PHP :: Bug #34186 :: Segment Fault in PHP

Bug #34186	Segment Fault in PHP
Submitted:	2005-08-18 16:45 UTC	Modified:	2005-09-07 23:21 UTC
From:	ljanda at checkstop dot com	Assigned:
Status:	Not a bug	Package:	Program Execution
PHP Version:	4.4.0	OS:	SCO 5.0.5
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

Quick Fix:	(description)
	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	ljanda at checkstop dot com
New email:
PHP Version:		OS:

New/Additional Comment:

[2005-08-18 16:45 UTC] ljanda at checkstop dot com

Description:
------------
PHP module is causing segment violation in apache. The error log is show below.


[Thu Aug 18 09:32:20 2005] [notice] Apache/1.3.33 (Unix) PHP/4.4.1-dev configured -- resuming normal operations
[Thu Aug 18 09:32:20 2005] [notice] Accept mutex: fcntl (Default: fcntl)
[Thu Aug 18 09:34:30 2005] [notice] child pid 26519 exit signal Segmentation fault (11)

All regular html works fine, only two or three php pages do this.
Compile and linked with gcc 2.95

Reproduce code:
---------------
http://www.czechs.org/index.phps
http://www.czechs.org/db.phps

Expected result:
----------------
Display the www page like it does under Apache 1.3.19 and php 4.0.4.

Actual result:
--------------
Seqment violation, and the page is only halfway sent.
Connection closed when the child terminates.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2005-08-18 16:53 UTC] tony2001@php.net

Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read
http://bugs.php.net/bugs-generating-backtrace.php

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.

[2005-08-18 19:55 UTC] ljanda at checkstop dot com

(dbx) run -X

Segmentation violation in (noname) at 0x806936d
0x0806936d ((noname)+0x806936d)mov       DWord Ptr [edx],eax
(dbx) bt
Syntax error

this is dbx, was able to get the segment violation. Dbx has a trace, but nowhere says how to get at the information.

[2005-08-18 20:48 UTC] ljanda at checkstop dot com

Probably this may be the area which is causing this.

/u/leroy/php4-STABLE-200508081638/ext/standard/exec.c: In function `proc_open_rsrc_dtor':
/u/leroy/php4-STABLE-200508081638/ext/standard/exec.c:611: warning: cast from pointer to integer of different size
/u/leroy/php4-STABLE-200508081638/ext/standard/exec.c: In function `zif_proc_open':
/u/leroy/php4-STABLE-200508081638/ext/standard/exec.c:1030: warning: cast to pointer from integer of different size

[2005-08-18 20:58 UTC] tony2001@php.net

Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves. 

A proper reproducing script starts with <?php and ends with ?>,
is max. 10-20 lines long and does not require any external 
resources such as databases, etc.

If possible, make the script source available online and provide
an URL to it here. Try to avoid embedding huge scripts into the report.

[2005-09-01 20:58 UTC] ljanda at checkstop dot com

Any ideas where I can put statements to log, and try to narrow down where the problem is occuring.

I think it is in exec.c.

[2005-09-01 22:37 UTC] ljanda at checkstop dot com

Ok, got gdb for SCO and compile it.
Compile PHP --enable-debug, and now it is working.

Something in the optimizer.

[2005-09-01 22:40 UTC] ljanda at checkstop dot com

This uses full optimization, correct. I can play with the different levels.

[2005-09-01 23:02 UTC] sniper@php.net

Are you or are you not going to provide a short reproducing script? If you're not, let this report rot.

[2005-09-01 23:03 UTC] sniper@php.net

And what do you mean with optimizer? Are you using your own flags during compile? Something like -O3 ?

[2005-09-02 16:40 UTC] ljanda at checkstop dot com

# gdb httpd
GNU gdb 5.2
Copyright 2002 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-pc-sco3.2v5.0.5"...
(gdb) run -X
Starting program: /usr/local/apache133/bin/httpd -X

Program received signal SIGSEGV, Segmentation fault.
0x0806932d in _efree (ptr=warning: Cannot convert floating-point register value to non-floating-point type.
0x0)
    at /u/leroy/php4-STABLE-200508081638/Zend/zend_alloc.c:259
259             REMOVE_POINTER_FROM_LIST(p);
(gdb) bt
#0  0x0806932d in _efree (ptr=warning: Cannot convert floating-point register value to non-floating-point type.
0x0)
    at /u/leroy/php4-STABLE-200508081638/Zend/zend_alloc.c:259
(gdb)

[2005-09-02 17:56 UTC] sniper@php.net

Can you please ask the questions instead and not add these  totally useless backtraces here?

[2005-09-02 19:23 UTC] ljanda at checkstop dot com

Why is the backtrace useless, as that is what the documention says to provide. Bottom line is that the php  program has a segment violation, so lets get a fix so everyone can benefit. 

I have provided the script that is causing this, as a short script does not cause it to fail. 

I can re-create the situation easily, just give me some idea where to set the break points.

[2005-09-02 22:15 UTC] sniper@php.net

a) Are you using Zend optimizer or any other zend extension?
b) How did you compile PHP? Did you use some extra CFLAGS?
c) Provide a _SHORT_ reproducing script!

[2005-09-07 18:02 UTC] ljanda at checkstop dot com

a) Are you using Zend optimizer or any other zend extension?
b) How did you compile PHP? Did you use some extra CFLAGS?
c) Provide a _SHORT_ reproducing script!

a- n./configure --with-informix \
    --without-mysql \
    --with-apache=../apache_1.3.33 \
    --enable-shared \
    --disable-zend-memory-manager \
    --prefix=/usr/local/php \
    --with-config-file-path=/etc \
    --enable-track-vars

default make options.
I disabled zend-memory-manage and everything is working find now.

[2005-09-07 23:21 UTC] sniper@php.net

Yeah, let's leave this there..

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Apr 18 14:01:31 2024 UTC