ID: 24639
User updated by: nospam at rshell dot org
Reported By: nospam at rshell dot org
Status: Open
Bug Type: Reproducible crash
Operating System: linux
PHP Version: php4-stable-latest
New Comment:

here's another. Please let me know if you need more info

#0 0x2da7535a in chunk_alloc () from /lib/i686/libc.so.6
#1 0x2da75158 in malloc () from /lib/i686/libc.so.6
#2 0x2de27175 in php_apache_value_handler_ex (cmd=0x58b200d0,
conf=0x858a228,
arg1=0x817a3ec "error_reporting", arg2=0x817a404 "7", mode=2)
at /home/rcs/php4-STABLE-200307140730/sapi/apache/mod_php4.c:754
#3 0x2de271f9 in php_apache_value_handler (cmd=0x58b200d0,
conf=0x858a228,
arg1=0x817a3ec "error_reporting", arg2=0x817a404 "7")
at /home/rcs/php4-STABLE-200307140730/sapi/apache/mod_php4.c:771
#4 0x08054f00 in invoke_cmd ()
#5 0x080558c6 in ap_handle_command ()
#6 0x08055959 in ap_srm_command_loop ()
#7 0x08056307 in ap_p_htaccess ()
#8 0x08068415 in directory_walk ()
#9 0x08069730 in process_request_internal ()
#10 0x08069bb8 in ap_process_request ()
#11 0x08060929 in child_main ()
#12 0x08060bbb in make_child ()
#13 0x08060f38 in perform_idle_server_maintenance ()
#14 0x0806150d in standalone_main ()
#15 0x08061b63 in main ()
#16 0x2da12589 in __libc_start_main () from /lib/i686/libc.so.6


Previous Comments:
------------------------------------------------------------------------

[2003-07-14 05:33:56] nospam at rshell dot org

here's another backtrace:
#0 0x2da7535a in chunk_alloc () from /lib/i686/libc.so.6
#1 0x2da75158 in malloc () from /lib/i686/libc.so.6
#2 0x2ddfd8bf in _emalloc (size=12)
at /home/rcs/php4-STABLE-200307140730/Zend/zend_alloc.c:158
#3 0x2ddecc73 in php_default_treat_data (arg=2, str=0x0,
destArray=0x0)
at /home/rcs/php4-STABLE-200307140730/main/php_variables.c:227
#4 0x2dde4e23 in php_hash_environment ()
at /home/rcs/php4-STABLE-200307140730/main/main.c:1417
#5 0x2dde408c in php_request_startup ()
at /home/rcs/php4-STABLE-200307140730/main/main.c:935
#6 0x2de26274 in apache_php_module_main (r=0x817a1bc,
display_source_mode=0)
at /home/rcs/php4-STABLE-200307140730/sapi/apache/sapi_apache.c:33
#7 0x2de26ed6 in send_php (r=0x817a1bc, display_source_mode=0,
filename=0x0)
at /home/rcs/php4-STABLE-200307140730/sapi/apache/mod_php4.c:620
#8 0x2de26f2a in send_pd_php (r=0x817a1bc)
at /home/rcs/php4-STABLE-200307140730/sapi/apache/mod_php4.c:635
#9 0x080546d3 in ap_invoke_handler ()
#10 0x08069b57 in process_request_internal ()
#11 0x08069f8f in ap_internal_redirect ()
#12 0x2db67dea in handle_dir () from
/usr/local/apache/libexec/mod_dir.so
#13 0x080546d3 in ap_invoke_handler ()
#14 0x08069b57 in process_request_internal ()
#15 0x08069bb8 in ap_process_request ()
#16 0x08060929 in child_main ()
#17 0x08060bbb in make_child ()
#18 0x08060c6c in startup_children ()
#19 0x080612e4 in standalone_main ()
#20 0x08061b63 in main ()
#21 0x2da12589 in __libc_start_main () from /lib/i686/libc.so.6

------------------------------------------------------------------------

[2003-07-14 04:52:50] nospam at rshell dot org

This happen with the snap also.

tracing it down in the code, it curshs when it gets to
this line: <?php include('http://www.domain.com/banner.php')

access directly to [url]http://www.domain.com/banner.php[/url] cuase no trouble.

------------------------------------------------------------------------

[2003-07-13 21:52:55] [email]sniperphp.net[/email]

Please try using this CVS snapshot:

[url]http://snaps.php.net/php4-STABLE-latest.tar.gz[/url]

For Windows:

[url]http://snaps.php.net/win32/php4-win32-STABLE-latest.zip[/url]

And if you can reproduce this with latest CVS, provide
us a short but _complete_ example script. Some part of some
huge app is useless to us.


------------------------------------------------------------------------

[2003-07-13 19:14:56] nospam at rshell dot org

Description:
------------
when someone access an old forum page (modify old phpbb version), we
get segmentation fault in apache error log and the user get a blank
page. The funny thing is that when I try with --enable-debug the forum
loads.

php compiled with:
--with-apxs=/usr/local/apache/bin/apxs --with-xml --enable-ftp
--with-gd --with-jpeg-dir=/usr/local --with-png-dir=/usr
--with-xpm-dir=/usr/X11R6 --with-mcrypt --with-mysql=/usr/local/mysql
--with-ttf --with-freetype-dir=/usr --enable-gd-native-ttf
--with-gettext --with-mhash --with-imap --with-kerberos
--enable-inline-optimization --with-zlib-dir --with-openssl --with-pear
--enable-sockets --enable-track-vars --enable-magic-quotes --with-curl


here is the backtrace (no debug info, see above)

Program received signal SIGSEGV, Segmentation fault.
0x2c84ef76 in chunk_free () from /lib/i686/libc.so.6
(gdb) bt
#0 0x2c84ef76 in chunk_free () from /lib/i686/libc.so.6
#1 0x2c84ed24 in free () from /lib/i686/libc.so.6
#2 0x2cbd22dc in _efree (ptr=0x88a1814)
at /home/rcs/php-4.3.2/Zend/zend_alloc.c:265
#3 0x2cbe99c2 in zend_restore_ini_entry_cb (ini_entry=0x831f7d8,
stage=8)
at /home/rcs/php-4.3.2/Zend/zend_ini.c:53
#4 0x2cbe55bb in zend_hash_apply_with_argument (ht=0x82bd798,
apply_func=0x2cbe997c <zend_restore_ini_entry_cb>, argument=0x8)
at /home/rcs/php-4.3.2/Zend/zend_hash.c:707
#5 0x2cbe9aa0 in zend_ini_deactivate ()
at /home/rcs/php-4.3.2/Zend/zend_ini.c:87
#6 0x2cbe0bb0 in zend_deactivate () at
/home/rcs/php-4.3.2/Zend/zend.c:656
#7 0x2cbb8bff in php_request_shutdown (dummy=0x0)
at /home/rcs/php-4.3.2/main/main.c:985
#8 0x2cbfabb5 in apache_php_module_main (r=0x82258cc,
display_source_mode=0)
#9 0x2cbfb732 in send_php (r=0x82258cc, display_source_mode=0,
filename=0x0)
at /home/rcs/php-4.3.2/sapi/apache/mod_php4.c:617
#10 0x2cbfb786 in send_pd_php (r=0x82258cc)
at /home/rcs/php-4.3.2/sapi/apache/mod_php4.c:632
#11 0x080546d3 in ap_invoke_handler ()
#12 0x08069b57 in process_request_internal ()
#13 0x08069f8f in ap_internal_redirect ()
#14 0x2c954dea in handle_dir () from
/usr/local/apache/libexec/mod_dir.so
#15 0x080546d3 in ap_invoke_handler ()
#16 0x08069b57 in process_request_internal ()
#17 0x08069bb8 in ap_process_request ()

strace output:

read(9, "<?php\nfunction draw_menubox_head"..., 4096) = 702
_llseek(9, 702, [702], SEEK_SET) = 0
ioctl(9, SNDCTL_TMR_TIMEBASE, 0x5e399740) = -1 ENOTTY (Inappropriate
ioctl for device)
read(9, "", 4096) = 0
read(9, "", 8192) = 0
ioctl(9, SNDCTL_TMR_TIMEBASE, 0x5e398700) = -1 ENOTTY (Inappropriate
ioctl for device)
close(9) = 0
munmap(0x21731000, 4096) = 0
time(NULL) = 1058141468
write(22, "[Mon Jul 14 03:11:08 2003] [erro"..., 270) = 270
chdir("/") = 0
munmap(0x217f8000, 81920) = 0
munmap(0x217ae000, 303104) = 0
close(8) = 0
munmap(0x2173d000, 8192) = 0
rt_sigaction(SIGPIPE, {SIG_IGN}, {SIG_IGN}, 8) = 0
fcntl64(6, F_SETFL, O_RDWR|O_NONBLOCK) = 0
read(6, 0x86c4c80, 8192) = -1 EAGAIN (Resource
temporarily unavailable)
fcntl64(6, F_SETFL, O_RDWR) = 0
write(6, "\1\0\0\0\1", 5) = 5
shutdown(6, 2 /* send and receive */) = 0
close(6) = 0
rt_sigaction(SIGPIPE, {SIG_IGN}, {SIG_IGN}, 8) = 0
--- SIGSEGV (Segmentation fault) ---

Cheers
-J

Reproduce code:
---------------
<?php
function draw_menubox_header($titel){
$string = '<table>...' . $titel .
'...' .
'</table>' ;
return($string);
}
?>





------------------------------------------------------------------------


--
Edit this bug report at [url]http://bugs.php.net/?id=24639&edit=1[/url]