php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #54381 apache randomly segmentation fault when using fopen or file_get_contents
Submitted: 2011-03-25 13:36 UTC Modified: 2013-02-18 00:34 UTC
Votes:8
Avg. Score:4.6 ± 0.7
Reproduced:7 of 7 (100.0%)
Same Version:5 (71.4%)
Same OS:5 (71.4%)
From: ekapek at gmail dot com Assigned:
Status: No Feedback Package: Streams related
PHP Version: 5.2.17 OS: Centos
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: ekapek at gmail dot com
New email:
PHP Version: OS:

 

 [2011-03-25 13:36 UTC] ekapek at gmail dot com
Description:
------------
Problem exists when I use file_get_contents or fopen
It causes httpd seg fault randomly


Test script:
---------------
<?php

$a = file_get_contents('http://myproxy.com/get.php?url=http://www.google.pl');

?>

another:

<?php

if(@fopen('http://www.vorbis.com/files/1.0.1/windows/vorbis-tools-1.0.1-win32.zip','r')) {
 echo 'File exists';
}

?>

Actual result:
--------------
#0  0x000000346d07c515 in memcpy () from /lib64/libc.so.6
#1  0x00002b57cd67a531 in _zend_mm_realloc_int (heap=0x55389e0, p=0x6417690, size=<value optimized out>)
    at /usr/local/directadmin/custombuild/php-5.2.17/Zend/zend_alloc.c:2067
#2  0x00002b57cd66515c in php_stream_wrapper_log_error (wrapper=0x2b57cdc492a0, options=0, fmt=<value optimized out>)
    at /usr/local/directadmin/custombuild/php-5.2.17/main/streams/streams.c:216
#3  0x00002b57cd629924 in php_stream_url_wrap_http_ex (wrapper=0x2b57cdc492a0,
    path=0x64173b8 "http://myproxy.com/get.php?url=http://www.google.pl", mode=0x2b57cd7806ff "rb", options=4, opened_path=0x0,
    context=0x6417468, redirect_max=20, flags=1) at /usr/local/directadmin/custombuild/php-5.2.17/ext/standard/http_fopen_wrapper.c:189
#4  0x00002b57cd62c198 in php_stream_url_wrap_http (wrapper=0x6636f90, path=0x65f2628 "", mode=0xfffffffffffbbff0 <Address 0xfffffffffffbbff0 out of bounds>,
    options=-17396, opened_path=0x800000000, context=0x63f6a60) at /usr/local/directadmin/custombuild/php-5.2.17/ext/standard/http_fopen_wrapper.c:782
#5  0x00002b57cd665e4b in _php_stream_open_wrapper_ex (path=0x64173b8 "http://myproxy.com/get.php?url=http://www.google.pl",
    mode=0x2b57cd7806ff "rb", options=4, opened_path=0x0, context=0x6417468) at /usr/local/directadmin/custombuild/php-5.2.17/main/streams/streams.c:1827
#6  0x00002b57cd5eba3c in zif_file_get_contents (ht=-842684800, return_value=0x6417440, return_value_ptr=<value optimized out>, this_ptr=<value optimized out>,
    return_value_used=<value optimized out>) at /usr/local/directadmin/custombuild/php-5.2.17/ext/standard/file.c:541
#7  0x00002b57cd6b47d2 in zend_do_fcall_common_helper_SPEC (execute_data=0x7fff8cc6c880) at /usr/local/directadmin/custombuild/php-5.2.17/Zend/zend_vm_execute.h:200
#8  0x00002b57cd6b398c in execute (op_array=0x63f68a0) at /usr/local/directadmin/custombuild/php-5.2.17/Zend/zend_vm_execute.h:92
#9  0x00002b57d0125311 in zend_oe () from /usr/local/lib/ZendOptimizer_5.2.so
#10 0x00002b57cd693edd in zend_execute_scripts (type=8, retval=<value optimized out>, file_count=3) at /usr/local/directadmin/custombuild/php-5.2.17/Zend/zend.c:1134
#11 0x00002b57cd65120d in php_execute_script (primary_file=0x7fff8cc6ed70) at /usr/local/directadmin/custombuild/php-5.2.17/main/main.c:2036
#12 0x00002b57cd718185 in php_handler (r=0x5a20030) at /usr/local/directadmin/custombuild/php-5.2.17/sapi/apache2handler/sapi_apache2.c:639
#13 0x000000000043fc5a in ap_run_handler (r=0x5a20030) at config.c:157
#14 0x0000000000442ea2 in ap_invoke_handler (r=0x5a20030) at config.c:376
#15 0x0000000000486988 in ap_process_request (r=0x5a20030) at http_request.c:282
#16 0x0000000000483c8c in ap_process_http_connection (c=0x58b2b80) at http_core.c:190
#17 0x0000000000446b82 in ap_run_process_connection (c=0x58b2b80) at connection.c:43
#18 0x00000000004b2610 in child_main (child_num_arg=<value optimized out>) at prefork.c:662
#19 0x00000000004b28a5 in make_child (s=0x5111500, slot=6) at prefork.c:763
#20 0x00000000004b30c2 in ap_mpm_run (_pconf=<value optimized out>, plog=<value optimized out>, s=<value optimized out>) at prefork.c:898
#21 0x000000000042d858 in main (argc=4, argv=0x7fff8cc6f318) at main.c:739


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-03-25 13:50 UTC] ekapek at gmail dot com
Another crash:

#0  _zend_mm_free_int (heap=0x55389e0, p=0x5a57680) at /usr/local/directadmin/custombuild/php-5.2.17/Zend/zend_alloc.c:1978
#1  0x00002b57cd66454d in php_stream_tidy_wrapper_error_log (wrapper=0x2b57cdc492a0) at /usr/local/directadmin/custombuild/php-5.2.17/main/streams/streams.c:192
#2  0x00002b57cd665f55 in _php_stream_open_wrapper_ex (path=0x5a573b8 "http://google.com",
    mode=0x2b57cd7806ff "rb", options=4, opened_path=0x0, context=<value optimized out>) at /usr/local/directadmin/custombuild/php-5.2.17/main/streams/streams.c:1899
#3  0x00002b57cd5eba3c in zif_file_get_contents (ht=-842684800, return_value=0x5a57440, return_value_ptr=<value optimized out>, this_ptr=<value optimized out>,
    return_value_used=<value optimized out>) at /usr/local/directadmin/custombuild/php-5.2.17/ext/standard/file.c:541
#4  0x00002b57cd6b47d2 in zend_do_fcall_common_helper_SPEC (execute_data=0x7fff8cc6c880) at /usr/local/directadmin/custombuild/php-5.2.17/Zend/zend_vm_execute.h:200
#5  0x00002b57cd6b398c in execute (op_array=0x5a368a0) at /usr/local/directadmin/custombuild/php-5.2.17/Zend/zend_vm_execute.h:92
#6  0x00002b57d0125311 in zend_oe () from /usr/local/lib/ZendOptimizer_5.2.so
#7  0x00002b57cd693edd in zend_execute_scripts (type=8, retval=<value optimized out>, file_count=3) at /usr/local/directadmin/custombuild/php-5.2.17/Zend/zend.c:1134
#8  0x00002b57cd65120d in php_execute_script (primary_file=0x7fff8cc6ed70) at /usr/local/directadmin/custombuild/php-5.2.17/main/main.c:2036
#9  0x00002b57cd718185 in php_handler (r=0x58d3010) at /usr/local/directadmin/custombuild/php-5.2.17/sapi/apache2handler/sapi_apache2.c:639
#10 0x000000000043fc5a in ap_run_handler (r=0x58d3010) at config.c:157
#11 0x0000000000442ea2 in ap_invoke_handler (r=0x58d3010) at config.c:376
#12 0x0000000000486988 in ap_process_request (r=0x58d3010) at http_request.c:282
#13 0x0000000000483c8c in ap_process_http_connection (c=0x58b2b80) at http_core.c:190
#14 0x0000000000446b82 in ap_run_process_connection (c=0x58b2b80) at connection.c:43
#15 0x00000000004b2610 in child_main (child_num_arg=<value optimized out>) at prefork.c:662
#16 0x00000000004b28a5 in make_child (s=0x5111500, slot=2) at prefork.c:763
#17 0x00000000004b30c2 in ap_mpm_run (_pconf=<value optimized out>, plog=<value optimized out>, s=<value optimized out>) at prefork.c:898
#18 0x000000000042d858 in main (argc=4, argv=0x7fff8cc6f318) at main.c:739
 [2011-03-25 22:56 UTC] felipe@php.net
-Status: Open +Status: Feedback
 [2011-03-25 22:56 UTC] felipe@php.net
Please try using this snapshot:

  http://snaps.php.net/php5.3-latest.tar.gz
 
For Windows:

  http://windows.php.net/snapshots/


 [2011-03-26 13:49 UTC] ekapek at gmail dot com
Problem exists


#0  _zend_mm_free_int (heap=0x1d2a0470, p=0x1da549b8)
    at /root/php5.3-201103252130/Zend/zend_alloc.c:2028
#1  0x00002b4172f653ed in php_stream_tidy_wrapper_error_log (
    wrapper=0x2b4173783c80)
    at /root/php5.3-201103252130/main/streams/streams.c:192
#2  0x00002b4172f66e28 in _php_stream_open_wrapper_ex (
    path=0x1e6c7498 "http://www.edownload.pl/datas/DCPlusPlus-0699-LangPL[www.ed                                                             ownload.pl].exe", mode=0x1da4b788 "r", options=1937213632, opened_path=0x0,
    context=<value optimized out>)
    at /root/php5.3-201103252130/main/streams/streams.c:1954
#3  0x00002b4172eede53 in php_if_fopen (ht=<value optimized out>,
    return_value=0x1da3b288, return_value_ptr=<value optimized out>,
    this_ptr=<value optimized out>, return_value_used=<value optimized out>)
    at /root/php5.3-201103252130/ext/standard/file.c:928
#4  0x00002b4172e3fb37 in phar_fopen (ht=2, return_value=0x1da3b288,
    return_value_ptr=0x0, this_ptr=0x0, return_value_used=1)
    at /root/php5.3-201103252130/ext/phar/func_interceptors.c:418
#5  0x00002b4172fc9ca9 in zend_do_fcall_common_helper_SPEC (
    execute_data=0x1d6ae198)
    at /root/php5.3-201103252130/Zend/zend_vm_execute.h:316
#6  0x00002b4172fc923e in execute (op_array=0x1e6e5600)
    at /root/php5.3-201103252130/Zend/zend_vm_execute.h:107
#7  0x00002b4172f9804e in zend_call_function (fci=0x7ffff51f87f0,
---Type <return> to continue, or q <return> to quit---
    fci_cache=0x7ffff51f8840)
    at /root/php5.3-201103252130/Zend/zend_execute_API.c:964
#8  0x00002b4172ee563f in zif_call_user_func (ht=<value optimized out>,
    return_value=0x1e6eac88, return_value_ptr=<value optimized out>,
    this_ptr=<value optimized out>, return_value_used=<value optimized out>)
    at /root/php5.3-201103252130/ext/standard/basic_functions.c:4774
#9  0x00002b4172fc9ca9 in zend_do_fcall_common_helper_SPEC (
    execute_data=0x1d6ad1b8)
    at /root/php5.3-201103252130/Zend/zend_vm_execute.h:316
#10 0x00002b4172fc923e in execute (op_array=0x1e6e3708)
    at /root/php5.3-201103252130/Zend/zend_vm_execute.h:107
#11 0x00002b4172fc9798 in zend_do_fcall_common_helper_SPEC (
    execute_data=0x1d6ac760)
    at /root/php5.3-201103252130/Zend/zend_vm_execute.h:340
#12 0x00002b4172fc923e in execute (op_array=0x1da56d70)
    at /root/php5.3-201103252130/Zend/zend_vm_execute.h:107
#13 0x00002b4172fc9798 in zend_do_fcall_common_helper_SPEC (
    execute_data=0x1d6ac198)
    at /root/php5.3-201103252130/Zend/zend_vm_execute.h:340
#14 0x00002b4172fc923e in execute (op_array=0x1e6d82c0)
    at /root/php5.3-201103252130/Zend/zend_vm_execute.h:107
#15 0x00002b4172fc9798 in zend_do_fcall_common_helper_SPEC (
    execute_data=0x1d6aac20)
---Type <return> to continue, or q <return> to quit---
    at /root/php5.3-201103252130/Zend/zend_vm_execute.h:340
#16 0x00002b4172fc923e in execute (op_array=0x1da37bb8)
    at /root/php5.3-201103252130/Zend/zend_vm_execute.h:107
#17 0x00002b4172fa2b69 in zend_execute_scripts (type=8, retval=0x0,
    file_count=3) at /root/php5.3-201103252130/Zend/zend.c:1194
#18 0x00002b4172f50338 in php_execute_script (primary_file=0x7ffff51fb120)
    at /root/php5.3-201103252130/main/main.c:2270
#19 0x00002b417302aaad in php_handler (r=0x1db00638)
    at /root/php5.3-201103252130/sapi/apache2handler/sapi_apache2.c:669
#20 0x000000000043fc5a in ap_run_handler (r=0x1db00638) at config.c:157
#21 0x0000000000442ea2 in ap_invoke_handler (r=0x1db00638) at config.c:376
#22 0x000000000048680a in ap_internal_redirect (new_uri=<value optimized out>,
    r=<value optimized out>) at http_request.c:549
#23 0x00000000004ae7ba in handler_redirect (r=0x1d5862a0) at mod_rewrite.c:4831
#24 0x000000000043fc5a in ap_run_handler (r=0x1d5862a0) at config.c:157
#25 0x0000000000442ea2 in ap_invoke_handler (r=0x1d5862a0) at config.c:376
#26 0x0000000000486988 in ap_process_request (r=0x1d5862a0)
    at http_request.c:282
#27 0x0000000000483c8c in ap_process_http_connection (c=0x1d569e40)
    at http_core.c:190
#28 0x0000000000446b82 in ap_run_process_connection (c=0x1d569e40)
    at connection.c:43
#29 0x00000000004b2610 in child_main (child_num_arg=<value optimized out>)
---Type <return> to continue, or q <return> to quit---
    at prefork.c:662
#30 0x00000000004b28a5 in make_child (s=0x1ce79500, slot=7) at prefork.c:763
#31 0x00000000004b30c2 in ap_mpm_run (_pconf=<value optimized out>,
    plog=<value optimized out>, s=<value optimized out>) at prefork.c:898
#32 0x000000000042d858 in main (argc=4, argv=0x7ffff51fb788) at main.c:739
 [2013-02-18 00:34 UTC] php-bugs at lists dot php dot net
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Open". Thank you.
 
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Fri Dec 04 14:01:23 2020 UTC