PHP :: Bug #30397 :: Segmentation fault in php

Bug #30397	Segmentation fault in php_printf
Submitted:	2004-10-11 16:49 UTC	Modified:	2004-10-18 12:36 UTC
From:	kameshj at fastmail dot fm	Assigned:
Status:	Closed	Package:	Scripting Engine problem
PHP Version:	Irrelevant	OS:	Any Operating System
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

[2004-10-11 16:49 UTC] kameshj at fastmail dot fm

Description:
------------
Startup errors causes the segmentation fault if display_startup_errors is enabled.

Reproduce code:
---------------
display_startup_errors=On
extension=kamesh.so(Any nonexistent module)
start apache
Segmentation fault will happen inside php_printf.

Expected result:
----------------
It should log in a error log that non existent module. But should not seg fault.

Actual result:
--------------
I could see php_output_activate(TSRMLS_C) getting called from php_module_startup immedeately after php_output_startup.

Why is this needed? As each SAPI modules call
php_output_activate(TSRMLS_C) explicitly as a part of request startup.

Why am I concerned about this?

Ans: php_output_activate(TSRMLS_C) sets
OG(php_body_write) = php_ub_body_write;
which causes calls to php_printf to use php_ub_body_write which depends
on SG(request_info) which is null while php_printf is invoked as part of
apache startup error(Like Invalid extension/ Non existent extension)
logging.

This causes segmentation fault.

This change seems to have been introduced in version 1.371 of
main/main.c by Zeev(3 years and 3 months ago).
The comment says,
Fix a major thread safety bug in the output mechanism
@- Fixed a major memory corruption bug in the thread safe version (Zeev) 


Can I remove a call to php_output_activate(TSRMLS_C) from
php_module_startup?

PS:What is the use of display_startup_errors? What does display mean
with respect to startup as it might not have any associated request
context?

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2004-10-16 12:35 UTC] kameshj at fastmail dot fm

Fixed from hyanantha's account.

[2004-10-16 12:37 UTC] kameshj at fastmail dot fm

Commited both in 5_0 branch and 5_1 HEAD

[2004-10-16 12:40 UTC] tony2001@php.net

kameshj at fastmail dot fm:
If the bug has been fixed, than the bug report should be closed probably?

[2004-10-17 17:03 UTC] derick@php.net

As far as I know nobody replied to your question about this change, so please revert it.

[2004-10-18 07:39 UTC] kameshj at fastmail dot fm

I have drilled this down and found this to be a root cause and did this change and found to be working for the past one week so in my local setup so went ahead and checked in this change.
Why should I revert?
How long I can wait for someone to respond to my question?
If you have any problem with this patch technically please let me know I will revert it.

[2004-10-18 07:42 UTC] kameshj at fastmail dot fm

Closing the defect.

[2004-10-18 07:58 UTC] derick@php.net

Because this is tricky code. Discuss those things on the mailinglist before removing code from main! I reverted it now for you.

[2004-10-18 12:36 UTC] kameshj at fastmail dot fm

Fixed from hyanantha's account after the approval from Zeev.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sat Apr 27 00:01:30 2024 UTC