php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #35484 segmentation faults with multiple include virtual (Apache 2.0.55)
Submitted: 2005-11-30 12:31 UTC Modified: 2005-12-14 04:39 UTC
Votes:4
Avg. Score:5.0 ± 0.0
Reproduced:4 of 4 (100.0%)
Same Version:3 (75.0%)
Same OS:4 (100.0%)
From: minnoce at polito dot it Assigned:
Status: Closed Package: Apache2 related
PHP Version: 5CVS-2005-12-02 (snap) OS: Linux RHEL 4
Private report: No CVE-ID:
 [2005-11-30 12:31 UTC] minnoce at polito dot it
Description:
------------
I'm compiling PHP with this configuration line:

./configure \
"--prefix=/services/php-4.4-CVS" \
"--with-apxs2=/services/apache/bin/apxs" \
"--with-openssl" \
"--with-config-file-path=/services/httpd/conf" \
"--with-mysql=/usr" \
"--with-zlib" \
"--with-gd" \
"--with-jpeg-dir" \
"--with-png-dir" \
"--with-ldap" \
"--with-freetype-dir" \
"--with-mcrypt=/services/libmcrypt" \
"--with-curl" \
"--with-freetds=/services/freetds" \
"--enable-mbstring"

All the PHP 4.3.11, 4.4.1, 4.4-LATEST-CVS used as module under Apache 2.0.54 work fine.

All the PHP 4.3.11, 4.4.1m 4.4-LATEST-CVS used as module under Apache 2.0.55 cause a segmentation fault when I try to include some PHP script with more than one Apache's "include virtual" (even a simple <? echo 'TEST'; ?>).

Examples:
- test.html
<html>
<body>
<!--#include virtual="test.php" -->
<!--#include virtual="test.php" -->
</body>
</html>

- test.php
<? echo 'TEST'; ?>

With only one "include virtual" all works fine.
With the two include virtual the Apache child process associated exit with segmentation fault after the output of the first include.


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-12-01 18:04 UTC] sniper@php.net
We can't reproduce this so please provide the backtrace. (without --enable-debug if that's the only way..)

 [2005-12-02 09:32 UTC] minnoce at polito dot it
OK, removed "--enable-debug" from configure.
Re-executing the above test and reproduced the problem with segmentation fault.

This the GDB bakctrace on the core dump:
# gdb /services/apache/bin/httpd /tmp/php/core.28560
GNU gdb Red Hat Linux (6.3.0.0-1.63rh)
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-redhat-linux-gnu"...(no debugging symbols found)
Using host libthread_db library "/lib/tls/libthread_db.so.1".

Core was generated by `/services/apache/bin/httpd -f /services/httpd/conf/httpd.conf -d /services/apac'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from ...
...
#0  0x011b0100 in _zend_hash_index_update_or_next_insert () from /services/apache/modules/libphp5cvs.so
(gdb) where
#0  0x011b0100 in _zend_hash_index_update_or_next_insert () from /services/apache/modules/libphp5cvs.so
#1  0x011b289b in zend_register_resource () from /services/apache/modules/libphp5cvs.so
#2  0x011725ce in _php_stream_alloc () from /services/apache/modules/libphp5cvs.so
#3  0x01177fef in _php_stream_fopen_from_fd () from /services/apache/modules/libphp5cvs.so
#4  0x01178ef6 in _php_stream_fopen () from /services/apache/modules/libphp5cvs.so
#5  0x01179760 in _php_stream_fopen_with_path () from /services/apache/modules/libphp5cvs.so
#6  0x01175b5b in _php_stream_open_wrapper_ex () from /services/apache/modules/libphp5cvs.so
#7  0x011603d5 in php_stream_open_for_zend () from /services/apache/modules/libphp5cvs.so
#8  0x011b9030 in zend_stream_fixup () from /services/apache/modules/libphp5cvs.so
#9  0x01189319 in compile_file () from /services/apache/modules/libphp5cvs.so
#10 0x011a7cc1 in zend_execute_scripts () from /services/apache/modules/libphp5cvs.so
#11 0x0121ba67 in php_handler () from /services/apache/modules/libphp5cvs.so
#12 0x080ab2b5 in ap_invoke_handler ()
#13 0x080c878d in ap_run_sub_req ()
#14 0x08067399 in _start ()
#15 0x09298258 in ?? ()
#16 0x0927e1f8 in ?? ()
#17 0x0927ee60 in ?? ()
#18 0x092899e8 in ?? ()
#19 0x00002000 in ?? ()
#20 0x00000000 in ?? ()
 [2005-12-10 12:46 UTC] sniper@php.net
See also bug #35571
 [2005-12-12 18:02 UTC] minnoce at polito dot it
Maybe bug #35571 is related to this.

The bug is present only with apache 2.0.55.
No bug with apache 2.0.54.

All components configured identically.
 [2005-12-14 04:39 UTC] iliaa@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Thu Apr 24 20:02:09 2014 UTC