php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #31210 Apache segfault
Submitted: 2004-12-20 19:42 UTC Modified: 2004-12-21 15:34 UTC
From: thomas at fdns dot net Assigned:
Status: Closed Package: Apache related
PHP Version: 4.3.10 OS: Linux (Slackware 9.1)
Private report: No CVE-ID: None
View Developer Edit
 [2004-12-20 19:42 UTC] thomas at fdns dot net 
Description:
------------
I've just attempted to upgrade to 4.3.10 and apache is segfaulting when trying to load up the same application (custom) that runs on 4.3.9.

Setup: apache 1.3.33
       php 4.3.10
       
[configure command]
./configure --with-apache=../apache_1.3.33 --with-config-file-path=/apache --enable-ftp --with-gd --with-mysql --without-pear --enable-sockets --with-zlib-dir=/usr/include/ --with-freetype-dir=/usr/local/include/freetype2/ --with-openssl




Expected result:
----------------
Application should load as it does in 4.3.9.

Actual result:
--------------
I ran a gdb trace below:
(gdb) file /apache/bin/httpd
Reading symbols from /apache/bin/httpd...(no debugging symbols found)...done.
(gdb) run -X -DSSL
Starting program: /apache/bin/httpd -X -DSSL
(no debugging symbols found)...
Program received signal SIGSEGV, Segmentation fault.
0x080eb3bd in zend_assign_to_variable_reference ()
(gdb) backtrace
#0  0x080eb3bd in zend_assign_to_variable_reference ()
#1  0x080ece20 in execute ()
#2  0x080d8e34 in call_user_function_ex ()
#3  0x080d89c6 in call_user_function ()
#4  0x08135aef in ps_gc_files ()
#5  0x08135bed in ps_open_user ()
#6  0x081325a7 in php_session_create_id ()
#7  0x0813371d in php_session_start ()
#8  0x08134d5d in zif_session_start ()
#9  0x080ed1c1 in execute ()
#10 0x080ee27d in execute ()
#11 0x080dfd2b in zend_execute_scripts ()
#12 0x080be4f8 in php_execute_script ()
#13 0x080f063a in apache_php_module_main ()
#14 0x080b6eae in ssl_expr_yyinput ()
#15 0x080b6f18 in ssl_expr_yyinput ()
#16 0x081b1f03 in ap_invoke_handler ()
#17 0x081c745f in ap_some_auth_required ()
#18 0x081c78ba in ap_internal_redirect ()
#19 0x0809883e in ap_get_server_built ()
#20 0x081b1f03 in ap_invoke_handler ()
#21 0x081c745f in ap_some_auth_required ()
#22 0x081c74be in ap_process_request ()
#23 0x081be458 in ap_child_terminate ()
#24 0x081be626 in ap_child_terminate ()
#25 0x081be78c in ap_child_terminate ()
#26 0x081bee4c in ap_child_terminate ()
#27 0x081bf684 in main ()
#28 0x4016dd06 in __libc_start_main () from /lib/libc.so.6
(gdb)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-12-20 20:05 UTC] iliaa@php.net 
Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves. 

A proper reproducing script starts with <?php and ends with ?>,
is max. 10-20 lines long and does not require any external 
resources such as databases, etc.

If possible, make the script source available online and provide
an URL to it here. Try avoid embedding huge scripts into the report.
 [2004-12-20 20:22 UTC] thomas at fdns dot net 
The segfault seems to be happening in this included file that re-configures the session handler.. I successfully had it output working code until it includes this file, it fails at the "Session_start" function:

<?php

// DAO
require_once "DAO_Session.php";


$DAO_Session =& new DAO_Session();



session_set_save_handler( array(& $DAO_Session, "dao_open"),
                          array(& $DAO_Session, "dao_close"),
                          array(& $DAO_Session, "dao_read"),
                          array(& $DAO_Session, "dao_write"),
                          array(& $DAO_Session, "dao_destroy"),
                          array(& $DAO_Session, "dao_gc"));

// I get output here;

// Fire up 
session_start();

// segfault here:  tail /apache/logs/error_log
/*
[Mon Dec 20 14:16:39 2004] [notice] child pid 11679 exit signal Segmentation fault (11)
[Mon Dec 20 14:16:41 2004] [notice] child pid 11680 exit signal Segmentation fault (11)

*/
echo "here:"  . date("Y-m-d H:i:s"); die;

class DAO_Session {

  // functions here..  can post if requested

}
 [2004-12-20 20:39 UTC] thomas at fdns dot net 
I'm now getting very suspect of PEAR:DB_Dataobject.. I upgraded the version of it; as where the segfault is happening it's using a dataobject and I'm no longer getting a segfault, but rather a real php error message that something is buggered...
 [2004-12-20 21:03 UTC] derick@php.net 
Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves. 

A proper reproducing script starts with <?php and ends with ?>,
is max. 10-20 lines long and does not require any external 
resources such as databases, etc.

If possible, make the script source available online and provide
an URL to it here. Try avoid embedding huge scripts into the report.

What also helps is to provide a backtrace with symbols enabled (meaning PHP in --enable-debug mode).
 [2004-12-20 21:46 UTC] thomas at fdns dot net 
I'm not sure if this is a bug anymore, maybe someone else can comment..  It turns out I had to add:

define("DB_DATAOBJECT_NO_OVERLOAD", 0);

to the prepend script..  

I was under the impression that this was only required if you were using the Zend optimizer ( we are not)  .. But it seems to have fixed the issue.  I still find it odd that it works fine in 4.3.9 without that flag, and 4.3.10 needs it?

From the PEAR site i just found: 
"Pass by Reference, due to a unfixable bug in PHP4, you can not use overload with pass-by-reference arguments (It works OK in PHP5), If you need pass-by-reference, define the constant DB_DATAOBJECT_NO_OVERLOAD = 0 "

That would seem to align with the error: 

"Program received signal SIGSEGV, Segmentation fault.
0x080eb3bd in zend_assign_to_variable_reference ()"

But again why 4.3.9 works fine and 4.3.10 borks.

My problem is fixed but did a change affect something?
 [2004-12-21 15:34 UTC] iliaa@php.net 
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Sat Nov 08 06:00:01 2025 UTC