php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #55525 --enable-zend-multibyte cause Apache exit on signal 10
Submitted: 2011-08-28 14:46 UTC Modified: 2020-03-17 16:20 UTC
Votes:2
Avg. Score:3.0 ± 0.0
Reproduced:2 of 2 (100.0%)
Same Version:1 (50.0%)
Same OS:2 (100.0%)
From: info at ihead dot ru Assigned: cmb (profile)
Status: Closed Package: Apache related
PHP Version: 5.3.8 OS: FreeBSD 7.4
Private report: No CVE-ID: None
 [2011-08-28 14:46 UTC] info at ihead dot ru
Description:
------------
--enable-zend-multibyte in "configure" script (Zend Multibyte Support = Enabled) cause Apache's child processes outputs any result, but exit on signal 10 when in PHP-script there is syntax error and when MaxRequestPerChild != 1.

Tested on Apache 1.3 and Apache 2.2 building PHP from FreeBSD ports or from source directly.

Test script:
---------------
<?
echo '123';

func($item;

?>

Expected result:
----------------
Work correctly on any next request

Actual result:
--------------
Apache's child proccess outputs any result (text of syntax error) and exit with signal 10. It cause fails at the next request (Apache server close connection without any result), when request is scheduled to the killed child.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-09-03 11:23 UTC] laruence@php.net
-Status: Open +Status: Feedback
 [2011-09-03 11:23 UTC] laruence@php.net
Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read
http://bugs.php.net/bugs-generating-backtrace.php for *NIX and
http://bugs.php.net/bugs-generating-backtrace-win32.php for Win32

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.


 [2011-09-03 14:33 UTC] info at ihead dot ru
-Status: Feedback +Status: Open
 [2011-09-03 14:33 UTC] info at ihead dot ru
I compile PHP 5.3.8 from src with: './configure' '--with-apxs=/usr/local/sbin/apxs' '--enable-debug' '--enable-zend-multibyte' 

I tried to get coredump, but i can find it anywhere.

When i start apache (with -X) i see:
php53test# apachectl13 start
Processing config directory: /usr/local/apache/conf/includes13/*.conf
 Processing config file: /usr/local/apache/conf/includes13/13.s16.ihead.ru.conf

After that i make two requests to the Apache.
1) Processed and is see text of syntax error (command line ok)
2) I see blank page (command line print "Bus error")

After that i see text in the command line:
Bus error
/usr/local/sbin/apachectl13 start: httpd could not be started

In the logs such records:
[Sat Sep  3 14:19:40 2011] [warn] pid file /usr/local/apache/logs13/httpd.pid overwritten -- Unclean shutdown of previous Apache run?
/usr/local/www/1/1.php(4) : Parse error - syntax error, unexpected ';'
[Sat Sep  3 14:19:46 2011]  Script:  '/usr/local/www/1/1.php'
---------------------------------------
Zend/zend_language_scanner.l(707) : Block 0x201e18220 status:
Beginning:      Freed
    Start:      Overflown (magic=0x5A5A5A5A instead of 0x513AB69F)
                At least 4 bytes overflown
Processing config directory: /usr/local/apache/conf/includes13/*.conf
 Processing config file: /usr/local/apache/conf/includes13/13.s16.ihead.ru.conf
[Sat Sep  3 14:22:39 2011] [warn] pid file /usr/local/apache/logs13/httpd.pid overwritten -- Unclean shutdown of previous Apache run?
/usr/local/www/1/1.php(4) : Parse error - syntax error, unexpected ';'
[Sat Sep  3 14:22:44 2011]  Script:  '/usr/local/www/1/1.php'
---------------------------------------
Zend/zend_language_scanner.l(707) : Block 0x201e18220 status:
Beginning:      Freed
    Start:      Overflown (magic=0x5A5A5A5A instead of 0x545BD6B9)
                At least 4 bytes overflown
 [2011-09-03 20:04 UTC] info at ihead dot ru
Here is bugtrace

php53test# gdb /usr/local/apache/bin/httpd13 /usr/local/apache/httpd13.core
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "amd64-marcel-freebsd"...(no debugging symbols found)...
Core was generated by `httpd13'.
Program terminated with signal 10, Bus error.
Reading symbols from /lib/libcrypt.so.4...(no debugging symbols found)...done.
Loaded symbols for /lib/libcrypt.so.4
Reading symbols from /lib/libc.so.7...(no debugging symbols found)...done.
Loaded symbols for /lib/libc.so.7
Reading symbols from /usr/local/apache/libexec/libphp5.so...done.
Loaded symbols for /usr/local/apache/libexec/libphp5.so
Reading symbols from /usr/lib/librt.so.1...done.
Loaded symbols for /usr/lib/librt.so.1
Reading symbols from /lib/libm.so.5...done.
Loaded symbols for /lib/libm.so.5
Reading symbols from /lib/libz.so.4...done.
Loaded symbols for /lib/libz.so.4
Reading symbols from /usr/local/lib/libxml2.so.5...done.
Loaded symbols for /usr/local/lib/libxml2.so.5
Reading symbols from /usr/local/lib/libiconv.so.3...done.
Loaded symbols for /usr/local/lib/libiconv.so.3
Reading symbols from /libexec/ld-elf.so.1...done.
Loaded symbols for /libexec/ld-elf.so.1
#0  0x0000000200802324 in memcmp () from /lib/libc.so.7
(gdb) bt
#0  0x0000000200802324 in memcmp () from /lib/libc.so.7
#1  0x0000000200f68a05 in zend_mm_check_ptr (heap=0x201e5d000, ptr=0x201e18220, silent=0, __zend_filename=0x201312554 "Zend/zend_language_scanner.l",
    __zend_lineno=707, __zend_orig_filename=0x0, __zend_orig_lineno=0) at /root/php/php-5.3.8/Zend/zend_alloc.c:1492
#2  0x0000000200f6853d in zend_mm_check_ptr (heap=0x201e5d000, ptr=0x201e18220, silent=1, __zend_filename=0x201312554 "Zend/zend_language_scanner.l",
    __zend_lineno=707, __zend_orig_filename=0x0, __zend_orig_lineno=0) at /root/php/php-5.3.8/Zend/zend_alloc.c:1393
#3  0x0000000200f69f71 in _zend_mm_free_int (heap=0x201e5d000, p=0x201e18220, __zend_filename=0x201312554 "Zend/zend_language_scanner.l", __zend_lineno=707,
    __zend_orig_filename=0x0, __zend_orig_lineno=0) at /root/php/php-5.3.8/Zend/zend_alloc.c:1993
#4  0x0000000200f6b611 in _efree (ptr=0x201e18220, __zend_filename=0x201312554 "Zend/zend_language_scanner.l", __zend_lineno=707, __zend_orig_filename=0x0,
    __zend_orig_lineno=0) at /root/php/php-5.3.8/Zend/zend_alloc.c:2361
#5  0x0000000200f4a5e7 in zend_multibyte_read_script (
    buf=0x2005c9000 "<?\necho '123';\n\nfunc($item;\n\n/*\n$i=0;\nwhile($i++<5){\n    mail('dev@ihead.ru', 'test ' . $i, 'just test',\n        'From: Tester <dev@ihead.ru>' . \"\\n\" .\n        'Reply-To: admin@ihead.ru' . \"\\r\\n\"\n    "..., n=207) at zend_language_scanner.l:707
#6  0x0000000200f49178 in open_file_for_scanning (file_handle=0x7fffffffe540) at zend_language_scanner.l:279
#7  0x0000000200f4947f in compile_file (file_handle=0x7fffffffe540, type=8) at zend_language_scanner.l:352
#8  0x0000000200d96842 in phar_compile_file (file_handle=0x7fffffffe540, type=8) at /root/php/php-5.3.8/ext/phar/phar.c:3393
#9  0x0000000200f94935 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /root/php/php-5.3.8/Zend/zend.c:1228
#10 0x0000000200f12872 in php_execute_script (primary_file=0x7fffffffe540) at /root/php/php-5.3.8/main/main.c:2284
#11 0x0000000201088bcc in apache_php_module_main (r=0x201d8f060, display_source_mode=0) at /root/php/php-5.3.8/sapi/apache/sapi_apache.c:53
#12 0x0000000201089d4e in send_php (r=0x201d8f060, display_source_mode=0, filename=0x201d90410 "/usr/local/www/1/1.php")
    at /root/php/php-5.3.8/sapi/apache/mod_php5.c:682
#13 0x0000000201089daf in send_parsed_php (r=0x201d8f060) at /root/php/php-5.3.8/sapi/apache/mod_php5.c:697
#14 0x0000000000422e92 in ap_invoke_handler ()
#15 0x000000000043b899 in process_request_internal ()
#16 0x000000000043b8f4 in ap_process_request ()
#17 0x0000000000431473 in child_main ()
#18 0x0000000000431784 in make_child ()
#19 0x0000000000431bbb in perform_idle_server_maintenance ()
#20 0x00000000004321a9 in standalone_main ()
#21 0x00000000004327f4 in main ()
 [2011-09-06 02:50 UTC] laruence@php.net
-Status: Open +Status: Feedback
 [2011-09-06 02:50 UTC] laruence@php.net
I can not reproduce this in my environ, and your apache seems to be ancient 
version, could you test with a newer version of it?  thanks
 [2011-09-06 03:12 UTC] info at ihead dot ru
-Status: Feedback +Status: Open
 [2011-09-06 03:12 UTC] info at ihead dot ru
It was tested on Apache 1.3.41 and 2.2.19.
I will try on another server later.
 [2012-02-03 01:23 UTC] anoni at mo dot us
Confirm bug happening on php5.3.9 apache 2.2.21 Freebsd8. PHP compiled with zend_multibyte support.

pid xxxx (httpd), uid 80: exited on signal 11

another simptom in vhost error.log : PHP Fatal error:  require_once() Failed opening required '1' 

(intermittent, file exists and works 90% of the time). Browser gets white screen of death. Refreshing the page will work ok usually.
 [2012-02-03 01:30 UTC] anoni at mo dot us
To reproduce try php from ports, make config with multibyte, then install magento shop 1.6 and keep refreshing... :)
 [2012-11-29 10:56 UTC] m dot krasilnikov at yandex dot ru
We have the same issue with PHP 5.3.19 on FreeBSD 7.4

Reproducable with test script from original report.

(gdb) bt
#0  0x00000008018acd50 in _zend_mm_free_int () from /usr/local/libexec/apache22/libphp5.so
#1  0x000000080189cf5e in zend_multibyte_read_script () from /usr/local/libexec/apache22/libphp5.so
#2  0x000000080189d37f in open_file_for_scanning () from /usr/local/libexec/apache22/libphp5.so
#3  0x000000080189db9c in compile_file () from /usr/local/libexec/apache22/libphp5.so
#4  0x0000000809022844 in phar_compile_file () from /usr/local/lib/php/20090626/phar.so
#5  0x0000000804e0bdda in xdebug_compile_file () from /usr/local/lib/php/20090626/xdebug.so
#6  0x00000008018cb00a in zend_execute_scripts () from /usr/local/libexec/apache22/libphp5.so
#7  0x00000008018759a7 in php_execute_script () from /usr/local/libexec/apache22/libphp5.so
#8  0x000000080195577e in php_handler () from /usr/local/libexec/apache22/libphp5.so
 [2012-12-18 14:43 UTC] m dot krasilnikov at yandex dot ru
It seems that this issue not reproducible on i386 but only on amd64.
 [2020-03-17 16:11 UTC] cmb@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: cmb
 [2020-03-17 16:11 UTC] cmb@php.net
Since --enable-zend-multibyte is removed as of PHP 5.4.0, this
ticket appears to be obsolete.
 [2020-03-17 16:20 UTC] nikic@php.net
FWIW --enable-zend-multibyte was removed in the sense that it is now always enabled and controlled by an ini setting.

Of course quite likely that this has been fixed in the meantime anyway.
 
PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Wed May 18 07:05:45 2022 UTC