php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #16438 Segmentation fault
Submitted: 2002-04-04 21:02 UTC Modified: 2002-08-17 01:00 UTC
From: tony at eyeball dot com Assigned:
Status: No Feedback Package: Reproducible crash
PHP Version: 4.1.2 OS: Red Hat Linux release 6.2
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2002-04-04 21:02 UTC] tony at eyeball dot com
configuration line
==================
./configure --with-mysql --with-socket --enable-trans-sid --with-progel --with-gd --enable-discard-path

description
===========
chatv2.php - daily batch program, read database (MySQL), generate statistics, write database. As the records increased, it's occurs more often.

debug info
==========
$ gdb /usr/local/bin/php /home/tony/stats/bin/core
GNU gdb 19991004
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-redhat-linux"...
Core was generated by `/usr/local/bin/php /home/tony/stats/bin/chatv2.php'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /lib/libdl.so.2...done.
Reading symbols from /lib/libcrypt.so.1...done.
Reading symbols from /lib/libresolv.so.2...done.
Reading symbols from /lib/libpam.so.0...done.
Reading symbols from /usr/lib/libgd.so.1...done.
Reading symbols from /lib/libm.so.6...done.
Reading symbols from /lib/libnsl.so.1...done.
Reading symbols from /lib/libc.so.6...done.
Reading symbols from /lib/ld-linux.so.2...done.
Reading symbols from /lib/libnss_files.so.2...done.
Reading symbols from /usr/lib/gconv/ISO8859-1.so...done.
#0  0x80eca73 in _array_init (arg=0xa4feb24) at zend_API.c:561
561		ALLOC_HASHTABLE_REL(arg->value.ht);
(gdb) run  /home/tony/stats/bin/chatv2.php
Starting program: /usr/local/bin/php /home/tony/stats/bin/chatv2.php
X-Powered-By: PHP/4.1.2
Content-type: text/html

Process day : 2002-04-03....

Program received signal SIGSEGV, Segmentation fault.
0x80eca73 in _array_init (arg=0xa4feb24) at zend_API.c:561
561		ALLOC_HASHTABLE_REL(arg->value.ht);
(gdb) bt
#0  0x80eca73 in _array_init (arg=0xa4feb24) at zend_API.c:561
#1  0x8070996 in php_mysql_fetch_hash (ht=1, return_value=0xa4feb24, 
    this_ptr=0x0, return_value_used=1, result_type=1, expected_args=1)
    at php_mysql.c:1590
#2  0x8070b68 in zif_mysql_fetch_assoc (ht=1, return_value=0xa4feb24, 
    this_ptr=0x0, return_value_used=1) at php_mysql.c:1664
#3  0x81057e6 in execute (op_array=0x8184f54) at ./zend_execute.c:1590
#4  0x80ebcb6 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at zend.c:814
#5  0x8062aba in php_execute_script (primary_file=0xbffffa74) at main.c:1307
#6  0x8060e6b in main (argc=2, argv=0xbffffad4) at cgi_main.c:738
(gdb) 


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-04-04 21:08 UTC] sniper@php.net
First, please try with PHP 4.2.0RC2 from http://www.php.net/~derick/

Second question is, how many rows are there in the
array causing the crash?


 [2002-04-05 12:48 UTC] tony at eyeball dot com
1. there're more than 65536 rows. use php 4.1.2 it crashes after 65538
2. tried with PHP 4.2.0RC2, program got "Segmentation fault" again. crashed after 65534

   configuration
   =============
./configure --with-mysql --with-socket --enable-trans-sid --with-progel --with-gd --enable-discard-path --prefix=/mnt/nfshome/tony/php

   debug info
   ==========
$ gdb bin/php /home/tony/stats/bin/core
GNU gdb 19991004
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-redhat-linux"...
Core was generated by `bin/php /home/tony/stats/bin/chatv2.crash.php'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /lib/libdl.so.2...done.
Reading symbols from /lib/libpam.so.0...done.
Reading symbols from /usr/lib/libgd.so.1...done.
Reading symbols from /lib/libcrypt.so.1...done.
Reading symbols from /lib/libresolv.so.2...done.
Reading symbols from /lib/libm.so.6...done.
Reading symbols from /lib/libnsl.so.1...done.
Reading symbols from /lib/libc.so.6...done.
Reading symbols from /lib/ld-linux.so.2...done.
Reading symbols from /lib/libnss_files.so.2...done.
Reading symbols from /usr/lib/gconv/ISO8859-1.so...done.
#0  0x80e7eb1 in zend_hash_add_or_update (ht=0xa51f04c, arKey=0x818150c "End", 
    nKeyLength=4, pData=0xbfffce10, nDataSize=4, pDest=0xbfffce1c, flag=1)
    at zend_hash.c:275
275		ht->arBuckets[nIndex] = p;
(gdb) bt
#0  0x80e7eb1 in zend_hash_add_or_update (ht=0xa51f04c, arKey=0x818150c "End", 
    nKeyLength=4, pData=0xbfffce10, nDataSize=4, pDest=0xbfffce1c, flag=1)
    at zend_hash.c:275
#1  0x810362c in zend_fetch_dimension_address_inner (ht=0xa51f04c, op2=0x8184a80, 
    Ts=0xbfffce84, type=1) at ./zend_execute.c:627
#2  0x80fb8fb in zend_fetch_dimension_address (result=0x8184a60, op1=0x8184a70, 
    op2=0x8184a80, Ts=0xbfffce84, type=1) at ./zend_execute.c:762
#3  0x80fd912 in execute (op_array=0x817ca84) at ./zend_execute.c:1274
#4  0x80e54b7 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at zend.c:810
#5  0x8062eaa in php_execute_script (primary_file=0xbffffa74) at main.c:1381
#6  0x8060f99 in main (argc=2, argv=0xbffffad4) at cgi_main.c:785
(gdb)
 [2002-04-05 12:50 UTC] derick@php.net
Please provide a short reproducing script.

Derick
 [2002-04-08 14:03 UTC] tony at eyeball dot com
chatv2.crash.php
================
<?php
   #
   # generate daily chat histogram
   #
   set_time_limit(5000);
   mysql_pconnect ("localhost","webserv","xxxxxxxx");
   mysql_select_db ("mychatdb");
   $starttime = '2002-04-03 00:00:00';
   $stoptime = '2002-04-03 23:59:59';

   $q1="SELECT Chat_ID, Eyeball_ID, JoinTime, LeaveTime FROM DayChatSessionsV2 WHERE JoinTime>='$starttime' and JoinTime<='$stoptime' and Chat_ID > 0 order by Chat_ID, JoinTime";

   $chatsession = array();
   if($qid1 = SQL_Query($q1)) {
     	while($r = mysql_fetch_assoc($qid1)) {
	    $id = strtolower($r['Eyeball_ID']);
	    $chatid = $r['Chat_ID'];
	    if (!isset($chatsession[$chatid])) {
		$chatsession[$chatid] = array();
		$chatsession[$chatid]['Begin'] = $r['JointTime'];
		$chatsession[$chatid]['End'] = $r['LeaveTime'];
	    } else if ($r['LeaveTime'] < $chatsession[$chatid]['End'])
		$chatsession[$chatid]['End'] = $r['LeaveTime'];
	    echo count($chatsession)."\n";
      	}

      	$chats = count($chatsession);
      	if ($chats > 0) foreach($chatsession as $r) {
  	    $logintm = MakeTM($r["Begin"]);
            if($r["End"] !="") 
                $duration = MakeTM($r["End"]) - $logintm;
            else
                $duration = $curtm - $logintm;

            $duration = $duration < 0? 0 : $duration>86400? 21600 : $duration);

    	    $chatseconds += $duration;
            if($duration <= 60)  $chats_le1  ++;
            else if($duration <= 600) $chats_le10 ++;
       	    else if($duration <= 1800) $chats_le30 ++;
            else  $chats_gt30 ++;
	}
   }
 [2002-06-17 20:46 UTC] sniper@php.net
First try this snapshot:
http://snaps.php.net/php4-latest.tar.gz

And if it fails too, please provide a short and complete
script. And I do mean SHORT. We need such script which
can be easily copy-pasted from the report..

 [2002-08-17 01:00 UTC] php-bugs at lists dot php dot net
No feedback was provided for this bug for over a month, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Mon Jul 13 08:01:25 2020 UTC