php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #44421 Core dump using PHP 5.2.5 with suExec and mod_cgid
Submitted: 2008-03-12 18:01 UTC Modified: 2008-03-29 17:50 UTC
From: obonhomme at nerim dot net Assigned: fb-req-jani (profile)
Status: Not a bug Package: Reproducible crash
PHP Version: 5.2CVS-2008-25-03 OS: FreeBSD 6.3
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: obonhomme at nerim dot net
New email:
PHP Version: OS:

 

 [2008-03-12 18:01 UTC] obonhomme at nerim dot net 
Description:
------------
php-cgi crashes with SIGSEV making a core dump with php 5.2.5.

The issue occurs only executing index.php file of an IPB Forum 1.3.1 and only when script is executed through apache and mod_fcgid.

If the script is executed by the php-cgi binary from the command line, it works perfectely

The problem seems to be in the virtual_file_ex function (see backtrace)

Reproduce code:
---------------
Url : http://91.121.116.63/~ptitoliv/index.phps

Actual result:
--------------
End of the backtrace : 

#0  0x08120c89 in virtual_file_ex (state=0xbbc00a28, path=0xbbc00a60 "./lang/3/lang_error.php", verify_path=0, use_realpath=1) at /usr/ports/lang/php5/work/php-5.2.5/TSRM/tsrm_virtual_cwd.c:656
656             int path_length = strlen(path);

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2008-03-13 09:58 UTC] obonhomme at nerim dot net 
Same problem with the snapshot
 [2008-03-25 13:45 UTC] jani@php.net 
What was the configure line used to build PHP?
 [2008-03-25 13:50 UTC] obonhomme at nerim dot net 
The configure command used is the following : 

'./configure' '--with-layout=GNU' '--with-config-file-scan-dir=/usr/local/etc/php' '--disable-all' '--enable-libxml' '--with-libxml-dir=/usr/local' '--enable-reflection' '--program-prefix=' '--enable-fastcgi' '--with-apxs2=/usr/local/sbin/apxs' '--with-regex=php' '--with-zend-vm=CALL' '--enable-zend-multibyte' '--prefix=/usr/local' '--mandir=/usr/local/man' '--infodir=/usr/local/info/'
 [2008-03-25 13:55 UTC] jani@php.net 
You're trying to build 3 SAPIs at the same time? It's not possible, you only get CLI binary and the Apache module with that configure line.
And I would guess your Apache is using some threaded MPM..?
 [2008-03-25 15:03 UTC] obonhomme at nerim dot net 
This configuration line have been generated using the FreeBSD port and I confirm that php-cli, php-cgi and the apache module are present on my system.

I confirm that I use the Apache Worker MPM (So a threaded one)

I add that I have severals others vhost using php-cgi which works on the same server.
 [2008-03-25 19:34 UTC] jani@php.net 
Yes, you might have those binaries there, but they're NOT from the same build: That simply is NOT possible. So check for real WHICH ones are from this build. Then I suggest you rebuild the CGI binary just in case _without_ these options:

'--with-apxs2=/usr/local/sbin/apxs' '--with-regex=php'
'--with-zend-vm=CALL' '--enable-zend-multibyte'
 [2008-03-26 10:10 UTC] obonhomme at nerim dot net 
I recompiled my PHP with the following command line : 

'./configure' '--with-layout=GNU' '--with-config-file-scan-dir=/usr/local/etc/php' '--disable-all' '--enable-libxml' '--with-libxml-dir=/usr/local' '--enable-reflection' '--program-prefix=' '--enable-fastcgi' '--prefix=/usr/local' '--mandir=/usr/local/man' '--infodir=/usr/local/info/'

Nevertheless, the php-cgi binary still cores with this script.
 [2008-03-26 12:27 UTC] jani@php.net 
That script is way too big for reproducing this elsewhere. Please provide a shorter script, 10-20 lines which still causes the crash.
I'd also check with plain '<?php phpinfo(); ?>' script that the used PHP  binary is the correct one and what php.ini file(s) are loaded and what possible extensions are loaded.
 [2008-03-26 12:29 UTC] jani@php.net 
And also that the binary does NOT have ZTS enabled!
 [2008-03-26 13:53 UTC] obonhomme at nerim dot net 
The phpinfo script is available at the following URL

http://forum.kajiura.fr/phpdebug4421.php

The issue occurs with the index.php script which is effectively is very big. The problem is that the bug is reproductible only with this script. So it is not possible for the moment to make a shorter script.
 [2008-03-26 21:24 UTC] jani@php.net 
Please remove this "Suhosin" thing. We don't support any 3rd party patches / extension and it is known to cause weird crashes like this.
 [2008-03-29 12:54 UTC] obonhomme at nerim dot net 
The new compilation for the binary php-cgi without Suoshin patch resolves the problem.

Suoshin id definitively out for me
 [2008-03-29 17:50 UTC] jani@php.net 
As it isn't a PHP bug -> bogus. Please report this to the Suhosin author!
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Wed Apr 24 19:01:31 2024 UTC