php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #8524 Segmentation fault
Submitted: 2001-01-02 15:03 UTC Modified: 2001-01-03 06:41 UTC
From: msopacua at idg dot nl Assigned:
Status: Closed Package: XML related
PHP Version: 4.0.4 OS: *BSD*
Private report: No CVE-ID: None
 [2001-01-02 15:03 UTC] msopacua at idg dot nl
First of all:
Best wishes to you all!

Now for the annoying stuff:

This bug seems similar to 8492.

Offending code, remove the /* */ and it core-dumps:
$xml_file='bla.xml';
if (!(list($xml_parser, $fp) = new_xml_parser($xml_file))) {
    die("could not open XML input");
}
print "<pre>";
while ($data = fread($fp, 4096)) {
/*	if (!xml_parse($xml_parser, $data, feof($fp))) {
	die(sprintf("<span style='color: red; font-weight: bold'>XML error: %s at line %d</span>\n",
		xml_error_string(xml_get_error_code($xml_parser)),
		xml_get_current_line_number($xml_parser)));
	}*/
	echo $data;
}
print "</pre>";
xml_parser_free($xml_parser);


Output BSDi gdb backtrace:

Program terminated with signal 11, Segmentation fault.
#0  0x48253c7b in zend_hash_exists (ht=0x816273c, arKey=0x8047d0c "\030}\004\b??\004\b\f\020\013\b$}\004\b1?\004\b\f?\n\b0}\004\b??\005\b\f?\n\bP}\004\b??\005\b",
    nKeyLength=134542129) at zend_hash.c:907
907             p = ht->arBuckets[nIndex];
(gdb) bt
#0  0x48253c7b in zend_hash_exists (ht=0x816273c, arKey=0x8047d0c "\030}\004\b??\004\b\f\020\013\b$}\004\b1?\004\b\f?\n\b0}\004\b??\005\b\f?\n\bP}\004\b??\005\b",
    nKeyLength=134542129) at zend_hash.c:907
#1  0x804f2bd in ap_clear_pool ()
#2  0x804f331 in ap_destroy_pool ()
#3  0x804f2ac in ap_clear_pool ()
#4  0x804f331 in ap_destroy_pool ()
#5  0x805ccf6 in clean_parent_exit ()
#6  0x805f6b3 in standalone_main ()
#7  0x805fb89 in main ()
#8  0x804ebb7 in __start ()

The PHP code did not modify since php 4.03pl1, but only started being troublesome, in version 4.04.

Other changes with the upgrade:
-- chrooted environment
-- apache 1.3.12 -> 1.3.14

I will go back to php4.03pl1 and report if that makes a difference.

Melvyn.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2001-01-02 15:26 UTC] msopacua at idg dot nl
Reporting back:

php 4.0.3pl1 doesn't expose this error, under the same chrooted environment, with the same server-software.
 [2001-01-02 20:17 UTC] sniper@php.net
I tried the latest CVS and it doesn't crash.
Please try the latest CVS snapshot from http://snaps.php.net/

--Jani
 [2001-01-03 05:53 UTC] msopacua at idg dot nl
The latest snapshot, won't compile, here's the fix:

Compile error:
mod_php4.c: In function `php_apache_startup':
mod_php4.c:252: too many arguments to function `php_module_startup'
mod_php4.c: At top level:
mod_php4.c:354: warning: initialization from incompatible pointer type
make[3]: *** [mod_php4.lo] Error 1
make[3]: Leaving directory _src/php4-200101030145/sapi/apache'
make[2]: *** [all-recursive] Error 1
make[2]: Leaving directory _src/php4-200101030145/sapi/apache'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory _src/php4-200101030145/sapi'
make: *** [all-recursive] Error 1

FIX:
$ diff sapi/apache/mod_php4.c sapi/apache/mod_php4.c.old
252,253c252
<     /* too many arguments fix: if(php_module_startup(sapi_module, NULL) == FAILURE */
<        if(php_module_startup(sapi_module) == FAILURE
---
>     if(php_module_startup(sapi_module, NULL) == FAILURE

The XML bug is fixed though!
Thanx!


 [2001-01-03 06:41 UTC] sniper@php.net
Fixed -> closed. (and that mod_php4.c is fixed now too, thanks!)

--Jani
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Sun Dec 05 21:03:39 2021 UTC