PHP :: Bug #40658 :: Segmentation fault

Bug #40658

Segmentation fault

Submitted:

2007-02-27 11:23 UTC

Modified:

2007-02-28 12:03 UTC

Votes:	1
Avg. Score:	5.0 ± 0.0
Reproduced:	0 of 0 (0.0%)

From:

errol at issi dot co dot za

Assigned:

Status:

Not a bug

Package:

CGI/CLI related

PHP Version:

5.2.1

OS:

Linux 2.6.20 on ARM

Private report:

CVE-ID:

None

View Add Comment Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

Quick Fix:	(description)
	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	errol at issi dot co dot za
New email:
PHP Version:		OS:

New/Additional Comment:

[2007-02-27 11:23 UTC] errol at issi dot co dot za

Description:
------------
I was running 5.0.4 (cgi) on an ARM processor (embedded) with linux 2.4.27 and it worked successfully. I have now upgraded to linux 2.6.20 and PHP 5.2.1 (cgi) and I now get a segmentation fault on some of my scripts that previously worked. I have no gdb on the embedded system and have not been able to reproduce the problem on my SuSE linux systems.

Reproduce code:
---------------
Part of code ...

      <table>
<?php
         exec("/usr/sbin/ntpq -c peers",$result);
         while (list($key,$value) = each($result)){
            $table = split("  *",trim($value));
            if ($key == 0){
               echo "<tr>";
               echo "<th>Reference</th>";
               echo "<th>$table[0]</th>";
               echo "<th>$table[1]</th>";
               echo "<th>$table[2]</th>";
               echo "<th>$table[3]</th>";
               echo "<th>$table[4]</th>";
               echo "<th>$table[5]</th>";
               echo "<th>$table[6]</th>";
               echo "<th>$table[7]</th>";
               echo "<th>$table[8]</th>";
               echo "<th>$table[9]</th>";
               echo "</tr>";


Expected result:
----------------
-bash-3.2# ./php -v
PHP 5.2.1 (cgi) (built: Feb 23 2007 17:03:34)
Copyright (c) 1997-2007 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2007 Zend Technologies

Expected result is a table of values.

Actual result:
--------------
Result:
-bash-3.2# ./php ../htdocs/ntp.php
X-Powered-By: PHP/5.2.1
Content-type: text/html

<!--
#***********************************************************************
# Integrated Seismic System
# =========================
#
# $Id: ntp.php,v 1.9 2006/07/11 09:11:41 issd Exp $
#
#***********************************************************************
#
# All rights reserved. Copyright by ISS International Ltd., 1988-2003.
#
# No reproduction of this computer program in whole or in part, in
# any form, by any electronic, mechanical or other means is permitted
# without the written permission of ISS International Limited.
#
# END OF RCS HEADER
-->
<html>
  <head>
    <title>Seismic Controller</title>
    <link
      href="controller.css"
      rel="stylesheet"/>
      <script src="javascript/issupdate.js"></script>
         <!-- <meta
      content="30"
      http-equiv="Refresh"/>-->
  </head>
  <body onload=setTimeout("updateISS('ntp.php',30000)",3000)>
    <center>
      <h1>Seismic Controller</h1>
      <h1> ()</h1>
      <h2>Tue Feb 27 11:20:54 UTC 2007
</h2>
      <img
        src="monitors/images/ISSsmall_logo.png"/>
      <br/>
      <table>
Segmentation fault

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2007-02-27 12:31 UTC] tony2001@php.net

Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read
http://bugs.php.net/bugs-generating-backtrace.php for *NIX and
http://bugs.php.net/bugs-generating-backtrace-win32.php for Win32

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.

[2007-02-27 12:45 UTC] errol at issi dot co dot za

I cannot generate a backtrace as I do not have gdb on the embedded ARM system. I have also been unable to reproduce the problem on a system where I have gdb.

I have been able to islolate the problem to this line of code.

while (list($key,$value) = each($result)){

I have checked and $result is a valid array of values.

[2007-02-27 13:20 UTC] tony2001@php.net

Well, I don't have an ARM system either. 
So I really doubt we can fix something we can't reproduce and there is no backtrace.

[2007-02-27 13:27 UTC] errol at issi dot co dot za

I am busy trying a cross-compile of gdb and will see if I can get it to run and produce the backtrace for you.

[2007-02-27 13:29 UTC] tony2001@php.net

Ok, thanks.

[2007-02-27 14:48 UTC] errol at issi dot co dot za

I managed to get gdb to cross-compile and run on the ARM. Here is the backtrace

#0  ZEND_ASSIGN_SPEC_CV_VAR_HANDLER (execute_data=0xbef2f730)
    at /home/issarm/Projects/arm-2007-02-18/src/php-5.2.1/Zend/zend_execute.c:183
#1  0x0020e6fc in execute (op_array=0x40334308)
    at /home/issarm/Projects/arm-2007-02-18/src/php-5.2.1/Zend/zend_vm_execute.h:92
#2  0x001f18b8 in zend_execute_scripts (type=8, retval=<value optimized out>,
    file_count=1701011824)
    at /home/issarm/Projects/arm-2007-02-18/src/php-5.2.1/Zend/zend.c:1135
#3  0x001b50e0 in php_execute_script (primary_file=Cannot access memory at address 0xfffffe03
)
    at /home/issarm/Projects/arm-2007-02-18/src/php-5.2.1/main/main.c:1784
#4  0x0026d480 in main (argc=0, argv=0x643030)
    at /home/issarm/Projects/arm-2007-02-18/src/php-5.2.1/sapi/cgi/cgi_main.c:1738

[2007-02-27 14:54 UTC] tony2001@php.net

The backtrace isn't really useful, the most important information is missing - on which line the crash happens.
Make sure PHP is compiled with --enable-debug.

[2007-02-27 15:57 UTC] errol at issi dot co dot za

I have run after compiling with --enable-debug and e-mailed you the results.

I hope this helps.

[2007-02-27 15:59 UTC] tony2001@php.net

Please try using this CVS snapshot:

  http://snaps.php.net/php5.2-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5.2-win32-latest.zip

[2007-02-27 16:23 UTC] errol at issi dot co dot za

Here is the backtrace from the latest build I downloaded from snaps.

(gdb) bt
#0  ZEND_ASSIGN_SPEC_CV_VAR_HANDLER (execute_data=0xbeec5730)
    at /home/issarm/Projects/arm-2007-02-18/src/php5.2-200702271530/Zend/zend_execute.c:69
#1  0x002126c8 in execute (op_array=0x40334310)
    at /home/issarm/Projects/arm-2007-02-18/src/php5.2-200702271530/Zend/zend_vm_execute.h:92
#2  0x001f5878 in zend_execute_scripts (type=8, retval=<value optimized out>,
    file_count=0)
    at /home/issarm/Projects/arm-2007-02-18/src/php5.2-200702271530/Zend/zend.c:1134
#3  0x001b8ba0 in php_execute_script (primary_file=Cannot access memory at address 0xfffffe03
)
    at /home/issarm/Projects/arm-2007-02-18/src/php5.2-200702271530/main/main.c:1787
#4  0x002713f8 in main (argc=0, argv=0x643030)
    at /home/issarm/Projects/arm-2007-02-18/src/php5.2-200702271530/sapi/cgi/cgi_main.c:1746

[2007-02-27 18:35 UTC] tony2001@php.net

>Here is the backtrace
Again, we would like to know where exactly it happens, not just the function name.
Try to compile it with CFAGS="-O0 -g" and regenerate the backtrace.
Btw, is there valgrind for Linux on ARM? It would help very much.

[2007-02-27 18:50 UTC] errol at issi dot co dot za

It does not look like valgrind runs on ARM.

See http://valgrind.org/info/platforms.html

[2007-02-27 19:01 UTC] tony2001@php.net

That's bad.
The other request still applies, though.

[2007-02-27 19:12 UTC] errol at issi dot co dot za

Will do. I am at home and the embedded setup is at work.

[2007-02-27 19:38 UTC] errol at issi dot co dot za

Just logged in to work and did the compile with -O0 -g (it was using -O2 -g.

Now the same php script runs without a seg fault!!

I will give it a full test tomorrow when I can access via browser.

[2007-02-27 19:44 UTC] tony2001@php.net

Heh. What version of GCC are you using?

[2007-02-27 19:55 UTC] errol at issi dot co dot za

I am using gcc 4.1.1 on linux 2.6.20 with eabi toolchain (arm-unknown-linux-gnueabi).

[2007-02-27 20:01 UTC] tony2001@php.net

Could you please upgrade to GCC 4.1.2 ?
Or (that would be perfect) downgrade to 3.4.x ?

[2007-02-28 11:51 UTC] errol at issi dot co dot za

I have downloaded and built gcc 4.1.2 as a cross compiler for the ARM and php 5.2.1 now runs without a segmentation fault even when compiled with -g -O2.

Thanks for the help.

[2007-02-28 12:03 UTC] tony2001@php.net

Great news, thanks.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Tue May 07 10:01:32 2024 UTC