PHP :: Bug #30472 :: Segmentations Faults

Bug #30472

Segmentations Faults

Submitted:

2004-10-18 17:55 UTC

Modified:

2004-12-08 07:10 UTC

Votes:	1
Avg. Score:	3.0 ± 0.0
Reproduced:	0 of 0 (0.0%)

From:

lore at animexx dot de

Assigned:

Status:

No Feedback

Package:

Reproducible crash

PHP Version:

4.3.9

OS:

Linux Debian

Private report:

CVE-ID:

None

View Add Comment Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

Quick Fix:	(description)
	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	lore at animexx dot de
New email:
PHP Version:		OS:

New/Additional Comment:

[2004-10-18 17:55 UTC] lore at animexx dot de

Description:
------------
The Error apears not every time so there is no code to reproduce it.



error in apache error.log

/root/src/php-4.3.9/Zend/zend_execute_API.c(291) : Block 0x084B57C0 status:
/root/src/php-4.3.9/Zend/zend_variables.c(44) : Actual location (location was relayed)
Beginning:      OK (allocated on /root/src/php-4.3.9/ext/mysql/php_mysql.c:1839, 9 bytes)
      End:      Overflown (magic=0x2A8FCB84 instead of 0x2A8FCC84)
                1 byte(s) overflown
-


gdb full
:
#0  0x40113741 in kill () from /lib/libc.so.6
(gdb) bt
#0  0x40113741 in kill () from /lib/libc.so.6
#1  0x401134c5 in raise () from /lib/libc.so.6
#2  0x40114a08 in abort () from /lib/libc.so.6
#3  0x4010cb3f in __assert_fail () from /lib/libc.so.6
#4  0x4049a52a in apc_cache_free_entry (entry=0x404b1700) at /root/src/pecl/apc/apc_cache.c:632
#5  0x4049d5a8 in apc_module_shutdown () at /root/src/pecl/apc/apc_main.c:290
#6  0x404a1039 in zm_shutdown_apc (type=1, module_number=0) at /root/src/pecl/apc/php_apc.c:154
#7  0x080a87f9 in module_destructor (module=0x83aef00) at /root/src/php-4.3.9/Zend/zend_API.c:1125
#8  0x080ab548 in zend_hash_apply_deleter (ht=0x834d0e0, p=0x83aeed0) at /root/src/php-4.3.9/Zend/zend_hash.c:611
#9  0x080ab799 in zend_hash_graceful_reverse_destroy (ht=0x834d0e0) at /root/src/php-4.3.9/Zend/zend_hash.c:677
#10 0x080a4a95 in zend_shutdown () at /root/src/php-4.3.9/Zend/zend.c:556
#11 0x080778c3 in php_module_shutdown () at /root/src/php-4.3.9/main/main.c:1286
#12 0x08077895 in php_module_shutdown_wrapper (sapi_globals=0x82430c0) at /root/src/php-4.3.9/main/main.c:1263
#13 0x0806ea54 in php_child_exit_handler ()
#14 0x081a65ae in ap_child_exit_modules ()
#15 0x081ad59d in clean_child_exit ()
#16 0x081af4ac in just_die ()
#17 <signal handler called>
#18 0x401b8838 in poll () from /lib/libc.so.6
#19 0x081f424b in wait_for_data ()
#20 0x081f4210 in my_connect ()
#21 0x081f5817 in mysql_real_connect ()
#22 0x080e78c2 in php_mysql_do_connect (ht=3, return_value=0x8404f74, this_ptr=0x0, return_value_used=1, persistent=0)
    at /root/src/php-4.3.9/ext/mysql/php_mysql.c:778
#23 0x081f42b3 in net_safe_read ()
No symbol table info available.
#24 0x081f4553 in cli_advanced_command ()
No symbol table info available.
#25 0x081f644e in mysql_select_db ()
No symbol table info available.
#26 0x080e554a in php_mysql_select_db (mysql=0x842c814, db=0x84aeff4 "datenbank") at /root/src/php-4.3.9/ext/mysql/php_mysql.c:276
No locals.
#27 0x080e8c00 in php_mysql_do_query_general (query=0x8434df4, mysql_link=0x8434df8, link_id=-1, db=0x8434df0, use_store=1, return_value=0x841e95c)
    at /root/src/php-4.3.9/ext/mysql/php_mysql.c:1223
        mysql = (php_mysql_conn *) 0x842c814
        mysql_result = (MYSQL_RES *) 0x82138a0
#28 0x080e938e in zif_mysql_db_query (ht=3, return_value=0x841e95c, this_ptr=0x0, return_value_used=1) at /root/src/php-4.3.9/ext/mysql/php_mysql.c:1379
        db = (zval **) 0x8434df0
        query = (zval **) 0x8434df4
        mysql_link = (zval **) 0x8434df8
        id = -1
#29 0x080b7203 in execute (op_array=0x8450248) at /root/src/php-4.3.9/Zend/zend_execute.c:1640
        original_return_value = (zval **) 0x404cc868
        return_value_used = 1
        execute_data = {opline = 0x404cc850, function_state = {function_symbol_table = 0x0, function = 0x83a7e50, reserved = {0x6, 0xbfffbf1c, 0xbffff424,
      0xbfffbef8}}, fbc = 0x0, ce = 0x0, object = {ptr = 0x0}, Ts = 0xbfffb46c, original_in_execution = 1 '\001', op_array = 0x8450248,
  prev_execute_data = 0xbfffd280}
#30 0x080b742f in execute (op_array=0x8419614) at /root/src/php-4.3.9/Zend/zend_execute.c:1684
        calling_symbol_table = (HashTable *) 0x834ce0c
        original_return_value = (zval **) 0xbfffd304
        return_value_used = 1
        execute_data = {opline = 0x409c2a00, function_state = {function_symbol_table = 0x8427d7c, function = 0x8450248, reserved = {0x809ce93, 0x84195cc,
      0xbffff560, 0x0}}, fbc = 0x8450248, ce = 0x0, object = {ptr = 0x0}, Ts = 0xbfffbf1c, original_in_execution = 0 '\0', op_array = 0x8419614,
  prev_execute_data = 0x0}
#31 0x080a569d in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /root/src/php-4.3.9/Zend/zend.c:891
        files = 0xbfffd334 ""
        i = 1
        file_handle = (zend_file_handle *) 0xbffff560
        orig_op_array = (zend_op_array *) 0x84a3b24
        local_retval = (zval *) 0x0
#32 0x08078ac8 in php_execute_script (primary_file=0xbffff560) at /root/src/php-4.3.9/main/main.c:1735
        orig_bailout = {{__jmpbuf = {1075942768, 1073833120, -1073743148, -1073744024, -1073744464, 134668742}, __mask_was_saved = 0, __saved_mask = {
      __val = {0 <repeats 32 times>}}}}
        orig_bailout_set = 1 '\001'
        prepend_file_p = (zend_file_handle *) 0x0
        append_file_p = (zend_file_handle *) 0x0
        prepend_file = {type = 0 '\0', filename = 0x0, opened_path = 0x0, handle = {fd = 0, fp = 0x0}, free_filename = 0 '\0'}
        append_file = {type = 0 '\0', filename = 0x0, opened_path = 0x0, handle = {fd = 0, fp = 0x0}, free_filename = 0 '\0'}
        old_cwd = 0xbfffd33c "/"
        old_primary_file_path = 0x0
        retval = 0
#33 0x080bc55b in apache_php_module_main (r=0x83be0c4, display_source_mode=0) at /root/src/php-4.3.9/sapi/apache/sapi_apache.c:54
        retval = 0
        file_handle = {type = 0 '\0', filename = 0x83bf05c "/html/fanlisten.phtml",
  opened_path = 0x841956c "/html/fanlisten.phtml", handle = {fd = 0, fp = 0x0}, free_filename = 0 '\0'}
#34 0x0806e41a in send_php ()
No symbol table info available.
#35 0x0806e490 in send_parsed_php ()
No symbol table info available.
#36 0x081a401e in ap_invoke_handler ()
No symbol table info available.
#37 0x081ba4bb in process_request_internal ()
No symbol table info available.
#38 0x081ba518 in ap_process_request ()
No symbol table info available.
#39 0x081b0e23 in child_main ()
No symbol table info available.
#40 0x081b10b4 in make_child ()
No symbol table info available.
#41 0x081b1422 in perform_idle_server_maintenance ()
No symbol table info available.
#42 0x081b1ac3 in standalone_main ()
No symbol table info available.
#43 0x081b2120 in main ()
No symbol table info available.


Second Dump:
#0  0x40113741 in kill () from /lib/libc.so.6
(gdb) bt
#0  0x40113741 in kill () from /lib/libc.so.6
#1  0x401134c5 in raise () from /lib/libc.so.6
#2  0x40114a08 in abort () from /lib/libc.so.6
#3  0x4010cb3f in __assert_fail () from /lib/libc.so.6
#4  0x4049a52a in apc_cache_free_entry (entry=0x404b1700) at /root/src/pecl/apc/apc_cache.c:632
#5  0x4049d5a8 in apc_module_shutdown () at /root/src/pecl/apc/apc_main.c:290
#6  0x404a1039 in zm_shutdown_apc (type=1, module_number=0) at /root/src/pecl/apc/php_apc.c:154
#7  0x080a87f9 in module_destructor (module=0x83aef00) at /root/src/php-4.3.9/Zend/zend_API.c:1125
#8  0x080ab548 in zend_hash_apply_deleter (ht=0x834d0e0, p=0x83aeed0) at /root/src/php-4.3.9/Zend/zend_hash.c:611
#9  0x080ab799 in zend_hash_graceful_reverse_destroy (ht=0x834d0e0) at /root/src/php-4.3.9/Zend/zend_hash.c:677
#10 0x080a4a95 in zend_shutdown () at /root/src/php-4.3.9/Zend/zend.c:556
#11 0x080778c3 in php_module_shutdown () at /root/src/php-4.3.9/main/main.c:1286
#12 0x08077895 in php_module_shutdown_wrapper (sapi_globals=0x82430c0) at /root/src/php-4.3.9/main/main.c:1263
#13 0x0806ea54 in php_child_exit_handler ()
#14 0x081a65ae in ap_child_exit_modules ()
#15 0x081ad59d in clean_child_exit ()
#16 0x081af4ac in just_die ()
#17 <signal handler called>
#18 0x401b8838 in poll () from /lib/libc.so.6
#19 0x081f424b in wait_for_data ()
#20 0x081f4210 in my_connect ()
#21 0x081f5817 in mysql_real_connect ()
#22 0x080e78c2 in php_mysql_do_connect (ht=3, return_value=0x8404f74, this_ptr=0x0, return_value_used=1, persistent=0)
    at /root/src/php-4.3.9/ext/mysql/php_mysql.c:778
#23 0x080e7bd5 in zif_mysql_connect (ht=3, return_value=0x8404f74, this_ptr=0x0, return_value_used=1) at /root/src/php-4.3.9/ext/mysql/php_mysql.c:829
#0  0x40113741 in kill () from /lib/libc.so.6
No symbol table info available.
#1  0x401134c5 in raise () from /lib/libc.so.6
No symbol table info available.
#2  0x40114a08 in abort () from /lib/libc.so.6
No symbol table info available.
#3  0x4010cb3f in __assert_fail () from /lib/libc.so.6
No symbol table info available.
#4  0x4049a52a in apc_cache_free_entry (entry=0x405005f0) at /root/src/pecl/apc/apc_cache.c:632
No locals.
#5  0x4049d5a8 in apc_module_shutdown () at /root/src/pecl/apc/apc_main.c:290
        cache_entry = (apc_cache_entry_t *) 0x405005f0
#6  0x404a1039 in zm_shutdown_apc (type=1, module_number=0) at /root/src/pecl/apc/php_apc.c:154
No locals.
#7  0x080a87f9 in module_destructor (module=0x83aef00) at /root/src/php-4.3.9/Zend/zend_API.c:1125
No locals.
#8  0x080ab548 in zend_hash_apply_deleter (ht=0x834d0e0, p=0x83aeed0) at /root/src/php-4.3.9/Zend/zend_hash.c:611
        retval = (Bucket *) 0x820f740
#9  0x080ab799 in zend_hash_graceful_reverse_destroy (ht=0x834d0e0) at /root/src/php-4.3.9/Zend/zend_hash.c:677
        p = (Bucket *) 0x83aeed0
#10 0x080a4a95 in zend_shutdown () at /root/src/php-4.3.9/Zend/zend.c:556
No locals.
#11 0x080778c3 in php_module_shutdown () at /root/src/php-4.3.9/main/main.c:1286
        module_number = 0
#12 0x08077895 in php_module_shutdown_wrapper (sapi_globals=0x82430c0) at /root/src/php-4.3.9/main/main.c:1263
No locals.
#13 0x0806ea54 in php_child_exit_handler ()
No symbol table info available.
#14 0x081a65ae in ap_child_exit_modules ()
No symbol table info available.
#15 0x081ad59d in clean_child_exit ()
No symbol table info available.
#16 0x081af4ac in just_die ()
No symbol table info available.
#17 <signal handler called>
No symbol table info available.
#18 0x401ba6fe in readv () from /lib/libc.so.6
No symbol table info available.
#19 0x081a29fa in writev_it_all ()
No symbol table info available.
#20 0x081a2d96 in large_write ()
No symbol table info available.
#21 0x081a2e61 in ap_bwrite ()
No symbol table info available.
#22 0x081b733c in ap_rwrite ()
No symbol table info available.
#23 0x0806d78f in sapi_apache_ub_write ()
No symbol table info available.
#24 0x0808a1bd in php_ub_body_write_no_header (
    str=0x84505f4 "[<a href=\"/fanarts/wettbewerbe.phtml?sort=&sort2=&lwseite=0&fwseite=120\">121...</a><a href=\"/fanarts/wettbewerbe.phtml?sort=&sort2=&lwseite=0&fwseite=129\">130</a>] [<a href=\"/fanarts/wettbewerbe.phtml"..., str_length=4097) at /root/src/php-4.3.9/main/output.c:689
        result = 138840544
#25 0x0808957c in php_end_ob_buffer (send_buffer=1 '\001', just_flush=1 '\001') at /root/src/php-4.3.9/main/output.c:299
        final_buffer = 0x84505f4 "[<a href=\"/fanarts/wettbewerbe.phtml?sort=&sort2=&lwseite=0&fwseite=120\">121...</a><a href=\"/fanarts/wettbewerbe.phtml?sort=&sort2=&lwseite=0&fwseite=129\">130</a>] [<a href=\"/fanarts/wettbewerbe.phtml"...
        final_buffer_length = 4097
        alternate_buffer = (zval *) 0x0
        to_be_destroyed_buffer = 0x84505f4 "[<a href=\"/fanarts/wettbewerbe.phtml?sort=&sort2=&lwseite=0&fwseite=120\">121...</a><a href=\"/fanarts/wettbewerbe.phtml?sort=&sort2=&lwseite=0&fwseite=129\">130</a>] [<a href=\"/fanarts/wettbewerbe.phtml"...
- 
        to_be_destroyed_handler_name = 0x83ff104 "default output handler"
        to_be_destroyed_handled_output = {0x0, 0x0}
        status = 2
        prev_ob_buffer_p = (php_ob_buffer *) 0x0
        orig_ob_buffer = {buffer = 0x88 <Address 0x88 out of bounds>, size = 138840544, text_length = 3221179512, block_size = 134702657,
  chunk_size = 138840580, status = 136312256, output_handler = 0x2d7, internal_output_handler = 0, internal_output_handler_buffer = 0x0,
  internal_output_handler_buffer_size = 0, handler_name = 0x1 <Address 0x1 out of bounds>, erase = 164 '?'}
#26 0x0808aead in php_ob_append (text=0x41069c50 "\">\n  <td align=\"center\">", text_length=24) at /root/src/php-4.3.9/main/output.c:616
        output_handler = (zval *) 0x0
        target = 0x84515dd "\">\n  <td align=\"center\">"
        original_ob_text_length = 4073
#27 0x0808a18c in php_b_body_write (str=0x41069c50 "\">\n  <td align=\"center\">", str_length=24) at /root/src/php-4.3.9/main/output.c:675
No locals.
#28 0x08088e1d in php_body_write (str=0x41069c50 "\">\n  <td align=\"center\">", str_length=24) at /root/src/php-4.3.9/main/output.c:121
No locals.
#29 0x0807721d in php_body_write_wrapper (str=0x41069c50 "\">\n  <td align=\"center\">", str_length=24) at /root/src/php-4.3.9/main/main.c:1022
No locals.
#30 0x080a4443 in zend_print_zval_ex (write_func=0x8077205 <php_body_write_wrapper>, expr=0x4105babc, indent=0) at /root/src/php-4.3.9/Zend/zend.c:211
        expr_copy = {value = {lval = 0, dval = 1.9097962118687451e-312, str = {val = 0x0, len = 90}, ht = 0x0, obj = {ce = 0x0, properties = 0x5a}},
  type = 56 '8', is_ref = 77 'M', refcount = 49151}
        use_copy = 0
#31 0x080a43cc in zend_print_zval (expr=0x4105babc, indent=0) at /root/src/php-4.3.9/Zend/zend.c:192
No locals.
#32 0x080a3ed6 in zend_print_variable (var=0x4105babc) at /root/src/php-4.3.9/Zend/zend_variables.c:151
No locals.
#33 0x080b5194 in execute (op_array=0x83d89a4) at /root/src/php-4.3.9/Zend/zend_execute.c:1263
        execute_data = {opline = 0x4105baa4, function_state = {function_symbol_table = 0x84570f4, function = 0x83d89a4, reserved = {0x809ce93, 0x83d887c,
      0xbffff560, 0x0}}, fbc = 0x0, ce = 0x0, object = {ptr = 0x0}, Ts = 0xbfff4d5c, original_in_execution = 0 '\0', op_array = 0x83d89a4,
  prev_execute_data = 0x0}
#34 0x080a569d in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /root/src/php-4.3.9/Zend/zend.c:891
        files = 0xbfffd334 ""
        i = 1
        file_handle = (zend_file_handle *) 0xbffff560
        orig_op_array = (zend_op_array *) 0x83fa41c
        local_retval = (zval *) 0x0
#35 0x08078ac8 in php_execute_script (primary_file=0xbffff560) at /root/src/php-4.3.9/main/main.c:1735
        orig_bailout = {{__jmpbuf = {1075942768, 1073833120, -1073743148, -1073744024, -1073744464, 134668742}, __mask_was_saved = 0, __saved_mask = {
      __val = {0 <repeats 32 times>}}}}
        orig_bailout_set = 1 '\001'
        prepend_file_p = (zend_file_handle *) 0x0
        append_file_p = (zend_file_handle *) 0x0
        prepend_file = {type = 0 '\0', filename = 0x0, opened_path = 0x0, handle = {fd = 0, fp = 0x0}, free_filename = 0 '\0'}
        append_file = {type = 0 '\0', filename = 0x0, opened_path = 0x0, handle = {fd = 0, fp = 0x0}, free_filename = 0 '\0'}
        old_cwd = 0xbfffd33c "/"
        old_primary_file_path = 0x0
        retval = 0
#36 0x080bc55b in apache_php_module_main (r=0x83be0c4, display_source_mode=0) at /root/src/php-4.3.9/sapi/apache/sapi_apache.c:54
        retval = 0
        file_handle = {type = 0 '\0', filename = 0x83bf044 "/html/wettbewerbe.phtml",
  opened_path = 0x83d881c "/html/wettbewerbe.phtml", handle = {fd = 0, fp = 0x0}, free_filename = 0 '\0'}
#37 0x0806e41a in send_php ()
No symbol table info available.
#38 0x0806e490 in send_parsed_php ()
No symbol table info available.
#39 0x081a401e in ap_invoke_handler ()
No symbol table info available.
#40 0x081ba4bb in process_request_internal ()
No symbol table info available.
#41 0x081ba518 in ap_process_request ()
-
No symbol table info available.
#42 0x081b0e23 in child_main ()
No symbol table info available.
#43 0x081b10b4 in make_child ()
No symbol table info available.
#44 0x081b1422 in perform_idle_server_maintenance ()
No symbol table info available.
#45 0x081b1ac3 in standalone_main ()
No symbol table info available.
#46 0x081b2120 in main ()

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2004-10-18 23:54 UTC] iliaa@php.net

Can you replice the crash without APC?

[2004-10-19 18:12 UTC] lore at animexx dot de

I have also Core Dumps without apc, but get no core file.
Whith Core and without apc , the server has a load of 150 in about 3-4 min, so i cant let it run for long. 

Ill try it again in the night, hope ill get the cores

[2004-11-27 15:55 UTC] tony2001@php.net

So, are you still able to reproduce it?
And do you have a short reproduce script?

[2004-12-08 07:10 UTC] sniper@php.net

No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Open". Thank you.

..and please read the "how to report" again. There is absolutely NO need for such huge backtraces!!!

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sun May 19 16:01:31 2024 UTC