduce the crash in this moment with the script I have posted yesterday, this one is from executing phpmyadmin, where I got the error first.

Lutz
 [2002-04-08 02:54 UTC] derick@php.net
This is fixed in CVS by disabling this.

Derick
 [2002-04-08 02:55 UTC] sniper@php.net
Not disabled but fall back using bundled regex library
if compiling with Apache.

--Jani

 [2002-07-15 02:22 UTC] estelle at megaphone dot ch
PHP 4.1.2, Apache 1.3.26.
Problem occurs (ereg function causes a time exceeded error, eating maximum CPU on our Solaris 8 box).
Not each time ! When I tested first time, it was ok, but several hours later, nothing to do to avoid the problem.

PHP was configured with :

'./configure' \
'--with-apxs=/opt/apache/bin/apxs' \
'--enable-versioning' \
'--with-mysql' \
'--enable-track-vars' \
'--with-config-file-path=/opt/apache/conf' \
'--enable-safe-mode' \
'--with-gd=/usr/local' \
'--enable-ctype' \
'--enable-gettext' \
'--with-png-dir=/usr/local/lib' \
'--with-zlib-dir=/usr/local/lib' \
'--with-regex=php' \

Regards,  

        Estelle
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Dec 10 21:01:27 2024 UTC