php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #71764 LDAP and PDO_OCI causing segfault in Apache
Submitted: 2016-03-10 10:35 UTC Modified: 2016-08-10 09:18 UTC
Votes:5
Avg. Score:3.8 ± 1.2
Reproduced:4 of 4 (100.0%)
Same Version:2 (50.0%)
Same OS:-1 (-25.0%)
From: sking at psc dot ac dot uk Assigned:
Status: Open Package: Reproducible crash
PHP Version: 7.0.4 OS: SLES 11
Private report: No CVE-ID: None
 [2016-03-10 10:35 UTC] sking at psc dot ac dot uk
Description:
------------
I am using both the LDAP module and the PDO_OCI module and everything is fine until Apache is gracefully restarted (apache2ctl graceful).  Then on the 2nd page refresh, Apache will segfault.  

If I disable the pdo_oci module (even with the oci8 module still enabled), everything is fine.  It seems that it is the combination of the 2 modules that is the problem.  If I compile PHP with enable-debug, everything is fine also.  It won't segfault in those cases.

The ldap module is compiled to use the OpenLDAP library (version 2.4.26).  I know that the Oracle instant client comes with its own ldap library, and it's possible that is the problem.  I have tried compiling the ldap module to use the Oracle ldap library, but that just segfaults instantly on page load (a different segfault).

Ldap is configured with: "--with-ldap-sasl=/usr --with-libdir=lib64"
Pdo_oci is configured with: "--with-pdo-oci=instantclient,/usr,12.1 --with-libdir=lib64"


Test script:
---------------
<?php
$link=ldap_connect("ldap://ldap1.psc.ac.uk",636);
?>

Actual result:
--------------
#0  *__GI___libc_free (mem=0x59) at malloc.c:3704
#1  0x00007f099df6ad83 in ldap_ld_free (ld=0xc8f740, close=1, sctrls=<optimized out>, cctrls=0x0) at unbind.c:128
#2  0x00007f099df60afe in ldap_initialize (ldp=0x7fff6a07c7a0, url=0x7f098baa51e8 "ldap://ldap1.psc.ac.uk") at open.c:247
#3  0x00007f099c3bb384 in zif_ldap_connect (execute_data=<optimized out>, return_value=0x7f099ca180a0)
    at /usr/local/src/php-7.0.4/ext/ldap/ldap.c:374
#4  0x00007f09a29f4776 in ZEND_DO_ICALL_SPEC_HANDLER (execute_data=0x7f099ca18030) at /usr/local/src/php-7.0.4/Zend/zend_vm_execute.h:586
#5  0x00007f09a29cbad0 in execute_ex (ex=<optimized out>) at /usr/local/src/php-7.0.4/Zend/zend_vm_execute.h:417
#6  0x00007f09a2a22d5a in zend_execute (op_array=0x7f099ca6f000, return_value=0x0) at /usr/local/src/php-7.0.4/Zend/zend_vm_execute.h:458
#7  0x00007f09a298c713 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /usr/local/src/php-7.0.4/Zend/zend.c:1427
#8  0x00007f09a292c2e0 in php_execute_script (primary_file=0x7fff6a07ec10) at /usr/local/src/php-7.0.4/main/main.c:2484
#9  0x00007f09a2a25a0d in php_handler (r=0xc4d660) at /usr/local/src/php-7.0.4/sapi/apache2handler/sapi_apache2.c:678
#10 0x000000000045f8f3 in ap_run_handler (r=0xc4d660) at config.c:170
#11 0x00000000004602f5 in ap_invoke_handler (r=0xc4d660) at config.c:433
#12 0x000000000047f342 in ap_process_async_request (r=0xc4d660) at http_request.c:410
#13 0x000000000047f3ed in ap_process_request (r=0xc4d660) at http_request.c:445
#14 0x000000000047a838 in ap_process_http_sync_connection (c=0xc31170) at http_core.c:210
#15 0x000000000047a93b in ap_process_http_connection (c=0xc31170) at http_core.c:251
#16 0x000000000046e90a in ap_run_process_connection (c=0xc31170) at connection.c:41
#17 0x000000000046eddd in ap_process_connection (c=0xc31170, csd=0xc30f80) at connection.c:213
#18 0x000000000048b49e in child_main (child_num_arg=6, child_bucket=0) at prefork.c:723
#19 0x000000000048b6f1 in make_child (s=0x6ee678, slot=6, bucket=0) at prefork.c:824
#20 0x000000000048bbb8 in perform_idle_server_maintenance (p=0x6bb138) at prefork.c:932
#21 0x000000000048c417 in prefork_run (_pconf=0x6bb138, plog=0x6e8378, s=0x6ee678) at prefork.c:1128
#22 0x00000000004390fb in ap_run_mpm (pconf=0x6bb138, plog=0x6e8378, s=0x6ee678) at mpm_common.c:96
#23 0x0000000000431146 in main (argc=5, argv=0x7fff6a07f788) at main.c:777

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-03-10 12:15 UTC] sking at psc dot ac dot uk
I have upgraded my OpenLDAP libraries from the version that comes with my distro (2.4.26) to the latest version (2.4.44).  This seems to fix things (fingers crossed!)
 [2016-08-10 09:02 UTC] ere dot maijala at helsinki dot fi
Happens also with using GD functions to create a PNG. I can reproduce on CentOS 7 with PHP 7.0.9 and Apache 2.4.6 with the following script:

-----------------
<?php
header('Content-Type: image/png');
$img = imagecreatetruecolor(100, 100);
imagepng($img);
 [2016-08-10 09:18 UTC] requinix@php.net
@ere: That code has nothing to do with this. If you are getting a crash then you need to open a new bug report. https://bugs.php.net/how-to-report.php
 [2016-08-10 10:47 UTC] ere dot maijala at helsinki dot fi
It may be related that after a graceful restart of Apache, phpinfo() reports a different zlib version being linked. In my case before graceful restart:

Compiled Version => 1.2.7
Linked Version => 1.2.7

After graceful restart:

Compiled Version => 1.2.7
Linked Version => 1.2.3.f-ora-v2
 [2016-08-10 10:49 UTC] ere dot maijala at helsinki dot fi
@requinix: sorry, I thought it would be quite related since both involve PDO_OCI.
 [2017-04-24 17:57 UTC] perske at uni-muenster dot de
I am hit by the same bug (same stack trace) with PHP 7.1.4, Oracle Instant Client 12.1 on CentOS 7 with OpenLDAP 2.4.40.
 [2017-04-25 07:42 UTC] sking at psc dot ac dot uk
And the annoying thing is that I've been running a server with PHP compiled with debug mode enabled for a few weeks now and it won't crash.  As soon as I disable debug mode, it will crash within a day or two.

It's proving tricky to get more information on this bug.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Dec 03 17:01:29 2024 UTC