php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #35029 segmentation faults with multiple include virtual requests
Submitted: 2005-10-30 23:40 UTC Modified: 2005-12-21 01:46 UTC
Votes:14
Avg. Score:4.8 ± 0.6
Reproduced:12 of 12 (100.0%)
Same Version:7 (58.3%)
Same OS:6 (50.0%)
From: markus-php at anthill dot de Assigned:
Status: Closed Package: Apache2 related
PHP Version: 4.4.0 OS: linux / solaris
Private report: No CVE-ID:
 [2005-10-30 23:40 UTC] markus-php at anthill dot de
Description:
------------
I installed Apache 2.0.55 with PHP 4.4.0. I got lots of entries like the following in the error log:

[Mon Oct 17 18:19:04 2005] [notice] child pid 9385 exit signal Segmentation fault (11)

They occure on pages with HTML code like

...
<body>
<!--#include virtual="/php/body_header.php" -->
...
<!--#include virtual="/php/body_footer.php" -->
</body>

With only one of the includes (either one) all works well. Back with Apache 2.0.54 and PHP 4.4.0 I haven't got this problem.

I stripped down the PHP scripts to just print a small text using echo(), but the problem remained.

Reproduce code:
---------------
see above

Actual result:
--------------
(gdb) bt
#0  0x402eb3ea in _zval_ptr_dtor (zval_ptr=0x4035fb08)
    at /tmp/test/php-4.4.0/Zend/zend_execute_API.c:287
#1  0x40300843 in execute (op_array=0x8179474) at zend_execute_locks.h:26
#2  0x402f1f23 in zend_execute_scripts (type=2, retval=0x0, file_count=1)
    at /tmp/test/php-4.4.0/Zend/zend.c:938
#3  0x403021ba in php_handler (r=0x81774b0)
    at /tmp/test/php-4.4.0/sapi/apache2handler/sapi_apache2.c:557
#4  0x08067622 in ap_run_handler (r=0x81774b0) at config.c:153
#5  0x08067b3a in ap_invoke_handler (r=0x81774b0) at config.c:364
#6  0x0807c4d1 in ap_run_sub_req (r=0x81774b0) at request.c:1855
#7  0x4003547d in handle_include (ctx=0x8165918, bb=0xbfffd994, r=0x8169478, 
    f=0x816aa98, head_ptr=0x8167908, inserted_head=0xbfffd960)
    at mod_include.c:782
#8  0x40038ca0 in send_parsed_content (f=0x816aa98, bb=0x816abe0)
    at mod_include.c:3309
#9  0x08071b9e in ap_pass_brigade (next=0x0, bb=0xfffffffe)
    at util_filter.c:512
#10 0x08078666 in default_handler (r=0x8169478) at core.c:3640
#11 0x08067622 in ap_run_handler (r=0x8169478) at config.c:153
#12 0x08067b3a in ap_invoke_handler (r=0x8169478) at config.c:364
#13 0x08064ee3 in ap_process_request (r=0x8169478) at http_request.c:249
#14 0x08060dc1 in ap_process_http_connection (c=0x8165540) at http_core.c:251
#15 0x0806f9c2 in ap_run_process_connection (c=0x8165540) at connection.c:43
#16 0x0806619b in child_main (child_num_arg=3) at prefork.c:610
#17 0x080662b8 in make_child (s=0x809bff0, slot=0) at prefork.c:704
#18 0x0806639f in startup_children (number_to_start=5) at prefork.c:722
#19 0x08066aad in ap_mpm_run (_pconf=0x0, plog=0x80c62c0, s=0x809bff0)
    at prefork.c:941
#20 0x0806bb36 in main (argc=3, argv=0xbfffdc44) at main.c:618
#21 0x42015704 in __libc_start_main () from /lib/tls/libc.so.6


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-10-31 15:47 UTC] markus-php at anthill dot de
I tried the STABLE-200510311345 snapshot under linux and it works so far. Thanks.

Could someone please point me to the changes which fixed the problem?
 [2005-11-07 16:50 UTC] markus-php at anthill dot de
In tests with PHP 4.4.1 under solaris I don't get the segmentation faults any more, but the SSI seems to be simply ignored now.
 [2005-11-07 23:43 UTC] markus-php at anthill dot de
with PHP 4.4.0 I had a segmentation fault (see above). According to the backtrace the problems seems to be in the PHP code. When switching from PHP 4.4.0 to 4.4.1 the segmentation fault seems to have gone, but the result isn't ok yet. As I am not that familiar with gdb I can't really tell if it is a problem with Apache or PHP or something else.
I'll make some tests during the next days and try to dig further into this.
 [2005-11-15 01:00 UTC] php-bugs at lists dot php dot net
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 [2005-11-30 11:28 UTC] minnoce at polito dot it
I have the same problem under this platform:
- Red Hat Enterprise Linux 4 (i386) fully updated
- Apache 2.0.55 compiled from sources
- PHP 4.3.11 / 4.4.1 / LATEST 4.4 from CVS compiled from sources

The bug is NOT present under Apache 2.0.54.
 [2005-11-30 12:36 UTC] tony2001@php.net
Please try using this CVS snapshot:

  http://snaps.php.net/php5.1-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5.1-win32-latest.zip


 [2005-11-30 13:55 UTC] minnoce at polito dot it
Same problem also with PHP 5.1 LATEST from CVS.
 [2005-11-30 14:07 UTC] tony2001@php.net
Provide a short reproduce case and the GDB backtrace if you still able to replicate it.
 [2005-11-30 17:47 UTC] minnoce at polito dot it
Apache compile configuration:
./configure \
--prefix="/services/apache_so-2.0.54" \
--enable-modules='rewrite so speling ssl' \
--disable-userdir

PHP compile configuration:
./configure \
"--prefix=/services/php-4.4-CVS" \
"--with-apxs2=/services/apache/bin/apxs" \
"--with-openssl" \
"--with-config-file-path=/services/httpd/conf" \
"--with-mysql=/usr" \
"--with-zlib" \
"--with-gd" \
"--with-jpeg-dir" \
"--with-png-dir" \
"--with-ldap" \
"--with-freetype-dir" \
"--with-mcrypt=/services/libmcrypt" \
"--with-curl" \
"--with-freetds=/services/freetds" \
"--enable-mbstring"

Example pages:
- test.html
<html>
<body>
<!--#include virtual="test.php" -->
<!--#include virtual="test.php" -->
</body>
</html>

- test.php
<? echo 'TEST'; ?>

With only one "include virtual" all works fine.
With the two include virtual the Apache child process associated exit
with segmentation fault after the output of the first include.

At this moment I don't be able to provide GDB backtrace...
 [2005-11-30 19:19 UTC] news at cb-world dot de
same problem found in suse 9.3 mod_php4 4.3.10
and gentoo mod_php-4.4.0-r9 but seems to be fixed
in latest php4 and php5-cvs (tried 10 minutes ago)
 [2005-11-30 19:27 UTC] iliaa@php.net
Thank you for your bug report. This issue has already been fixed
in the latest released version of PHP, which you can download at 
http://www.php.net/downloads.php


 [2005-12-21 01:46 UTC] markus-php at anthill dot de
finally i am now able to get both simple SSI to run after disabling output_buffering. it works now under linux and solaris if the called script were simple. if they both include the same third script i get

PHP Fatal error:  Cannot redeclare foo() (previously declared in /path/to/third/script) in /path/to/third/script

there still is some problem in the work between apache and php
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Wed Apr 16 10:02:09 2014 UTC