php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #64635 segfault in inmem_seek_to_tz_position from parse_tz.c
Submitted: 2013-04-11 20:28 UTC Modified: 2013-04-11 22:30 UTC
From: shakaran at gmail dot com Assigned:
Status: Not a bug Package: Apache2 related
PHP Version: 5.3.24 OS: Centos 5.9
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: shakaran at gmail dot com
New email:
PHP Version: OS:

 

 [2013-04-11 20:28 UTC] shakaran at gmail dot com 
Description:
------------
I am using cPanel with cpeasyapache and php 5.3.23.

I get a apache core file when Xcache and eAccelerator are loaded at same time, 
because in the error trace, php try to guess the timezone in error_log. Then it 
produces a segfault.

I start gdb in the core file showing this:

# gdb /usr/local/apache/bin/httpd core.21552 
GNU gdb (GDB) CentOS (7.0.1-45.el5.centos)
Copyright (C) 2009 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /usr/local/apache/bin/httpd...(no debugging symbols 
found)...done.
[New Thread 21552]
Reading symbols from /usr/lib64/libldap-2.3.so.0...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/libldap-2.3.so.0
Reading symbols from /usr/lib64/liblber-2.3.so.0...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/liblber-2.3.so.0
Reading symbols from /lib64/libssl.so.6...(no debugging symbols found)...done.
Loaded symbols for /lib64/libssl.so.6
Reading symbols from /lib64/libcrypto.so.6...(no debugging symbols 
found)...done.
Loaded symbols for /lib64/libcrypto.so.6
Reading symbols from /usr/lib64/libz.so.1...(no debugging symbols found)...done.
Loaded symbols for /usr/lib64/libz.so.1
Reading symbols from /usr/lib64/libdistcache.so.1...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/libdistcache.so.1
Reading symbols from /usr/lib64/libnal.so.1...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/libnal.so.1
Reading symbols from /lib64/libnsl.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib64/libnsl.so.1
Reading symbols from /opt/pcre/lib/libpcre.so.0...(no debugging symbols 
found)...done.
Loaded symbols for /opt/pcre/lib/libpcre.so.0
Reading symbols from /lib64/libm.so.6...(no debugging symbols found)...done.
Loaded symbols for /lib64/libm.so.6
Reading symbols from /usr/lib64/libaprutil-1.so.0...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/libaprutil-1.so.0
Reading symbols from /lib64/libexpat.so.0...(no debugging symbols found)...done.
Loaded symbols for /lib64/libexpat.so.0
Reading symbols from /usr/lib64/libapr-1.so.0...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/libapr-1.so.0
Reading symbols from /lib64/libuuid.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib64/libuuid.so.1
Reading symbols from /lib64/librt.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib64/librt.so.1
Reading symbols from /lib64/libcrypt.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib64/libcrypt.so.1
Reading symbols from /lib64/libpthread.so.0...(no debugging symbols 
found)...done.
[Thread debugging using libthread_db enabled]
Loaded symbols for /lib64/libpthread.so.0
Reading symbols from /lib64/libdl.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib64/libdl.so.2
Reading symbols from /lib64/libc.so.6...(no debugging symbols found)...done.
Loaded symbols for /lib64/libc.so.6
Reading symbols from /lib64/libresolv.so.2...(no debugging symbols 
found)...done.
Loaded symbols for /lib64/libresolv.so.2
Reading symbols from /usr/lib64/libsasl2.so.2...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/libsasl2.so.2
Reading symbols from /usr/lib64/libgssapi_krb5.so.2...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/libgssapi_krb5.so.2
Reading symbols from /usr/lib64/libkrb5.so.3...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/libkrb5.so.3
Reading symbols from /lib64/libcom_err.so.2...(no debugging symbols 
found)...done.
Loaded symbols for /lib64/libcom_err.so.2
Reading symbols from /usr/lib64/libk5crypto.so.3...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/libk5crypto.so.3
Reading symbols from /usr/lib64/libdb-4.3.so...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/libdb-4.3.so
Reading symbols from /lib64/ld-linux-x86-64.so.2...(no debugging symbols 
found)...done.
Loaded symbols for /lib64/ld-linux-x86-64.so.2
Reading symbols from /usr/lib64/libkrb5support.so.0...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/libkrb5support.so.0
Reading symbols from /lib64/libkeyutils.so.1...(no debugging symbols 
found)...done.
Loaded symbols for /lib64/libkeyutils.so.1
Reading symbols from /lib64/libselinux.so.1...(no debugging symbols 
found)...done.
Loaded symbols for /lib64/libselinux.so.1
Reading symbols from /lib64/libsepol.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib64/libsepol.so.1
Reading symbols from /lib64/libnss_files.so.2...(no debugging symbols 
found)...done.
Loaded symbols for /lib64/libnss_files.so.2
Reading symbols from /usr/local/apache/modules/libphp5.so...done.
Loaded symbols for /usr/local/apache/modules/libphp5.so
Reading symbols from /opt/xslt/lib/libexslt.so.0...done.
Loaded symbols for /opt/xslt/lib/libexslt.so.0
Reading symbols from /opt/tidy/lib/libtidy-0.99.so.0...(no debugging symbols 
found)...done.
Loaded symbols for /opt/tidy/lib/libtidy-0.99.so.0
Reading symbols from /usr/lib64/libaspell.so.15...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/libaspell.so.15
Reading symbols from /usr/lib64/libpspell.so.15...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/libpspell.so.15
Reading symbols from /usr/pgsql-9.1/lib/libpq.so.5...(no debugging symbols 
found)...done.
Loaded symbols for /usr/pgsql-9.1/lib/libpq.so.5
Reading symbols from /usr/lib64/libmysqlclient.so.18...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/libmysqlclient.so.18
Reading symbols from /opt/libmcrypt/lib/libmcrypt.so.4...done.
Loaded symbols for /opt/libmcrypt/lib/libmcrypt.so.4
Reading symbols from /usr/lib64/libltdl.so.3...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/libltdl.so.3
Reading symbols from /lib64/libpam.so.0...(no debugging symbols found)...done.
Loaded symbols for /lib64/libpam.so.0
Reading symbols from /usr/lib64/libfreetype.so.6...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/libfreetype.so.6
Reading symbols from /usr/lib64/libX11.so.6...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/libX11.so.6
Reading symbols from /usr/lib64/libXpm.so.4...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/libXpm.so.4
Reading symbols from /usr/lib64/libpng12.so.0...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/libpng12.so.0
Reading symbols from /usr/lib64/libjpeg.so.62...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/libjpeg.so.62
Reading symbols from /usr/lib64/libenchant.so.1...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/libenchant.so.1
Reading symbols from /usr/lib64/libbz2.so.1...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/libbz2.so.1
Reading symbols from /opt/curlssl/lib/libcurl.so.4...(no debugging symbols 
found)...done.
Loaded symbols for /opt/curlssl/lib/libcurl.so.4
Reading symbols from /usr/lib64/libidn.so.11...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/libidn.so.11
Reading symbols from /usr/lib64/libicui18n.so.36...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/libicui18n.so.36
Reading symbols from /usr/lib64/libicuuc.so.36...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/libicuuc.so.36
Reading symbols from /usr/lib64/libicudata.so.36...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/libicudata.so.36
Reading symbols from /usr/lib64/libicuio.so.36...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/libicuio.so.36
Reading symbols from /opt/xslt/lib/libxslt.so.1...done.
Loaded symbols for /opt/xslt/lib/libxslt.so.1
Reading symbols from /opt/xml2/lib/libxml2.so.2...done.
Loaded symbols for /opt/xml2/lib/libxml2.so.2
Reading symbols from /lib/libgcc_s.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib/libgcc_s.so.1
Reading symbols from /usr/lib64/libstdc++.so.6...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/libstdc++.so.6
Reading symbols from /usr/lib64/libldap_r-2.3.so.0...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/libldap_r-2.3.so.0
Reading symbols from /lib64/libaudit.so.0...(no debugging symbols found)...done.
Loaded symbols for /lib64/libaudit.so.0
Reading symbols from /usr/lib64/libXau.so.6...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/libXau.so.6
Reading symbols from /usr/lib64/libXdmcp.so.6...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/libXdmcp.so.6
Reading symbols from /lib64/libgmodule-2.0.so.0...(no debugging symbols 
found)...done.
Loaded symbols for /lib64/libgmodule-2.0.so.0
Reading symbols from /lib64/libglib-2.0.so.0...(no debugging symbols 
found)...done.
Loaded symbols for /lib64/libglib-2.0.so.0
Reading symbols from /usr/local/lib/php/extensions/no-debug-non-zts-
20090626/suhosin.so...done.
Loaded symbols for /usr/local/lib/php/extensions/no-debug-non-zts-
20090626/suhosin.so
Reading symbols from /usr/local/apache/modules/mod_wsgi.so...(no debugging 
symbols found)...done.
Loaded symbols for /usr/local/apache/modules/mod_wsgi.so
Reading symbols from /lib/libpython2.7.so.1.0...done.
Loaded symbols for /lib/libpython2.7.so.1.0
Reading symbols from /lib64/libutil.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib64/libutil.so.1
Reading symbols from /usr/local/apache/modules/mod_rpaf-2.0.so...(no debugging 
symbols found)...done.
Loaded symbols for /usr/local/apache/modules/mod_rpaf-2.0.so
Reading symbols from /usr/local/lib/ruby/gems/1.9.1/gems/passenger-
3.0.12/ext/apache2/mod_passenger.so...done.
Loaded symbols for /usr/local/lib/ruby/gems/1.9.1/gems/passenger-
3.0.12/ext/apache2/mod_passenger.so
Reading symbols from /usr/local/apache/modules/mod_qos.so...(no debugging 
symbols found)...done.
Loaded symbols for /usr/local/apache/modules/mod_qos.so
Reading symbols from /usr/local/apache/modules/mod_perl.so...(no debugging 
symbols found)...done.
Loaded symbols for /usr/local/apache/modules/mod_perl.so
Reading symbols from /usr/local/lib/perl5/5.8.8/x86_64-linux/CORE/libperl.so...
(no debugging symbols found)...done.
Loaded symbols for /usr/local/lib/perl5/5.8.8/x86_64-linux/CORE/libperl.so
Reading symbols from /usr/local/apache/modules/mod_bw.so...(no debugging symbols 
found)...done.
Loaded symbols for /usr/local/apache/modules/mod_bw.so
Reading symbols from /usr/local/apache/modules/mod_bwlimited.so...(no debugging 
symbols found)...done.
Loaded symbols for /usr/local/apache/modules/mod_bwlimited.so
Reading symbols from /usr/local/apache/modules/mod_suphp.so...done.
Loaded symbols for /usr/local/apache/modules/mod_suphp.so
Reading symbols from /opt/lua/lib/liblua.so...done.
Loaded symbols for /opt/lua/lib/liblua.so
Reading symbols from /usr/local/apache/modules/mod_security2.so...done.
Loaded symbols for /usr/local/apache/modules/mod_security2.so
Reading symbols from /usr/local/IonCube/ioncube_loader_lin_5.3.so...(no 
debugging symbols found)...done.
Loaded symbols for /usr/local/IonCube/ioncube_loader_lin_5.3.so
Reading symbols from /usr/local/Zend/lib/Guard-5.5.0/php-
5.3.x/ZendGuardLoader.so...(no debugging symbols found)...done.
Loaded symbols for /usr/local/Zend/lib/Guard-5.5.0/php-5.3.x/ZendGuardLoader.so
Reading symbols from /usr/local/lib/php/extensions/no-debug-non-zts-
20090626/eaccelerator.so...done.
Loaded symbols for /usr/local/lib/php/extensions/no-debug-non-zts-
20090626/eaccelerator.so
Reading symbols from /usr/local/lib/php/extensions/no-debug-non-zts-
20090626/xcache.so...done.
Loaded symbols for /usr/local/lib/php/extensions/no-debug-non-zts-
20090626/xcache.so

warning: no loadable sections found in added symbol-file system-supplied DSO at 
0x7fff15dfd000
Core was generated by `/usr/local/apache/bin/httpd -k graceful -DSSL'.
Program terminated with signal 11, Segmentation fault.
#0  inmem_seek_to_tz_position (tzf=0x7fff15df62f8, timezone=0xa3cb5f0 " 
\267<\n", tzdb=0x2aade0e9f500)
    at /home/cpeasyapache/src/php-5.3.23/ext/date/lib/parse_tz.c:710
710		int left = 0, right = tzdb->index_size - 1;
(gdb) thread apply all bt full

Thread 1 (Thread 0x2aadd80f2b40 (LWP 21552)):
#0  inmem_seek_to_tz_position (tzf=0x7fff15df62f8, timezone=0xa3cb5f0 " 
\267<\n", tzdb=0x2aade0e9f500)
    at /home/cpeasyapache/src/php-5.3.23/ext/date/lib/parse_tz.c:710
        left = <value optimized out>
        right = <value optimized out>
        cur_locale = 0x0
        tmp = <value optimized out>
#1  0x00002aadd82176a0 in timelib_timezone_id_is_valid (timezone=0xa3cb5f0 " 
\267<\n", tzdb=0x2aade0e9f500)
    at /home/cpeasyapache/src/php-5.3.23/ext/date/lib/parse_tz.c:827
        tzf = 0x2aade0e9f500 <Address 0x2aade0e9f500 out of bounds>
#2  0x00002aadd81f4ea8 in guess_timezone (tzdb=0x2aade0e9f500) at 
/home/cpeasyapache/src/php-5.3.23/ext/date/php_date.c:870
        env = 0x0
#3  0x00002aadd81f4f42 in get_timezone_info () at /home/cpeasyapache/src/php-
5.3.23/ext/date/php_date.c:948
        tz = <value optimized out>
        tzi = <value optimized out>
#4  0x00002aadd81f6de9 in php_format_date (format=0x2aadd8a7cedc "d-M-Y H:i:s 
e", format_len=13, ts=1365708397, localtime=1)
    at /home/cpeasyapache/src/php-5.3.23/ext/date/php_date.c:1198
        t = 0xa6df310
        tzi = <value optimized out>
        string = <value optimized out>
#5  0x00002aadd84dcb18 in php_log_err (
    log_message=0xa90fc38 "PHP Warning:  Cannot load module 'XCache' because 
conflicting module 'eAccelerator' is already loaded in Unknown on line 0") at 
/home/cpeasyapache/src/php-5.3.23/main/main.c:610
        tmp = <value optimized out>
        len = <value optimized out>
        error_time_str = <value optimized out>
        fd = 16
        error_time = 1365708397
#6  0x00002aadd84dd014 in php_error_cb (type=32, error_filename=0x2aadd8a5f8d6 
"Unknown", error_lineno=0, format=<value optimized out>, 
    args=<value optimized out>) at /home/cpeasyapache/src/php-
5.3.23/main/main.c:1031
        error_type_str = 0x2aadd8639b99 "Warning"
        buffer = 0xa90fb58 "Cannot load module 'XCache' because conflicting 
module 'eAccelerator' is already loaded"
        buffer_len = 87
        display = 1
#7  0x00002aadd852f852 in zend_error (type=32, format=0x2aadd8a8f828 "Cannot 
load module '%s' because conflicting module '%s' is already loaded")
    at /home/cpeasyapache/src/php-5.3.23/Zend/zend.c:1078
        args = {{gp_offset = 32, fp_offset = 48, overflow_arg_area = 
0x7fff15df6720, reg_save_area = 0x7fff15df6630}}
        usr_copy = {{gp_offset = 3628456783, fp_offset = 10925, 
overflow_arg_area = 0x32b9e00f9a, reg_save_area = 0xa6decc0}}
        params = <value optimized out>
        retval = <value optimized out>
        z_error_type = <value optimized out>
        z_error_message = <value optimized out>
        z_error_filename = <value optimized out>
        z_error_lineno = <value optimized out>
---Type <return> to continue, or q <return> to quit---
        z_context = <value optimized out>
        error_filename = 0x2aadd8a5f8d6 "Unknown"
        error_lineno = 0
        orig_user_error_handler = <value optimized out>
        in_compilation = <value optimized out>
        saved_class_entry = <value optimized out>
        bp_stack = {top = 366962480, max = 32767, elements = 0x32b9e010f0}
        function_call_stack = {top = 0, max = 0, elements = 0x32b920d136}
        switch_cond_stack = {top = 366962480, max = 32767, elements = 
0x32b9e01104}
        foreach_copy_stack = {top = 0, max = 0, elements = 0x20}
        object_stack = {top = -1176497936, max = 50, elements = 0x1}
        declare_stack = {top = -1186870336, max = 50, elements = 0x7fff15df6730}
        list_stack = {top = -540049008, max = 10925, elements = 0x0}
        labels_stack = {top = 0, max = 0, elements = 0x800000000}
#8  0x00002aadd8534bd3 in zend_register_module_ex (module=0x0) at 
/home/cpeasyapache/src/php-5.3.23/Zend/zend_API.c:1697
        dep = 0x2aaddff156a0
        name_len = 12
        lcname = 0xa90f608 "\270\365\220\n"
        module_ptr = <value optimized out>
#9  0x00002aadd845dbd4 in php_load_extension (filename=0xa90e438 "xcache.so", 
type=1, start_now=0)
    at /home/cpeasyapache/src/php-5.3.23/ext/standard/dl.c:240
        handle = 0xa6decc0
        libpath = 0xa911a80 ""
        module_entry = 0x2aaddff151e0
        get_module = <value optimized out>
        error_type = 32
        extension_dir = <value optimized out>
#10 0x00002aadd8524997 in zend_llist_apply (l=<value optimized out>, 
func=0x2aadd84e24d0 <php_load_php_extension_cb>)
    at /home/cpeasyapache/src/php-5.3.23/Zend/zend_llist.c:193
        element = 0x99532f0
#11 0x00002aadd84e24aa in php_ini_register_extensions () at 
/home/cpeasyapache/src/php-5.3.23/main/php_ini.c:751
No locals.
#12 0x00002aadd84dbc2f in php_module_startup (sf=<value optimized out>, 
additional_modules=0x2aadd8dfde00, num_additional_modules=1)
    at /home/cpeasyapache/src/php-5.3.23/main/main.c:2073
        zuf = {error_function = 0x2aadd84dcb80 <php_error_cb>, printf_function = 
0x2aadd84db440 <php_printf>, 
          write_function = 0x2aadd84da680 <php_body_write_wrapper>, 
fopen_function = 0x2aadd84da910 <php_fopen_wrapper_for_zend>, 
          message_handler = 0x2aadd84dc770 <php_message_handler_for_zend>, 
block_interruptions = 0, unblock_interruptions = 0, 
          get_configuration_directive = 0x2aadd84da8e0 
<php_get_configuration_directive_for_zend>, 
          ticks_function = 0x2aadd84eb370 <php_run_ticks>, on_timeout = 
0x2aadd84db250 <php_on_timeout>, 
          stream_open_function = 0x2aadd84db420 <php_stream_open_for_zend>, 
vspprintf_function = 0x2aadd84df050 <vspprintf>, 
          getenv_function = 0x2aadd84e3b80 <sapi_getenv>, resolve_path_function 
= 0x2aadd84da8c0 <php_resolve_path_for_zend>}
        zuv = {import_use_extension = 0x2aadd8a64636 ".php", 
import_use_extension_length = 0, html_errors = 1 '\001'}
        module = <value optimized out>
        directives = {0x2aadd8a693cb "define_syslog_variables", 0x2aadd8a4c358 
"register_globals", 0x2aadd8a7d12c "register_long_arrays", 
          0x2aadd8a7d189 "safe_mode", 0x2aadd8a68b23 "magic_quotes_gpc", 
0x2aadd8a68b38 "magic_quotes_runtime", 
---Type <return> to continue, or q <return> to quit---
          0x2aadd8a7d0f4 "magic_quotes_sybase", 0x0}
#13 0x00002aadd85b7085 in php_apache2_startup (sapi_module=0x7fff15df62f8)
    at /home/cpeasyapache/src/php-5.3.23/sapi/apache2handler/sapi_apache2.c:349
No locals.
#14 0x00002aadd85b7b30 in php_apache_server_startup (pconf=0x7cca708, plog=
<value optimized out>, ptemp=<value optimized out>, s=0x7cdf0b0)
    at /home/cpeasyapache/src/php-5.3.23/sapi/apache2handler/sapi_apache2.c:458
        data = 0x1
#15 0x000000000044c2f2 in ap_run_post_config ()
No symbol table info available.
#16 0x000000000043229d in main ()
No symbol table info available.
(gdb) where
#0  inmem_seek_to_tz_position (tzf=0x7fff15df62f8, timezone=0xa3cb5f0 " 
\267<\n", tzdb=0x2aade0e9f500)
    at /home/cpeasyapache/src/php-5.3.23/ext/date/lib/parse_tz.c:710
#1  0x00002aadd82176a0 in timelib_timezone_id_is_valid (timezone=0xa3cb5f0 " 
\267<\n", tzdb=0x2aade0e9f500)
    at /home/cpeasyapache/src/php-5.3.23/ext/date/lib/parse_tz.c:827
#2  0x00002aadd81f4ea8 in guess_timezone (tzdb=0x2aade0e9f500) at 
/home/cpeasyapache/src/php-5.3.23/ext/date/php_date.c:870
#3  0x00002aadd81f4f42 in get_timezone_info () at /home/cpeasyapache/src/php-
5.3.23/ext/date/php_date.c:948
#4  0x00002aadd81f6de9 in php_format_date (format=0x2aadd8a7cedc "d-M-Y H:i:s 
e", format_len=13, ts=1365708397, localtime=1)
    at /home/cpeasyapache/src/php-5.3.23/ext/date/php_date.c:1198
#5  0x00002aadd84dcb18 in php_log_err (
    log_message=0xa90fc38 "PHP Warning:  Cannot load module 'XCache' because 
conflicting module 'eAccelerator' is already loaded in Unknown on line 0") at 
/home/cpeasyapache/src/php-5.3.23/main/main.c:610
#6  0x00002aadd84dd014 in php_error_cb (type=32, error_filename=0x2aadd8a5f8d6 
"Unknown", error_lineno=0, format=<value optimized out>, 
    args=<value optimized out>) at /home/cpeasyapache/src/php-
5.3.23/main/main.c:1031
#7  0x00002aadd852f852 in zend_error (type=32, format=0x2aadd8a8f828 "Cannot 
load module '%s' because conflicting module '%s' is already loaded")
    at /home/cpeasyapache/src/php-5.3.23/Zend/zend.c:1078
#8  0x00002aadd8534bd3 in zend_register_module_ex (module=0x0) at 
/home/cpeasyapache/src/php-5.3.23/Zend/zend_API.c:1697
#9  0x00002aadd845dbd4 in php_load_extension (filename=0xa90e438 "xcache.so", 
type=1, start_now=0)
    at /home/cpeasyapache/src/php-5.3.23/ext/standard/dl.c:240
#10 0x00002aadd8524997 in zend_llist_apply (l=<value optimized out>, 
func=0x2aadd84e24d0 <php_load_php_extension_cb>)
    at /home/cpeasyapache/src/php-5.3.23/Zend/zend_llist.c:193
#11 0x00002aadd84e24aa in php_ini_register_extensions () at 
/home/cpeasyapache/src/php-5.3.23/main/php_ini.c:751
#12 0x00002aadd84dbc2f in php_module_startup (sf=<value optimized out>, 
additional_modules=0x2aadd8dfde00, num_additional_modules=1)
    at /home/cpeasyapache/src/php-5.3.23/main/main.c:2073
#13 0x00002aadd85b7085 in php_apache2_startup (sapi_module=0x7fff15df62f8)
    at /home/cpeasyapache/src/php-5.3.23/sapi/apache2handler/sapi_apache2.c:349
#14 0x00002aadd85b7b30 in php_apache_server_startup (pconf=0x7cca708, plog=
<value optimized out>, ptemp=<value optimized out>, s=0x7cdf0b0)
    at /home/cpeasyapache/src/php-5.3.23/sapi/apache2handler/sapi_apache2.c:458
#15 0x000000000044c2f2 in ap_run_post_config ()
#16 0x000000000043229d in main ()


Expected result:
----------------
Don't segfault when produces a error_log entry trying to guess the timezone.

Actual result:
--------------
Segfault. Related:
#0  inmem_seek_to_tz_position (tzf=0x7fff15df62f8, timezone=0xa3cb5f0 " \267<\n", 
tzdb=0x2aade0e9f500)
    at /home/cpeasyapache/src/php-5.3.23/ext/date/lib/parse_tz.c:710
#1  0x00002aadd82176a0 in timelib_timezone_id_is_valid (timezone=0xa3cb5f0 " 
\267<\n", tzdb=0x2aade0e9f500)

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2013-04-11 22:18 UTC] shakaran at gmail dot com 
If helps I search in code the calls and follow nearly the problem. It seems to 
crash with segfault right here:

https://github.com/php/php-src/blob/PHP-5.3.23/ext/date/lib/parse_tz.c#L259

The struct timelib_tzdb:

https://github.com/php/php-src/blob/PHP-
5.3.23/ext/date/lib/timelib_structs.h#L200

This is my analysis of problem:
Call:
 
https://github.com/php/php-src/blob/PHP-5.3.23/Zend/zend_API.c
 
Stack: 
zend_error (type=32, format=0x2aadd8a8f828 "Cannot load module '%s' because 
conflicting module '%s' is already loaded")
 
Code:
if (zend_hash_exists(&module_registry, lcname, name_len+1)) {
					efree(lcname);
					/* TODO: Check version relationship */
					zend_error(E_CORE_WARNING, "Cannot load 
module '%s' because conflicting module '%s' is already loaded", module->name, 
dep->name);
					return NULL;
				}
 
==Next call==
 
https://github.com/php/php-src/blob/PHP-5.3.23/Zend/zend.c#L1078
 
Stack: -
 
php_error_cb (type=32, error_filename=0x2aadd8a5f8d6 "Unknown", error_lineno=0, 
format=<value optimized out>, args=<value optimized out>)
Code:
case E_COMPILE_WARNING:
			/* The error may not be safe to handle in user-space */
			zend_error_cb(type, error_filename, error_lineno, 
format, args);
			break;
		default:
		
==Next call==
 
https://github.com/php/php-src/blob/PHP-5.3.23/main/main.c#L1031
 
Stack: 
 
php_log_err (log_message=0xa90fc38 "PHP Warning:  Cannot load module 'XCache' 
because conflicting module 'eAccelerator' is already loaded in Unknown on line 
0")
 
Code:
			spprintf(&log_buffer, 0, "PHP %s:  %s in %s on line %d", 
error_type_str, buffer, error_filename, error_lineno);
			php_log_err(log_buffer TSRMLS_CC);
			efree(log_buffer);
 
==Next call==
 
https://github.com/php/php-src/blob/PHP-5.3.23/main/main.c#L610
 
Stack:
 
php_format_date (format=0x2aadd8a7cedc "d-M-Y H:i:s e", format_len=13, 
ts=1365708397, localtime=1)
 
Code:
 
#ifdef ZTS
			if (!php_during_module_startup()) {
				error_time_str = php_format_date("d-M-Y H:i:s 
e", 13, error_time, 1 TSRMLS_CC);
			} else {
				error_time_str = php_format_date("d-M-Y H:i:s 
e", 13, error_time, 0 TSRMLS_CC);
			}
#else
			error_time_str = php_format_date("d-M-Y H:i:s e", 13, 
error_time, 1 TSRMLS_CC); // HERE is the problem!!
#endif
			len = spprintf(&tmp, 0, "[%s] %s%s", error_time_str, 
log_message, PHP_EOL);
 
==Next call==
 
https://github.com/php/php-src/blob/PHP-5.3.23/ext/date/php_date.c#L1198
 
Stack:
 
get_timezone_info ()
 
Code:
 
if (localtime) {
		tzi = get_timezone_info(TSRMLS_C);
		t->tz_info = tzi;
		t->zone_type = TIMELIB_ZONETYPE_ID;
		timelib_unixtime2local(t, ts);
	}
	
==Next call==
 
https://github.com/php/php-src/blob/PHP-5.3.23/ext/date/php_date.c#L948
 
Stack: 
 
guess_timezone (tzdb=0x2aade0e9f500)
 
Code:
 
tz = guess_timezone(DATE_TIMEZONEDB TSRMLS_CC);
 
==Next Call==
 
https://github.com/php/php-src/blob/PHP-5.3.23/ext/date/php_date.c#L856
 
Stack:
 
timelib_timezone_id_is_valid (timezone=0xa3cb5f0 " \267<\n", 
tzdb=0x2aade0e9f500)
 
Code:
 
if (env && *env && timelib_timezone_id_is_valid(env, tzdb)) {
		return env;
	}
 
==Next call==
	
https://github.com/php/php-src/blob/PHP-5.3.23/ext/date/lib/parse_tz.c#L309
 
Stack:
 
inmem_seek_to_tz_position (tzf=0x7fff15df62f8, timezone=0xa3cb5f0 " \267<\n", 
tzdb=0x2aade0e9f500)
 
Code:
int timelib_timezone_id_is_valid(char *timezone, const timelib_tzdb *tzdb)
{
	const unsigned char *tzf;
	return (seek_to_tz_position(&tzf, timezone, tzdb));
}
 
==Next Call==
 
https://github.com/php/php-src/blob/PHP-5.3.23/ext/date/lib/parse_tz.c#L259
 
Stack:
 
CRASH
 
Code:
static int seek_to_tz_position(const unsigned char **tzf, char *timezone, const 
timelib_tzdb *tzdb)
{
	int left = 0, right = tzdb->index_size - 1;
 [2013-04-11 22:30 UTC] derick@php.net
-Status: Open +Status: Not a bug
 [2013-04-11 22:30 UTC] derick@php.net 
Sorry, but your problem does not imply a bug in PHP itself.  For a
list of more appropriate places to ask for help using PHP, please
visit http://www.php.net/support.php as this bug system is not the
appropriate forum for asking support questions.  Due to the volume
of reports we can not explain in detail here why your report is not
a bug.  The support channels will be able to provide an explanation
for you.

Thank you for your interest in PHP.

The inmem_seek_to_tz_position does not exist in the PHP source, so this most be a weirdly patched version of PHP. parse_tz only has 457 lines so anything on line 710 is ... suspect.
 [2013-04-11 23:19 UTC] shakaran at gmail dot com 
Thanks Derick for you response. It seems that cPanel has some weird 
"optimization" right there. The code is public as far I know downloading from 
http://httpupdate.cpanel.net/cpanelsync/easy/ I know that is not anymore a PHP 
project problem, but could you kindly give some clue for fix?

I cannot attach a file in this comment, so I put the source in a gist here: 
https://gist.github.com/shakaran/5368007

Thanks for your time.
 [2013-04-12 13:15 UTC] johannes@php.net 
Related To: Bug #64636
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Fri Apr 19 00:01:29 2024 UTC