php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #4684 Apache crash with Arithmetic exception
Submitted: 2000-05-30 02:25 UTC Modified: 2000-06-28 14:39 UTC
From: Stephane dot Legrand at bigfoot dot com Assigned:
Status: Closed Package: Reproducible Crash
PHP Version: 4.0.0 Release OS: FreeBSD 4.0-stable
Private report: No CVE-ID: None
View Developer Edit
 [2000-05-30 02:25 UTC] Stephane dot Legrand at bigfoot dot com 
With the following code :

<?
class test {
	function test () {
	}
	function manageCookie () {
		$cookieName = "TESTCRASH";
		$cookieValue = $GLOBALS[$cookieName];
		$expire = time() + (2*365*24*60*60);
		$TESTCOOKIEENABLED = $HTTP_GET_VARS["TESTCOOKIEENABLED"];
		if (empty($cookieValue)) {
			$userID = uniqid("");
			$cookieValue = $userID;
			SetCookie($cookieName, $cookieValue, $expire, "/", "", 0);
			if (empty($TESTCOOKIEENABLED)) {
				header("Location: http://localhost".$GLOBALS["PHP_SELF"]."?TESTCOOKIEENABLED=TEST");
				exit();
			}
			else {
				header("Location: http://localhost"."/nonexistentfile");
				exit();
			}
		}
		else {
			if (! empty($TESTCOOKIEENABLED)) {
				header("Location: http://localhost".$GLOBALS["PHP_SELF"]);
				exit();
			}
			$userID = $this->getValueCookie("userID");
		}
	}
}
$objTest = new test();
$objTest->manageCookie();
?>

If i always reject the cookie, Apache crash with this backtrace :

(gdb) run -X
Starting program: /usr/local/sbin/apache -X

Program received signal SIGFPE, Arithmetic exception.
add_function (result=0xbfbfefdc, op1=0x8183864, op2=0xbfbfefc0) at zend_operators.c:486
486                     if (dval > (double) LONG_MAX) {
(gdb) bt
#0  add_function (result=0xbfbfefdc, op1=0x8183864, op2=0xbfbfefc0) at zend_operators.c:486
#1  0x80cfd8b in execute (op_array=0x81d76a4) at ./zend_execute.c:1072
#2  0x80d2e3e in execute (op_array=0x819ee24) at ./zend_execute.c:1614
#3  0x8065d74 in php_execute_script (primary_file=0xbfbff724) at main.c:1200
#4  0x808267c in apache_php_module_main (r=0x820b038, fd=18, display_source_mode=0) at sapi_apache.c:93
#5  0x8061cfb in send_php ()
#6  0x8061d39 in send_parsed_php ()
#7  0x80e9090 in ap_invoke_handler ()
#8  0x80f7b99 in process_request_internal ()
#9  0x80f7bf8 in ap_process_request ()
#10 0x80f1692 in child_main ()
#11 0x80f1824 in make_child ()
#12 0x80f1941 in startup_children ()
#13 0x80f1e10 in standalone_main ()
#14 0x80f24cb in main ()
#15 0x8061191 in _start ()

I also noticed that if Apache is not run with gdb, you must get the script with the browser at least 3 times to see the floating point exception in the apache log file.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2000-06-28 14:39 UTC] andi at cvs dot php dot net 
This should be fixed in 4.0.1 due to be released tomorrow. If the problem persists please open a new bug report.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Fri Oct 24 10:00:01 2025 UTC