PHP :: Bug #45079 :: --with-config-file-path causes segmentation fault

Bug #45079	--with-config-file-path causes segmentation fault
Submitted:	2008-05-23 12:40 UTC	Modified:	2008-07-08 14:45 UTC
From:	m dot kurzyna at crystalpoint dot pl	Assigned:	fb-req-jani (profile)
Status:	Closed	Package:	Reproducible crash
PHP Version:	5.3CVS-2008-05-23 (snap)	OS:	Linux
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	m dot kurzyna at crystalpoint dot pl
New email:
PHP Version:		OS:

New Comment:

[2008-05-23 12:40 UTC] m dot kurzyna at crystalpoint dot pl

Description:
------------
Configuring build --with-config-file-path=/etc/php causes 
segmentation fault when invoking binary (both CLI and CGI).


Reproduce code:
---------------
./configure --with-config-file-path=/etc/php
make
./sapi/cli/php

Actual result:
--------------
[builder@builder-th64 n1]$ ./sapi/cgi/php-cgi
Segmentation fault

A strace follows:

[...]
open("/etc/php/php.ini", O_RDONLY)      = 3
lstat("/etc", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
lstat("/etc/php", {st_mode=S_IFDIR|0755, st_size=52, ...}) = 0
lstat("/etc/php/php.ini", {st_mode=S_IFREG|0644, 
st_size=42387, ...}) = 0
ioctl(3, SNDCTL_TMR_TIMEBASE or TCGETS, 0x7fffe8ff0d60) = -1 ENOTTY 
(Inappropriate ioctl for device)
fstat(3, {st_mode=S_IFREG|0644, st_size=42387, ...}) = 0
mmap(NULL, 42403, PROT_READ, MAP_PRIVATE, 3, 0) = 0x2b4dc1b13000
munmap(0x2b4dc1b13000, 42387)           = 0
close(3)                                = 0
mmap(NULL, 323584, PROT_READ|PROT_WRITE, MAP_PRIVATE|
MAP_ANONYMOUS, -1, 0) = 0x2b4dc1b13000
brk(0xa42000)                           = 0xa42000
brk(0xa63000)                           = 0xa63000
brk(0xa84000)                           = 0xa84000
futex(0x2b4dc2d11ae0, FUTEX_WAKE_PRIVATE, 2147483647) = 0
brk(0xaa5000)                           = 0xaa5000
brk(0xac6000)                           = 0xac6000
brk(0xae7000)                           = 0xae7000
brk(0xb08000)                           = 0xb08000
brk(0xb29000)                           = 0xb29000
open("/etc/php/browscap.ini", O_RDONLY) = 3
ioctl(3, SNDCTL_TMR_TIMEBASE or TCGETS, 0x7fffe8ff1da0) = -1 ENOTTY 
(Inappropriate ioctl for device)
fstat(3, {st_mode=S_IFREG|0644, st_size=319838, ...}) = 0
mmap(NULL, 319854, PROT_READ, MAP_PRIVATE, 3, 0) = 0x2b4dc1b62000
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
+++ killed by SIGSEGV +++

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2008-05-25 21:58 UTC] m dot kurzyna at crystalpoint dot pl

Core was generated by `./sapi/cli/php'.
Program terminated with signal 11, Segmentation fault.
[New process 20491]
#0  0x00000000006f76f4 in ini_lex (ini_lval=0x7fffe7d51180) at /home/users/builder/src/php/n2/Zend/zend_ini_scanner.c:1673
1673                    yytext[yyleng] = 0;
(gdb) bt
#0  0x00000000006f76f4 in ini_lex (ini_lval=0x7fffe7d51180) at /home/users/builder/src/php/n2/Zend/zend_ini_scanner.c:1673
#1  0x00000000006f43be in ini_parse () at /home/users/builder/src/php/n2/Zend/zend_ini_parser.c:1557
#2  0x00000000006f3c36 in zend_parse_ini_file (fh=0x7fffe7d512c0, unbuffered_errors=1 '\001', scanner_mode=1,
    ini_parser_cb=0x620458 <php_browscap_parser_cb>, arg=0xb2cec0)
    at /home/users/builder/src/php/n2/Zend/zend_ini_parser.c:319
#3  0x0000000000620aba in zm_startup_browscap (type=1, module_number=7)
    at /home/users/builder/src/php/n2/ext/standard/browscap.c:198
#4  0x0000000000618005 in zm_startup_basic (type=1, module_number=7)
    at /home/users/builder/src/php/n2/ext/standard/basic_functions.c:4003
#5  0x000000000072b711 in zend_startup_module_ex (module=0xb55eb0) at /home/users/builder/src/php/n2/Zend/zend_API.c:1585
#6  0x0000000000733d00 in zend_hash_apply (ht=0xb335a0, apply_func=0x72b568 <zend_startup_module_ex>)
    at /home/users/builder/src/php/n2/Zend/zend_hash.c:673
#7  0x000000000072b8f2 in zend_startup_modules () at /home/users/builder/src/php/n2/Zend/zend_API.c:1634
#8  0x00000000006b1739 in php_module_startup (sf=0xb2b480, additional_modules=0x0, num_additional_modules=0)
    at /home/users/builder/src/php/n2/main/main.c:1898
#9  0x00000000007c326e in php_cli_startup (sapi_module=0xb2b480) at /home/users/builder/src/php/n2/sapi/cli/php_cli.c:358
#10 0x00000000007c3ffb in main (argc=1, argv=0x7fffe7d51938) at /home/users/builder/src/php/n2/sapi/cli/php_cli.c:716

[2008-05-26 20:11 UTC] jani@php.net

Why do you actually have browscap.ini in that directory anyway..? That sounds like a very bad idea to me, considering it will get loaded as "normal" partial php.ini file. Of course it shouldn't cause a crash though. :)

[2008-05-26 20:43 UTC] m dot kurzyna at crystalpoint dot pl

As for the location - it seems convenient. Dunno if loading it with the rest of .ini is a good or bad thing - personally I don't see disadvantages of this except for having to parse one more file and thus startup performance loss.

This however is irrelevant. I moved browsecap.ini to /tmp and set browsecap option to new location - it still crashes. However when it can't find the file it doesn't so it's something specific to this file that causes the crash. 

I've managed to isolate basic test case: it's using quotation for  values:

option="value" 

crashes, where 

option=value 

doesn't. This isn't true for configuration ini file - using quotations has no crash effect as far as I tested.

[2008-07-06 11:46 UTC] jani@php.net

Please try using this CVS snapshot:

  http://snaps.php.net/php5.3-latest.tar.gz

And provide new backtrace generated with that snapshot.

[2008-07-08 11:35 UTC] m dot kurzyna at crystalpoint dot pl

Just tried with 2008.07.08 08:30 snap - seems to work fine with values both quoted and not. Thanks for the fix.

[2008-07-08 14:45 UTC] johannes@php.net

Closing then.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Apr 18 18:01:28 2024 UTC