php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #29997 Apache segfaults in php_imap when IMP attempts to log in
Submitted: 2004-09-06 11:58 UTC Modified: 2004-09-14 01:00 UTC
Votes:9
Avg. Score:4.2 ± 0.8
Reproduced:8 of 8 (100.0%)
Same Version:4 (50.0%)
Same OS:2 (25.0%)
From: warwick at thusa dot co dot za Assigned:
Status: No Feedback Package: Reproducible crash
PHP Version: 4.3.8 OS: Slackware 10.0
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2004-09-06 11:58 UTC] warwick at thusa dot co dot za
Description:
------------
We use IMAP Authenticated Horde via IMP, therefore we need to recompile the stock Slackware PHP and include imap, ldap, gd and other support.

PHP configure string follows:
'./configure' '--prefix=/usr' '--with-apxs2=/usr/sbin/apxs' '--enable-discard-path' '--with-config-file-path=/etc/apache2' '--with-openssl' '--enable-bcmath' '--with-bz2' '--with-gettext' '--enable-pic' '--enable-calendar' '--enable-ctype' '--with-gdbm' '--with-mcrypt' '--with-imap=/usr/src/imap-2002d' '--with-mhash' '--enable-dbase' '--enable-ftp' '--with-gd' '--with-jpeg' '--with-png' '--with-gmp' '--with-mysql' '--with-pgsql' '--with-xml' '--with-mm' '--enable-trans-sid' '--enable-shmop' '--enable-sockets' '--enable-shared' '--enable-debug' '--with-zlib' '--with-dom' '--with-dom-xslt' '--with-pgsql' '--with-mcal=/usr'

Apache version is 2.0.50, configured prefork:
 -D APACHE_MPM_DIR="server/mpm/prefork"
 -D APR_HAS_SENDFILE
 -D APR_HAS_MMAP
 -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
 -D APR_USE_SYSVSEM_SERIALIZE
 -D APR_USE_PTHREAD_SERIALIZE
 -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
 -D APR_HAS_OTHER_CHILD
 -D AP_HAVE_RELIABLE_PIPED_LOGS
 -D HTTPD_ROOT="/usr"
 -D SUEXEC_BIN="/usr/bin/suexec"
 -D DEFAULT_PIDLOG="/var/run/httpd.pid"
 -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
 -D DEFAULT_LOCKFILE="/var/run/accept.lock"
 -D DEFAULT_ERRORLOG="logs/error_log"
 -D AP_TYPES_CONFIG_FILE="/etc/apache2/mime.types"
 -D SERVER_CONFIG_FILE="/etc/apache2/httpd.conf"

PEAR state (pear list):
Installed packages:
===================
Package        Version State
Archive_Tar    1.1     stable
Console_Getopt 1.2     stable
DB             1.6.2   stable
HTTP           1.2.2   stable
Log            1.8.5   stable
Mail           1.1.3   stable
Net_SMTP       1.2.3   stable
Net_Socket     1.0.1   stable
PEAR           1.3.2   stable
XML_Parser     1.0.1   stable
XML_RPC        1.1.0   stable


php.ini diff from php.ini-dist:
root@gateway:/etc/apache2# diff php.ini php.ini-dist
411c411
< include_path = ".:/usr/lib/php"
---
> ;include_path = ".:/php/includes"
428c428,429
< extension_dir = "./usr/lib/php"
---
> ; extension_dir = "./"
> extension_dir = "/usr/lib/php/extensions/"
532a534,536
> ;
> ; Load the MySQL extension by default.  Comment this out if you don't use MySQL.
> extension=mysql.so
533a538,540
> ; Load the gettext extension by default.  Comment this out if you don't have the
> ; gettext shared library installed.
> extension=gettext.so


System Information:

Linux gateway 2.4.26
Courier imapd 3.0.7
OpenLDAP 2.1.29
GCC 3.3.4 i486-slackware-linux

Reproduce code:
---------------
IMP Login (http://www.horde.org/imp) - IMP is configured to authenticate against IMAP (courier).

e.g. IMP causes this problem in imp/mailbox.php:

$overview = imap_fetch_overview($imp['stream'], implode(',', $msgs), FT_UID);

Expected result:
----------------
Expect successful login, but apache child process segfaults and the three lines like the following show in /var/log/apache/error_log:

[Mon Sep 06 11:49:43 2004] [notice] child pid 19707 exit signal Segmentation fault (11)
[Mon Sep 06 11:49:44 2004] [notice] child pid 19709 exit signal Segmentation fault (11)
[Mon Sep 06 11:49:44 2004] [notice] child pid 19708 exit signal Segmentation fault (11)

Actual result:
--------------

Program received signal SIGSEGV, Segmentation fault.
0x405d5d08 in _php_imap_address_size (addresslist=0x81f70e0)
    at /usr/src/php-4.3.8/ext/imap/php_imap.c:3654
3654                    ret += _php_rfc822_len(tmp->personal);

(gdb) bt

#0  0x405d5d08 in _php_imap_address_size (addresslist=0x81f70e0)
    at /usr/src/php-4.3.8/ext/imap/php_imap.c:3654
#1  0x405d0f77 in zif_imap_fetch_overview (ht=3, return_value=0x84609e4,
    this_ptr=0x0, return_value_used=1)
    at /usr/src/php-4.3.8/ext/imap/php_imap.c:2736
#2  0x4070a9f6 in execute (op_array=0x83b6094)
    at /usr/src/php-4.3.8/Zend/zend_execute.c:1635
#3  0x406f92b1 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at /usr/src/php-4.3.8/Zend/zend.c:891
#4  0x406c22d6 in php_execute_script (primary_file=0xbffff470)
    at /usr/src/php-4.3.8/main/main.c:1734
#5  0x40710d55 in php_handler (r=0x81ce618)
    at /usr/src/php-4.3.8/sapi/apache2handler/sapi_apache2.c:561
#6  0x08067b66 in ap_run_handler (r=0x81ce618) at config.c:151
#7  0x08068138 in ap_invoke_handler (r=0x81ce618) at config.c:358
#8  0x080650eb in ap_process_request (r=0x81ce618) at http_request.c:246
#9  0x08060c69 in ap_process_http_connection (c=0x81c45d0) at http_core.c:250
#10 0x08070b06 in ap_run_process_connection (c=0x81c45d0) at connection.c:42
#11 0x08066518 in child_main (child_num_arg=81) at prefork.c:609
#12 0x080666ce in make_child (s=0x809f518, slot=0) at prefork.c:649
#13 0x0806673f in startup_children (number_to_start=5) at prefork.c:721
#14 0x08066eb9 in ap_mpm_run (_pconf=0x809d778, plog=0x80c7820, s=0x5)
    at prefork.c:940
#15 0x0806c608 in main (argc=2, argv=0xbffff7f4) at main.c:617


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-09-06 13:54 UTC] warwick at thusa dot co dot za
I have just tested with Apache 1.3.31, and PHP 4.3.8, UW IMAP 2004a (nossl) and still no luck.  Still the following in /var/log/apache/error_log:

[Mon Sep  6 13:49:05 2004] [notice] child pid 19257 exit signal Segmentation fault (11)
[Mon Sep  6 13:49:05 2004] [notice] child pid 19252 exit signal Segmentation fault (11)
[Mon Sep  6 13:49:06 2004] [notice] child pid 19254 exit signal Segmentation fault (11)
 [2004-09-06 15:21 UTC] tony2001@php.net
Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves. 

A proper reproducing script starts with <?php and ends with ?>,
is max. 10-20 lines long and does not require any external 
resources such as databases, etc.

If possible, make the script source available online and provide
an URL to it here. Try avoid embedding huge scripts into the report.


 [2004-09-14 01:00 UTC] php-bugs at lists dot php dot net
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 
PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Sat Aug 13 09:05:44 2022 UTC