php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #20388 Segmentation Fault
Submitted: 2002-11-12 08:05 UTC Modified: 2002-11-13 07:41 UTC
From: mike dot hall at opencube dot co dot uk Assigned:
Status: Closed Package: *XML functions
PHP Version: 4.2.3 OS: FreeBSD 4.6
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: mike dot hall at opencube dot co dot uk
New email:
PHP Version: OS:

 

 [2002-11-12 08:05 UTC] mike dot hall at opencube dot co dot uk
Afternoon:
 
I'm having problems with PHP CGI crashing and I have no idea why. The script I'm running hasn't changed, nor has the server setup. It ran fine for several weeks and then started crashing. I rebooted the server and it was fine for a couple of days... now its crashing again.

The script is a daemon that listens on a port for incoming XML fragments (you can see pieces of this XML at the end of the backtrace) - so this could be Socket or XML related.
 
I was running PHP 4.2.1. I upgraded to 4.2.3 and its still doing it. I have also upgraded to the latest snapshot and ran this through PHP 4.3.0-cli - same result.

./configure --with-mysql --enable-debug --enable-shared=yes --without-apache --enable-ftp --with-mcrypt --with-curl --enable-sockets
 
Here is a backtrace, but its all greek to me. Can anyone explain what on earth all this means?

#0  0x28353386 in localeconv () from /usr/lib/libc.so.4
#1  0x28364ee1 in strtod () from /usr/lib/libc.so.4
#2  0x8127ac1 in is_numeric_string (str=0x81fe224 "SELECT", length=6, lval=0xbbc00164, dval=0xbbc00158, allow_errors=0 '\000')
    at zend_operators.h:94
#3  0x81276fa in zendi_smart_strcmp (result=0xbbc00348, s1=0xbe84f24, s2=0x82bd4fc) at zend_operators.c:1653
#4  0x8126346 in compare_function (result=0xbbc00348, op1=0xbe84f24, op2=0x82bd4fc) at zend_operators.c:1128
#5  0x8126c2a in is_equal_function (result=0xbbc00348, op1=0xbe84f24, op2=0x82bd4fc) at zend_operators.c:1276
#6  0x814d64f in execute (op_array=0x82b9d24) at ./zend_execute.c:1114
#7  0x8150337 in execute (op_array=0x82ca224) at ./zend_execute.c:1638
#8  0x8150337 in execute (op_array=0x82065a4) at ./zend_execute.c:1638
#9  0x8150337 in execute (op_array=0x82065a4) at ./zend_execute.c:1638

.... (another 59,052 of these) ...

#59061 0x8150337 in execute (op_array=0x82065a4) at ./zend_execute.c:1638
#59062 0x8150337 in execute (op_array=0x82065a4) at ./zend_execute.c:1638
#59063 0x8150337 in execute (op_array=0x82065a4) at ./zend_execute.c:1638
#59064 0x8150337 in execute (op_array=0x82065a4) at ./zend_execute.c:1638
#59065 0x8150337 in execute (op_array=0x82065a4) at ./zend_execute.c:1638
#59066 0x8150337 in execute (op_array=0x8206b24) at ./zend_execute.c:1638
#59067 0x81208b3 in call_user_function_ex (function_table=0x821a698, object_pp=0x81fcc30, function_name=0x81fdd24,
    retval_ptr_ptr=0xbfbfd810, param_count=3, params=0x826bc64, no_separation=1, symbol_table=0x0) at zend_execute_API.c:517
#59068 0x812019d in call_user_function (function_table=0x81ac040, object_pp=0x82a6b60, function_name=0x821eae4,
    retval_ptr=0x826bda4, param_count=3, params=0xbfbfd8a8) at zend_execute_API.c:373
#59069 0x80f1f21 in xml_call_handler (parser=0x82a6b24, handler=0x821eae4, argc=3, argv=0xbfbfd8a8) at xml.c:375



#59070 0x80f2922 in _xml_startElementHandler (userData=0x82a6b24, name=0x81f3a40 "event", attributes=0x82a6c10) at xml.c:657
#59071 0x80f7b53 in doContent (parser=0x81bfc00, startTagLevel=0, enc=0x816ebc0,
    s=0x82e617a "<event date=\"20021112 16:15:00\" venue=\"Newmarket\"><outcome price=\"SP\" id=\"31,PAI370676\" saddlecloth=\"1\" /><outcome price=\"SP\" id=\"31,PAI370677\" saddlecloth=\"2\" /><outcome price=\"NR\" id=\"31,PAI370678\" "...,
end=0x82e9779 "",
    nextPtr=0x0) at xmlparse.c:1659
#59072 0x80f705a in contentProcessor (parser=0x81bfc00,
    start=0x82e504a "<bdml memberid=\"11\" password=\"good9top\"><event date=\"20021112 13:05:00\" venue=\"Huntingdon\"><outcome price=\"SP\" id=\"31,PAI370737\" saddlecloth=\"1\" /><outcome price=\"SP\" id=\"31,PAI370738\" saddlecloth=\"2\""...,
    end=0x82e9779 "", endPtr=0x0) at xmlparse.c:1349
#59073 0x80f9ee2 in doProlog (parser=0x81bfc00, enc=0x816ebc0,
    s=0x82e504a "<bdml memberid=\"11\" password=\"good9top\"><event date=\"20021112 13:05:00\" venue=\"Huntingdon\"><outcome price=\"SP\" id=\"31,PAI370737\" saddlecloth=\"1\" /><outcome price=\"SP\" id=\"31,PAI370738\" saddlecloth=\"2\""..., end=0x82e9779 "",
    tok=29,
    next=0x82e504a "<bdml memberid=\"11\" password=\"good9top\"><event date=\"20021112 13:05:00\" venue=\"Huntingdon\"><outcome price=\"SP\" id=\"31,PAI370737\" saddlecloth=\"1\" /><outcome price=\"SP\" id=\"31,PAI370738\" saddlecloth=\"2\""..., nextPtr=0x0)
---Type <return> to continue, or q <return> to quit---
    at xmlparse.c:2687
#59074 0x80f9a54 in prologProcessor (parser=0x81bfc00,
    s=0x82e5024 "<?xml version=\"1.0\" encoding=\"utf-8\"?><bdml memberid=\"11\" password=\"good9top\"><event date=\"20021112 13:05:00\" venue=\"Huntingdon\"><outcome price=\"SP\" id=\"31,PAI370737\" saddlecloth=\"1\" /><outcome price="..., end=0x82e9779 "",
    nextPtr=0x0) at xmlparse.c:2523
#59075 0x80f99ea in prologInitProcessor (parser=0x81bfc00,
    s=0x82e5024 "<?xml version=\"1.0\" encoding=\"utf-8\"?><bdml memberid=\"11\" password=\"good9top\"><event date=\"20021112 13:05:00\" venue=\"Huntingdon\"><outcome price=\"SP\" id=\"31,PAI370737\" saddlecloth=\"1\" /><outcome price="..., end=0x82e9779 "",
    nextPtr=0x0) at xmlparse.c:2512
#59076 0x80f68c8 in php_XML_Parse (parser=0x81bfc00,
    s=0x82e5024 "<?xml version=\"1.0\" encoding=\"utf-8\"?><bdml memberid=\"11\" password=\"good9top\"><event date=\"20021112 13:05:00\" venue=\"Huntingdon\"><outcome price=\"SP\" id=\"31,PAI370737\" saddlecloth=\"1\" /><outcome price="..., len=18261, isFinal=1)
    at xmlparse.c:1103
#59077 0x80f4864 in zif_xml_parse (ht=3, return_value=0x81fdc24, this_ptr=0x0, return_value_used=1) at xml.c:1341
#59078 0x8150156 in execute (op_array=0x82060a4) at ./zend_execute.c:1598
#59079 0x8150337 in execute (op_array=0x81f6f24) at ./zend_execute.c:1638
#59080 0x8129bd5 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at zend.c:812
#59081 0x8063bed in php_execute_script (primary_file=0xbfbffab8) at main.c:1383
#59082 0x80612a4 in main (argc=4, argv=0xbfbffb34) at cgi_main.c:778
#59083 0x80603bd in _start ()

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-11-12 10:33 UTC] nicos@php.net
It looks that it's XML related and not sockets.

Did you try it with the latest snapshoot ?
http://snaps.php.net
 [2002-11-12 10:36 UTC] mike dot hall at opencube dot co dot uk
Yes, I tried with php4-STABLE-200211121230 from snaps. Same result.
 [2002-11-12 10:40 UTC] sniper@php.net
Please try using this CVS snapshot:

  http://snaps.php.net/php4-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php4-win32-latest.zip

and NOT the 'STABLE' ones..

 [2002-11-12 10:40 UTC] derick@php.net
Hello,

I think you're recursivley calling a function somewhere, would it be possible to tar the whole package up so that we can try to reproduce it?

Derick
 [2002-11-12 11:06 UTC] mike dot hall at opencube dot co dot uk
I tried with http://snaps.php.net/php4-latest.tar.gz and the system is still seg faulting. The strange thing is - I ran exactly the same code for several weeks without trouble.

I can look at packaging up the code, but it is part of a very large application. I will try and put something together though. I don't think I am recursively calling any functions though!

Backtrace is a little different this time.

#0  0x283d9faf in isatty () from /usr/lib/libc.so.4
(gdb) bt
#0  0x283d9faf in isatty () from /usr/lib/libc.so.4
#1  0x283da6cd in malloc () from /usr/lib/libc.so.4
#2  0x8183e61 in _emalloc (size=43, __zend_filename=0x82001a0 "/usr/custom/src/php4-200211121630/Zend/zend_hash.c",
    __zend_lineno=262, __zend_orig_filename=0x0, __zend_orig_lineno=0) at /usr/custom/src/php4-200211121630/Zend/zend_alloc.c:154
#3  0x81999f1 in zend_hash_add_or_update (ht=0xbecf2a4, arKey=0x8346a64 "newhost", nKeyLength=8, pData=0xbbc00114, nDataSize=4,
    pDest=0xbbc00128, flag=1) at /usr/custom/src/php4-200211121630/Zend/zend_hash.c:262
#4  0x81a2500 in zend_fetch_var_address (opline=0x8349024, Ts=0xbbc0014c, type=1)
    at /usr/custom/src/php4-200211121630/Zend/zend_execute.c:575
#5  0x81a43f6 in execute (op_array=0x8347324) at /usr/custom/src/php4-200211121630/Zend/zend_execute.c:1231
#6  0x81a65f4 in execute (op_array=0x83473a4) at /usr/custom/src/php4-200211121630/Zend/zend_execute.c:1639
#7  0x81a65f4 in execute (op_array=0x83478a4) at /usr/custom/src/php4-200211121630/Zend/zend_execute.c:1639

...

#58241 0x81a65f4 in execute (op_array=0x828eba4) at /usr/custom/src/php4-200211121630/Zend/zend_execute.c:1639
#58242 0x81a65f4 in execute (op_array=0x828eba4) at /usr/custom/src/php4-200211121630/Zend/zend_execute.c:1639
#58243 0x81a65f4 in execute (op_array=0x828eba4) at /usr/custom/src/php4-200211121630/Zend/zend_execute.c:1639
#58244 0x81a65f4 in execute (op_array=0x82a0124) at /usr/custom/src/php4-200211121630/Zend/zend_execute.c:1639
#58245 0x818c52f in call_user_function_ex (function_table=0x82a0c98, object_pp=0x82882b0, function_name=0x82b32e4,
    retval_ptr_ptr=0xbfbfd3e4, param_count=3, params=0x828b024, no_separation=1, symbol_table=0x0)
    at /usr/custom/src/php4-200211121630/Zend/zend_execute_API.c:561
#58246 0x818bdcd in call_user_function (function_table=0x8224040, object_pp=0x8331d60, function_name=0x82b30a4,
    retval_ptr=0x8345da4, param_count=3, params=0xbfbfd47c) at /usr/custom/src/php4-200211121630/Zend/zend_execute_API.c:403
#58247 0x813bbad in xml_call_handler (parser=0x8331d24, handler=0x82b30a4, argc=3, argv=0xbfbfd47c)
    at /usr/custom/src/php4-200211121630/ext/xml/xml.c:377


#58248 0x813c5ae in _xml_startElementHandler (userData=0x8331d24, name=0x827a820 "event", attributes=0x8331e10)
    at /usr/custom/src/php4-200211121630/ext/xml/xml.c:659
#58249 0x81417bf in doContent (parser=0x8237c00, startTagLevel=0, enc=0x81e5780,
    s=0x837617a "<event date=\"20021112 16:15:00\" venue=\"Newmarket\"><outcome price=\"SP\" id=\"31,PAI370676\" saddlecloth=\"1\" /><outcome price=\"SP\" id=\"31,PAI370677\" saddlecloth=\"2\" /><outcome price=\"NR\" id=\"31,PAI370678\" "..., end=0x8379779 "",
    nextPtr=0x0) at /usr/custom/src/php4-200211121630/ext/xml/expat/xmlparse.c:1659
#58250 0x8140cc6 in contentProcessor (parser=0x8237c00,
    start=0x837504a "<bdml memberid=\"11\" password=\"good9top\"><event date=\"20021112 13:05:00\" venue=\"Huntingdon\"><outcome price=\"SP\" id=\"31,PAI370737\" saddlecloth=\"1\" /><outcome price=\"SP\" id=\"31,PAI370738\" saddlecloth=\"2\""...,
    end=0x8379779 "", endPtr=0x0) at /usr/custom/src/php4-200211121630/ext/xml/expat/xmlparse.c:1349
#58251 0x8143b4e in doProlog (parser=0x8237c00, enc=0x81e5780,
    s=0x837504a "<bdml memberid=\"11\" password=\"good9top\"><event date=\"20021112 13:05:00\" venue=\"Huntingdon\"><outcome price=\"SP\" id=\"31,PAI370737\" saddlecloth=\"1\" /><outcome price=\"SP\" id=\"31,PAI370738\" saddlecloth=\"2\""..., end=0x8379779 "",
    tok=29,
    next=0x837504a "<bdml memberid=\"11\" password=\"good9top\"><event date=\"20021112 13:05:00\" venue=\"Huntingdon\"><outcome price=\"SP\" id=\"31,PAI370737\" saddlecloth=\"1\" /><outcome price=\"SP\" id=\"31,PAI370738\" saddlecloth=\"2\""..., nextPtr=0x0)
    at /usr/custom/src/php4-200211121630/ext/xml/expat/xmlparse.c:2687
---Type <return> to continue, or q <return> to quit---
#58252 0x81436c0 in prologProcessor (parser=0x8237c00,
    s=0x8375024 "<?xml version=\"1.0\" encoding=\"utf-8\"?><bdml memberid=\"11\" password=\"good9top\"><event date=\"20021112 13:05:00\" venue=\"Huntingdon\"><outcome price=\"SP\" id=\"31,PAI370737\" saddlecloth=\"1\" /><outcome price="..., end=0x8379779 "",
    nextPtr=0x0) at /usr/custom/src/php4-200211121630/ext/xml/expat/xmlparse.c:2523
#58253 0x8143656 in prologInitProcessor (parser=0x8237c00,
    s=0x8375024 "<?xml version=\"1.0\" encoding=\"utf-8\"?><bdml memberid=\"11\" password=\"good9top\"><event date=\"20021112 13:05:00\" venue=\"Huntingdon\"><outcome price=\"SP\" id=\"31,PAI370737\" saddlecloth=\"1\" /><outcome price="..., end=0x8379779 "",
    nextPtr=0x0) at /usr/custom/src/php4-200211121630/ext/xml/expat/xmlparse.c:2512
#58254 0x8140534 in php_XML_Parse (parser=0x8237c00,
    s=0x8375024 "<?xml version=\"1.0\" encoding=\"utf-8\"?><bdml memberid=\"11\" password=\"good9top\"><event date=\"20021112 13:05:00\" venue=\"Huntingdon\"><outcome price=\"SP\" id=\"31,PAI370737\" saddlecloth=\"1\" /><outcome price="..., len=18261, isFinal=1)
    at /usr/custom/src/php4-200211121630/ext/xml/expat/xmlparse.c:1103
#58255 0x813e4d0 in zif_xml_parse (ht=3, return_value=0x82be8a4, this_ptr=0x0, return_value_used=1)
    at /usr/custom/src/php4-200211121630/ext/xml/xml.c:1342
#58256 0x81a63fb in execute (op_array=0x828e6a4) at /usr/custom/src/php4-200211121630/Zend/zend_execute.c:1595
#58257 0x81a65f4 in execute (op_array=0x8282524) at /usr/custom/src/php4-200211121630/Zend/zend_execute.c:1639
#58258 0x8195a0d in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /usr/custom/src/php4-200211121630/Zend/zend.c:840
#58259 0x816441b in php_execute_script (primary_file=0xbfbffac8) at /usr/custom/src/php4-200211121630/main/main.c:1560
#58260 0x81abedb in main (argc=4, argv=0xbfbffb38) at /usr/custom/src/php4-200211121630/sapi/cli/php_cli.c:701
#58261 0x8064a0d in _start ()
 [2002-11-12 12:05 UTC] derick@php.net
it would be cool if you could try the following to see if you're calling recursive functions:

1. Download xdebug from 
http://xdebug.derickrethans.nl/link.php?url=xdebug100rc1-422-f46
2. enable it in your php.ini file:
zend_extension=/path/to/module/xdebug.so

and restart your webserver and try the script, or start your command line script. It should give you a warning if you're
trying to recursively call functions (with a full trace of all function calls).

regards,
Derick
 [2002-11-13 07:41 UTC] mike dot hall at opencube dot co dot uk
I installed xdebug, then the software stopped crashing! I took xdebug off again and it still isn't crashing. Very odd.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Mar 28 13:01:28 2024 UTC