php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #25099 DBA extension with DB2 handler crashing Apache
Submitted: 2003-08-15 12:37 UTC Modified: 2003-08-17 05:10 UTC
From: nathan at inimit dot com Assigned: helly (profile)
Status: Wont fix Package: DBM/DBA related
PHP Version: 4.3.2 OS: RedHat 7.2
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2003-08-15 12:37 UTC] nathan at inimit dot com
Description:
------------
When running the code below which uses the DBA extension and the DB2 handler, I have run across a problem which is replicable using the code below that causes a segfault in Apache. When I run the script via CLI, the code seems to work fine and no errors are produced. I have added the "-" on the last part of the flag due to the file locking mechanism described in a previous bug.

Server version: Apache/1.3.27 (Unix)  (Red-Hat/Linux)
Server built:   Oct 23 2002 14:52:50
Server's Module Magic Number: 19990320:13
Server compiled with....
 -D EAPI
 -D EAPI_MM
 -D EAPI_MM_CORE_PATH="/var/run/httpd.mm"
 -D HAVE_MMAP
 -D HAVE_SHMGET
 -D USE_SHMGET_SCOREBOARD
 -D USE_MMAP_FILES
 -D HAVE_FCNTL_SERIALIZED_ACCEPT
 -D HAVE_SYSVSEM_SERIALIZED_ACCEPT
 -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
 -D HARD_SERVER_LIMIT=256
 -D HTTPD_ROOT="/etc/httpd"
 -D SUEXEC_BIN="/usr/sbin/suexec"
 -D DEFAULT_PIDLOG="/var/run/httpd.pid"
 -D DEFAULT_SCOREBOARD="/var/run/httpd.scoreboard"
 -D DEFAULT_LOCKFILE="/var/run/httpd.lock"
 -D DEFAULT_ERRORLOG="/var/log/httpd/error_log"
 -D TYPES_CONFIG_FILE="conf/mime.types"
 -D SERVER_CONFIG_FILE="conf/httpd.conf"
 -D ACCESS_CONFIG_FILE="conf/access.conf"
 -D RESOURCE_CONFIG_FILE="conf/srm.conf"

PHP 4.3.2 Configure Options:
--exec-prefix=/usr
--bindir=/usr/bin
--sbindir=/usr/sbin
--sysconfdir=/etc
--datadir=/usr/share
--includedir=/usr/include
--libdir=/usr/lib
--libexecdir=/usr/libexec
--localstatedir=/var
--sharedstatedir=/usr/com
--mandir=/usr/share/man
--infodir=/usr/share/info
--prefix=/usr
--with-config-file-path=/etc
--with-apxs
--with-pear
--with-zlib
--enable-dba
--with-db2
--with-flatfile
--enable-exif
--enable-ftp
--with-gd
--with-ttf
--with-gettext
--with-mysql=shared,/usr

ldd /usr/src/redhat/SOURCES/php-4.3.2/sapi/cli/php
        libcrypt.so.1 => /lib/libcrypt.so.1 (0x4001b000)
        libnsl.so.1 => /lib/libnsl.so.1 (0x40049000)
        libexpat.so.0 => /usr/lib/libexpat.so.0 (0x4005e000)
        libmm.so.11 => /usr/lib/libmm.so.11 (0x4007d000)
        libpspell.so.4 => /usr/lib/libpspell.so.4 (0x40082000)
        libltdl.so.3 => /usr/lib/libltdl.so.3 (0x4009c000)
        libpspell-modules.so.1 => /usr/lib/libpspell-modules.so.1 (0x400a3000)
        libstdc++-libc6.2-2.so.3 => /usr/lib/libstdc++-libc6.2-2.so.3 (0x400a6000)
        libm.so.6 => /lib/i686/libm.so.6 (0x400e9000)
        libc.so.6 => /lib/i686/libc.so.6 (0x42000000)
        libpanel.so.5 => /usr/lib/libpanel.so.5 (0x4010b000)
        libncurses.so.5 => /usr/lib/libncurses.so.5 (0x4010f000)
        libgmp.so.3 => /usr/lib/libgmp.so.3 (0x4014d000)
        libpng.so.2 => /usr/lib/libpng.so.2 (0x40176000)
        libz.so.1 => /usr/lib/libz.so.1 (0x40198000)
        libjpeg.so.62 => /usr/lib/libjpeg.so.62 (0x401a6000)
        libdb.so.3 => /usr/lib/libdb.so.3 (0x401c4000)
        libbz2.so.1 => /usr/lib/libbz2.so.1 (0x40200000)
        libssl.so.2 => /lib/libssl.so.2 (0x40210000)
        libcrypto.so.2 => /lib/libcrypto.so.2 (0x4023e000)
        libresolv.so.2 => /lib/libresolv.so.2 (0x40302000)
        libdl.so.2 => /lib/libdl.so.2 (0x40313000)
        libxml2.so.2 => /usr/lib/libxml2.so.2 (0x40316000)
        /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)


Reproduce code:
---------------
<?php
$file = '/tmp/dba_open.test';

// check to see whether to create the file or update
$flag = (file_exists($file)) ? 'w-' : 'c-';

$dba = dba_open($file, $flag, 'db2');

if (!$dba) {
        die('no connection');
} else {
	dba_insert('key-'.substr(time(), -3), 'test-'.time(), $dba);
	dba_close($dba);
}
?>

Expected result:
----------------
When running the code above there is no expected output, but rather a new file to be created in the /tmp directory based on the DB2 handler and if the file exists from a previous execution then new row to be inserted .

Actual result:
--------------
When ran via CLI, the code above works perfectly fine. When the script is attempted to be loaded in Apache, the child proc dies.

> gdb /usr/sbin/httpd
(gdb) run -DHAVE_MYSQL -DHAVE_PHP4 -X
(gdb) bt
#0  0x00000000 in ?? ()
#1  0x4036b642 in __db_calloc () from /usr/lib/libdb.so.3
#2  0x4036481d in db_open () from /usr/lib/libdb.so.3
#3  0x40583b84 in dba_open_db2 (info=0x810bfd4, error=0xbfffc944) at 
    /usr/src/redhat/SOURCES/php-4.3.2/ext/dba/dba_db2.c:75
#4  0x40582941 in php_dba_open (ht=3, return_value=0x819466c, this_ptr=0x0, return_value_used=1, persistent=0)
    at /usr/src/redhat/SOURCES/php-4.3.2/ext/dba/dba.c:606
#5  0x40582ae5 in zif_dba_open (ht=3, return_value=0x819466c, this_ptr=0x0, return_value_used=1)
    at /usr/src/redhat/SOURCES/php-4.3.2/ext/dba/dba.c:648
#6  0x4065fab8 in execute (op_array=0x815727c) at /usr/src/redhat/SOURCES/php-4.3.2/Zend/zend_execute.c:1606
#7  0x4064d5c4 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at 
    /usr/src/redhat/SOURCES/php-4.3.2/Zend/zend.c:869
#8  0x40626b4c in php_execute_script (primary_file=0xbffff640) at /usr/src/redhat/SOURCES/php-4.3.2/main/main.c:1671
#9  0x40667066 in apache_php_module_main (r=0x80fd818, display_source_mode=0)
    at /usr/src/redhat/SOURCES/php-4.3.2/sapi/apache/sapi_apache.c:54
#10 0x40667c42 in send_php (r=0x80fd818, display_source_mode=0, filename=0x0)
    at /usr/src/redhat/SOURCES/php-4.3.2/sapi/apache/mod_php4.c:617
#11 0x40667c96 in send_parsed_php (r=0x80fd818) at /usr/src/redhat/SOURCES/php-4.3.2/sapi/apache/mod_php4.c:632
#12 0x080547cd in ap_invoke_handler ()
#13 0x0806769c in process_request_internal ()
#14 0x08067713 in ap_process_request ()
#15 0x0805f867 in child_main ()
#16 0x0805fa0a in make_child ()
#17 0x0805fb4d in startup_children ()
#18 0x080601a0 in standalone_main ()
#19 0x08060aa3 in main ()
#20 0x42017589 in __libc_start_main () from /lib/i686/libc.so.6

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-08-17 00:44 UTC] sniper@php.net
Note: there is also another crash when you have both gdbm and ndbm handlers enabled and you use the ndbm handler in the above mentioned script. Backtrace as follows:

0x40d9a6c8 in gdbm_store () from /usr/lib/libgdbm.so.2
(gdb) bt
#0  0x40d9a6c8 in gdbm_store () from /usr/lib/libgdbm.so.2
#1  0x40d99bcf in dbm_store () from /usr/lib/libgdbm.so.2
#2  0x80d1b4f in dba_update_ndbm (info=0x874f8b4, key=0x874fad4 "key-020", keylen=7, val=0x874f874 "test-1061099020", 
    vallen=15, mode=1) at /usr/src/web/php/php4_3/ext/dba/dba_ndbm.c:99
#3  0x80ce28f in php_dba_update (ht=3, return_value=0x874fb0c, this_ptr=0x0, return_value_used=0, mode=1)
    at /usr/src/web/php/php4_3/ext/dba/dba.c:480
#4  0x80d012c in zif_dba_insert (ht=3, return_value=0x874fb0c, this_ptr=0x0, return_value_used=0)
    at /usr/src/web/php/php4_3/ext/dba/dba.c:945

Some conflict with gdbm vs. ndbm funcs..

 [2003-08-17 05:10 UTC] helly@php.net
To even make it harder db2 comes into this conflict, too. Mandrake is a nice platform where all works fine, so it's clearly a problem of how the libs where build on those platforms and not our problem or a problem we could solve.
 
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Thu Dec 03 14:01:27 2020 UTC