php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #6978 Segfault in sendmail with CGI version
Submitted: 2000-10-02 19:30 UTC Modified: 2000-11-03 19:41 UTC
From: graeme at inetix dot com dot au Assigned:
Status: Closed Package: Mail related
PHP Version: 4.0 Latest CVS (02/10/2000) OS: Linux i386 2.2.12
Private report: No CVE-ID: None
 [2000-10-02 19:30 UTC] graeme at inetix dot com dot au
Appears to also show up when used as Apache module but not fully tested.
Configured with defaults all defauilts './configure' and sendmail was found on system.

Script:
<?
error_reporting(63);
$to = "graeme@inetix.com.au";
$subject="Hello";
$body = "XXYY\n";
mail($to,$subject,$body);
?>

Core backtrace:
#0  0x80b53ed in _zval_ptr_dtor (zval_ptr=0x8129518) at zend_execute_API.c:259
#1  0x80bbc03 in zend_execute_scripts (type=8, file_count=3) at zend.c:718
#2  0x805d8f1 in php_execute_script (primary_file=0xbffffcd4) at main.c:1199
#3  0x805c289 in main (argc=2, argv=0xbffffd34) at cgi_main.c:706

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2000-10-24 01:54 UTC] graeme at inetix dot com dot au
Problemn still exists but out of curiosity I ran 'httpd -X'
through gdb. Backtrace follows. If any one can shed any
light I'd appreciate it.

#0  0x4010eaf4 in write () from /lib/libc.so.6
#1  0x401581cc in __DTOR_END__ () from /lib/libc.so.6
#2  0x400be8a4 in new_do_write (fp=0x81394e8,
    data=0x402ab000 "To: graeme@inetix.com.au\nSubject:
Hello\n\ntest\n",
    to_do=46) at fileops.c:328
#3  0x400be360 in _IO_new_do_write (fp=0x81394e8,
    data=0x402ab000 "To: graeme@inetix.com.au\nSubject:
Hello\n\ntest\n",
    to_do=46) at fileops.c:301
#4  0x400be570 in _IO_new_file_close_it (fp=0x81394e8) at
fileops.c:132
#5  0x400ba40d in _IO_new_fclose (fp=0x81394e8) at iofclose.c:50
#6  0x400bc2b8 in __new_pclose (fp=0x81394e8) at pclose.c:40
#7  0x40239d6a in php_if_base_convert (ht=135826732,
return_value=0x8110f5c,
    this_ptr=0x81394dc, return_value_used=0) at math.c:597
#8  0x40239cb3 in php_if_base_convert (ht=3,
return_value=0x8115c8c,
    this_ptr=0x0, return_value_used=1) at math.c:594
#9  0x401d7496 in execute (op_array=0x8110b8c) at
./zend_execute.c:1974
#10 0x401e3c00 in zend_load_extension (path=0x8 <Address 0x8
out of bounds>)
    at zend_extensions.c:44
#11 0x401f2f72 in yyunput (c=-1073742956, yy_bp=0x402947cc
"\f\231\016")
    at configuration-scanner.c:1301
#12 0x401efc09 in php_error_cb (type=135242916,
error_filename=0x0,
    error_lineno=135242916, format=0x80fa4a4
"|?\017\bl\224\017\bl8\f\b",
    orig_args=0x4027cafa) at main.c:389
#13 0x401f04cb in php_module_startup (sf=0x80fa4a4) at
main.c:853
#14 0x401f04fc in php_module_startup (sf=0x80fa4a4) at
main.c:859
#15 0x8054353 in ap_invoke_handler ()
#16 0x8067889 in process_request_internal ()
#17 0x80678ec in ap_process_request ()
#18 0x805f18e in child_main ()
#19 0x805f31c in make_child ()
#20 0x805f479 in startup_children ()
#21 0x805faa6 in standalone_main ()
#22 0x8060233 in main ()
#23 0x400809cb in __libc_start_main () at
../sysdeps/generic/libc-start.c:122

 [2000-11-01 12:55 UTC] sniper@php.net
Is this still happening with latest CVS?
I can not reproduce this..

--Jani
 [2000-11-03 19:41 UTC] sniper@php.net
User feedback:
------------
Yes but I suspect judging from the backtrace below that the problem does not
lie in PHP but rather the glibc upgrade in RH-6.1 (RHSA-2000:057-04).
So I guess while the bug can be closed, I suspect there may be other RH6.1
machines with this upgrade that could also encounter this problem.
Perhaps one of the core developers can be asked to give a diagnosis rather
than just simply closing the report because it does not apply directly apply
to PHP.
------------

I'm closing this. If someone wants to dig into this..feel free. =)

--Jani
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Thu Sep 23 03:03:37 2021 UTC