php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #28422 Apache Crash with segmentation fault (11)
Submitted: 2004-05-17 17:41 UTC Modified: 2005-01-18 01:00 UTC
Votes:8
Avg. Score:4.2 ± 1.0
Reproduced:8 of 8 (100.0%)
Same Version:2 (25.0%)
Same OS:5 (62.5%)
From: Enrico dot Simetti at ingegneria dot studenti dot unige Assigned:
Status: No Feedback Package: Reproducible crash
PHP Version: 5.0.0RC2 OS: Linux/WinXP
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: Enrico dot Simetti at ingegneria dot studenti dot unige
New email:
PHP Version: OS:

 

 [2004-05-17 17:41 UTC] Enrico dot Simetti at ingegneria dot studenti dot unige
Description:
------------
OS:     Linux 2.6.0
Apache: Apache/1.3.29 (Unix)
PHP:    5.0.0RC2 (compiled with "--with-mysql --with-debug")

The following script makes my apache crash with this error:
"[notice] child pid 13748 exit signal Segmentation fault (11)"

OS:     Windows XP SP1
Apache: Apache/2.0.49 (and 1.3.31 too)
PHP:    5.0.0RC2

The same script makes my apache crash with this error:
"[notice] Parent: child process exited with status 3221225477 -- Restarting."

Reproduce code:
---------------
http://matfors.net/tupac/exception.php.txt

Expected result:
----------------
A few notes...
If i dont use my error_class, everything works fine, and PHP gives me this warning
"Warning: call_user_func_array() [function.call-user-func-array]: Unable
to call my_class::throw_exception() in C:\Programmi\Apache
Group\Apache2\htdocs\testfield\exception.php on line 40"
problably since i threw an exception in that function.

If i use my error_class and i dont use the call_user_func_array, but instead i call $test->throw_exception() everything works fine again (because no Warning is generated?)

If i use my error class and call call_user_func_array then everything blows up 

Actual result:
--------------
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 16384 (LWP 13800)]
0x00000000 in ?? ()
(gdb) bt
#0  0x00000000 in ?? ()
#1  0x403d2fb5 in execute (op_array=0xbfffcca0) at /root/php-5.0.0RC2/Zend/zend_execute.c:1391
#2  0x403ac282 in zend_call_function (fci=0xbfffcca0, fci_cache=0x0)
    at /root/php-5.0.0RC2/Zend/zend_execute_API.c:835
#3  0x403abbb5 in call_user_function_ex (function_table=0x80c8f78, object_pp=0x80c8f78,
    function_name=0x80c8f78, retval_ptr_ptr=0x80c8f78, param_count=135040888, params=0x80c8f78,
    no_separation=135040888, symbol_table=0x80c8f78)
    at /root/php-5.0.0RC2/Zend/zend_execute_API.c:550
#4  0x403b5f63 in zend_error (type=2, format=0x403fbb8e "%s") at /root/php-5.0.0RC2/Zend/zend.c:975
#5  0x4037f6a8 in php_verror (docref=0x80c3f4c "", params=0x403e0774 "", type=2,
    format=0x403ecdcf "Unable to call %s()", args=0xbfffce0c "\214>\f\b?NC@\002")
    at /root/php-5.0.0RC2/main/main.c:544
#6  0x4037f9df in php_error_docref0 (docref=0x0, type=2, format=0x403ecdcf "Unable to call %s()")
    at /root/php-5.0.0RC2/main/main.c:564
#7  0x40327d55 in zif_call_user_func_array (ht=2, return_value=0x80c3e6c, this_ptr=0x0,
    return_value_used=0) at /root/php-5.0.0RC2/ext/standard/basic_functions.c:1949
#8  0x403d6660 in zend_do_fcall_common_helper (execute_data=0xbfffd090, opline=0x80c3ac0,
    op_array=0x80c30e4) at /root/php-5.0.0RC2/Zend/zend_execute.c:2699
#9  0x403d67da in zend_do_fcall_handler (execute_data=0xbfffd090, opline=0x80c3ac0,
    op_array=0x80c30e4) at /root/php-5.0.0RC2/Zend/zend_execute.c:2828
#10 0x403d2fb5 in execute (op_array=0x80c30e4) at /root/php-5.0.0RC2/Zend/zend_execute.c:1391
#11 0x403b629d in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at /root/php-5.0.0RC2/Zend/zend.c:1058
#12 0x403817c8 in php_execute_script (primary_file=0xbffff3f0) at /root/php-5.0.0RC2/main/main.c:1630
#13 0x403dd1ae in apache_php_module_main (r=0x8178af4, display_source_mode=0)
    at /root/php-5.0.0RC2/sapi/apache/sapi_apache.c:54
#14 0x403ddcda in send_php (r=0x8178af4, display_source_mode=0, filename=0x0)
    at /root/php-5.0.0RC2/sapi/apache/mod_php5.c:621
#15 0x403dde83 in send_parsed_php (r=0x8178af4) at /root/php-5.0.0RC2/sapi/apache/mod_php5.c:636
#16 0x080548df in ap_invoke_handler ()
#17 0x080698a7 in ap_some_auth_required ()
#18 0x08069906 in ap_process_request ()
#19 0x0806093d in ap_child_terminate ()
#20 0x08060b0b in ap_child_terminate ()
#21 0x08060c71 in ap_child_terminate ()
#22 0x08061317 in ap_child_terminate ()
#23 0x08061b4f in main ()
#24 0x400bed06 in __libc_start_main () from /lib/libc.so.6

(gdb) frame 1
#1  0x403d2fb5 in execute (op_array=0xbfffcca0) at /root/php-5.0.0RC2/Zend/zend_execute.c:1391
1391                    if (EX(opline)->handler(&execute_data, EX(opline), op_array TSRMLS_CC)) {
(gdb) print (char *)(executor_globals.function_state_ptr->function)->common.function_name
$2 = 0x80c80f4 "handler"

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-01-10 15:24 UTC] sniper@php.net
Please try using this CVS snapshot:

  http://snaps.php.net/php5-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5-win32-latest.zip


 [2005-01-18 01:00 UTC] php-bugs at lists dot php dot net
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 [2005-01-31 10:59 UTC] volker dot buzek at rrze dot uni-erlangen dot de
verified also on
SunOS BOX 5.9 Generic_112233-11 sun4u sparc SUNW,Ultra-4
PHP 5.0.3 (cgi-fcgi) (built: Jan 14 2005 09:06:17)
Apache/2.0.52 (Server built: Jan 18 2005 12:56:09)
suPHP-0.5.2

using the code from
http://matfors.net/tupac/exception.php.txt

when executed with line 34 in place: core dump, but _without_ any notice in any of the following log files: apache-, php-, suphp-log

when executed with line 35 in place and line 34 commented out: works fine
 
PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Tue Aug 09 20:05:45 2022 UTC