php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #54529 SAPI crashes on apache_config.c:197
Submitted: 2011-04-14 09:45 UTC Modified: 2011-05-23 03:47 UTC
Votes:2
Avg. Score:4.0 ± 1.0
Reproduced:2 of 2 (100.0%)
Same Version:2 (100.0%)
Same OS:1 (50.0%)
From: aigors at inbox dot lv Assigned: felipe
Status: Closed Package: Apache2 related
PHP Version: 5.3.6 OS: Debian x86_64 GNU/Linux
Private report: No CVE-ID:
 [2011-04-14 09:45 UTC] aigors at inbox dot lv
Description:
------------
Segfault is happening sometimes on our test environment, Production environment 
has segmentation faults more frequent (has more requests apparently).

Have set Apache core dump configation and compiled PHP with debug mode on the 
test.
Receiving such error:

----------------------------
Program terminated with signal 11, Segmentation fault.
#0 0x00007f3d13e2b9a4 in apply_config (dummy=0x182d078) at /root/php-
5.3.6/sapi/apache2handler/apache_config.c:197
197	 if (zend_alter_ini_entry(str, str_len, data->value, data->value_len, 
data->status, data->htaccess?PHP_INI_STAGE_HTACCESS:PHP_INI_STAGE_ACTIVATE) == 
FAILURE) {
----------------------------

Apache compiled with such configuration:

./configure --prefix=/usr/local/httpd-2.2.17 --with-mpm=worker --with-ssl --
enable-rewrite --enable-ssl --disable-cgi --enable-expires --enable-headers --en
able-so --enable-cache --enable-mem-cache --enable-exception-hook

PHP compiled with such parameters:

./configure  --prefix=/usr/local/php5.3.6 --sysconfdir=/etc --with-
apxs2=/usr/local/httpd-2.2.17/bin/apxs --with-config-file-path=/etc/php/ --with-
config-file-scan-dir=/etc/php/ext-active --enable-bcmath --enable-calendar --
with-curl --enable-exif --enable-ftp --with-gettext --enable-mbstring --with-
mcrypt --with-mhash --with-openssl --with-openssl-dir --with-pgsql --enable-soap 
--enable-sockets --with-xmlrpc --with-xsl --enable-zip --with-zlib --with-
freetype-dir --with-jpeg-dir --with-png-dir --with-gd --with-pdo-pgsql --with-
kerberos --disable-ipv6 --with-libdir=lib64 --enable-debug

Actual result:
--------------
Full backtrace we're having for the failing thread:

--------------------------
#0 0x00007f3d13e2b9a4 in apply_config (dummy=0x182d078) at /root/php-
5.3.6/sapi/apache2handler/apache_config.c:197
d = 0x182d078
str = 0x1750f70 "sendmail_path"
str_len = 14
data = 0x0
#1 0x00007f3d13e2ac09 in php_handler (r=0x219bec0) at /root/php-
5.3.6/sapi/apache2handler/sapi_apache2.c:568
ctx = 0x0
conf = 0x182d078
brigade = 0x219c148
bucket = 0x182e8a0
rv = 0
parent_req = 0x0
tsrm_ls = 0x236ccc0
#2 0x0000000000444710 in ap_run_handler (r=0x219bec0) at config.c:158
n = 6
rv = 0
#3 0x0000000000447d6e in ap_invoke_handler (r=0x219bec0) at config.c:376
handler = 0x1821500 "application/javascript"
result = 25302272
old_handler = 0x0
ignore = <value optimized out>
#4 0x000000000047a058 in ap_process_request (r=0x219bec0) at http_request.c:282
access_status = 0
#5 0x0000000000477010 in ap_process_http_connection (c=0x21980c8) at 
http_core.c:190
r = 0x219bec0
csd = 0x2197eb0
#6 0x000000000044bcf8 in ap_run_process_connection (c=0x21980c8) at 
connection.c:43
n = 0
rv = 0
#7 0x0000000000496d37 in process_socket (thd=<value optimized out>, dummy=<value 
optimized out>) at worker.c:544
current_conn = <value optimized out>
conn_id = <value optimized out>
csd = 25
sbh = 0x21980c0
#8 worker_thread (thd=<value optimized out>, dummy=<value optimized out>) at 
worker.c:894
process_slot = 0
thread_slot = 20
csd = 0x2197eb0
bucket_alloc = <value optimized out>
last_ptrans = <value optimized out>
ptrans = 0x2197e28
rv = <value optimized out>
is_idle = <value optimized out>
#9 0x00007f3d14d608ba in start_thread () from /lib/libpthread.so.0
No symbol table info available.
#10 0x00007f3d148c402d in clone () from /lib/libc.so.6
No symbol table info available.
#11 0x0000000000000000 in ?? ()
No symbol table info available.

Patches

bug-54529_patch.diff (last revision 2011-04-24 21:31 UTC) by hebergement at riastudio dot fr)

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-04-18 09:36 UTC] aigors at inbox dot lv
Seems the bug disappears when the line

php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -finfo@example.com"

is removed from the Apache virtual host configuration.
 [2011-04-24 23:36 UTC] hebergement at riastudio dot fr
Bug confirmed on Gentoo x86_64 GNU/Linux, php-5.3.6, apache-2.2.17.

The result of zend_hash_get_current_data must be checked to prevent segfault.
 [2011-05-23 03:47 UTC] felipe@php.net
Automatic comment from SVN on behalf of felipe
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=311342
Log: - Fixed bug #54529 (SAPI crashes on apache_config.c:197)
  patch by: hebergement at riastudio dot fr
 [2011-05-23 03:47 UTC] felipe@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: felipe
 [2011-05-23 03:47 UTC] felipe@php.net
This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

Thanks for the patch! :)
 [2012-04-18 09:50 UTC] laruence@php.net
Automatic comment on behalf of felipe
Revision: http://git.php.net/?p=php-src.git;a=commit;h=184f80ff668737dbb181421feec577a18858118d
Log: - Fixed bug #54529 (SAPI crashes on apache_config.c:197)   patch by: hebergement at riastudio dot fr
 [2012-07-24 23:41 UTC] rasmus@php.net
Automatic comment on behalf of felipe
Revision: http://git.php.net/?p=php-src.git;a=commit;h=184f80ff668737dbb181421feec577a18858118d
Log: - Fixed bug #54529 (SAPI crashes on apache_config.c:197)   patch by: hebergement at riastudio dot fr
 [2013-11-17 09:38 UTC] laruence@php.net
Automatic comment on behalf of felipe
Revision: http://git.php.net/?p=php-src.git;a=commit;h=184f80ff668737dbb181421feec577a18858118d
Log: - Fixed bug #54529 (SAPI crashes on apache_config.c:197)   patch by: hebergement at riastudio dot fr
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Sat Apr 19 22:02:16 2014 UTC