php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #61306 Segfault at end of request
Submitted: 2012-03-06 19:50 UTC Modified: 2012-03-07 19:56 UTC
From: j dot amend at gmail dot com Assigned: cataphract
Status: Closed Package: Apache2 related
PHP Version: 5.4.0 OS: Gentoo Linux
Private report: No CVE-ID:
 [2012-03-06 19:50 UTC] j dot amend at gmail dot com
Description:
------------
Since PHP 5.4 RC5 (RC4 still works fine) and including the release, PHP is segfaulting on a few but not all requests, seemingly after the PHP script is executed but before it is sent to the browser.

PHP 5.4.0--pl0-gentoo (cli) (built: Mar  6 2012 14:18:01) (DEBUG)
Apache 2.2.21 (debug, mpm worker)
zlib 1.2.5
Linux lws3 2.6.39-gentoo-r3 #1 SMP Tue Oct 4 18:09:16 EDT 2011 x86_64 Intel(R) Xeon(R) CPU E5645 @ 2.40GHz GenuineIntel GNU/Linux

zlib.output_compression = Off

php-config
Usage: /usr/bin/php-config [OPTION]
Options:
  --prefix            [/usr/lib64/php5.4]
  --includes          [-I/usr/lib64/php5.4/include/php -I/usr/lib64/php5.4/include/php/main -I/usr/lib64/php5.4/include/php/TSRM -I/usr/lib64/php5.4/include/php/Zend -I/usr/lib64/php5.4/include/php/ext -I/usr/lib64/php5.4/include/php/ext/date/lib]
  --ldflags           []
  --libs              [-lcrypt  -lc-client  -lz -ltidy -lresolv -lcrypt -lreadline -lncurses -lmcrypt -lltdl -lonig -lcrypt -lpam -lt1 -lfreetype -lpng -lz -ljpeg -lgdbm -lcurl -lbz2 -lz -lpcre -lrt -lm -ldl -lnsl  -lxml2 -lz -lm -lssl -lcrypto -lcurl -lrt -lz -lgnutls -lxml2 -lz -lm -lssl -lcrypto -lssl -lcrypto -lxml2 -lz -lm -lnetsnmp -lcrypt -lxml2 -lz -lm -lxml2 -lz -lm -lxml2 -lz -lm -lxml2 -lz -lm -lcrypt ]
  --extension-dir     [/usr/lib64/php5.4/lib/extensions/debug-zts-20100525]
  --include-dir       [/usr/lib64/php5.4/include/php]
  --man-dir           [/usr/lib64/php5.4/man]
  --php-binary        [/usr/lib64/php5.4/bin/php]
  --php-sapis         [cli apache2handler]
  --configure-options [--prefix=/usr --build=x86_64-pc-linux-gnu --host=x86_64-pc-linux-gnu --mandir=/usr/share/man --infodir=/usr/share/info --datadir=/usr/share --sysconfdir=/etc --localstatedir=/var/lib --prefix=/usr/lib64/php5.4 --mandir=/usr/lib64/php5.4/man --infodir=/usr/lib64/php5.4/info --libdir=/usr/lib64/php5.4/lib --with-libdir=lib64 --without-pear --enable-maintainer-zts --disable-bcmath --with-bz2 --disable-calendar --enable-ctype --with-curl --without-curlwrappers --enable-dom --without-enchant --disable-exif --enable-fileinfo --enable-filter --enable-ftp --with-gettext --without-gmp --enable-hash --without-mhash --with-iconv --disable-intl --enable-ipv6 --enable-json --without-kerberos --enable-libxml --enable-mbstring --with-mcrypt --without-mssql --with-onig=/usr --with-openssl --with-openssl-dir=/usr --disable-pcntl --enable-phar --disable-pdo --without-pgsql --enable-posix --without-pspell --without-recode --enable-simplexml --disable-shmop --with-snmp --disable-soap --disable-sockets --without-sqlite3 --without-sybase-ct --disable-sysvmsg --disable-sysvsem --disable-sysvshm --with-tidy --enable-tokenizer --disable-wddx --enable-xml --enable-xmlreader --enable-xmlwriter --with-xmlrpc --without-xsl --enable-zip --with-zlib --enable-debug --enable-dba --without-cdb --without-db4 --disable-flatfile --with-gdbm --disable-inifile --without-qdbm --with-freetype-dir=/usr --with-t1lib=/usr --disable-gd-jis-conv --with-jpeg-dir=/usr --with-png-dir=/usr --without-xpm-dir --with-gd --with-imap --with-imap-ssl --with-mysql=mysqlnd --with-mysql-sock=/var/run/mysqld/mysqld.sock --with-mysqli=mysqlnd --with-readline --without-libedit --without-mm --with-pcre-regex=/usr --with-pcre-dir=/usr --with-config-file-path=/etc/php/cli-php5.4 --with-config-file-scan-dir=/etc/php/cli-php5.4/ext-active --disable-embed --enable-cli --disable-cgi --disable-fpm --without-apxs2]
  --version           [5.4.0--pl0-gentoo]
  --vernum            [50400]

Test script:
---------------
apache2 -f /etc/apache2/httpd.conf -k start -X

test.php:
<?php
phpinfo();

(open a few simultaneous requests to it)
10x http://localhost/test.php

Expected result:
----------------
Get consistent phpinfo() output every time

Actual result:
--------------
Most requests work, but a few come up blank because of a segfault

httpd-error.log:
,..
[Tue Mar 06 13:37:42 2012] [notice] child pid 7091 exit signal Segmentation fault (11)
...

backtrace:

#0  0x00007ffff4130cd7 in deflateEnd (strm=0x5a5a5a5a5a5a5a5a) at deflate.c:900
#1  0x00007ffff1373d3a in php_zlib_cleanup_ob_gzhandler_mess (tsrm_ls=0x23ca570) at /usr/src/debug/dev-lang/php-5.4.0/sapis-build/apache2/ext/zlib/zlib.c:434
#2  0x00007ffff13759d9 in zm_deactivate_zlib (type=1, module_number=6, tsrm_ls=0x23ca570) at /usr/src/debug/dev-lang/php-5.4.0/sapis-build/apache2/ext/zlib/zlib.c:972
#3  0x00007ffff17c232b in zend_deactivate_modules (tsrm_ls=0x23ca570) at /usr/src/debug/dev-lang/php-5.4.0/sapis-build/apache2/Zend/zend_API.c:2325
#4  0x00007ffff16f7d59 in php_request_shutdown (dummy=0x0) at /usr/src/debug/dev-lang/php-5.4.0/sapis-build/apache2/main/main.c:1755
#5  0x00007ffff193e583 in php_apache_request_dtor (r=0x191d43a0, tsrm_ls=0x23ca570) at /usr/src/debug/dev-lang/php-5.4.0/sapis-build/apache2/sapi/apache2handler/sapi_apache2.c:507
#6  0x00007ffff193f01c in php_handler (r=0x191d43a0) at /usr/src/debug/dev-lang/php-5.4.0/sapis-build/apache2/sapi/apache2handler/sapi_apache2.c:679
#7  0x0000000000440e45 in ap_run_handler (r=0x191d43a0) at config.c:158
#8  0x0000000000441736 in ap_invoke_handler (r=0x191d43a0) at config.c:376
#9  0x00000000004523ab in ap_process_request (r=0x191d43a0) at http_request.c:282
#10 0x000000000044f2a3 in ap_process_http_connection (c=0x49ffa98) at http_core.c:190
#11 0x000000000044a5ea in ap_run_process_connection (c=0x49ffa98) at connection.c:43
#12 0x000000000044aa85 in ap_process_connection (c=0x49ffa98, csd=0x49ff880) at connection.c:190
#13 0x00000000004593b7 in process_socket (p=0x49ff808, sock=0x49ff880, my_child_num=0, my_thread_num=19, bucket_alloc=0x23c1068) at worker.c:544
#14 0x0000000000459d29 in worker_thread (thd=0xe0ecb0, dummy=0x2273880) at worker.c:894
#15 0x00007ffff680fc6c in start_thread () from /lib64/libpthread.so.0
#16 0x00007ffff63524bd in clone () from /lib64/libc.so.6

(I've seen other values for strm besides 0x5a5a5a5a5a5a5a5a)

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-03-06 23:43 UTC] cataphract@php.net
-Status: Open +Status: Feedback
 [2012-03-06 23:43 UTC] cataphract@php.net
Are you using output_handler = ob_gzhandler ?
 [2012-03-07 00:09 UTC] cataphract@php.net
-Assigned To: +Assigned To: cataphract
 [2012-03-07 00:09 UTC] cataphract@php.net
I'm assuming yes, in which case I think I know what the problem is. Please respond anyway, I'll post a patch tomorrow for you to test if my assumption is correct.
 [2012-03-07 01:36 UTC] j dot amend at gmail dot com
No actually. I'm using mod_deflate instead, and disabling it didn't help. I'd be happy to test your patch in any case.
 [2012-03-07 01:36 UTC] j dot amend at gmail dot com
-Status: Feedback +Status: Assigned
 [2012-03-07 08:51 UTC] cataphract@php.net
Automatic comment from SVN on behalf of cataphract
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=323988
Log: - Tentative fix for bug #61306.
#cjones: Will update NEWS when confirmed it fixes the problem.
 [2012-03-07 08:53 UTC] cataphract@php.net
-Status: Assigned +Status: Feedback
 [2012-03-07 08:53 UTC] cataphract@php.net
I've committed a tentative fix; please try with SVN (svn export https://svn.php.net/repository/php/php-src/branches/PHP_5_4).
 [2012-03-07 14:52 UTC] j dot amend at gmail dot com
Thank you, that seems to have fixed the problem.
 [2012-03-07 14:52 UTC] j dot amend at gmail dot com
-Status: Feedback +Status: Assigned
 [2012-03-07 19:47 UTC] cataphract@php.net
Automatic comment from SVN on behalf of cataphract
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=324008
Log: - Updated NEWS with news of bug #61306 having been resolved (see r323988).
- Tidied up NEWS
 [2012-03-07 19:56 UTC] cataphract@php.net
-Status: Assigned +Status: Closed
 [2012-03-07 19:56 UTC] cataphract@php.net
This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.

 For Windows:

http://windows.php.net/snapshots/
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Sun Apr 20 10:02:06 2014 UTC