php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #3508 apache crashes with php
Submitted: 2000-02-16 22:31 UTC Modified: 2000-07-30 09:55 UTC
From: k at les dot cz Assigned:
Status: Closed Package: Reproducible Crash
PHP Version: 4.0 Beta 3 OS: RedHat 6.1, Linux 2.2.12-20
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: k at les dot cz
New email:
PHP Version: OS:

 

 [2000-02-16 22:31 UTC] k at les dot cz 
apache 1.3.9 or 1.3.11
glibc 2.1.12-11 (from rpm)

Apache compiled with PHP4 crashes with segmentation fault.

These crashes usually don't happen too often in common use,
but if I compiled Apache with ElectricFence, it crashes 
on every request (even on request for a simle HTML page
with clean Apache configuration - without any PHP configuration directives, even without php related AddType
directives).

If I compile Apache with efence and without PHP, it
doesn't crash.

Configuration:
PHP: ./configure --with-apache=../apache_1.3.11
Apache: ./configure \
"--with-layout=Apache" \
"--prefix=/home/koles/local/apache" \
"--activate-module=src/modules/php4/libphp4.a" 

bin/httpd -X crashes with first request

gdb bin/httpd core says:

(no debugging symbols found)...
Core was generated by `bin/httpd -X'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /lib/libdl.so.2...done.
Reading symbols from /usr/lib/libgd.so.1...done.
Reading symbols from /lib/libm.so.6...done.
Reading symbols from /lib/libresolv.so.2...done.
Reading symbols from /lib/libnsl.so.1...done.
Reading symbols from /lib/libcrypt.so.1...done.
Reading symbols from /usr/lib/libgdbm.so.2...done.
Reading symbols from /lib/libpam.so.0...done.
Reading symbols from /lib/libc.so.6...done.
Reading symbols from /lib/ld-linux.so.2...done.
Reading symbols from /lib/libnss_files.so.2...done.
Reading symbols from /usr/lib/gconv/ISO8859-1.so...done.
#0  gconv (step=0x41752fc8, data=0xbfffd9b8, inbuf=0xbfffd9ac, 
    inbufend=0x401afd24 "", written=0xbfffd9b0, do_flush=0)
    at ../iconv/skeleton.c:204
204	../iconv/skeleton.c: No such file or directory.
(gdb) bt
#0  gconv (step=0x41752fc8, data=0xbfffd9b8, inbuf=0xbfffd9ac, 
    inbufend=0x401afd24 "", written=0xbfffd9b0, do_flush=0)
    at ../iconv/skeleton.c:204
#1  0x4013193b in __mbrtowc (pwc=0xbfffdaa0, s=0x401afd23 ".", n=1, 
    ps=0xbfffdaa4) at mbrtowc.c:67
#2  0x4011c0f6 in _IO_vfscanf (s=0xbfffdb10, format=0x813ba6d "HTTP/%u.%u", 
    argptr=0xbfffdbd8, errp=0x0) at vfscanf.c:254
#3  0x4012196e in _IO_vsscanf (string=0x40a4f748 "HTTP/1.0", 
    format=0x813ba6d "HTTP/%u.%u", args=0xbfffdbd8) at iovsscanf.c:44
#4  0x4011f73f in sscanf (s=0x40a4f748 "HTTP/1.0", 
    format=0x813ba6d "HTTP/%u.%u") at sscanf.c:38
#5  0x80e0dab in strcpy () at ../sysdeps/generic/strcpy.c:30
#6  0x80e11e5 in strcpy () at ../sysdeps/generic/strcpy.c:30
#7  0x80de3c2 in strcpy () at ../sysdeps/generic/strcpy.c:30
#8  0x80de58c in strcpy () at ../sysdeps/generic/strcpy.c:30
#9  0x80de6e9 in strcpy () at ../sysdeps/generic/strcpy.c:30
#10 0x80ded16 in strcpy () at ../sysdeps/generic/strcpy.c:30
#11 0x80df4a3 in strcpy () at ../sysdeps/generic/strcpy.c:30
#12 0x400e71eb in __libc_start_main (main=0x80df15c <strcpy+602940>, argc=2, 
    argv=0xbffffd44, init=0x804afa0 <_init>, fini=0x8113d1c <_fini>, 
    rtld_fini=0x4000a610 <_dl_fini>, stack_end=0xbffffd3c)
    at ../sysdeps/generic/libc-start.c:90

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2000-02-17 20:58 UTC] andi at cvs dot php dot net 
Please try to a CVS snapshot from http://va.php.net/~sas/snapshots and let us know if this solves your problem
 [2000-02-17 22:49 UTC] k at les dot cz 
no, it doesn't :(

i'm not a c programmer, so i may be totally wrong, but 
i'm just curious about this bug because it happens only
with php but i gdb says nothing about php...

btw i see i posted gdb backtracking from httpd compiled with
efence, but striped :) - here is the gdb output from unstripped
binary (i dont know if it helps)...

#0  gconv (step=0x4182ffc8, data=0xbfffd57c, inbuf=0xbfffd570, 
    inbufend=0x401ab4c4 "", written=0xbfffd574, do_flush=0)
    at ../iconv/skeleton.c:204
#1  0x401307eb in __mbrtowc (pwc=0xbfffd660, s=0x401ab4c3 ".", n=1, 
    ps=0xbfffd664) at mbrtowc.c:67
#2  0x4011b8a6 in _IO_vfscanf (s=0xbfffd6d0, format=0x81405cd "HTTP/%u.%u", 
    argptr=0xbfffd798, errp=0x0) at vfscanf.c:254
#3  0x4012113e in _IO_vsscanf (string=0x40ca0748 "HTTP/1.0", 
    format=0x81405cd "HTTP/%u.%u", args=0xbfffd798) at iovsscanf.c:44
#4  0x4011ef1f in sscanf (s=0x40ca0748 "HTTP/1.0", 
    format=0x81405cd "HTTP/%u.%u") at sscanf.c:38
#5  0x80e998b in read_request_line (r=0x40ca0028) at http_protocol.c:888
#6  0x80e9dc5 in ap_read_request (conn=0x40c9d000) at http_protocol.c:1001
#7  0x80e6fa2 in child_main (child_num_arg=0) at http_main.c:4166
#8  0x80e716c in make_child (s=0x401c4028, slot=0, now=950823638)
    at http_main.c:4281
#9  0x80e72c9 in startup_children (number_to_start=5) at http_main.c:4363
#10 0x80e78f6 in standalone_main (argc=2, argv=0xbffff904) at http_main.c:4651
#11 0x80e8083 in main (argc=2, argv=0xbffff904) at http_main.c:4973
#12 0x400e6cb3 in __libc_start_main (main=0x80e7d3c <main>, argc=2, 
    argv=0xbffff904, init=0x805c5f4 <_init>, fini=0x8115f3c <_fini>, 
    rtld_fini=0x4000a350 <_dl_fini>, stack_end=0xbffff8fc)
    at ../sysdeps/generic/libc-start.c:78
 [2000-02-19 13:11 UTC] k at les dot cz 
it may be bug in glibc - i've just tried to recompile it
with glibc taken from redhat-6.2b (2.1.3-6) and it works...
 [2000-07-30 09:55 UTC] zak@php.net 
See last comments by user.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Mon May 20 15:01:36 2024 UTC