|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #71446 Segfault when calling getallheaders() after failed virtual call
Submitted: 2016-01-25 15:05 UTC Modified: 2021-03-16 11:11 UTC
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:0 (0.0%)
From: jussi dot nieminen at ruxit dot com Assigned: cmb (profile)
Status: Closed Package: Reproducible crash
PHP Version: 5.6.17 OS: Ubuntu 15.10
Private report: No CVE-ID: None
 [2016-01-25 15:05 UTC] jussi dot nieminen at ruxit dot com
I made a simple PHP script that calls another using the "virtual" function. If the second script fails to execute (my test script contains an invalid function call) and I then call "getallheaders()", the Apache worker will segfault:

AH00051: child pid 6094 exit signal Segmentation fault (11)

Test script:
 <?php virtual("/second.php"); ?><br>
 <?php print_r(getallheaders()); ?>

<?php foohaaa(); ?>

Expected result:
Expecting to see something like this on the page (works when I change "foohaa();" to something valid in second.php):

Array ( [Host] => [User-Agent] => Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:43.0) Gecko/20100101 Firefox/43.0 [Accept] => text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 [Accept-Language] => en-US,en;q=0.5 [Accept-Encoding] => gzip, deflate [Connection] => keep-alive [Cache-Control] => max-age=0 )

Actual result:
(gdb) bt
#0  zend_do_fcall_common_helper_SPEC (execute_data=0x7fd4eed070e0) at .../php-5.6.10/Zend/zend_vm_execute.h:488
#1  0x00007fd4e6a23ad8 in execute_ex (execute_data=0x7fd4eed070e0) at .../php-5.6.10/Zend/zend_vm_execute.h:363
#2  0x00007fd4e69eb2b0 in zend_execute_scripts (type=type@entry=8, retval=retval@entry=0x0, file_count=file_count@entry=3) at .../php-5.6.10/Zend/zend.c:1341
#3  0x00007fd4e6989a72 in php_execute_script (primary_file=primary_file@entry=0x7fff4d33e390) at .../php-5.6.10/main/main.c:2597
#4  0x00007fd4e6a8fc62 in php_handler (r=<optimised out>) at .../php-5.6.10/sapi/apache2handler/sapi_apache2.c:667
#5  0x0000000000457581 in ap_run_handler ()
#6  0x000000000045803a in ap_invoke_handler ()
#7  0x0000000000475b84 in ap_process_async_request ()
#8  0x0000000000475c69 in ap_process_request ()
#9  0x0000000000471bc4 in ap_process_http_sync_connection ()
#10 0x0000000000471cd8 in ap_process_http_connection ()
#11 0x00000000004661da in ap_run_process_connection ()
#12 0x0000000000466730 in ap_process_connection ()
#13 0x00000000004803dc in child_main ()
#14 0x00000000004805d2 in make_child ()
#15 0x00000000004809bd in perform_idle_server_maintenance ()
#16 0x00000000004810c9 in prefork_run ()
#17 0x0000000000434ad3 in ap_run_mpm ()
#18 0x000000000042c9a9 in main ()


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2021-03-15 15:52 UTC]
-Status: Open +Status: Feedback -Assigned To: +Assigned To: cmb
 [2021-03-15 15:52 UTC]
Does that segfault still happen to you with any of the actively
supported PHP versions[1]?

[1] <>
 [2021-03-16 05:41 UTC] jussi dot nieminen at ruxit dot com
-Status: Feedback +Status: Assigned
 [2021-03-16 05:41 UTC] jussi dot nieminen at ruxit dot com
Sorry, I haven't had anything to do with PHP ever since. Back then I was investigating a crash alert from another Apache module and ended up finding this bug in the process. I've also moved away from working with Apache in general, so I won't be able to help you here. If you can't reproduce the problem with the included script, I guess it's okay to close this bug.
 [2021-03-16 11:11 UTC]
-Status: Assigned +Status: Closed
 [2021-03-16 11:11 UTC]
Thanks for the swift replay.  I'm closing then.
PHP Copyright © 2001-2023 The PHP Group
All rights reserved.
Last updated: Sat Feb 04 10:04:08 2023 UTC