|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #71446 Segfault when calling getallheaders() after failed virtual call
Submitted: 2016-01-25 15:05 UTC Modified: -
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:0 (0.0%)
From: jussi dot nieminen at ruxit dot com Assigned:
Status: Open Package: Reproducible crash
PHP Version: 5.6.17 OS: Ubuntu 15.10
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Bug Type:
From: jussi dot nieminen at ruxit dot com
New email:
PHP Version: OS:


 [2016-01-25 15:05 UTC] jussi dot nieminen at ruxit dot com
I made a simple PHP script that calls another using the "virtual" function. If the second script fails to execute (my test script contains an invalid function call) and I then call "getallheaders()", the Apache worker will segfault:

AH00051: child pid 6094 exit signal Segmentation fault (11)

Test script:
 <?php virtual("/second.php"); ?><br>
 <?php print_r(getallheaders()); ?>

<?php foohaaa(); ?>

Expected result:
Expecting to see something like this on the page (works when I change "foohaa();" to something valid in second.php):

Array ( [Host] => [User-Agent] => Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:43.0) Gecko/20100101 Firefox/43.0 [Accept] => text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 [Accept-Language] => en-US,en;q=0.5 [Accept-Encoding] => gzip, deflate [Connection] => keep-alive [Cache-Control] => max-age=0 )

Actual result:
(gdb) bt
#0  zend_do_fcall_common_helper_SPEC (execute_data=0x7fd4eed070e0) at .../php-5.6.10/Zend/zend_vm_execute.h:488
#1  0x00007fd4e6a23ad8 in execute_ex (execute_data=0x7fd4eed070e0) at .../php-5.6.10/Zend/zend_vm_execute.h:363
#2  0x00007fd4e69eb2b0 in zend_execute_scripts (type=type@entry=8, retval=retval@entry=0x0, file_count=file_count@entry=3) at .../php-5.6.10/Zend/zend.c:1341
#3  0x00007fd4e6989a72 in php_execute_script (primary_file=primary_file@entry=0x7fff4d33e390) at .../php-5.6.10/main/main.c:2597
#4  0x00007fd4e6a8fc62 in php_handler (r=<optimised out>) at .../php-5.6.10/sapi/apache2handler/sapi_apache2.c:667
#5  0x0000000000457581 in ap_run_handler ()
#6  0x000000000045803a in ap_invoke_handler ()
#7  0x0000000000475b84 in ap_process_async_request ()
#8  0x0000000000475c69 in ap_process_request ()
#9  0x0000000000471bc4 in ap_process_http_sync_connection ()
#10 0x0000000000471cd8 in ap_process_http_connection ()
#11 0x00000000004661da in ap_run_process_connection ()
#12 0x0000000000466730 in ap_process_connection ()
#13 0x00000000004803dc in child_main ()
#14 0x00000000004805d2 in make_child ()
#15 0x00000000004809bd in perform_idle_server_maintenance ()
#16 0x00000000004810c9 in prefork_run ()
#17 0x0000000000434ad3 in ap_run_mpm ()
#18 0x000000000042c9a9 in main ()


Add a Patch

Pull Requests

Add a Pull Request

PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Fri Mar 05 20:01:24 2021 UTC