php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #21756 Accessing $_SERVER['PATH_INFO '] causes intermittent segfault in Apache
Submitted: 2003-01-19 14:34 UTC Modified: 2003-05-09 07:26 UTC
From: php at lost dot co dot nz Assigned:
Status: No Feedback Package: Apache related
PHP Version: 4.3.0 OS: Linux/Apache (Debian 3.0r1)
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2003-01-19 14:34 UTC] php at lost dot co dot nz
If the special global $_SERVER['PATH_INFO'] is accessed in scripts on either my test or production server when it is not set (on load of home page usually) it causes Apache to segfault intermittently (like 1/100 page views...).

eg, this is what caused me grief:
if( $_SERVER['PATH_INFO'] == 'whatever')
   include( 'whatever_else');

Wrapping in call to 'isset' stopped crashes:
if( isset($_SERVER['PATH_INFO']) )
    if( $_SERVER['PATH_INFO'] == 'whatever')
       include( 'whatever_else');

Was really hard to reproduce.  In the end I sat at a split screen comparing the error to the access log, second by second.  The error log was reporting ~100-300 segfaults a day untill I used the call to isset, when that dropped to zero.  (After a fun 6 hours trying to catch it with gdb...)

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-01-20 00:04 UTC] sniper@php.net
Sounds pretty unlikely for the crash being caused 
by unset variable/array index. 

And btw. If you conditionally include() files, then
you MUST use { } with the clauses:

http://www.php.net/manual/en/function.include.php
(Example 12-6)

Maybe this caused the crashes?


 [2003-01-20 04:46 UTC] php at lost dot co dot nz
Yes, you're right, the include() statement in my toy example should have been wrapped in a pair of braces - the actual code does not contain calls to include() however...

I'm sorry I could not provide a backtrace - the thing refused to misbehave when gdb was listening.  Prehaps someone who is more familiar with the Apache (1.3) / PHP interface will know where to examine more closely.
 [2003-01-20 04:50 UTC] sniper@php.net
Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read
http://bugs.php.net/bugs-generating-backtrace.php

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.


There you can find some info how to use GDB properly.

Can you provide a short, COMPLETE and self-contained
example script that can be used to reproduce this?

It's not much use for us to try guessing unless you don't 
give us the necessary information..

 [2003-02-04 16:51 UTC] sniper@php.net
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Open". Thank you.


 [2003-02-06 13:36 UTC] php at lost dot co dot nz
I have already tried to generate the requested backtrace (as already noted below...), but was unable to get apache to segfault while I was watching.

I determined the cause of the bug by comparing access and error logs, looking at the called scripts, and examining points of similarity.

The bug was confirmed when, after I wrapped the reads to $_SERVER['PATH_INFO'] (see below) the segfault frequency went from 1-200/day to zero.  This was the only change made, which would seem to clinch the deal.
 [2003-02-06 16:59 UTC] sniper@php.net
Please try using this CVS snapshot:

  http://snaps.php.net/php4-STABLE-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php4-win32-STABLE-latest.zip


With the very little information you've given..please
give the snapshot a try. If the problem persists,
please give us a _complete_ and short example script
which can be used to reproduce this.

Also, what was the configure line used to configure PHP?

 [2003-04-23 21:28 UTC] flight553 at yahoo dot com
Change your configure statement to '--enable-discard-path' and then PHp will not try to fopen whatever the PATH_INFO is.
 [2003-05-09 07:26 UTC] sniper@php.net
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Open". Thank you.


 
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Sat Dec 05 09:01:23 2020 UTC