Professional Web Applications Themes

#40232 [NEW]: Apache segfaults when using openssl_pkcs7_encrypt() - PHP Bugs

From: schotte at mayflower dot de Operating system: RedHat Linux 3.4.4-2 64-bit PHP version: 5.2.0 PHP Bug Type: Reproducible crash Bug description: Apache segfaults when using openssl_pkcs7_encrypt() Description: ------------ Apache 1.3 with PHP 5.2.0 segfaults when using openssl_pkcs7_encrypt() (used in an application that encrypts a mail body with a X.509 certificate). A gdb backtrace is attached. Actual result: -------------- (gdb) bt full #0 0x0000000000534ec9 in BN_BLINDING_free () No symbol table info available. #1 0x00000000004ef35b in RSA_free () No symbol table info available. #2 0x00000000004fefe6 in EVP_PKEY_free () No symbol table info available. #3 0x000000000054b91f in pubkey_cb () No symbol table ...

  1. #1

    Default #40232 [NEW]: Apache segfaults when using openssl_pkcs7_encrypt()

    From: schotte at mayflower dot de
    Operating system: RedHat Linux 3.4.4-2 64-bit
    PHP version: 5.2.0
    PHP Bug Type: Reproducible crash
    Bug description: Apache segfaults when using openssl_pkcs7_encrypt()

    Description:
    ------------
    Apache 1.3 with PHP 5.2.0 segfaults when using openssl_pkcs7_encrypt()
    (used in an application that encrypts a mail body with a X.509
    certificate).

    A gdb backtrace is attached.

    Actual result:
    --------------
    (gdb) bt full
    #0 0x0000000000534ec9 in BN_BLINDING_free ()
    No symbol table info available.
    #1 0x00000000004ef35b in RSA_free ()
    No symbol table info available.
    #2 0x00000000004fefe6 in EVP_PKEY_free ()
    No symbol table info available.
    #3 0x000000000054b91f in pubkey_cb ()
    No symbol table info available.
    #4 0x00000000005066d7 in asn1_item_combine_free ()
    No symbol table info available.
    #5 0x0000000000506955 in asn1_item_combine_free ()
    No symbol table info available.
    #6 0x0000000000506955 in asn1_item_combine_free ()
    No symbol table info available.
    #7 0x0000000000506a72 in ASN1_item_free ()
    No symbol table info available.
    #8 0x00000000004f7acb in sk_pop_free ()
    No symbol table info available.
    #9 0x0000002a957c4a0e in zif_openssl_pkcs7_encrypt (ht=5,
    return_value=0x2a9cc6b8d8, return_value_ptr=0x0, this_ptr=0x0,
    return_value_used=1) at
    /usr/local/src/lamp-test/php-5.2.0_9090/ext/openssl/openssl.c:2654
    zrecipcerts = (zval **) 0x2a9cc7a2a0
    zheaders = (zval *) 0x2a9cc785f0
    recipcerts = (STACK *) 0x922630
    infile = (BIO *) 0x77a410
    outfile = (BIO *) 0x921cc0
    flags = 0
    p7 = (PKCS7 *) 0x928960
    hpos = 0x0
    zcertval = (zval **) 0x60
    cert = (X509 *) 0x9238a0
    cipher = (const EVP_CIPHER *) 0x595de0
    cipherid = 0
    strindexlen = 42
    intindex = 96
    strindex = 0x7165bbf00000008 <Address 0x7165bbf00000008 out of
    bounds>
    infilename = 0x2a9cc69620
    "/home/web/htdocs/temp/eby_17971241774001_encode_infile_0016.txt"
    infilename_len = 63
    outfilename = 0x2a9cc6e248
    "/home/web/htdocs/temp/eby_17971241774001_encode_outfile_0016.txt"
    outfilename_len = 64
    #10 0x0000002a95aa9f7a in zend_do_fcall_common_helper_SPEC
    (execute_data=0x7fbffd85a0)
    at /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:200
    return_reference = 0 '\0'
    opline = (zend_op *) 0x2a99b355f8
    ---Type <return> to continue, or q <return> to quit---
    original_return_value = (zval **) 0xd08dc427f1498234
    current_scope = (zend_class_entry *) 0x0
    current_this = (zval *) 0x0
    return_value_used = 1
    should_change_scope = 0 '\0'
    ctor_opline = (zend_op *) 0x2a95a91840
    #11 0x0000002a95aafbbf in ZEND_DO_FCALL_SPEC_CONST_HANDLER
    (execute_data=0x7fbffd85a0)
    at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:1681
    opline = (zend_op *) 0x2a99b355f8
    fname = (zval *) 0x2a99b35628
    #12 0x0000002a95aa9a12 in execute (op_array=0x77f4a0) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:92
    execute_data = {opline = 0x2a99b355f8, function_state =
    {function_symbol_table = 0x2a9cd10848,
    function = 0x7fea90, reserved = {0x0, 0x7fbffd86d0, 0x2a95a7ee49,
    0x7fbffd8600}}, fbc = 0x0, op_array = 0x77f4a0,
    object = 0x0, Ts = 0x7fbffd7730, CVs = 0x7fbffd76d0,
    original_in_execution = 1 '\001', symbol_table = 0x2a99e2db00,
    prev_execute_data = 0x7fbffd8fd0, old_error_reporting = 0x0}
    #13 0x0000002a95aaa11f in zend_do_fcall_common_helper_SPEC
    (execute_data=0x7fbffd8fd0)
    at /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:234
    opline = (zend_op *) 0x2a99b67920
    original_return_value = (zval **) 0x7fbffdc0f0
    current_scope = (zend_class_entry *) 0x0
    current_this = (zval *) 0x0
    return_value_used = 1
    should_change_scope = 1 '\001'
    ctor_opline = (zend_op *) 0x2a95a91840
    #14 0x0000002a95aafbbf in ZEND_DO_FCALL_SPEC_CONST_HANDLER
    (execute_data=0x7fbffd8fd0)
    at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:1681
    opline = (zend_op *) 0x2a99b67920
    fname = (zval *) 0x2a99b67950
    #15 0x0000002a95aa9a12 in execute (op_array=0x77f9e0) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:92
    execute_data = {opline = 0x2a99b67920, function_state =
    {function_symbol_table = 0x2a99e2db00,
    function = 0x77f4a0, reserved = {0x739738, 0x2a9cbedd80, 0x739540,
    0x7fbffd90d0}}, fbc = 0x0, op_array = 0x77f9e0,
    object = 0x0, Ts = 0x7fbffd87c0, CVs = 0x7fbffd8760,
    original_in_execution = 1 '\001', symbol_table = 0x2a99db28e8,
    prev_execute_data = 0x7fbffdd320, old_error_reporting = 0x0}
    #16 0x0000002a95aaa11f in zend_do_fcall_common_helper_SPEC
    (execute_data=0x7fbffdd320)
    at /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:234
    opline = (zend_op *) 0x2a992c1370
    original_return_value = (zval **) 0x7fbffe98e0
    current_scope = (zend_class_entry *) 0x0
    current_this = (zval *) 0x0
    return_value_used = 1
    should_change_scope = 1 '\001'
    ctor_opline = (zend_op *) 0x2a95f2ae80
    #17 0x0000002a95aaacd4 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER
    (execute_data=0x7fbffdd320)
    at /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:322
    No locals.
    #18 0x0000002a95aa9a12 in execute (op_array=0x7819a0) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:92
    execute_data = {opline = 0x2a992c1370, function_state =
    {function_symbol_table = 0x2a99db28e8,
    function = 0x77f9e0, reserved = {0x2a95aab1d1, 0x2a9cbbc731,
    0x100000058, 0x0}}, fbc = 0x77f9e0, op_array = 0x7819a0,
    object = 0x0, Ts = 0x7fbffd9320, CVs = 0x7fbffd9180,
    original_in_execution = 1 '\001', symbol_table = 0x2a99848bd0,
    prev_execute_data = 0x7fbffe9f50, old_error_reporting = 0x0}
    #19 0x0000002a95aaa11f in zend_do_fcall_common_helper_SPEC
    (execute_data=0x7fbffe9f50)
    at /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:234
    opline = (zend_op *) 0x2a9927b380
    original_return_value = (zval **) 0x7fbffeb318
    current_scope = (zend_class_entry *) 0x0
    current_this = (zval *) 0x0
    return_value_used = 1
    should_change_scope = 1 '\001'
    ctor_opline = (zend_op *) 0x2a95f2ae80
    #20 0x0000002a95aaacd4 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER
    (execute_data=0x7fbffe9f50)
    at /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:322
    No locals.
    #21 0x0000002a95aa9a12 in execute (op_array=0x781850) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:92
    execute_data = {opline = 0x2a9927b380, function_state =
    {function_symbol_table = 0x2a99848bd0,
    function = 0x7819a0, reserved = {0x19f95a72a80, 0x2a95c30688,
    0x9500739540, 0x2a99db5130}}, fbc = 0x7819a0,
    op_array = 0x781850, object = 0x0, Ts = 0x7fbffdd6a0, CVs =
    0x7fbffdd4d0, original_in_execution = 1 '\001',
    symbol_table = 0x2a99b70e40, prev_execute_data = 0x7fbffeb760,
    old_error_reporting = 0x0}
    #22 0x0000002a95aaa11f in zend_do_fcall_common_helper_SPEC
    (execute_data=0x7fbffeb760)
    at /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:234
    opline = (zend_op *) 0x2a996fb5e8
    original_return_value = (zval **) 0x7fbffec250
    current_scope = (zend_class_entry *) 0x0
    current_this = (zval *) 0x0
    return_value_used = 0
    should_change_scope = 1 '\001'
    ctor_opline = (zend_op *) 0x2a95a91840
    #23 0x0000002a95aafbbf in ZEND_DO_FCALL_SPEC_CONST_HANDLER
    (execute_data=0x7fbffeb760)
    at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:1681
    opline = (zend_op *) 0x2a996fb5e8
    fname = (zval *) 0x2a996fb618
    #24 0x0000002a95aa9a12 in execute (op_array=0x78a220) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:92
    execute_data = {opline = 0x2a996fb5e8, function_state =
    {function_symbol_table = 0x2a99b70e40,
    function = 0x781850, reserved = {0x2a95c31770, 0x2dbffeb890,
    0x2a95c34b08, 0x8}}, fbc = 0x0, op_array = 0x78a220,
    object = 0x0, Ts = 0x7fbffea1e0, CVs = 0x7fbffea110,
    original_in_execution = 1 '\001', symbol_table = 0x2a99626050,
    prev_execute_data = 0x7fbfff6b20, old_error_reporting = 0x0}
    #25 0x0000002a95aaa11f in zend_do_fcall_common_helper_SPEC
    (execute_data=0x7fbfff6b20)


    --
    Edit bug report at [url]http://bugs.php.net/?id=40232&edit=1[/url]
    --
    Try a CVS snapshot (PHP 4.4): [url]http://bugs.php.net/fix.php?id=40232&r=trysnapshot44[/url]
    Try a CVS snapshot (PHP 5.2): [url]http://bugs.php.net/fix.php?id=40232&r=trysnapshot52[/url]
    Try a CVS snapshot (PHP 6.0): [url]http://bugs.php.net/fix.php?id=40232&r=trysnapshot60[/url]
    Fixed in CVS: [url]http://bugs.php.net/fix.php?id=40232&r=fixedcvs[/url]
    Fixed in release: [url]http://bugs.php.net/fix.php?id=40232&r=alreadyfixed[/url]
    Need backtrace: [url]http://bugs.php.net/fix.php?id=40232&r=needtrace[/url]
    Need Reproduce Script: [url]http://bugs.php.net/fix.php?id=40232&r=needscript[/url]
    Try newer version: [url]http://bugs.php.net/fix.php?id=40232&r=oldversion[/url]
    Not developer issue: [url]http://bugs.php.net/fix.php?id=40232&r=support[/url]
    Expected behavior: [url]http://bugs.php.net/fix.php?id=40232&r=notwrong[/url]
    Not enough info: [url]http://bugs.php.net/fix.php?id=40232&r=notenoughinfo[/url]
    Submitted twice: [url]http://bugs.php.net/fix.php?id=40232&r=submittedtwice[/url]
    register_globals: [url]http://bugs.php.net/fix.php?id=40232&r=globals[/url]
    PHP 3 support discontinued: [url]http://bugs.php.net/fix.php?id=40232&r=php3[/url]
    Daylight Savings: [url]http://bugs.php.net/fix.php?id=40232&r=dst[/url]
    IIS Stability: [url]http://bugs.php.net/fix.php?id=40232&r=isapi[/url]
    Install GNU Sed: [url]http://bugs.php.net/fix.php?id=40232&r=gnused[/url]
    Floating point limitations: [url]http://bugs.php.net/fix.php?id=40232&r=float[/url]
    No Zend Extensions: [url]http://bugs.php.net/fix.php?id=40232&r=nozend[/url]
    MySQL Configuration Error: [url]http://bugs.php.net/fix.php?id=40232&r=mysqlcfg[/url]
    schotte at mayflower dot de Guest

  2. #2

    Default #40232 [Opn]: Apache segfaults when using openssl_pkcs7_encrypt()

    ID: 40232
    User updated by: schotte at mayflower dot de
    Reported By: schotte at mayflower dot de
    Status: Open
    Bug Type: Reproducible crash
    Operating System: RedHat Linux 3.4.4-2 64-bit
    PHP Version: 5.2.0
    New Comment:

    PHP was compiled with --enable-debug and --with-openssl which linked to
    OpenSSL from 0.9.7 up to the most actual 0.9.8d version.


    Previous Comments:
    ------------------------------------------------------------------------

    [2007-01-25 09:36:17] schotte at mayflower dot de

    Description:
    ------------
    Apache 1.3 with PHP 5.2.0 segfaults when using openssl_pkcs7_encrypt()
    (used in an application that encrypts a mail body with a X.509
    certificate).

    A gdb backtrace is attached.

    Actual result:
    --------------
    (gdb) bt full
    #0 0x0000000000534ec9 in BN_BLINDING_free ()
    No symbol table info available.
    #1 0x00000000004ef35b in RSA_free ()
    No symbol table info available.
    #2 0x00000000004fefe6 in EVP_PKEY_free ()
    No symbol table info available.
    #3 0x000000000054b91f in pubkey_cb ()
    No symbol table info available.
    #4 0x00000000005066d7 in asn1_item_combine_free ()
    No symbol table info available.
    #5 0x0000000000506955 in asn1_item_combine_free ()
    No symbol table info available.
    #6 0x0000000000506955 in asn1_item_combine_free ()
    No symbol table info available.
    #7 0x0000000000506a72 in ASN1_item_free ()
    No symbol table info available.
    #8 0x00000000004f7acb in sk_pop_free ()
    No symbol table info available.
    #9 0x0000002a957c4a0e in zif_openssl_pkcs7_encrypt (ht=5,
    return_value=0x2a9cc6b8d8, return_value_ptr=0x0, this_ptr=0x0,
    return_value_used=1) at
    /usr/local/src/lamp-test/php-5.2.0_9090/ext/openssl/openssl.c:2654
    zrecipcerts = (zval **) 0x2a9cc7a2a0
    zheaders = (zval *) 0x2a9cc785f0
    recipcerts = (STACK *) 0x922630
    infile = (BIO *) 0x77a410
    outfile = (BIO *) 0x921cc0
    flags = 0
    p7 = (PKCS7 *) 0x928960
    hpos = 0x0
    zcertval = (zval **) 0x60
    cert = (X509 *) 0x9238a0
    cipher = (const EVP_CIPHER *) 0x595de0
    cipherid = 0
    strindexlen = 42
    intindex = 96
    strindex = 0x7165bbf00000008 <Address 0x7165bbf00000008 out of
    bounds>
    infilename = 0x2a9cc69620
    "/home/web/htdocs/temp/eby_17971241774001_encode_infile_0016.txt"
    infilename_len = 63
    outfilename = 0x2a9cc6e248
    "/home/web/htdocs/temp/eby_17971241774001_encode_outfile_0016.txt"
    outfilename_len = 64
    #10 0x0000002a95aa9f7a in zend_do_fcall_common_helper_SPEC
    (execute_data=0x7fbffd85a0)
    at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:200
    return_reference = 0 '\0'
    opline = (zend_op *) 0x2a99b355f8
    ---Type <return> to continue, or q <return> to quit---
    original_return_value = (zval **) 0xd08dc427f1498234
    current_scope = (zend_class_entry *) 0x0
    current_this = (zval *) 0x0
    return_value_used = 1
    should_change_scope = 0 '\0'
    ctor_opline = (zend_op *) 0x2a95a91840
    #11 0x0000002a95aafbbf in ZEND_DO_FCALL_SPEC_CONST_HANDLER
    (execute_data=0x7fbffd85a0)
    at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:1681
    opline = (zend_op *) 0x2a99b355f8
    fname = (zval *) 0x2a99b35628
    #12 0x0000002a95aa9a12 in execute (op_array=0x77f4a0) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:92
    execute_data = {opline = 0x2a99b355f8, function_state =
    {function_symbol_table = 0x2a9cd10848,
    function = 0x7fea90, reserved = {0x0, 0x7fbffd86d0, 0x2a95a7ee49,
    0x7fbffd8600}}, fbc = 0x0, op_array = 0x77f4a0,
    object = 0x0, Ts = 0x7fbffd7730, CVs = 0x7fbffd76d0,
    original_in_execution = 1 '\001', symbol_table = 0x2a99e2db00,
    prev_execute_data = 0x7fbffd8fd0, old_error_reporting = 0x0}
    #13 0x0000002a95aaa11f in zend_do_fcall_common_helper_SPEC
    (execute_data=0x7fbffd8fd0)
    at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:234
    opline = (zend_op *) 0x2a99b67920
    original_return_value = (zval **) 0x7fbffdc0f0
    current_scope = (zend_class_entry *) 0x0
    current_this = (zval *) 0x0
    return_value_used = 1
    should_change_scope = 1 '\001'
    ctor_opline = (zend_op *) 0x2a95a91840
    #14 0x0000002a95aafbbf in ZEND_DO_FCALL_SPEC_CONST_HANDLER
    (execute_data=0x7fbffd8fd0)
    at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:1681
    opline = (zend_op *) 0x2a99b67920
    fname = (zval *) 0x2a99b67950
    #15 0x0000002a95aa9a12 in execute (op_array=0x77f9e0) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:92
    execute_data = {opline = 0x2a99b67920, function_state =
    {function_symbol_table = 0x2a99e2db00,
    function = 0x77f4a0, reserved = {0x739738, 0x2a9cbedd80, 0x739540,
    0x7fbffd90d0}}, fbc = 0x0, op_array = 0x77f9e0,
    object = 0x0, Ts = 0x7fbffd87c0, CVs = 0x7fbffd8760,
    original_in_execution = 1 '\001', symbol_table = 0x2a99db28e8,
    prev_execute_data = 0x7fbffdd320, old_error_reporting = 0x0}
    #16 0x0000002a95aaa11f in zend_do_fcall_common_helper_SPEC
    (execute_data=0x7fbffdd320)
    at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:234
    opline = (zend_op *) 0x2a992c1370
    original_return_value = (zval **) 0x7fbffe98e0
    current_scope = (zend_class_entry *) 0x0
    current_this = (zval *) 0x0
    return_value_used = 1
    should_change_scope = 1 '\001'
    ctor_opline = (zend_op *) 0x2a95f2ae80
    #17 0x0000002a95aaacd4 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER
    (execute_data=0x7fbffdd320)
    at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:322
    No locals.
    #18 0x0000002a95aa9a12 in execute (op_array=0x7819a0) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:92
    execute_data = {opline = 0x2a992c1370, function_state =
    {function_symbol_table = 0x2a99db28e8,
    function = 0x77f9e0, reserved = {0x2a95aab1d1, 0x2a9cbbc731,
    0x100000058, 0x0}}, fbc = 0x77f9e0, op_array = 0x7819a0,
    object = 0x0, Ts = 0x7fbffd9320, CVs = 0x7fbffd9180,
    original_in_execution = 1 '\001', symbol_table = 0x2a99848bd0,
    prev_execute_data = 0x7fbffe9f50, old_error_reporting = 0x0}
    #19 0x0000002a95aaa11f in zend_do_fcall_common_helper_SPEC
    (execute_data=0x7fbffe9f50)
    at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:234
    opline = (zend_op *) 0x2a9927b380
    original_return_value = (zval **) 0x7fbffeb318
    current_scope = (zend_class_entry *) 0x0
    current_this = (zval *) 0x0
    return_value_used = 1
    should_change_scope = 1 '\001'
    ctor_opline = (zend_op *) 0x2a95f2ae80
    #20 0x0000002a95aaacd4 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER
    (execute_data=0x7fbffe9f50)
    at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:322
    No locals.
    #21 0x0000002a95aa9a12 in execute (op_array=0x781850) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:92
    execute_data = {opline = 0x2a9927b380, function_state =
    {function_symbol_table = 0x2a99848bd0,
    function = 0x7819a0, reserved = {0x19f95a72a80, 0x2a95c30688,
    0x9500739540, 0x2a99db5130}}, fbc = 0x7819a0,
    op_array = 0x781850, object = 0x0, Ts = 0x7fbffdd6a0, CVs =
    0x7fbffdd4d0, original_in_execution = 1 '\001',
    symbol_table = 0x2a99b70e40, prev_execute_data = 0x7fbffeb760,
    old_error_reporting = 0x0}
    #22 0x0000002a95aaa11f in zend_do_fcall_common_helper_SPEC
    (execute_data=0x7fbffeb760)
    at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:234
    opline = (zend_op *) 0x2a996fb5e8
    original_return_value = (zval **) 0x7fbffec250
    current_scope = (zend_class_entry *) 0x0
    current_this = (zval *) 0x0
    return_value_used = 0
    should_change_scope = 1 '\001'
    ctor_opline = (zend_op *) 0x2a95a91840
    #23 0x0000002a95aafbbf in ZEND_DO_FCALL_SPEC_CONST_HANDLER
    (execute_data=0x7fbffeb760)
    at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:1681
    opline = (zend_op *) 0x2a996fb5e8
    fname = (zval *) 0x2a996fb618
    #24 0x0000002a95aa9a12 in execute (op_array=0x78a220) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:92
    execute_data = {opline = 0x2a996fb5e8, function_state =
    {function_symbol_table = 0x2a99b70e40,
    function = 0x781850, reserved = {0x2a95c31770, 0x2dbffeb890,
    0x2a95c34b08, 0x8}}, fbc = 0x0, op_array = 0x78a220,
    object = 0x0, Ts = 0x7fbffea1e0, CVs = 0x7fbffea110,
    original_in_execution = 1 '\001', symbol_table = 0x2a99626050,
    prev_execute_data = 0x7fbfff6b20, old_error_reporting = 0x0}
    #25 0x0000002a95aaa11f in zend_do_fcall_common_helper_SPEC
    (execute_data=0x7fbfff6b20)



    ------------------------------------------------------------------------


    --
    Edit this bug report at [url]http://bugs.php.net/?id=40232&edit=1[/url]
    schotte at mayflower dot de Guest

  3. #3

    Default #40232 [Opn]: Apache segfaults when using openssl_pkcs7_encrypt()

    ID: 40232
    User updated by: schotte at mayflower dot de
    Reported By: schotte at mayflower dot de
    Status: Open
    Bug Type: Reproducible crash
    Operating System: RedHat Linux 3.4.4-2 64-bit
    PHP Version: 5.2.0
    New Comment:

    Regarding 64-bit: the same code works without any problems on a 32-bit
    machine.


    Previous Comments:
    ------------------------------------------------------------------------

    [2007-01-25 09:37:13] schotte at mayflower dot de

    PHP was compiled with --enable-debug and --with-openssl which linked to
    OpenSSL from 0.9.7 up to the most actual 0.9.8d version.

    ------------------------------------------------------------------------

    [2007-01-25 09:36:17] schotte at mayflower dot de

    Description:
    ------------
    Apache 1.3 with PHP 5.2.0 segfaults when using openssl_pkcs7_encrypt()
    (used in an application that encrypts a mail body with a X.509
    certificate).

    A gdb backtrace is attached.

    Actual result:
    --------------
    (gdb) bt full
    #0 0x0000000000534ec9 in BN_BLINDING_free ()
    No symbol table info available.
    #1 0x00000000004ef35b in RSA_free ()
    No symbol table info available.
    #2 0x00000000004fefe6 in EVP_PKEY_free ()
    No symbol table info available.
    #3 0x000000000054b91f in pubkey_cb ()
    No symbol table info available.
    #4 0x00000000005066d7 in asn1_item_combine_free ()
    No symbol table info available.
    #5 0x0000000000506955 in asn1_item_combine_free ()
    No symbol table info available.
    #6 0x0000000000506955 in asn1_item_combine_free ()
    No symbol table info available.
    #7 0x0000000000506a72 in ASN1_item_free ()
    No symbol table info available.
    #8 0x00000000004f7acb in sk_pop_free ()
    No symbol table info available.
    #9 0x0000002a957c4a0e in zif_openssl_pkcs7_encrypt (ht=5,
    return_value=0x2a9cc6b8d8, return_value_ptr=0x0, this_ptr=0x0,
    return_value_used=1) at
    /usr/local/src/lamp-test/php-5.2.0_9090/ext/openssl/openssl.c:2654
    zrecipcerts = (zval **) 0x2a9cc7a2a0
    zheaders = (zval *) 0x2a9cc785f0
    recipcerts = (STACK *) 0x922630
    infile = (BIO *) 0x77a410
    outfile = (BIO *) 0x921cc0
    flags = 0
    p7 = (PKCS7 *) 0x928960
    hpos = 0x0
    zcertval = (zval **) 0x60
    cert = (X509 *) 0x9238a0
    cipher = (const EVP_CIPHER *) 0x595de0
    cipherid = 0
    strindexlen = 42
    intindex = 96
    strindex = 0x7165bbf00000008 <Address 0x7165bbf00000008 out of
    bounds>
    infilename = 0x2a9cc69620
    "/home/web/htdocs/temp/eby_17971241774001_encode_infile_0016.txt"
    infilename_len = 63
    outfilename = 0x2a9cc6e248
    "/home/web/htdocs/temp/eby_17971241774001_encode_outfile_0016.txt"
    outfilename_len = 64
    #10 0x0000002a95aa9f7a in zend_do_fcall_common_helper_SPEC
    (execute_data=0x7fbffd85a0)
    at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:200
    return_reference = 0 '\0'
    opline = (zend_op *) 0x2a99b355f8
    ---Type <return> to continue, or q <return> to quit---
    original_return_value = (zval **) 0xd08dc427f1498234
    current_scope = (zend_class_entry *) 0x0
    current_this = (zval *) 0x0
    return_value_used = 1
    should_change_scope = 0 '\0'
    ctor_opline = (zend_op *) 0x2a95a91840
    #11 0x0000002a95aafbbf in ZEND_DO_FCALL_SPEC_CONST_HANDLER
    (execute_data=0x7fbffd85a0)
    at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:1681
    opline = (zend_op *) 0x2a99b355f8
    fname = (zval *) 0x2a99b35628
    #12 0x0000002a95aa9a12 in execute (op_array=0x77f4a0) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:92
    execute_data = {opline = 0x2a99b355f8, function_state =
    {function_symbol_table = 0x2a9cd10848,
    function = 0x7fea90, reserved = {0x0, 0x7fbffd86d0, 0x2a95a7ee49,
    0x7fbffd8600}}, fbc = 0x0, op_array = 0x77f4a0,
    object = 0x0, Ts = 0x7fbffd7730, CVs = 0x7fbffd76d0,
    original_in_execution = 1 '\001', symbol_table = 0x2a99e2db00,
    prev_execute_data = 0x7fbffd8fd0, old_error_reporting = 0x0}
    #13 0x0000002a95aaa11f in zend_do_fcall_common_helper_SPEC
    (execute_data=0x7fbffd8fd0)
    at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:234
    opline = (zend_op *) 0x2a99b67920
    original_return_value = (zval **) 0x7fbffdc0f0
    current_scope = (zend_class_entry *) 0x0
    current_this = (zval *) 0x0
    return_value_used = 1
    should_change_scope = 1 '\001'
    ctor_opline = (zend_op *) 0x2a95a91840
    #14 0x0000002a95aafbbf in ZEND_DO_FCALL_SPEC_CONST_HANDLER
    (execute_data=0x7fbffd8fd0)
    at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:1681
    opline = (zend_op *) 0x2a99b67920
    fname = (zval *) 0x2a99b67950
    #15 0x0000002a95aa9a12 in execute (op_array=0x77f9e0) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:92
    execute_data = {opline = 0x2a99b67920, function_state =
    {function_symbol_table = 0x2a99e2db00,
    function = 0x77f4a0, reserved = {0x739738, 0x2a9cbedd80, 0x739540,
    0x7fbffd90d0}}, fbc = 0x0, op_array = 0x77f9e0,
    object = 0x0, Ts = 0x7fbffd87c0, CVs = 0x7fbffd8760,
    original_in_execution = 1 '\001', symbol_table = 0x2a99db28e8,
    prev_execute_data = 0x7fbffdd320, old_error_reporting = 0x0}
    #16 0x0000002a95aaa11f in zend_do_fcall_common_helper_SPEC
    (execute_data=0x7fbffdd320)
    at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:234
    opline = (zend_op *) 0x2a992c1370
    original_return_value = (zval **) 0x7fbffe98e0
    current_scope = (zend_class_entry *) 0x0
    current_this = (zval *) 0x0
    return_value_used = 1
    should_change_scope = 1 '\001'
    ctor_opline = (zend_op *) 0x2a95f2ae80
    #17 0x0000002a95aaacd4 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER
    (execute_data=0x7fbffdd320)
    at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:322
    No locals.
    #18 0x0000002a95aa9a12 in execute (op_array=0x7819a0) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:92
    execute_data = {opline = 0x2a992c1370, function_state =
    {function_symbol_table = 0x2a99db28e8,
    function = 0x77f9e0, reserved = {0x2a95aab1d1, 0x2a9cbbc731,
    0x100000058, 0x0}}, fbc = 0x77f9e0, op_array = 0x7819a0,
    object = 0x0, Ts = 0x7fbffd9320, CVs = 0x7fbffd9180,
    original_in_execution = 1 '\001', symbol_table = 0x2a99848bd0,
    prev_execute_data = 0x7fbffe9f50, old_error_reporting = 0x0}
    #19 0x0000002a95aaa11f in zend_do_fcall_common_helper_SPEC
    (execute_data=0x7fbffe9f50)
    at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:234
    opline = (zend_op *) 0x2a9927b380
    original_return_value = (zval **) 0x7fbffeb318
    current_scope = (zend_class_entry *) 0x0
    current_this = (zval *) 0x0
    return_value_used = 1
    should_change_scope = 1 '\001'
    ctor_opline = (zend_op *) 0x2a95f2ae80
    #20 0x0000002a95aaacd4 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER
    (execute_data=0x7fbffe9f50)
    at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:322
    No locals.
    #21 0x0000002a95aa9a12 in execute (op_array=0x781850) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:92
    execute_data = {opline = 0x2a9927b380, function_state =
    {function_symbol_table = 0x2a99848bd0,
    function = 0x7819a0, reserved = {0x19f95a72a80, 0x2a95c30688,
    0x9500739540, 0x2a99db5130}}, fbc = 0x7819a0,
    op_array = 0x781850, object = 0x0, Ts = 0x7fbffdd6a0, CVs =
    0x7fbffdd4d0, original_in_execution = 1 '\001',
    symbol_table = 0x2a99b70e40, prev_execute_data = 0x7fbffeb760,
    old_error_reporting = 0x0}
    #22 0x0000002a95aaa11f in zend_do_fcall_common_helper_SPEC
    (execute_data=0x7fbffeb760)
    at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:234
    opline = (zend_op *) 0x2a996fb5e8
    original_return_value = (zval **) 0x7fbffec250
    current_scope = (zend_class_entry *) 0x0
    current_this = (zval *) 0x0
    return_value_used = 0
    should_change_scope = 1 '\001'
    ctor_opline = (zend_op *) 0x2a95a91840
    #23 0x0000002a95aafbbf in ZEND_DO_FCALL_SPEC_CONST_HANDLER
    (execute_data=0x7fbffeb760)
    at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:1681
    opline = (zend_op *) 0x2a996fb5e8
    fname = (zval *) 0x2a996fb618
    #24 0x0000002a95aa9a12 in execute (op_array=0x78a220) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:92
    execute_data = {opline = 0x2a996fb5e8, function_state =
    {function_symbol_table = 0x2a99b70e40,
    function = 0x781850, reserved = {0x2a95c31770, 0x2dbffeb890,
    0x2a95c34b08, 0x8}}, fbc = 0x0, op_array = 0x78a220,
    object = 0x0, Ts = 0x7fbffea1e0, CVs = 0x7fbffea110,
    original_in_execution = 1 '\001', symbol_table = 0x2a99626050,
    prev_execute_data = 0x7fbfff6b20, old_error_reporting = 0x0}
    #25 0x0000002a95aaa11f in zend_do_fcall_common_helper_SPEC
    (execute_data=0x7fbfff6b20)



    ------------------------------------------------------------------------


    --
    Edit this bug report at [url]http://bugs.php.net/?id=40232&edit=1[/url]
    schotte at mayflower dot de Guest

  4. #4

    Default #40232 [Opn->Fbk]: Apache segfaults when using openssl_pkcs7_encrypt()

    ID: 40232
    Updated by: [email]tony2001php.net[/email]
    Reported By: schotte at mayflower dot de
    -Status: Open
    +Status: Feedback
    Bug Type: Reproducible crash
    Operating System: RedHat Linux 3.4.4-2 64-bit
    PHP Version: 5.2.0
    New Comment:

    What configure line did you use? Did you enable MySQL?


    Previous Comments:
    ------------------------------------------------------------------------

    [2007-01-25 09:38:11] schotte at mayflower dot de

    Regarding 64-bit: the same code works without any problems on a 32-bit
    machine.

    ------------------------------------------------------------------------

    [2007-01-25 09:37:13] schotte at mayflower dot de

    PHP was compiled with --enable-debug and --with-openssl which linked to
    OpenSSL from 0.9.7 up to the most actual 0.9.8d version.

    ------------------------------------------------------------------------

    [2007-01-25 09:36:17] schotte at mayflower dot de

    Description:
    ------------
    Apache 1.3 with PHP 5.2.0 segfaults when using openssl_pkcs7_encrypt()
    (used in an application that encrypts a mail body with a X.509
    certificate).

    A gdb backtrace is attached.

    Actual result:
    --------------
    (gdb) bt full
    #0 0x0000000000534ec9 in BN_BLINDING_free ()
    No symbol table info available.
    #1 0x00000000004ef35b in RSA_free ()
    No symbol table info available.
    #2 0x00000000004fefe6 in EVP_PKEY_free ()
    No symbol table info available.
    #3 0x000000000054b91f in pubkey_cb ()
    No symbol table info available.
    #4 0x00000000005066d7 in asn1_item_combine_free ()
    No symbol table info available.
    #5 0x0000000000506955 in asn1_item_combine_free ()
    No symbol table info available.
    #6 0x0000000000506955 in asn1_item_combine_free ()
    No symbol table info available.
    #7 0x0000000000506a72 in ASN1_item_free ()
    No symbol table info available.
    #8 0x00000000004f7acb in sk_pop_free ()
    No symbol table info available.
    #9 0x0000002a957c4a0e in zif_openssl_pkcs7_encrypt (ht=5,
    return_value=0x2a9cc6b8d8, return_value_ptr=0x0, this_ptr=0x0,
    return_value_used=1) at
    /usr/local/src/lamp-test/php-5.2.0_9090/ext/openssl/openssl.c:2654
    zrecipcerts = (zval **) 0x2a9cc7a2a0
    zheaders = (zval *) 0x2a9cc785f0
    recipcerts = (STACK *) 0x922630
    infile = (BIO *) 0x77a410
    outfile = (BIO *) 0x921cc0
    flags = 0
    p7 = (PKCS7 *) 0x928960
    hpos = 0x0
    zcertval = (zval **) 0x60
    cert = (X509 *) 0x9238a0
    cipher = (const EVP_CIPHER *) 0x595de0
    cipherid = 0
    strindexlen = 42
    intindex = 96
    strindex = 0x7165bbf00000008 <Address 0x7165bbf00000008 out of
    bounds>
    infilename = 0x2a9cc69620
    "/home/web/htdocs/temp/eby_17971241774001_encode_infile_0016.txt"
    infilename_len = 63
    outfilename = 0x2a9cc6e248
    "/home/web/htdocs/temp/eby_17971241774001_encode_outfile_0016.txt"
    outfilename_len = 64
    #10 0x0000002a95aa9f7a in zend_do_fcall_common_helper_SPEC
    (execute_data=0x7fbffd85a0)
    at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:200
    return_reference = 0 '\0'
    opline = (zend_op *) 0x2a99b355f8
    ---Type <return> to continue, or q <return> to quit---
    original_return_value = (zval **) 0xd08dc427f1498234
    current_scope = (zend_class_entry *) 0x0
    current_this = (zval *) 0x0
    return_value_used = 1
    should_change_scope = 0 '\0'
    ctor_opline = (zend_op *) 0x2a95a91840
    #11 0x0000002a95aafbbf in ZEND_DO_FCALL_SPEC_CONST_HANDLER
    (execute_data=0x7fbffd85a0)
    at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:1681
    opline = (zend_op *) 0x2a99b355f8
    fname = (zval *) 0x2a99b35628
    #12 0x0000002a95aa9a12 in execute (op_array=0x77f4a0) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:92
    execute_data = {opline = 0x2a99b355f8, function_state =
    {function_symbol_table = 0x2a9cd10848,
    function = 0x7fea90, reserved = {0x0, 0x7fbffd86d0, 0x2a95a7ee49,
    0x7fbffd8600}}, fbc = 0x0, op_array = 0x77f4a0,
    object = 0x0, Ts = 0x7fbffd7730, CVs = 0x7fbffd76d0,
    original_in_execution = 1 '\001', symbol_table = 0x2a99e2db00,
    prev_execute_data = 0x7fbffd8fd0, old_error_reporting = 0x0}
    #13 0x0000002a95aaa11f in zend_do_fcall_common_helper_SPEC
    (execute_data=0x7fbffd8fd0)
    at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:234
    opline = (zend_op *) 0x2a99b67920
    original_return_value = (zval **) 0x7fbffdc0f0
    current_scope = (zend_class_entry *) 0x0
    current_this = (zval *) 0x0
    return_value_used = 1
    should_change_scope = 1 '\001'
    ctor_opline = (zend_op *) 0x2a95a91840
    #14 0x0000002a95aafbbf in ZEND_DO_FCALL_SPEC_CONST_HANDLER
    (execute_data=0x7fbffd8fd0)
    at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:1681
    opline = (zend_op *) 0x2a99b67920
    fname = (zval *) 0x2a99b67950
    #15 0x0000002a95aa9a12 in execute (op_array=0x77f9e0) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:92
    execute_data = {opline = 0x2a99b67920, function_state =
    {function_symbol_table = 0x2a99e2db00,
    function = 0x77f4a0, reserved = {0x739738, 0x2a9cbedd80, 0x739540,
    0x7fbffd90d0}}, fbc = 0x0, op_array = 0x77f9e0,
    object = 0x0, Ts = 0x7fbffd87c0, CVs = 0x7fbffd8760,
    original_in_execution = 1 '\001', symbol_table = 0x2a99db28e8,
    prev_execute_data = 0x7fbffdd320, old_error_reporting = 0x0}
    #16 0x0000002a95aaa11f in zend_do_fcall_common_helper_SPEC
    (execute_data=0x7fbffdd320)
    at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:234
    opline = (zend_op *) 0x2a992c1370
    original_return_value = (zval **) 0x7fbffe98e0
    current_scope = (zend_class_entry *) 0x0
    current_this = (zval *) 0x0
    return_value_used = 1
    should_change_scope = 1 '\001'
    ctor_opline = (zend_op *) 0x2a95f2ae80
    #17 0x0000002a95aaacd4 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER
    (execute_data=0x7fbffdd320)
    at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:322
    No locals.
    #18 0x0000002a95aa9a12 in execute (op_array=0x7819a0) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:92
    execute_data = {opline = 0x2a992c1370, function_state =
    {function_symbol_table = 0x2a99db28e8,
    function = 0x77f9e0, reserved = {0x2a95aab1d1, 0x2a9cbbc731,
    0x100000058, 0x0}}, fbc = 0x77f9e0, op_array = 0x7819a0,
    object = 0x0, Ts = 0x7fbffd9320, CVs = 0x7fbffd9180,
    original_in_execution = 1 '\001', symbol_table = 0x2a99848bd0,
    prev_execute_data = 0x7fbffe9f50, old_error_reporting = 0x0}
    #19 0x0000002a95aaa11f in zend_do_fcall_common_helper_SPEC
    (execute_data=0x7fbffe9f50)
    at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:234
    opline = (zend_op *) 0x2a9927b380
    original_return_value = (zval **) 0x7fbffeb318
    current_scope = (zend_class_entry *) 0x0
    current_this = (zval *) 0x0
    return_value_used = 1
    should_change_scope = 1 '\001'
    ctor_opline = (zend_op *) 0x2a95f2ae80
    #20 0x0000002a95aaacd4 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER
    (execute_data=0x7fbffe9f50)
    at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:322
    No locals.
    #21 0x0000002a95aa9a12 in execute (op_array=0x781850) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:92
    execute_data = {opline = 0x2a9927b380, function_state =
    {function_symbol_table = 0x2a99848bd0,
    function = 0x7819a0, reserved = {0x19f95a72a80, 0x2a95c30688,
    0x9500739540, 0x2a99db5130}}, fbc = 0x7819a0,
    op_array = 0x781850, object = 0x0, Ts = 0x7fbffdd6a0, CVs =
    0x7fbffdd4d0, original_in_execution = 1 '\001',
    symbol_table = 0x2a99b70e40, prev_execute_data = 0x7fbffeb760,
    old_error_reporting = 0x0}
    #22 0x0000002a95aaa11f in zend_do_fcall_common_helper_SPEC
    (execute_data=0x7fbffeb760)
    at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:234
    opline = (zend_op *) 0x2a996fb5e8
    original_return_value = (zval **) 0x7fbffec250
    current_scope = (zend_class_entry *) 0x0
    current_this = (zval *) 0x0
    return_value_used = 0
    should_change_scope = 1 '\001'
    ctor_opline = (zend_op *) 0x2a95a91840
    #23 0x0000002a95aafbbf in ZEND_DO_FCALL_SPEC_CONST_HANDLER
    (execute_data=0x7fbffeb760)
    at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:1681
    opline = (zend_op *) 0x2a996fb5e8
    fname = (zval *) 0x2a996fb618
    #24 0x0000002a95aa9a12 in execute (op_array=0x78a220) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:92
    execute_data = {opline = 0x2a996fb5e8, function_state =
    {function_symbol_table = 0x2a99b70e40,
    function = 0x781850, reserved = {0x2a95c31770, 0x2dbffeb890,
    0x2a95c34b08, 0x8}}, fbc = 0x0, op_array = 0x78a220,
    object = 0x0, Ts = 0x7fbffea1e0, CVs = 0x7fbffea110,
    original_in_execution = 1 '\001', symbol_table = 0x2a99626050,
    prev_execute_data = 0x7fbfff6b20, old_error_reporting = 0x0}
    #25 0x0000002a95aaa11f in zend_do_fcall_common_helper_SPEC
    (execute_data=0x7fbfff6b20)



    ------------------------------------------------------------------------


    --
    Edit this bug report at [url]http://bugs.php.net/?id=40232&edit=1[/url]
    tony2001@php.net Guest

  5. #5

    Default #40232 [Fbk->Opn]: Apache segfaults when using openssl_pkcs7_encrypt()

    ID: 40232
    User updated by: schotte at mayflower dot de
    Reported By: schotte at mayflower dot de
    -Status: Feedback
    +Status: Open
    Bug Type: Reproducible crash
    Operating System: RedHat Linux 3.4.4-2 64-bit
    PHP Version: 5.2.0
    New Comment:

    './configure' '--with-apxs=/usr/local/apache_9090/bin/apxs'
    '--with-mysql=/usr/local/mysql' '--with-freetype-dir=/usr/lib'
    '--with-ttf=/usr/lib' '--with-zlib' '--with-gd' '--with-gettext'
    '--with-kerberos' '--enable-track-vars=yes' '--enable-sysvshm=yes'
    '--enable-sysvsem=yes' '--with-jpeg-dir=/usr/lib' '--with-png'
    '--with-config-file-path=/usr/local/etc/9090' '--without-ldap'
    '--with-ttf=yes' '--enable-sigchild' '--enable-calendar'
    '--enable-memory-limit' '--enable-debug'
    '--prefix=/usr/local/php-5.2.0_9090' '--with-openssl'


    mysql_version.h tells me:

    #define MYSQL_SERVER_VERSION "5.0.27"
    #define MYSQL_BASE_VERSION "mysqld-5.0"


    Previous Comments:
    ------------------------------------------------------------------------

    [2007-01-25 09:45:01] [email]tony2001php.net[/email]

    What configure line did you use? Did you enable MySQL?

    ------------------------------------------------------------------------

    [2007-01-25 09:38:11] schotte at mayflower dot de

    Regarding 64-bit: the same code works without any problems on a 32-bit
    machine.

    ------------------------------------------------------------------------

    [2007-01-25 09:37:13] schotte at mayflower dot de

    PHP was compiled with --enable-debug and --with-openssl which linked to
    OpenSSL from 0.9.7 up to the most actual 0.9.8d version.

    ------------------------------------------------------------------------

    [2007-01-25 09:36:17] schotte at mayflower dot de

    Description:
    ------------
    Apache 1.3 with PHP 5.2.0 segfaults when using openssl_pkcs7_encrypt()
    (used in an application that encrypts a mail body with a X.509
    certificate).

    A gdb backtrace is attached.

    Actual result:
    --------------
    (gdb) bt full
    #0 0x0000000000534ec9 in BN_BLINDING_free ()
    No symbol table info available.
    #1 0x00000000004ef35b in RSA_free ()
    No symbol table info available.
    #2 0x00000000004fefe6 in EVP_PKEY_free ()
    No symbol table info available.
    #3 0x000000000054b91f in pubkey_cb ()
    No symbol table info available.
    #4 0x00000000005066d7 in asn1_item_combine_free ()
    No symbol table info available.
    #5 0x0000000000506955 in asn1_item_combine_free ()
    No symbol table info available.
    #6 0x0000000000506955 in asn1_item_combine_free ()
    No symbol table info available.
    #7 0x0000000000506a72 in ASN1_item_free ()
    No symbol table info available.
    #8 0x00000000004f7acb in sk_pop_free ()
    No symbol table info available.
    #9 0x0000002a957c4a0e in zif_openssl_pkcs7_encrypt (ht=5,
    return_value=0x2a9cc6b8d8, return_value_ptr=0x0, this_ptr=0x0,
    return_value_used=1) at
    /usr/local/src/lamp-test/php-5.2.0_9090/ext/openssl/openssl.c:2654
    zrecipcerts = (zval **) 0x2a9cc7a2a0
    zheaders = (zval *) 0x2a9cc785f0
    recipcerts = (STACK *) 0x922630
    infile = (BIO *) 0x77a410
    outfile = (BIO *) 0x921cc0
    flags = 0
    p7 = (PKCS7 *) 0x928960
    hpos = 0x0
    zcertval = (zval **) 0x60
    cert = (X509 *) 0x9238a0
    cipher = (const EVP_CIPHER *) 0x595de0
    cipherid = 0
    strindexlen = 42
    intindex = 96
    strindex = 0x7165bbf00000008 <Address 0x7165bbf00000008 out of
    bounds>
    infilename = 0x2a9cc69620
    "/home/web/htdocs/temp/eby_17971241774001_encode_infile_0016.txt"
    infilename_len = 63
    outfilename = 0x2a9cc6e248
    "/home/web/htdocs/temp/eby_17971241774001_encode_outfile_0016.txt"
    outfilename_len = 64
    #10 0x0000002a95aa9f7a in zend_do_fcall_common_helper_SPEC
    (execute_data=0x7fbffd85a0)
    at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:200
    return_reference = 0 '\0'
    opline = (zend_op *) 0x2a99b355f8
    ---Type <return> to continue, or q <return> to quit---
    original_return_value = (zval **) 0xd08dc427f1498234
    current_scope = (zend_class_entry *) 0x0
    current_this = (zval *) 0x0
    return_value_used = 1
    should_change_scope = 0 '\0'
    ctor_opline = (zend_op *) 0x2a95a91840
    #11 0x0000002a95aafbbf in ZEND_DO_FCALL_SPEC_CONST_HANDLER
    (execute_data=0x7fbffd85a0)
    at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:1681
    opline = (zend_op *) 0x2a99b355f8
    fname = (zval *) 0x2a99b35628
    #12 0x0000002a95aa9a12 in execute (op_array=0x77f4a0) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:92
    execute_data = {opline = 0x2a99b355f8, function_state =
    {function_symbol_table = 0x2a9cd10848,
    function = 0x7fea90, reserved = {0x0, 0x7fbffd86d0, 0x2a95a7ee49,
    0x7fbffd8600}}, fbc = 0x0, op_array = 0x77f4a0,
    object = 0x0, Ts = 0x7fbffd7730, CVs = 0x7fbffd76d0,
    original_in_execution = 1 '\001', symbol_table = 0x2a99e2db00,
    prev_execute_data = 0x7fbffd8fd0, old_error_reporting = 0x0}
    #13 0x0000002a95aaa11f in zend_do_fcall_common_helper_SPEC
    (execute_data=0x7fbffd8fd0)
    at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:234
    opline = (zend_op *) 0x2a99b67920
    original_return_value = (zval **) 0x7fbffdc0f0
    current_scope = (zend_class_entry *) 0x0
    current_this = (zval *) 0x0
    return_value_used = 1
    should_change_scope = 1 '\001'
    ctor_opline = (zend_op *) 0x2a95a91840
    #14 0x0000002a95aafbbf in ZEND_DO_FCALL_SPEC_CONST_HANDLER
    (execute_data=0x7fbffd8fd0)
    at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:1681
    opline = (zend_op *) 0x2a99b67920
    fname = (zval *) 0x2a99b67950
    #15 0x0000002a95aa9a12 in execute (op_array=0x77f9e0) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:92
    execute_data = {opline = 0x2a99b67920, function_state =
    {function_symbol_table = 0x2a99e2db00,
    function = 0x77f4a0, reserved = {0x739738, 0x2a9cbedd80, 0x739540,
    0x7fbffd90d0}}, fbc = 0x0, op_array = 0x77f9e0,
    object = 0x0, Ts = 0x7fbffd87c0, CVs = 0x7fbffd8760,
    original_in_execution = 1 '\001', symbol_table = 0x2a99db28e8,
    prev_execute_data = 0x7fbffdd320, old_error_reporting = 0x0}
    #16 0x0000002a95aaa11f in zend_do_fcall_common_helper_SPEC
    (execute_data=0x7fbffdd320)
    at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:234
    opline = (zend_op *) 0x2a992c1370
    original_return_value = (zval **) 0x7fbffe98e0
    current_scope = (zend_class_entry *) 0x0
    current_this = (zval *) 0x0
    return_value_used = 1
    should_change_scope = 1 '\001'
    ctor_opline = (zend_op *) 0x2a95f2ae80
    #17 0x0000002a95aaacd4 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER
    (execute_data=0x7fbffdd320)
    at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:322
    No locals.
    #18 0x0000002a95aa9a12 in execute (op_array=0x7819a0) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:92
    execute_data = {opline = 0x2a992c1370, function_state =
    {function_symbol_table = 0x2a99db28e8,
    function = 0x77f9e0, reserved = {0x2a95aab1d1, 0x2a9cbbc731,
    0x100000058, 0x0}}, fbc = 0x77f9e0, op_array = 0x7819a0,
    object = 0x0, Ts = 0x7fbffd9320, CVs = 0x7fbffd9180,
    original_in_execution = 1 '\001', symbol_table = 0x2a99848bd0,
    prev_execute_data = 0x7fbffe9f50, old_error_reporting = 0x0}
    #19 0x0000002a95aaa11f in zend_do_fcall_common_helper_SPEC
    (execute_data=0x7fbffe9f50)
    at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:234
    opline = (zend_op *) 0x2a9927b380
    original_return_value = (zval **) 0x7fbffeb318
    current_scope = (zend_class_entry *) 0x0
    current_this = (zval *) 0x0
    return_value_used = 1
    should_change_scope = 1 '\001'
    ctor_opline = (zend_op *) 0x2a95f2ae80
    #20 0x0000002a95aaacd4 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER
    (execute_data=0x7fbffe9f50)
    at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:322
    No locals.
    #21 0x0000002a95aa9a12 in execute (op_array=0x781850) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:92
    execute_data = {opline = 0x2a9927b380, function_state =
    {function_symbol_table = 0x2a99848bd0,
    function = 0x7819a0, reserved = {0x19f95a72a80, 0x2a95c30688,
    0x9500739540, 0x2a99db5130}}, fbc = 0x7819a0,
    op_array = 0x781850, object = 0x0, Ts = 0x7fbffdd6a0, CVs =
    0x7fbffdd4d0, original_in_execution = 1 '\001',
    symbol_table = 0x2a99b70e40, prev_execute_data = 0x7fbffeb760,
    old_error_reporting = 0x0}
    #22 0x0000002a95aaa11f in zend_do_fcall_common_helper_SPEC
    (execute_data=0x7fbffeb760)
    at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:234
    opline = (zend_op *) 0x2a996fb5e8
    original_return_value = (zval **) 0x7fbffec250
    current_scope = (zend_class_entry *) 0x0
    current_this = (zval *) 0x0
    return_value_used = 0
    should_change_scope = 1 '\001'
    ctor_opline = (zend_op *) 0x2a95a91840
    #23 0x0000002a95aafbbf in ZEND_DO_FCALL_SPEC_CONST_HANDLER
    (execute_data=0x7fbffeb760)
    at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:1681
    opline = (zend_op *) 0x2a996fb5e8
    fname = (zval *) 0x2a996fb618
    #24 0x0000002a95aa9a12 in execute (op_array=0x78a220) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:92
    execute_data = {opline = 0x2a996fb5e8, function_state =
    {function_symbol_table = 0x2a99b70e40,
    function = 0x781850, reserved = {0x2a95c31770, 0x2dbffeb890,
    0x2a95c34b08, 0x8}}, fbc = 0x0, op_array = 0x78a220,
    object = 0x0, Ts = 0x7fbffea1e0, CVs = 0x7fbffea110,
    original_in_execution = 1 '\001', symbol_table = 0x2a99626050,
    prev_execute_data = 0x7fbfff6b20, old_error_reporting = 0x0}
    #25 0x0000002a95aaa11f in zend_do_fcall_common_helper_SPEC
    (execute_data=0x7fbfff6b20)



    ------------------------------------------------------------------------


    --
    Edit this bug report at [url]http://bugs.php.net/?id=40232&edit=1[/url]
    schotte at mayflower dot de Guest

  6. #6

    Default #40232 [Opn->Bgs]: Apache segfaults when using openssl_pkcs7_encrypt()

    ID: 40232
    Updated by: [email]tony2001php.net[/email]
    Reported By: schotte at mayflower dot de
    -Status: Open
    +Status: Bogus
    Bug Type: Reproducible crash
    Operating System: RedHat Linux 3.4.4-2 64-bit
    PHP Version: 5.2.0
    New Comment:

    This issue is caused by conflict between OpenSSL and YaSSL used in
    MySQL binary builds.
    As far as I know, it is fixed in latest MySQL versions.
    Another solution is to rebuild MySQL from sources.
    Anyway, we cannot fix a problem in MySQL.


    Previous Comments:
    ------------------------------------------------------------------------

    [2007-01-25 09:48:44] schotte at mayflower dot de

    './configure' '--with-apxs=/usr/local/apache_9090/bin/apxs'
    '--with-mysql=/usr/local/mysql' '--with-freetype-dir=/usr/lib'
    '--with-ttf=/usr/lib' '--with-zlib' '--with-gd' '--with-gettext'
    '--with-kerberos' '--enable-track-vars=yes' '--enable-sysvshm=yes'
    '--enable-sysvsem=yes' '--with-jpeg-dir=/usr/lib' '--with-png'
    '--with-config-file-path=/usr/local/etc/9090' '--without-ldap'
    '--with-ttf=yes' '--enable-sigchild' '--enable-calendar'
    '--enable-memory-limit' '--enable-debug'
    '--prefix=/usr/local/php-5.2.0_9090' '--with-openssl'


    mysql_version.h tells me:

    #define MYSQL_SERVER_VERSION "5.0.27"
    #define MYSQL_BASE_VERSION "mysqld-5.0"

    ------------------------------------------------------------------------

    [2007-01-25 09:45:01] [email]tony2001php.net[/email]

    What configure line did you use? Did you enable MySQL?

    ------------------------------------------------------------------------

    [2007-01-25 09:38:11] schotte at mayflower dot de

    Regarding 64-bit: the same code works without any problems on a 32-bit
    machine.

    ------------------------------------------------------------------------

    [2007-01-25 09:37:13] schotte at mayflower dot de

    PHP was compiled with --enable-debug and --with-openssl which linked to
    OpenSSL from 0.9.7 up to the most actual 0.9.8d version.

    ------------------------------------------------------------------------

    [2007-01-25 09:36:17] schotte at mayflower dot de

    Description:
    ------------
    Apache 1.3 with PHP 5.2.0 segfaults when using openssl_pkcs7_encrypt()
    (used in an application that encrypts a mail body with a X.509
    certificate).

    A gdb backtrace is attached.

    Actual result:
    --------------
    (gdb) bt full
    #0 0x0000000000534ec9 in BN_BLINDING_free ()
    No symbol table info available.
    #1 0x00000000004ef35b in RSA_free ()
    No symbol table info available.
    #2 0x00000000004fefe6 in EVP_PKEY_free ()
    No symbol table info available.
    #3 0x000000000054b91f in pubkey_cb ()
    No symbol table info available.
    #4 0x00000000005066d7 in asn1_item_combine_free ()
    No symbol table info available.
    #5 0x0000000000506955 in asn1_item_combine_free ()
    No symbol table info available.
    #6 0x0000000000506955 in asn1_item_combine_free ()
    No symbol table info available.
    #7 0x0000000000506a72 in ASN1_item_free ()
    No symbol table info available.
    #8 0x00000000004f7acb in sk_pop_free ()
    No symbol table info available.
    #9 0x0000002a957c4a0e in zif_openssl_pkcs7_encrypt (ht=5,
    return_value=0x2a9cc6b8d8, return_value_ptr=0x0, this_ptr=0x0,
    return_value_used=1) at
    /usr/local/src/lamp-test/php-5.2.0_9090/ext/openssl/openssl.c:2654
    zrecipcerts = (zval **) 0x2a9cc7a2a0
    zheaders = (zval *) 0x2a9cc785f0
    recipcerts = (STACK *) 0x922630
    infile = (BIO *) 0x77a410
    outfile = (BIO *) 0x921cc0
    flags = 0
    p7 = (PKCS7 *) 0x928960
    hpos = 0x0
    zcertval = (zval **) 0x60
    cert = (X509 *) 0x9238a0
    cipher = (const EVP_CIPHER *) 0x595de0
    cipherid = 0
    strindexlen = 42
    intindex = 96
    strindex = 0x7165bbf00000008 <Address 0x7165bbf00000008 out of
    bounds>
    infilename = 0x2a9cc69620
    "/home/web/htdocs/temp/eby_17971241774001_encode_infile_0016.txt"
    infilename_len = 63
    outfilename = 0x2a9cc6e248
    "/home/web/htdocs/temp/eby_17971241774001_encode_outfile_0016.txt"
    outfilename_len = 64
    #10 0x0000002a95aa9f7a in zend_do_fcall_common_helper_SPEC
    (execute_data=0x7fbffd85a0)
    at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:200
    return_reference = 0 '\0'
    opline = (zend_op *) 0x2a99b355f8
    ---Type <return> to continue, or q <return> to quit---
    original_return_value = (zval **) 0xd08dc427f1498234
    current_scope = (zend_class_entry *) 0x0
    current_this = (zval *) 0x0
    return_value_used = 1
    should_change_scope = 0 '\0'
    ctor_opline = (zend_op *) 0x2a95a91840
    #11 0x0000002a95aafbbf in ZEND_DO_FCALL_SPEC_CONST_HANDLER
    (execute_data=0x7fbffd85a0)
    at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:1681
    opline = (zend_op *) 0x2a99b355f8
    fname = (zval *) 0x2a99b35628
    #12 0x0000002a95aa9a12 in execute (op_array=0x77f4a0) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:92
    execute_data = {opline = 0x2a99b355f8, function_state =
    {function_symbol_table = 0x2a9cd10848,
    function = 0x7fea90, reserved = {0x0, 0x7fbffd86d0, 0x2a95a7ee49,
    0x7fbffd8600}}, fbc = 0x0, op_array = 0x77f4a0,
    object = 0x0, Ts = 0x7fbffd7730, CVs = 0x7fbffd76d0,
    original_in_execution = 1 '\001', symbol_table = 0x2a99e2db00,
    prev_execute_data = 0x7fbffd8fd0, old_error_reporting = 0x0}
    #13 0x0000002a95aaa11f in zend_do_fcall_common_helper_SPEC
    (execute_data=0x7fbffd8fd0)
    at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:234
    opline = (zend_op *) 0x2a99b67920
    original_return_value = (zval **) 0x7fbffdc0f0
    current_scope = (zend_class_entry *) 0x0
    current_this = (zval *) 0x0
    return_value_used = 1
    should_change_scope = 1 '\001'
    ctor_opline = (zend_op *) 0x2a95a91840
    #14 0x0000002a95aafbbf in ZEND_DO_FCALL_SPEC_CONST_HANDLER
    (execute_data=0x7fbffd8fd0)
    at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:1681
    opline = (zend_op *) 0x2a99b67920
    fname = (zval *) 0x2a99b67950
    #15 0x0000002a95aa9a12 in execute (op_array=0x77f9e0) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:92
    execute_data = {opline = 0x2a99b67920, function_state =
    {function_symbol_table = 0x2a99e2db00,
    function = 0x77f4a0, reserved = {0x739738, 0x2a9cbedd80, 0x739540,
    0x7fbffd90d0}}, fbc = 0x0, op_array = 0x77f9e0,
    object = 0x0, Ts = 0x7fbffd87c0, CVs = 0x7fbffd8760,
    original_in_execution = 1 '\001', symbol_table = 0x2a99db28e8,
    prev_execute_data = 0x7fbffdd320, old_error_reporting = 0x0}
    #16 0x0000002a95aaa11f in zend_do_fcall_common_helper_SPEC
    (execute_data=0x7fbffdd320)
    at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:234
    opline = (zend_op *) 0x2a992c1370
    original_return_value = (zval **) 0x7fbffe98e0
    current_scope = (zend_class_entry *) 0x0
    current_this = (zval *) 0x0
    return_value_used = 1
    should_change_scope = 1 '\001'
    ctor_opline = (zend_op *) 0x2a95f2ae80
    #17 0x0000002a95aaacd4 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER
    (execute_data=0x7fbffdd320)
    at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:322
    No locals.
    #18 0x0000002a95aa9a12 in execute (op_array=0x7819a0) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:92
    execute_data = {opline = 0x2a992c1370, function_state =
    {function_symbol_table = 0x2a99db28e8,
    function = 0x77f9e0, reserved = {0x2a95aab1d1, 0x2a9cbbc731,
    0x100000058, 0x0}}, fbc = 0x77f9e0, op_array = 0x7819a0,
    object = 0x0, Ts = 0x7fbffd9320, CVs = 0x7fbffd9180,
    original_in_execution = 1 '\001', symbol_table = 0x2a99848bd0,
    prev_execute_data = 0x7fbffe9f50, old_error_reporting = 0x0}
    #19 0x0000002a95aaa11f in zend_do_fcall_common_helper_SPEC
    (execute_data=0x7fbffe9f50)
    at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:234
    opline = (zend_op *) 0x2a9927b380
    original_return_value = (zval **) 0x7fbffeb318
    current_scope = (zend_class_entry *) 0x0
    current_this = (zval *) 0x0
    return_value_used = 1
    should_change_scope = 1 '\001'
    ctor_opline = (zend_op *) 0x2a95f2ae80
    #20 0x0000002a95aaacd4 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER
    (execute_data=0x7fbffe9f50)
    at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:322
    No locals.
    #21 0x0000002a95aa9a12 in execute (op_array=0x781850) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:92
    execute_data = {opline = 0x2a9927b380, function_state =
    {function_symbol_table = 0x2a99848bd0,
    function = 0x7819a0, reserved = {0x19f95a72a80, 0x2a95c30688,
    0x9500739540, 0x2a99db5130}}, fbc = 0x7819a0,
    op_array = 0x781850, object = 0x0, Ts = 0x7fbffdd6a0, CVs =
    0x7fbffdd4d0, original_in_execution = 1 '\001',
    symbol_table = 0x2a99b70e40, prev_execute_data = 0x7fbffeb760,
    old_error_reporting = 0x0}
    #22 0x0000002a95aaa11f in zend_do_fcall_common_helper_SPEC
    (execute_data=0x7fbffeb760)
    at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:234
    opline = (zend_op *) 0x2a996fb5e8
    original_return_value = (zval **) 0x7fbffec250
    current_scope = (zend_class_entry *) 0x0
    current_this = (zval *) 0x0
    return_value_used = 0
    should_change_scope = 1 '\001'
    ctor_opline = (zend_op *) 0x2a95a91840
    #23 0x0000002a95aafbbf in ZEND_DO_FCALL_SPEC_CONST_HANDLER
    (execute_data=0x7fbffeb760)
    at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:1681
    opline = (zend_op *) 0x2a996fb5e8
    fname = (zval *) 0x2a996fb618
    #24 0x0000002a95aa9a12 in execute (op_array=0x78a220) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:92
    execute_data = {opline = 0x2a996fb5e8, function_state =
    {function_symbol_table = 0x2a99b70e40,
    function = 0x781850, reserved = {0x2a95c31770, 0x2dbffeb890,
    0x2a95c34b08, 0x8}}, fbc = 0x0, op_array = 0x78a220,
    object = 0x0, Ts = 0x7fbffea1e0, CVs = 0x7fbffea110,
    original_in_execution = 1 '\001', symbol_table = 0x2a99626050,
    prev_execute_data = 0x7fbfff6b20, old_error_reporting = 0x0}
    #25 0x0000002a95aaa11f in zend_do_fcall_common_helper_SPEC
    (execute_data=0x7fbfff6b20)



    ------------------------------------------------------------------------


    --
    Edit this bug report at [url]http://bugs.php.net/?id=40232&edit=1[/url]
    tony2001@php.net Guest

  7. #7

    Default #40232 [Bgs->Opn]: Apache segfaults when using openssl_pkcs7_encrypt()

    ID: 40232
    User updated by: schotte at mayflower dot de
    Reported By: schotte at mayflower dot de
    -Status: Bogus
    +Status: Open
    Bug Type: Reproducible crash
    Operating System: RedHat Linux 3.4.4-2 64-bit
    PHP Version: 5.2.0
    New Comment:

    We compiled PHP without MySQL (--without-mysql) and using Oracle
    instead. It did not help, same backtrace:

    #0 0x0000000000534ec9 in BN_BLINDING_free ()
    No symbol table info available.
    #1 0x00000000004ef35b in RSA_free ()
    No symbol table info available.
    #2 0x00000000004fefe6 in EVP_PKEY_free ()
    No symbol table info available.
    #3 0x000000000054b91f in pubkey_cb ()
    No symbol table info available.
    #4 0x00000000005066d7 in asn1_item_combine_free ()
    No symbol table info available.
    #5 0x0000000000506955 in asn1_item_combine_free ()
    No symbol table info available.
    #6 0x0000000000506955 in asn1_item_combine_free ()
    No symbol table info available.
    #7 0x0000000000506a72 in ASN1_item_free ()
    No symbol table info available.
    #8 0x00000000004f7acb in sk_pop_free ()
    No symbol table info available.
    #9 0x0000002a95783792 in zif_openssl_pkcs7_encrypt (ht=5,
    return_value=0x2a9e269078, return_value_ptr=0x0, this_ptr=0x0,
    return_value_used=1)
    at
    /usr/local/src/lamp-test/php-5.2.0_9090/ext/openssl/openssl.c:2654
    zrecipcerts = (zval **) 0x2a9e30d1d8
    zheaders = (zval *) 0x2a9e2f5320
    recipcerts = (STACK *) 0x9a0340
    infile = (BIO *) 0x9427f0
    outfile = (BIO *) 0x9a15b0
    flags = 0
    p7 = (PKCS7 *) 0x9a3490
    hpos = 0x0
    zcertval = (zval **) 0x60
    cert = (X509 *) 0x9a1630
    cipher = (const EVP_CIPHER *) 0x595de0
    cipherid = 0
    strindexlen = 42
    intindex = 96
    strindex = 0xf15cdbf00000008 <Address 0xf15cdbf00000008 out of
    bounds>
    infilename = 0x2a9afd8db8
    "/home/web/htdocs/temp/eby_17971241774001_encode_infile_0020.txt"
    infilename_len = 63
    outfilename = 0x2a9e268580
    "/home/web/htdocs/temp/eby_17971241774001_encode_outfile_0020.txt"
    outfilename_len = 64
    #10 0x0000002a95a76b0a in zend_do_fcall_common_helper_SPEC
    (execute_data=0x7fbffd8580) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:200
    return_reference = 0 '\0'
    opline = (zend_op *) 0x2a9b1b23b8
    original_return_value = (zval **) 0xd08dc427f1498234
    current_scope = (zend_class_entry *) 0x0
    current_this = (zval *) 0x0
    return_value_used = 1
    should_change_scope = 0 '\0'
    ctor_opline = (zend_op *) 0x2a95a5e3d0
    #11 0x0000002a95a7c74f in ZEND_DO_FCALL_SPEC_CONST_HANDLER
    (execute_data=0x7fbffd8580) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:1681
    opline = (zend_op *) 0x2a9b1b23b8
    fname = (zval *) 0x2a9b1b23e8
    #12 0x0000002a95a765a2 in execute (op_array=0x91fb30) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:92
    execute_data = {opline = 0x2a9b1b23b8, function_state =
    {function_symbol_table = 0x2a9e38d078, function = 0x803ed0, reserved =
    {0x0, 0x7fbffd86b0, 0x2a95a4b9d9,
    0x7fbffd85e0}}, fbc = 0x0, op_array = 0x91fb30, object = 0x0, Ts
    = 0x7fbffd7710, CVs = 0x7fbffd76b0, original_in_execution = 1 '\001',
    symbol_table = 0x2a9b4b5608,
    prev_execute_data = 0x7fbffd8fb0, old_error_reporting = 0x0}
    #13 0x0000002a95a76caf in zend_do_fcall_common_helper_SPEC
    (execute_data=0x7fbffd8fb0) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:234
    opline = (zend_op *) 0x2a9b1e41e8
    original_return_value = (zval **) 0x7fbffdc0d0
    current_scope = (zend_class_entry *) 0x0
    current_this = (zval *) 0x0
    return_value_used = 1
    should_change_scope = 1 '\001'
    ctor_opline = (zend_op *) 0x2a95a5e3d0
    ---Type <return> to continue, or q <return> to quit---
    #14 0x0000002a95a7c74f in ZEND_DO_FCALL_SPEC_CONST_HANDLER
    (execute_data=0x7fbffd8fb0) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:1681
    opline = (zend_op *) 0x2a9b1e41e8
    fname = (zval *) 0x2a9b1e4218
    #15 0x0000002a95a765a2 in execute (op_array=0x920070) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:92
    execute_data = {opline = 0x2a9b1e41e8, function_state =
    {function_symbol_table = 0x2a9b4b5608, function = 0x91fb30, reserved =
    {0x73a040, 0x2a9e2de880, 0x739e20,
    0x7fbffd90b0}}, fbc = 0x0, op_array = 0x920070, object = 0x0, Ts
    = 0x7fbffd87a0, CVs = 0x7fbffd8740, original_in_execution = 1 '\001',
    symbol_table = 0x2a9b46b790,
    prev_execute_data = 0x7fbffdd300, old_error_reporting = 0x0}
    #16 0x0000002a95a76caf in zend_do_fcall_common_helper_SPEC
    (execute_data=0x7fbffdd300) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:234
    opline = (zend_op *) 0x2a974f6370
    original_return_value = (zval **) 0x7fbffe98c0
    current_scope = (zend_class_entry *) 0x0
    current_this = (zval *) 0x0
    return_value_used = 1
    should_change_scope = 1 '\001'
    ctor_opline = (zend_op *) 0x2a95d616e0
    #17 0x0000002a95a77864 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER
    (execute_data=0x7fbffdd300) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:322
    No locals.
    #18 0x0000002a95a765a2 in execute (op_array=0x91cec0) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:92
    execute_data = {opline = 0x2a974f6370, function_state =
    {function_symbol_table = 0x2a9b46b790, function = 0x920070, reserved =
    {0x2a95a77d61, 0x2a9e38ebd9,
    0x100000058, 0x0}}, fbc = 0x920070, op_array = 0x91cec0, object =
    0x0, Ts = 0x7fbffd9300, CVs = 0x7fbffd9160, original_in_execution = 1
    '\001',
    symbol_table = 0x2a9afd75d0, prev_execute_data = 0x7fbffe9f30,
    old_error_reporting = 0x0}
    #19 0x0000002a95a76caf in zend_do_fcall_common_helper_SPEC
    (execute_data=0x7fbffe9f30) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:234
    opline = (zend_op *) 0x2a974b0380
    original_return_value = (zval **) 0x7fbffeb2f8
    current_scope = (zend_class_entry *) 0x0
    current_this = (zval *) 0x0
    return_value_used = 1
    should_change_scope = 1 '\001'
    ctor_opline = (zend_op *) 0x2a95d616e0
    #20 0x0000002a95a77864 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER
    (execute_data=0x7fbffe9f30) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:322
    No locals.
    #21 0x0000002a95a765a2 in execute (op_array=0x91cd70) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:92
    execute_data = {opline = 0x2a974b0380, function_state =
    {function_symbol_table = 0x2a9afd75d0, function = 0x91cec0, reserved =
    {0x19f95a3f610, 0x2a95b90948,
    0x9500739e20, 0x2a9b46e2a0}}, fbc = 0x91cec0, op_array =
    0x91cd70, object = 0x0, Ts = 0x7fbffdd680, CVs = 0x7fbffdd4b0,
    original_in_execution = 1 '\001',
    symbol_table = 0x2a9afd6e58, prev_execute_data = 0x7fbffeb740,
    old_error_reporting = 0x0}
    #22 0x0000002a95a76caf in zend_do_fcall_common_helper_SPEC
    (execute_data=0x7fbffeb740) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:234
    opline = (zend_op *) 0x2a9ad775e8
    original_return_value = (zval **) 0x7fbffec230
    current_scope = (zend_class_entry *) 0x0
    current_this = (zval *) 0x0
    return_value_used = 0
    should_change_scope = 1 '\001'
    ctor_opline = (zend_op *) 0x2a95a5e3d0
    #23 0x0000002a95a7c74f in ZEND_DO_FCALL_SPEC_CONST_HANDLER
    (execute_data=0x7fbffeb740) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:1681
    opline = (zend_op *) 0x2a9ad775e8
    fname = (zval *) 0x2a9ad77618
    #24 0x0000002a95a765a2 in execute (op_array=0x77a930) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:92
    execute_data = {opline = 0x2a9ad775e8, function_state =
    {function_symbol_table = 0x2a9afd6e58, function = 0x91cd70, reserved =
    {0x2a95b91a30, 0x2dbffeb870,
    0x2a95b94dc8, 0x8}}, fbc = 0x0, op_array = 0x77a930, object =
    0x0, Ts = 0x7fbffea1c0, CVs = 0x7fbffea0f0, original_in_execution = 1
    '\001',
    symbol_table = 0x2a9aca26e0, prev_execute_data = 0x7fbfff6b00,
    old_error_reporting = 0x0}
    #25 0x0000002a95a76caf in zend_do_fcall_common_helper_SPEC
    (execute_data=0x7fbfff6b00) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:234
    opline = (zend_op *) 0x2a9e31a210
    original_return_value = (zval **) 0x7fbfffa1c8
    current_scope = (zend_class_entry *) 0x0
    current_this = (zval *) 0x0
    return_value_used = 1
    should_change_scope = 1 '\001'
    ctor_opline = (zend_op *) 0x2a95a5e3d0
    #26 0x0000002a95a7c74f in ZEND_DO_FCALL_SPEC_CONST_HANDLER
    (execute_data=0x7fbfff6b00) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:1681
    opline = (zend_op *) 0x2a9e31a210
    fname = (zval *) 0x2a9e31a240
    #27 0x0000002a95a765a2 in execute (op_array=0x2a970f33b8) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:92
    execute_data = {opline = 0x2a9e31a210, function_state =
    {function_symbol_table = 0x2a9aca26e0, function = 0x77a930, reserved =
    {0x2a970f34a8, 0x2a9c9c1758,
    ---Type <return> to continue, or q <return> to quit---
    0x2a970f3378, 0xbfff6b05}}, fbc = 0x0, op_array = 0x2a970f33b8,
    object = 0x0, Ts = 0x7fbffebc10, CVs = 0x7fbffeb900,
    original_in_execution = 1 '\001',
    symbol_table = 0x2a95d61868, prev_execute_data = 0x7fbfffa200,
    old_error_reporting = 0x0}
    #28 0x0000002a95a834a5 in ZEND_INCLUDE_OR_EVAL_SPEC_TMP_HANDLER
    (execute_data=0x7fbfffa200) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:4572
    saved_object = (zval *) 0x0
    saved_function = (zend_function *) 0x2a970ef6d8
    opline = (zend_op *) 0x2a97123828
    new_op_array = (zend_op_array *) 0x2a970f33b8
    original_return_value = (zval **) 0x7fbfffb540
    return_value_used = 0
    free_op1 = {var = 0x7fbfffa198}
    inc_filename = (zval *) 0x7fbfffa198
    tmp_inc_filename = {value = {lval = 182900575688, dval =
    9.0364891052027516e-313, str = {
    val = 0x2a95b94dc8
    "/usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_variables.h", len =
    -1073766032}, ht = 0x2a95b94dc8, obj = {handle = 2511949256,
    handlers = 0x7fbfffa170}}, refcount = 3221191808, type = 127
    '\177', is_ref = 0 '\0'}
    failure_retval = 0 '\0'
    #29 0x0000002a95a765a2 in execute (op_array=0x2a970ef6d8) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:92
    execute_data = {opline = 0x2a97123828, function_state =
    {function_symbol_table = 0x2a9aca26e0, function = 0x2a970f33b8,
    reserved = {0x774348, 0x774354,
    0x2a00000001, 0x7fbfffa205}}, fbc = 0x0, op_array = 0x2a970ef6d8,
    object = 0x0, Ts = 0x7fbfff7d30, CVs = 0x7fbfff7ce0,
    original_in_execution = 1 '\001',
    symbol_table = 0x2a95d61868, prev_execute_data = 0x7fbfffb570,
    old_error_reporting = 0x0}
    #30 0x0000002a95a834a5 in ZEND_INCLUDE_OR_EVAL_SPEC_TMP_HANDLER
    (execute_data=0x7fbfffb570) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:4572
    saved_object = (zval *) 0x0
    saved_function = (zend_function *) 0x2a970eca30
    opline = (zend_op *) 0x2a970ed150
    new_op_array = (zend_op_array *) 0x2a970ef6d8
    original_return_value = (zval **) 0x7fbfffc7f0
    return_value_used = 0
    free_op1 = {var = 0x7fbfffb510}
    inc_filename = (zval *) 0x7fbfffb510
    tmp_inc_filename = {value = {lval = 182900575688, dval =
    9.0364891052027516e-313, str = {
    val = 0x2a95b94dc8
    "/usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_variables.h", len =
    -1073761048}, ht = 0x2a95b94dc8, obj = {handle = 2511949256,
    handlers = 0x7fbfffb4e8}}, refcount = 3221205888, type = 127
    '\177', is_ref = 0 '\0'}
    failure_retval = 0 '\0'
    #31 0x0000002a95a765a2 in execute (op_array=0x2a970eca30) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:92
    execute_data = {opline = 0x2a970ed150, function_state =
    {function_symbol_table = 0x0, function = 0x2a970ef6d8, reserved =
    {0x2a970ebc58, 0xbfffb5d0, 0x0,
    0x807bfffb505}}, fbc = 0x0, op_array = 0x2a970eca30, object =
    0x0, Ts = 0x7fbfffb420, CVs = 0x7fbfffb3e0, original_in_execution = 1
    '\001',
    symbol_table = 0x2a95d61868, prev_execute_data = 0x7fbfffc820,
    old_error_reporting = 0x0}
    #32 0x0000002a95a7d655 in ZEND_INCLUDE_OR_EVAL_SPEC_CONST_HANDLER
    (execute_data=0x7fbfffc820) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:2033
    saved_object = (zval *) 0x0
    saved_function = (zend_function *) 0x2a970ebbb8
    opline = (zend_op *) 0x2a970ec438
    new_op_array = (zend_op_array *) 0x2a970eca30
    original_return_value = (zval **) 0x7fbfffc9b8
    return_value_used = 0
    inc_filename = (zval *) 0x2a970ec468
    tmp_inc_filename = {value = {lval = 182922953744, dval =
    9.0375947280717828e-313, str = {val = 0x2a970ec410 "�\004\017\227*",
    len = -1760639992},
    ht = 0x2a970ec410, obj = {handle = 2534327312, handlers =
    0x2a970ec408}}, refcount = 2534327272, type = 42 '*', is_ref = 0 '\0'}
    failure_retval = 0 '\0'
    #33 0x0000002a95a765a2 in execute (op_array=0x2a970ebbb8) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:92
    execute_data = {opline = 0x2a970ec438, function_state =
    {function_symbol_table = 0x0, function = 0x2a970eca30, reserved =
    {0x6395a23674, 0x2a95b91100,
    0x2a970ec0a0, 0x7fbfffc890}}, fbc = 0x0, op_array = 0x2a970ebbb8,
    object = 0x0, Ts = 0x7fbfffc770, CVs = 0x7fbfffc740,
    original_in_execution = 0 '\0',
    symbol_table = 0x2a95d61868, prev_execute_data = 0x0,
    old_error_reporting = 0x0}
    #34 0x0000002a95a50c61 in zend_execute_scripts (type=8, retval=0x0,
    file_count=3) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend.c:1097
    files = {{gp_offset = 40, fp_offset = 48, overflow_arg_area =
    0x7fbfffcaf0, reg_save_area = 0x7fbfffca20}}
    i = 1
    file_handle = (zend_file_handle *) 0x7fbfffee20
    orig_op_array = (zend_op_array *) 0x0
    orig_retval_ptr_ptr = (zval **) 0x0
    local_retval = (zval *) 0x0
    #35 0x0000002a959f7b82 in php_execute_script
    (primary_file=0x7fbfffee20) at
    /usr/local/src/lamp-test/php-5.2.0_9090/main/main.c:1758
    realfile = "
    p\v\233*\000\000\000��p\000\000\000\000\000� ���\177\000\000\000\200\034V\000\000\000\000 \000���\177",
    '\0' <repeats 27 times>, "
    ���\177\000\000\000��\022s\001\000\000\0 00���\177",
    '\0' <repeats 19 times>,
    "��p\000\000\000\000\000\204�\017\227*\000\0 00\000\200\034V\000\001",
    '\0' <repeats 11 times>,
    "�\017\227*\000\000\0000\032�\225*\000\000\00 0N\000\000#\000\000\000\2204C\227*\000\000\000x\2 37s\000\000\000\000\000\220�\017\227*\000\000\00 0
    \236s\000\000\000\000\000p���\177\000\000\00 0��\225*\000\000\000$\000\000\000*\000\000\000 ��p\000\000\000\000\000���"...
    ---Type <return> to continue, or q <return> to quit---
    __orig_bailout = (jmp_buf *) 0x7fbfffef80
    __bailout = {{__jmpbuf = {7401680, 548682067184, 5643392,
    548682069056, 0, 0, 548682058480, 182898882860}, __mask_was_saved = 0,
    __saved_mask = {__val = {
    182902444560, 548682066848, 182896477906, 353, 4294967324,
    548682066880, 182899278338, 182900567152, 8406784, 548682066928,
    182899301238, 72057776938381216, 0,
    182899278284, 182902463424, 548682066944}}}}
    prepend_file_p = (zend_file_handle *) 0x0
    append_file_p = (zend_file_handle *) 0x0
    prepend_file = {type = 0 '\0', filename = 0x0, opened_path =
    0x0, handle = {fd = 0, fp = 0x0, stream = {handle = 0x0, reader = 0,
    closer = 0, fteller = 0,
    interactive = 0}}, free_filename = 0 '\0'}
    append_file = {type = 0 '\0', filename = 0x0, opened_path =
    0x0, handle = {fd = 0, fp = 0x0, stream = {handle = 0x0, reader = 0,
    closer = 0, fteller = 0,
    interactive = 0}}, free_filename = 0 '\0'}
    old_cwd = 0x7fbfffcb10 "/usr/local/apache_9090/bin"
    retval = 0
    #36 0x0000002a95ac7b9f in apache_php_module_main (r=0x70f0d0,
    display_source_mode=0) at
    /usr/local/src/lamp-test/php-5.2.0_9090/sapi/apache/sapi_apache.c:53
    retval = 0
    file_handle = {type = 5 '\005', filename = 0x774700
    "//usr/local/apache_9090/htdocs/pages.eby/eds.php",
    opened_path = 0x2a970ebce8
    "config;service;eds;contact;shop;support;check ", handle = {fd =
    -1760641432, fp = 0x2a970ebe68, stream = {handle = 0x2a970ebe68,
    reader = 0x2a95a0d5be <_php_stream_read>, closer = 0x2a959f5f08
    <stream_closer_for_zend>, fteller = 0x2a959f5f24
    <stream_fteller_for_zend>, interactive = 0}},
    free_filename = 0 '\0'}
    #37 0x0000002a95ac8b25 in send_php (r=0x70f0d0, display_source_mode=0,
    filename=0x774700 "//usr/local/apache_9090/htdocs/pages.eby/eds.php")
    at
    /usr/local/src/lamp-test/php-5.2.0_9090/sapi/apache/mod_php5.c:660
    __orig_bailout = (jmp_buf *) 0x0
    __bailout = {{__jmpbuf = {0, 548682068208, 5643392,
    548682069056, 0, 0, 548682067600, 182899738907}, __mask_was_saved = 0,
    __saved_mask = {__val = {7401608,
    7817760, 0, 5683212, 7817800, 0, 651061555542690057,
    548682068096, 4530537, 1, 7817736, 7817008, 7401608, 7817736, 7404312,
    548682068096}}}}
    retval = 0
    per_dir_conf = (HashTable *) 0x734920
    #38 0x0000002a95ac8b81 in send_pd_php (r=0x70f0d0) at
    /usr/local/src/lamp-test/php-5.2.0_9090/sapi/apache/mod_php5.c:675
    result = 127
    #39 0x000000000048ce58 in ap_invoke_handler ()
    No symbol table info available.
    #40 0x00000000004a4cc2 in process_request_internal ()
    No symbol table info available.
    #41 0x00000000004a4d17 in ap_process_request ()
    No symbol table info available.
    #42 0x000000000049af7a in child_main ()
    No symbol table info available.
    #43 0x000000000049b1ae in make_child ()
    No symbol table info available.
    #44 0x000000000049b32d in startup_children ()
    No symbol table info available.
    #45 0x000000000049ba2e in standalone_main ()
    No symbol table info available.
    #46 0x000000000049c22b in main ()
    No symbol table info available.


    Previous Comments:
    ------------------------------------------------------------------------

    [2007-01-25 09:56:21] [email]tony2001php.net[/email]

    This issue is caused by conflict between OpenSSL and YaSSL used in
    MySQL binary builds.
    As far as I know, it is fixed in latest MySQL versions.
    Another solution is to rebuild MySQL from sources.
    Anyway, we cannot fix a problem in MySQL.

    ------------------------------------------------------------------------

    [2007-01-25 09:48:44] schotte at mayflower dot de

    './configure' '--with-apxs=/usr/local/apache_9090/bin/apxs'
    '--with-mysql=/usr/local/mysql' '--with-freetype-dir=/usr/lib'
    '--with-ttf=/usr/lib' '--with-zlib' '--with-gd' '--with-gettext'
    '--with-kerberos' '--enable-track-vars=yes' '--enable-sysvshm=yes'
    '--enable-sysvsem=yes' '--with-jpeg-dir=/usr/lib' '--with-png'
    '--with-config-file-path=/usr/local/etc/9090' '--without-ldap'
    '--with-ttf=yes' '--enable-sigchild' '--enable-calendar'
    '--enable-memory-limit' '--enable-debug'
    '--prefix=/usr/local/php-5.2.0_9090' '--with-openssl'


    mysql_version.h tells me:

    #define MYSQL_SERVER_VERSION "5.0.27"
    #define MYSQL_BASE_VERSION "mysqld-5.0"

    ------------------------------------------------------------------------

    [2007-01-25 09:45:01] [email]tony2001php.net[/email]

    What configure line did you use? Did you enable MySQL?

    ------------------------------------------------------------------------

    [2007-01-25 09:38:11] schotte at mayflower dot de

    Regarding 64-bit: the same code works without any problems on a 32-bit
    machine.

    ------------------------------------------------------------------------

    [2007-01-25 09:37:13] schotte at mayflower dot de

    PHP was compiled with --enable-debug and --with-openssl which linked to
    OpenSSL from 0.9.7 up to the most actual 0.9.8d version.

    ------------------------------------------------------------------------

    The remainder of the comments for this report are too long. To view
    the rest of the comments, please view the bug report online at
    [url]http://bugs.php.net/40232[/url]

    --
    Edit this bug report at [url]http://bugs.php.net/?id=40232&edit=1[/url]
    schotte at mayflower dot de Guest

  8. #8

    Default #40232 [Opn->Fbk]: Apache segfaults when using openssl_pkcs7_encrypt()

    ID: 40232
    Updated by: [email]tony2001php.net[/email]
    Reported By: schotte at mayflower dot de
    -Status: Open
    +Status: Feedback
    Bug Type: Reproducible crash
    Operating System: RedHat Linux 3.4.4-2 64-bit
    PHP Version: 5.2.0
    New Comment:

    ldd /path/to/libphp5.so


    Previous Comments:
    ------------------------------------------------------------------------

    [2007-01-26 12:45:59] schotte at mayflower dot de

    We compiled PHP without MySQL (--without-mysql) and using Oracle
    instead. It did not help, same backtrace:

    #0 0x0000000000534ec9 in BN_BLINDING_free ()
    No symbol table info available.
    #1 0x00000000004ef35b in RSA_free ()
    No symbol table info available.
    #2 0x00000000004fefe6 in EVP_PKEY_free ()
    No symbol table info available.
    #3 0x000000000054b91f in pubkey_cb ()
    No symbol table info available.
    #4 0x00000000005066d7 in asn1_item_combine_free ()
    No symbol table info available.
    #5 0x0000000000506955 in asn1_item_combine_free ()
    No symbol table info available.
    #6 0x0000000000506955 in asn1_item_combine_free ()
    No symbol table info available.
    #7 0x0000000000506a72 in ASN1_item_free ()
    No symbol table info available.
    #8 0x00000000004f7acb in sk_pop_free ()
    No symbol table info available.
    #9 0x0000002a95783792 in zif_openssl_pkcs7_encrypt (ht=5,
    return_value=0x2a9e269078, return_value_ptr=0x0, this_ptr=0x0,
    return_value_used=1)
    at
    /usr/local/src/lamp-test/php-5.2.0_9090/ext/openssl/openssl.c:2654
    zrecipcerts = (zval **) 0x2a9e30d1d8
    zheaders = (zval *) 0x2a9e2f5320
    recipcerts = (STACK *) 0x9a0340
    infile = (BIO *) 0x9427f0
    outfile = (BIO *) 0x9a15b0
    flags = 0
    p7 = (PKCS7 *) 0x9a3490
    hpos = 0x0
    zcertval = (zval **) 0x60
    cert = (X509 *) 0x9a1630
    cipher = (const EVP_CIPHER *) 0x595de0
    cipherid = 0
    strindexlen = 42
    intindex = 96
    strindex = 0xf15cdbf00000008 <Address 0xf15cdbf00000008 out of
    bounds>
    infilename = 0x2a9afd8db8
    "/home/web/htdocs/temp/eby_17971241774001_encode_infile_0020.txt"
    infilename_len = 63
    outfilename = 0x2a9e268580
    "/home/web/htdocs/temp/eby_17971241774001_encode_outfile_0020.txt"
    outfilename_len = 64
    #10 0x0000002a95a76b0a in zend_do_fcall_common_helper_SPEC
    (execute_data=0x7fbffd8580) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:200
    return_reference = 0 '\0'
    opline = (zend_op *) 0x2a9b1b23b8
    original_return_value = (zval **) 0xd08dc427f1498234
    current_scope = (zend_class_entry *) 0x0
    current_this = (zval *) 0x0
    return_value_used = 1
    should_change_scope = 0 '\0'
    ctor_opline = (zend_op *) 0x2a95a5e3d0
    #11 0x0000002a95a7c74f in ZEND_DO_FCALL_SPEC_CONST_HANDLER
    (execute_data=0x7fbffd8580) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:1681
    opline = (zend_op *) 0x2a9b1b23b8
    fname = (zval *) 0x2a9b1b23e8
    #12 0x0000002a95a765a2 in execute (op_array=0x91fb30) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:92
    execute_data = {opline = 0x2a9b1b23b8, function_state =
    {function_symbol_table = 0x2a9e38d078, function = 0x803ed0, reserved =
    {0x0, 0x7fbffd86b0, 0x2a95a4b9d9,
    0x7fbffd85e0}}, fbc = 0x0, op_array = 0x91fb30, object = 0x0, Ts
    = 0x7fbffd7710, CVs = 0x7fbffd76b0, original_in_execution = 1 '\001',
    symbol_table = 0x2a9b4b5608,
    prev_execute_data = 0x7fbffd8fb0, old_error_reporting = 0x0}
    #13 0x0000002a95a76caf in zend_do_fcall_common_helper_SPEC
    (execute_data=0x7fbffd8fb0) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:234
    opline = (zend_op *) 0x2a9b1e41e8
    original_return_value = (zval **) 0x7fbffdc0d0
    current_scope = (zend_class_entry *) 0x0
    current_this = (zval *) 0x0
    return_value_used = 1
    should_change_scope = 1 '\001'
    ctor_opline = (zend_op *) 0x2a95a5e3d0
    ---Type <return> to continue, or q <return> to quit---
    #14 0x0000002a95a7c74f in ZEND_DO_FCALL_SPEC_CONST_HANDLER
    (execute_data=0x7fbffd8fb0) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:1681
    opline = (zend_op *) 0x2a9b1e41e8
    fname = (zval *) 0x2a9b1e4218
    #15 0x0000002a95a765a2 in execute (op_array=0x920070) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:92
    execute_data = {opline = 0x2a9b1e41e8, function_state =
    {function_symbol_table = 0x2a9b4b5608, function = 0x91fb30, reserved =
    {0x73a040, 0x2a9e2de880, 0x739e20,
    0x7fbffd90b0}}, fbc = 0x0, op_array = 0x920070, object = 0x0, Ts
    = 0x7fbffd87a0, CVs = 0x7fbffd8740, original_in_execution = 1 '\001',
    symbol_table = 0x2a9b46b790,
    prev_execute_data = 0x7fbffdd300, old_error_reporting = 0x0}
    #16 0x0000002a95a76caf in zend_do_fcall_common_helper_SPEC
    (execute_data=0x7fbffdd300) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:234
    opline = (zend_op *) 0x2a974f6370
    original_return_value = (zval **) 0x7fbffe98c0
    current_scope = (zend_class_entry *) 0x0
    current_this = (zval *) 0x0
    return_value_used = 1
    should_change_scope = 1 '\001'
    ctor_opline = (zend_op *) 0x2a95d616e0
    #17 0x0000002a95a77864 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER
    (execute_data=0x7fbffdd300) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:322
    No locals.
    #18 0x0000002a95a765a2 in execute (op_array=0x91cec0) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:92
    execute_data = {opline = 0x2a974f6370, function_state =
    {function_symbol_table = 0x2a9b46b790, function = 0x920070, reserved =
    {0x2a95a77d61, 0x2a9e38ebd9,
    0x100000058, 0x0}}, fbc = 0x920070, op_array = 0x91cec0, object =
    0x0, Ts = 0x7fbffd9300, CVs = 0x7fbffd9160, original_in_execution = 1
    '\001',
    symbol_table = 0x2a9afd75d0, prev_execute_data = 0x7fbffe9f30,
    old_error_reporting = 0x0}
    #19 0x0000002a95a76caf in zend_do_fcall_common_helper_SPEC
    (execute_data=0x7fbffe9f30) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:234
    opline = (zend_op *) 0x2a974b0380
    original_return_value = (zval **) 0x7fbffeb2f8
    current_scope = (zend_class_entry *) 0x0
    current_this = (zval *) 0x0
    return_value_used = 1
    should_change_scope = 1 '\001'
    ctor_opline = (zend_op *) 0x2a95d616e0
    #20 0x0000002a95a77864 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER
    (execute_data=0x7fbffe9f30) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:322
    No locals.
    #21 0x0000002a95a765a2 in execute (op_array=0x91cd70) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:92
    execute_data = {opline = 0x2a974b0380, function_state =
    {function_symbol_table = 0x2a9afd75d0, function = 0x91cec0, reserved =
    {0x19f95a3f610, 0x2a95b90948,
    0x9500739e20, 0x2a9b46e2a0}}, fbc = 0x91cec0, op_array =
    0x91cd70, object = 0x0, Ts = 0x7fbffdd680, CVs = 0x7fbffdd4b0,
    original_in_execution = 1 '\001',
    symbol_table = 0x2a9afd6e58, prev_execute_data = 0x7fbffeb740,
    old_error_reporting = 0x0}
    #22 0x0000002a95a76caf in zend_do_fcall_common_helper_SPEC
    (execute_data=0x7fbffeb740) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:234
    opline = (zend_op *) 0x2a9ad775e8
    original_return_value = (zval **) 0x7fbffec230
    current_scope = (zend_class_entry *) 0x0
    current_this = (zval *) 0x0
    return_value_used = 0
    should_change_scope = 1 '\001'
    ctor_opline = (zend_op *) 0x2a95a5e3d0
    #23 0x0000002a95a7c74f in ZEND_DO_FCALL_SPEC_CONST_HANDLER
    (execute_data=0x7fbffeb740) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:1681
    opline = (zend_op *) 0x2a9ad775e8
    fname = (zval *) 0x2a9ad77618
    #24 0x0000002a95a765a2 in execute (op_array=0x77a930) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:92
    execute_data = {opline = 0x2a9ad775e8, function_state =
    {function_symbol_table = 0x2a9afd6e58, function = 0x91cd70, reserved =
    {0x2a95b91a30, 0x2dbffeb870,
    0x2a95b94dc8, 0x8}}, fbc = 0x0, op_array = 0x77a930, object =
    0x0, Ts = 0x7fbffea1c0, CVs = 0x7fbffea0f0, original_in_execution = 1
    '\001',
    symbol_table = 0x2a9aca26e0, prev_execute_data = 0x7fbfff6b00,
    old_error_reporting = 0x0}
    #25 0x0000002a95a76caf in zend_do_fcall_common_helper_SPEC
    (execute_data=0x7fbfff6b00) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:234
    opline = (zend_op *) 0x2a9e31a210
    original_return_value = (zval **) 0x7fbfffa1c8
    current_scope = (zend_class_entry *) 0x0
    current_this = (zval *) 0x0
    return_value_used = 1
    should_change_scope = 1 '\001'
    ctor_opline = (zend_op *) 0x2a95a5e3d0
    #26 0x0000002a95a7c74f in ZEND_DO_FCALL_SPEC_CONST_HANDLER
    (execute_data=0x7fbfff6b00) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:1681
    opline = (zend_op *) 0x2a9e31a210
    fname = (zval *) 0x2a9e31a240
    #27 0x0000002a95a765a2 in execute (op_array=0x2a970f33b8) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:92
    execute_data = {opline = 0x2a9e31a210, function_state =
    {function_symbol_table = 0x2a9aca26e0, function = 0x77a930, reserved =
    {0x2a970f34a8, 0x2a9c9c1758,
    ---Type <return> to continue, or q <return> to quit---
    0x2a970f3378, 0xbfff6b05}}, fbc = 0x0, op_array = 0x2a970f33b8,
    object = 0x0, Ts = 0x7fbffebc10, CVs = 0x7fbffeb900,
    original_in_execution = 1 '\001',
    symbol_table = 0x2a95d61868, prev_execute_data = 0x7fbfffa200,
    old_error_reporting = 0x0}
    #28 0x0000002a95a834a5 in ZEND_INCLUDE_OR_EVAL_SPEC_TMP_HANDLER
    (execute_data=0x7fbfffa200) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:4572
    saved_object = (zval *) 0x0
    saved_function = (zend_function *) 0x2a970ef6d8
    opline = (zend_op *) 0x2a97123828
    new_op_array = (zend_op_array *) 0x2a970f33b8
    original_return_value = (zval **) 0x7fbfffb540
    return_value_used = 0
    free_op1 = {var = 0x7fbfffa198}
    inc_filename = (zval *) 0x7fbfffa198
    tmp_inc_filename = {value = {lval = 182900575688, dval =
    9.0364891052027516e-313, str = {
    val = 0x2a95b94dc8
    "/usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_variables.h", len =
    -1073766032}, ht = 0x2a95b94dc8, obj = {handle = 2511949256,
    handlers = 0x7fbfffa170}}, refcount = 3221191808, type = 127
    '\177', is_ref = 0 '\0'}
    failure_retval = 0 '\0'
    #29 0x0000002a95a765a2 in execute (op_array=0x2a970ef6d8) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:92
    execute_data = {opline = 0x2a97123828, function_state =
    {function_symbol_table = 0x2a9aca26e0, function = 0x2a970f33b8,
    reserved = {0x774348, 0x774354,
    0x2a00000001, 0x7fbfffa205}}, fbc = 0x0, op_array = 0x2a970ef6d8,
    object = 0x0, Ts = 0x7fbfff7d30, CVs = 0x7fbfff7ce0,
    original_in_execution = 1 '\001',
    symbol_table = 0x2a95d61868, prev_execute_data = 0x7fbfffb570,
    old_error_reporting = 0x0}
    #30 0x0000002a95a834a5 in ZEND_INCLUDE_OR_EVAL_SPEC_TMP_HANDLER
    (execute_data=0x7fbfffb570) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:4572
    saved_object = (zval *) 0x0
    saved_function = (zend_function *) 0x2a970eca30
    opline = (zend_op *) 0x2a970ed150
    new_op_array = (zend_op_array *) 0x2a970ef6d8
    original_return_value = (zval **) 0x7fbfffc7f0
    return_value_used = 0
    free_op1 = {var = 0x7fbfffb510}
    inc_filename = (zval *) 0x7fbfffb510
    tmp_inc_filename = {value = {lval = 182900575688, dval =
    9.0364891052027516e-313, str = {
    val = 0x2a95b94dc8
    "/usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_variables.h", len =
    -1073761048}, ht = 0x2a95b94dc8, obj = {handle = 2511949256,
    handlers = 0x7fbfffb4e8}}, refcount = 3221205888, type = 127
    '\177', is_ref = 0 '\0'}
    failure_retval = 0 '\0'
    #31 0x0000002a95a765a2 in execute (op_array=0x2a970eca30) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:92
    execute_data = {opline = 0x2a970ed150, function_state =
    {function_symbol_table = 0x0, function = 0x2a970ef6d8, reserved =
    {0x2a970ebc58, 0xbfffb5d0, 0x0,
    0x807bfffb505}}, fbc = 0x0, op_array = 0x2a970eca30, object =
    0x0, Ts = 0x7fbfffb420, CVs = 0x7fbfffb3e0, original_in_execution = 1
    '\001',
    symbol_table = 0x2a95d61868, prev_execute_data = 0x7fbfffc820,
    old_error_reporting = 0x0}
    #32 0x0000002a95a7d655 in ZEND_INCLUDE_OR_EVAL_SPEC_CONST_HANDLER
    (execute_data=0x7fbfffc820) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:2033
    saved_object = (zval *) 0x0
    saved_function = (zend_function *) 0x2a970ebbb8
    opline = (zend_op *) 0x2a970ec438
    new_op_array = (zend_op_array *) 0x2a970eca30
    original_return_value = (zval **) 0x7fbfffc9b8
    return_value_used = 0
    inc_filename = (zval *) 0x2a970ec468
    tmp_inc_filename = {value = {lval = 182922953744, dval =
    9.0375947280717828e-313, str = {val = 0x2a970ec410 "�\004\017\227*",
    len = -1760639992},
    ht = 0x2a970ec410, obj = {handle = 2534327312, handlers =
    0x2a970ec408}}, refcount = 2534327272, type = 42 '*', is_ref = 0 '\0'}
    failure_retval = 0 '\0'
    #33 0x0000002a95a765a2 in execute (op_array=0x2a970ebbb8) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:92
    execute_data = {opline = 0x2a970ec438, function_state =
    {function_symbol_table = 0x0, function = 0x2a970eca30, reserved =
    {0x6395a23674, 0x2a95b91100,
    0x2a970ec0a0, 0x7fbfffc890}}, fbc = 0x0, op_array = 0x2a970ebbb8,
    object = 0x0, Ts = 0x7fbfffc770, CVs = 0x7fbfffc740,
    original_in_execution = 0 '\0',
    symbol_table = 0x2a95d61868, prev_execute_data = 0x0,
    old_error_reporting = 0x0}
    #34 0x0000002a95a50c61 in zend_execute_scripts (type=8, retval=0x0,
    file_count=3) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend.c:1097
    files = {{gp_offset = 40, fp_offset = 48, overflow_arg_area =
    0x7fbfffcaf0, reg_save_area = 0x7fbfffca20}}
    i = 1
    file_handle = (zend_file_handle *) 0x7fbfffee20
    orig_op_array = (zend_op_array *) 0x0
    orig_retval_ptr_ptr = (zval **) 0x0
    local_retval = (zval *) 0x0
    #35 0x0000002a959f7b82 in php_execute_script
    (primary_file=0x7fbfffee20) at
    /usr/local/src/lamp-test/php-5.2.0_9090/main/main.c:1758
    realfile = "
    p\v\233*\000\000\000��p\000\000\000\000\000� ���\177\000\000\000\200\034V\000\000\000\000 \000���\177",
    '\0' <repeats 27 times>, "
    ���\177\000\000\000��\022s\001\000\000\0 00���\177",
    '\0' <repeats 19 times>,
    "��p\000\000\000\000\000\204�\017\227*\000\0 00\000\200\034V\000\001",
    '\0' <repeats 11 times>,
    "�\017\227*\000\000\0000\032�\225*\000\000\00 0N\000\000#\000\000\000\2204C\227*\000\000\000x\2 37s\000\000\000\000\000\220�\017\227*\000\000\00 0
    \236s\000\000\000\000\000p���\177\000\000\00 0��\225*\000\000\000$\000\000\000*\000\000\000 ��p\000\000\000\000\000���"...
    ---Type <return> to continue, or q <return> to quit---
    __orig_bailout = (jmp_buf *) 0x7fbfffef80
    __bailout = {{__jmpbuf = {7401680, 548682067184, 5643392,
    548682069056, 0, 0, 548682058480, 182898882860}, __mask_was_saved = 0,
    __saved_mask = {__val = {
    182902444560, 548682066848, 182896477906, 353, 4294967324,
    548682066880, 182899278338, 182900567152, 8406784, 548682066928,
    182899301238, 72057776938381216, 0,
    182899278284, 182902463424, 548682066944}}}}
    prepend_file_p = (zend_file_handle *) 0x0
    append_file_p = (zend_file_handle *) 0x0
    prepend_file = {type = 0 '\0', filename = 0x0, opened_path =
    0x0, handle = {fd = 0, fp = 0x0, stream = {handle = 0x0, reader = 0,
    closer = 0, fteller = 0,
    interactive = 0}}, free_filename = 0 '\0'}
    append_file = {type = 0 '\0', filename = 0x0, opened_path =
    0x0, handle = {fd = 0, fp = 0x0, stream = {handle = 0x0, reader = 0,
    closer = 0, fteller = 0,
    interactive = 0}}, free_filename = 0 '\0'}
    old_cwd = 0x7fbfffcb10 "/usr/local/apache_9090/bin"
    retval = 0
    #36 0x0000002a95ac7b9f in apache_php_module_main (r=0x70f0d0,
    display_source_mode=0) at
    /usr/local/src/lamp-test/php-5.2.0_9090/sapi/apache/sapi_apache.c:53
    retval = 0
    file_handle = {type = 5 '\005', filename = 0x774700
    "//usr/local/apache_9090/htdocs/pages.eby/eds.php",
    opened_path = 0x2a970ebce8
    "config;service;eds;contact;shop;support;check ", handle = {fd =
    -1760641432, fp = 0x2a970ebe68, stream = {handle = 0x2a970ebe68,
    reader = 0x2a95a0d5be <_php_stream_read>, closer = 0x2a959f5f08
    <stream_closer_for_zend>, fteller = 0x2a959f5f24
    <stream_fteller_for_zend>, interactive = 0}},
    free_filename = 0 '\0'}
    #37 0x0000002a95ac8b25 in send_php (r=0x70f0d0, display_source_mode=0,
    filename=0x774700 "//usr/local/apache_9090/htdocs/pages.eby/eds.php")
    at
    /usr/local/src/lamp-test/php-5.2.0_9090/sapi/apache/mod_php5.c:660
    __orig_bailout = (jmp_buf *) 0x0
    __bailout = {{__jmpbuf = {0, 548682068208, 5643392,
    548682069056, 0, 0, 548682067600, 182899738907}, __mask_was_saved = 0,
    __saved_mask = {__val = {7401608,
    7817760, 0, 5683212, 7817800, 0, 651061555542690057,
    548682068096, 4530537, 1, 7817736, 7817008, 7401608, 7817736, 7404312,
    548682068096}}}}
    retval = 0
    per_dir_conf = (HashTable *) 0x734920
    #38 0x0000002a95ac8b81 in send_pd_php (r=0x70f0d0) at
    /usr/local/src/lamp-test/php-5.2.0_9090/sapi/apache/mod_php5.c:675
    result = 127
    #39 0x000000000048ce58 in ap_invoke_handler ()
    No symbol table info available.
    #40 0x00000000004a4cc2 in process_request_internal ()
    No symbol table info available.
    #41 0x00000000004a4d17 in ap_process_request ()
    No symbol table info available.
    #42 0x000000000049af7a in child_main ()
    No symbol table info available.
    #43 0x000000000049b1ae in make_child ()
    No symbol table info available.
    #44 0x000000000049b32d in startup_children ()
    No symbol table info available.
    #45 0x000000000049ba2e in standalone_main ()
    No symbol table info available.
    #46 0x000000000049c22b in main ()
    No symbol table info available.

    ------------------------------------------------------------------------

    The remainder of the comments for this report are too long. To view
    the rest of the comments, please view the bug report online at
    [url]http://bugs.php.net/40232[/url]

    --
    Edit this bug report at [url]http://bugs.php.net/?id=40232&edit=1[/url]
    tony2001@php.net Guest

  9. #9

    Default #40232 [Fbk->Opn]: Apache segfaults when using openssl_pkcs7_encrypt()

    ID: 40232
    User updated by: schotte at mayflower dot de
    Reported By: schotte at mayflower dot de
    -Status: Feedback
    +Status: Open
    Bug Type: Reproducible crash
    Operating System: RedHat Linux 3.4.4-2 64-bit
    PHP Version: 5.2.0
    New Comment:

    ldd libphp5.so:

    libcrypt.so.1 => /lib64/libcrypt.so.1 (0x0000002a95c3c000)
    librt.so.1 => /lib64/tls/librt.so.1 (0x0000002a95d70000)
    libfreetype.so.6 => /usr/lib64/libfreetype.so.6
    (0x0000002a95e8a000)
    libpng12.so.0 => /usr/lib64/libpng12.so.0 (0x0000002a96015000)
    libz.so.1 => /usr/lib64/libz.so.1 (0x0000002a9613c000)
    libjpeg.so.62 => /usr/lib64/libjpeg.so.62 (0x0000002a9624f000)
    libresolv.so.2 => /lib64/libresolv.so.2 (0x0000002a96371000)
    libm.so.6 => /lib64/tls/libm.so.6 (0x0000002a96486000)
    libdl.so.2 => /lib64/libdl.so.2 (0x0000002a9660c000)
    libnsl.so.1 => /lib64/libnsl.so.1 (0x0000002a96710000)
    libssl.so.4 => /lib64/libssl.so.4 (0x0000002a96827000)
    libcrypto.so.4 => /lib64/libcrypto.so.4 (0x0000002a96963000)
    libgssapi_krb5.so.2 => /usr/lib64/libgssapi_krb5.so.2
    (0x0000002a96b93000)
    libkrb5.so.3 => /usr/lib64/libkrb5.so.3 (0x0000002a96ca9000)
    libcom_err.so.2 => /lib64/libcom_err.so.2 (0x0000002a96e1a000)
    libk5crypto.so.3 => /usr/lib64/libk5crypto.so.3
    (0x0000002a96f1d000)
    libclntsh.so.10.1 => /ora10/client/lib/libclntsh.so.10.1
    (0x0000002a97040000)
    libxml2.so.2 => /usr/lib64/libxml2.so.2 (0x0000002a9838e000)
    libc.so.6 => /lib64/tls/libc.so.6 (0x0000002a9859d000)
    libpthread.so.0 => /lib64/tls/libpthread.so.0
    (0x0000002a987d0000)
    /lib64/ld-linux-x86-64.so.2 (0x000000552aaaa000)
    libnnz10.so => /ora10/client/lib/libnnz10.so
    (0x0000002a988e6000)


    Previous Comments:
    ------------------------------------------------------------------------

    [2007-01-26 12:51:37] [email]tony2001php.net[/email]

    ldd /path/to/libphp5.so

    ------------------------------------------------------------------------

    [2007-01-26 12:45:59] schotte at mayflower dot de

    We compiled PHP without MySQL (--without-mysql) and using Oracle
    instead. It did not help, same backtrace:

    #0 0x0000000000534ec9 in BN_BLINDING_free ()
    No symbol table info available.
    #1 0x00000000004ef35b in RSA_free ()
    No symbol table info available.
    #2 0x00000000004fefe6 in EVP_PKEY_free ()
    No symbol table info available.
    #3 0x000000000054b91f in pubkey_cb ()
    No symbol table info available.
    #4 0x00000000005066d7 in asn1_item_combine_free ()
    No symbol table info available.
    #5 0x0000000000506955 in asn1_item_combine_free ()
    No symbol table info available.
    #6 0x0000000000506955 in asn1_item_combine_free ()
    No symbol table info available.
    #7 0x0000000000506a72 in ASN1_item_free ()
    No symbol table info available.
    #8 0x00000000004f7acb in sk_pop_free ()
    No symbol table info available.
    #9 0x0000002a95783792 in zif_openssl_pkcs7_encrypt (ht=5,
    return_value=0x2a9e269078, return_value_ptr=0x0, this_ptr=0x0,
    return_value_used=1)
    at
    /usr/local/src/lamp-test/php-5.2.0_9090/ext/openssl/openssl.c:2654
    zrecipcerts = (zval **) 0x2a9e30d1d8
    zheaders = (zval *) 0x2a9e2f5320
    recipcerts = (STACK *) 0x9a0340
    infile = (BIO *) 0x9427f0
    outfile = (BIO *) 0x9a15b0
    flags = 0
    p7 = (PKCS7 *) 0x9a3490
    hpos = 0x0
    zcertval = (zval **) 0x60
    cert = (X509 *) 0x9a1630
    cipher = (const EVP_CIPHER *) 0x595de0
    cipherid = 0
    strindexlen = 42
    intindex = 96
    strindex = 0xf15cdbf00000008 <Address 0xf15cdbf00000008 out of
    bounds>
    infilename = 0x2a9afd8db8
    "/home/web/htdocs/temp/eby_17971241774001_encode_infile_0020.txt"
    infilename_len = 63
    outfilename = 0x2a9e268580
    "/home/web/htdocs/temp/eby_17971241774001_encode_outfile_0020.txt"
    outfilename_len = 64
    #10 0x0000002a95a76b0a in zend_do_fcall_common_helper_SPEC
    (execute_data=0x7fbffd8580) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:200
    return_reference = 0 '\0'
    opline = (zend_op *) 0x2a9b1b23b8
    original_return_value = (zval **) 0xd08dc427f1498234
    current_scope = (zend_class_entry *) 0x0
    current_this = (zval *) 0x0
    return_value_used = 1
    should_change_scope = 0 '\0'
    ctor_opline = (zend_op *) 0x2a95a5e3d0
    #11 0x0000002a95a7c74f in ZEND_DO_FCALL_SPEC_CONST_HANDLER
    (execute_data=0x7fbffd8580) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:1681
    opline = (zend_op *) 0x2a9b1b23b8
    fname = (zval *) 0x2a9b1b23e8
    #12 0x0000002a95a765a2 in execute (op_array=0x91fb30) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:92
    execute_data = {opline = 0x2a9b1b23b8, function_state =
    {function_symbol_table = 0x2a9e38d078, function = 0x803ed0, reserved =
    {0x0, 0x7fbffd86b0, 0x2a95a4b9d9,
    0x7fbffd85e0}}, fbc = 0x0, op_array = 0x91fb30, object = 0x0, Ts
    = 0x7fbffd7710, CVs = 0x7fbffd76b0, original_in_execution = 1 '\001',
    symbol_table = 0x2a9b4b5608,
    prev_execute_data = 0x7fbffd8fb0, old_error_reporting = 0x0}
    #13 0x0000002a95a76caf in zend_do_fcall_common_helper_SPEC
    (execute_data=0x7fbffd8fb0) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:234
    opline = (zend_op *) 0x2a9b1e41e8
    original_return_value = (zval **) 0x7fbffdc0d0
    current_scope = (zend_class_entry *) 0x0
    current_this = (zval *) 0x0
    return_value_used = 1
    should_change_scope = 1 '\001'
    ctor_opline = (zend_op *) 0x2a95a5e3d0
    ---Type <return> to continue, or q <return> to quit---
    #14 0x0000002a95a7c74f in ZEND_DO_FCALL_SPEC_CONST_HANDLER
    (execute_data=0x7fbffd8fb0) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:1681
    opline = (zend_op *) 0x2a9b1e41e8
    fname = (zval *) 0x2a9b1e4218
    #15 0x0000002a95a765a2 in execute (op_array=0x920070) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:92
    execute_data = {opline = 0x2a9b1e41e8, function_state =
    {function_symbol_table = 0x2a9b4b5608, function = 0x91fb30, reserved =
    {0x73a040, 0x2a9e2de880, 0x739e20,
    0x7fbffd90b0}}, fbc = 0x0, op_array = 0x920070, object = 0x0, Ts
    = 0x7fbffd87a0, CVs = 0x7fbffd8740, original_in_execution = 1 '\001',
    symbol_table = 0x2a9b46b790,
    prev_execute_data = 0x7fbffdd300, old_error_reporting = 0x0}
    #16 0x0000002a95a76caf in zend_do_fcall_common_helper_SPEC
    (execute_data=0x7fbffdd300) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:234
    opline = (zend_op *) 0x2a974f6370
    original_return_value = (zval **) 0x7fbffe98c0
    current_scope = (zend_class_entry *) 0x0
    current_this = (zval *) 0x0
    return_value_used = 1
    should_change_scope = 1 '\001'
    ctor_opline = (zend_op *) 0x2a95d616e0
    #17 0x0000002a95a77864 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER
    (execute_data=0x7fbffdd300) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:322
    No locals.
    #18 0x0000002a95a765a2 in execute (op_array=0x91cec0) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:92
    execute_data = {opline = 0x2a974f6370, function_state =
    {function_symbol_table = 0x2a9b46b790, function = 0x920070, reserved =
    {0x2a95a77d61, 0x2a9e38ebd9,
    0x100000058, 0x0}}, fbc = 0x920070, op_array = 0x91cec0, object =
    0x0, Ts = 0x7fbffd9300, CVs = 0x7fbffd9160, original_in_execution = 1
    '\001',
    symbol_table = 0x2a9afd75d0, prev_execute_data = 0x7fbffe9f30,
    old_error_reporting = 0x0}
    #19 0x0000002a95a76caf in zend_do_fcall_common_helper_SPEC
    (execute_data=0x7fbffe9f30) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:234
    opline = (zend_op *) 0x2a974b0380
    original_return_value = (zval **) 0x7fbffeb2f8
    current_scope = (zend_class_entry *) 0x0
    current_this = (zval *) 0x0
    return_value_used = 1
    should_change_scope = 1 '\001'
    ctor_opline = (zend_op *) 0x2a95d616e0
    #20 0x0000002a95a77864 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER
    (execute_data=0x7fbffe9f30) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:322
    No locals.
    #21 0x0000002a95a765a2 in execute (op_array=0x91cd70) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:92
    execute_data = {opline = 0x2a974b0380, function_state =
    {function_symbol_table = 0x2a9afd75d0, function = 0x91cec0, reserved =
    {0x19f95a3f610, 0x2a95b90948,
    0x9500739e20, 0x2a9b46e2a0}}, fbc = 0x91cec0, op_array =
    0x91cd70, object = 0x0, Ts = 0x7fbffdd680, CVs = 0x7fbffdd4b0,
    original_in_execution = 1 '\001',
    symbol_table = 0x2a9afd6e58, prev_execute_data = 0x7fbffeb740,
    old_error_reporting = 0x0}
    #22 0x0000002a95a76caf in zend_do_fcall_common_helper_SPEC
    (execute_data=0x7fbffeb740) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:234
    opline = (zend_op *) 0x2a9ad775e8
    original_return_value = (zval **) 0x7fbffec230
    current_scope = (zend_class_entry *) 0x0
    current_this = (zval *) 0x0
    return_value_used = 0
    should_change_scope = 1 '\001'
    ctor_opline = (zend_op *) 0x2a95a5e3d0
    #23 0x0000002a95a7c74f in ZEND_DO_FCALL_SPEC_CONST_HANDLER
    (execute_data=0x7fbffeb740) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:1681
    opline = (zend_op *) 0x2a9ad775e8
    fname = (zval *) 0x2a9ad77618
    #24 0x0000002a95a765a2 in execute (op_array=0x77a930) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:92
    execute_data = {opline = 0x2a9ad775e8, function_state =
    {function_symbol_table = 0x2a9afd6e58, function = 0x91cd70, reserved =
    {0x2a95b91a30, 0x2dbffeb870,
    0x2a95b94dc8, 0x8}}, fbc = 0x0, op_array = 0x77a930, object =
    0x0, Ts = 0x7fbffea1c0, CVs = 0x7fbffea0f0, original_in_execution = 1
    '\001',
    symbol_table = 0x2a9aca26e0, prev_execute_data = 0x7fbfff6b00,
    old_error_reporting = 0x0}
    #25 0x0000002a95a76caf in zend_do_fcall_common_helper_SPEC
    (execute_data=0x7fbfff6b00) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:234
    opline = (zend_op *) 0x2a9e31a210
    original_return_value = (zval **) 0x7fbfffa1c8
    current_scope = (zend_class_entry *) 0x0
    current_this = (zval *) 0x0
    return_value_used = 1
    should_change_scope = 1 '\001'
    ctor_opline = (zend_op *) 0x2a95a5e3d0
    #26 0x0000002a95a7c74f in ZEND_DO_FCALL_SPEC_CONST_HANDLER
    (execute_data=0x7fbfff6b00) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:1681
    opline = (zend_op *) 0x2a9e31a210
    fname = (zval *) 0x2a9e31a240
    #27 0x0000002a95a765a2 in execute (op_array=0x2a970f33b8) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:92
    execute_data = {opline = 0x2a9e31a210, function_state =
    {function_symbol_table = 0x2a9aca26e0, function = 0x77a930, reserved =
    {0x2a970f34a8, 0x2a9c9c1758,
    ---Type <return> to continue, or q <return> to quit---
    0x2a970f3378, 0xbfff6b05}}, fbc = 0x0, op_array = 0x2a970f33b8,
    object = 0x0, Ts = 0x7fbffebc10, CVs = 0x7fbffeb900,
    original_in_execution = 1 '\001',
    symbol_table = 0x2a95d61868, prev_execute_data = 0x7fbfffa200,
    old_error_reporting = 0x0}
    #28 0x0000002a95a834a5 in ZEND_INCLUDE_OR_EVAL_SPEC_TMP_HANDLER
    (execute_data=0x7fbfffa200) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:4572
    saved_object = (zval *) 0x0
    saved_function = (zend_function *) 0x2a970ef6d8
    opline = (zend_op *) 0x2a97123828
    new_op_array = (zend_op_array *) 0x2a970f33b8
    original_return_value = (zval **) 0x7fbfffb540
    return_value_used = 0
    free_op1 = {var = 0x7fbfffa198}
    inc_filename = (zval *) 0x7fbfffa198
    tmp_inc_filename = {value = {lval = 182900575688, dval =
    9.0364891052027516e-313, str = {
    val = 0x2a95b94dc8
    "/usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_variables.h", len =
    -1073766032}, ht = 0x2a95b94dc8, obj = {handle = 2511949256,
    handlers = 0x7fbfffa170}}, refcount = 3221191808, type = 127
    '\177', is_ref = 0 '\0'}
    failure_retval = 0 '\0'
    #29 0x0000002a95a765a2 in execute (op_array=0x2a970ef6d8) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:92
    execute_data = {opline = 0x2a97123828, function_state =
    {function_symbol_table = 0x2a9aca26e0, function = 0x2a970f33b8,
    reserved = {0x774348, 0x774354,
    0x2a00000001, 0x7fbfffa205}}, fbc = 0x0, op_array = 0x2a970ef6d8,
    object = 0x0, Ts = 0x7fbfff7d30, CVs = 0x7fbfff7ce0,
    original_in_execution = 1 '\001',
    symbol_table = 0x2a95d61868, prev_execute_data = 0x7fbfffb570,
    old_error_reporting = 0x0}
    #30 0x0000002a95a834a5 in ZEND_INCLUDE_OR_EVAL_SPEC_TMP_HANDLER
    (execute_data=0x7fbfffb570) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:4572
    saved_object = (zval *) 0x0
    saved_function = (zend_function *) 0x2a970eca30
    opline = (zend_op *) 0x2a970ed150
    new_op_array = (zend_op_array *) 0x2a970ef6d8
    original_return_value = (zval **) 0x7fbfffc7f0
    return_value_used = 0
    free_op1 = {var = 0x7fbfffb510}
    inc_filename = (zval *) 0x7fbfffb510
    tmp_inc_filename = {value = {lval = 182900575688, dval =
    9.0364891052027516e-313, str = {
    val = 0x2a95b94dc8
    "/usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_variables.h", len =
    -1073761048}, ht = 0x2a95b94dc8, obj = {handle = 2511949256,
    handlers = 0x7fbfffb4e8}}, refcount = 3221205888, type = 127
    '\177', is_ref = 0 '\0'}
    failure_retval = 0 '\0'
    #31 0x0000002a95a765a2 in execute (op_array=0x2a970eca30) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:92
    execute_data = {opline = 0x2a970ed150, function_state =
    {function_symbol_table = 0x0, function = 0x2a970ef6d8, reserved =
    {0x2a970ebc58, 0xbfffb5d0, 0x0,
    0x807bfffb505}}, fbc = 0x0, op_array = 0x2a970eca30, object =
    0x0, Ts = 0x7fbfffb420, CVs = 0x7fbfffb3e0, original_in_execution = 1
    '\001',
    symbol_table = 0x2a95d61868, prev_execute_data = 0x7fbfffc820,
    old_error_reporting = 0x0}
    #32 0x0000002a95a7d655 in ZEND_INCLUDE_OR_EVAL_SPEC_CONST_HANDLER
    (execute_data=0x7fbfffc820) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:2033
    saved_object = (zval *) 0x0
    saved_function = (zend_function *) 0x2a970ebbb8
    opline = (zend_op *) 0x2a970ec438
    new_op_array = (zend_op_array *) 0x2a970eca30
    original_return_value = (zval **) 0x7fbfffc9b8
    return_value_used = 0
    inc_filename = (zval *) 0x2a970ec468
    tmp_inc_filename = {value = {lval = 182922953744, dval =
    9.0375947280717828e-313, str = {val = 0x2a970ec410 "�\004\017\227*",
    len = -1760639992},
    ht = 0x2a970ec410, obj = {handle = 2534327312, handlers =
    0x2a970ec408}}, refcount = 2534327272, type = 42 '*', is_ref = 0 '\0'}
    failure_retval = 0 '\0'
    #33 0x0000002a95a765a2 in execute (op_array=0x2a970ebbb8) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:92
    execute_data = {opline = 0x2a970ec438, function_state =
    {function_symbol_table = 0x0, function = 0x2a970eca30, reserved =
    {0x6395a23674, 0x2a95b91100,
    0x2a970ec0a0, 0x7fbfffc890}}, fbc = 0x0, op_array = 0x2a970ebbb8,
    object = 0x0, Ts = 0x7fbfffc770, CVs = 0x7fbfffc740,
    original_in_execution = 0 '\0',
    symbol_table = 0x2a95d61868, prev_execute_data = 0x0,
    old_error_reporting = 0x0}
    #34 0x0000002a95a50c61 in zend_execute_scripts (type=8, retval=0x0,
    file_count=3) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend.c:1097
    files = {{gp_offset = 40, fp_offset = 48, overflow_arg_area =
    0x7fbfffcaf0, reg_save_area = 0x7fbfffca20}}
    i = 1
    file_handle = (zend_file_handle *) 0x7fbfffee20
    orig_op_array = (zend_op_array *) 0x0
    orig_retval_ptr_ptr = (zval **) 0x0
    local_retval = (zval *) 0x0
    #35 0x0000002a959f7b82 in php_execute_script
    (primary_file=0x7fbfffee20) at
    /usr/local/src/lamp-test/php-5.2.0_9090/main/main.c:1758
    realfile = "
    p\v\233*\000\000\000��p\000\000\000\000\000� ���\177\000\000\000\200\034V\000\000\000\000 \000���\177",
    '\0' <repeats 27 times>, "
    ���\177\000\000\000��\022s\001\000\000\0 00���\177",
    '\0' <repeats 19 times>,
    "��p\000\000\000\000\000\204�\017\227*\000\0 00\000\200\034V\000\001",
    '\0' <repeats 11 times>,
    "�\017\227*\000\000\0000\032�\225*\000\000\00 0N\000\000#\000\000\000\2204C\227*\000\000\000x\2 37s\000\000\000\000\000\220�\017\227*\000\000\00 0
    \236s\000\000\000\000\000p���\177\000\000\00 0��\225*\000\000\000$\000\000\000*\000\000\000 ��p\000\000\000\000\000���"...
    ---Type <return> to continue, or q <return> to quit---
    __orig_bailout = (jmp_buf *) 0x7fbfffef80
    __bailout = {{__jmpbuf = {7401680, 548682067184, 5643392,
    548682069056, 0, 0, 548682058480, 182898882860}, __mask_was_saved = 0,
    __saved_mask = {__val = {
    182902444560, 548682066848, 182896477906, 353, 4294967324,
    548682066880, 182899278338, 182900567152, 8406784, 548682066928,
    182899301238, 72057776938381216, 0,
    182899278284, 182902463424, 548682066944}}}}
    prepend_file_p = (zend_file_handle *) 0x0
    append_file_p = (zend_file_handle *) 0x0
    prepend_file = {type = 0 '\0', filename = 0x0, opened_path =
    0x0, handle = {fd = 0, fp = 0x0, stream = {handle = 0x0, reader = 0,
    closer = 0, fteller = 0,
    interactive = 0}}, free_filename = 0 '\0'}
    append_file = {type = 0 '\0', filename = 0x0, opened_path =
    0x0, handle = {fd = 0, fp = 0x0, stream = {handle = 0x0, reader = 0,
    closer = 0, fteller = 0,
    interactive = 0}}, free_filename = 0 '\0'}
    old_cwd = 0x7fbfffcb10 "/usr/local/apache_9090/bin"
    retval = 0
    #36 0x0000002a95ac7b9f in apache_php_module_main (r=0x70f0d0,
    display_source_mode=0) at
    /usr/local/src/lamp-test/php-5.2.0_9090/sapi/apache/sapi_apache.c:53
    retval = 0
    file_handle = {type = 5 '\005', filename = 0x774700
    "//usr/local/apache_9090/htdocs/pages.eby/eds.php",
    opened_path = 0x2a970ebce8
    "config;service;eds;contact;shop;support;check ", handle = {fd =
    -1760641432, fp = 0x2a970ebe68, stream = {handle = 0x2a970ebe68,
    reader = 0x2a95a0d5be <_php_stream_read>, closer = 0x2a959f5f08
    <stream_closer_for_zend>, fteller = 0x2a959f5f24
    <stream_fteller_for_zend>, interactive = 0}},
    free_filename = 0 '\0'}
    #37 0x0000002a95ac8b25 in send_php (r=0x70f0d0, display_source_mode=0,
    filename=0x774700 "//usr/local/apache_9090/htdocs/pages.eby/eds.php")
    at
    /usr/local/src/lamp-test/php-5.2.0_9090/sapi/apache/mod_php5.c:660
    __orig_bailout = (jmp_buf *) 0x0
    __bailout = {{__jmpbuf = {0, 548682068208, 5643392,
    548682069056, 0, 0, 548682067600, 182899738907}, __mask_was_saved = 0,
    __saved_mask = {__val = {7401608,
    7817760, 0, 5683212, 7817800, 0, 651061555542690057,
    548682068096, 4530537, 1, 7817736, 7817008, 7401608, 7817736, 7404312,
    548682068096}}}}
    retval = 0
    per_dir_conf = (HashTable *) 0x734920
    #38 0x0000002a95ac8b81 in send_pd_php (r=0x70f0d0) at
    /usr/local/src/lamp-test/php-5.2.0_9090/sapi/apache/mod_php5.c:675
    result = 127
    #39 0x000000000048ce58 in ap_invoke_handler ()
    No symbol table info available.
    #40 0x00000000004a4cc2 in process_request_internal ()
    No symbol table info available.
    #41 0x00000000004a4d17 in ap_process_request ()
    No symbol table info available.
    #42 0x000000000049af7a in child_main ()
    No symbol table info available.
    #43 0x000000000049b1ae in make_child ()
    No symbol table info available.
    #44 0x000000000049b32d in startup_children ()
    No symbol table info available.
    #45 0x000000000049ba2e in standalone_main ()
    No symbol table info available.
    #46 0x000000000049c22b in main ()
    No symbol table info available.

    ------------------------------------------------------------------------

    The remainder of the comments for this report are too long. To view
    the rest of the comments, please view the bug report online at
    [url]http://bugs.php.net/40232[/url]

    --
    Edit this bug report at [url]http://bugs.php.net/?id=40232&edit=1[/url]
    schotte at mayflower dot de Guest

  10. #10

    Default #40232 [Opn->Fbk]: Apache segfaults when using openssl_pkcs7_encrypt()

    ID: 40232
    Updated by: [email]tony2001php.net[/email]
    Reported By: schotte at mayflower dot de
    -Status: Open
    +Status: Feedback
    Bug Type: Reproducible crash
    Operating System: RedHat Linux 3.4.4-2 64-bit
    PHP Version: 5.2.0
    New Comment:

    Does it work with just ./configure --disable-all --with-opensll ?


    Previous Comments:
    ------------------------------------------------------------------------

    [2007-01-26 13:02:54] schotte at mayflower dot de

    ldd libphp5.so:

    libcrypt.so.1 => /lib64/libcrypt.so.1 (0x0000002a95c3c000)
    librt.so.1 => /lib64/tls/librt.so.1 (0x0000002a95d70000)
    libfreetype.so.6 => /usr/lib64/libfreetype.so.6
    (0x0000002a95e8a000)
    libpng12.so.0 => /usr/lib64/libpng12.so.0 (0x0000002a96015000)
    libz.so.1 => /usr/lib64/libz.so.1 (0x0000002a9613c000)
    libjpeg.so.62 => /usr/lib64/libjpeg.so.62 (0x0000002a9624f000)
    libresolv.so.2 => /lib64/libresolv.so.2 (0x0000002a96371000)
    libm.so.6 => /lib64/tls/libm.so.6 (0x0000002a96486000)
    libdl.so.2 => /lib64/libdl.so.2 (0x0000002a9660c000)
    libnsl.so.1 => /lib64/libnsl.so.1 (0x0000002a96710000)
    libssl.so.4 => /lib64/libssl.so.4 (0x0000002a96827000)
    libcrypto.so.4 => /lib64/libcrypto.so.4 (0x0000002a96963000)
    libgssapi_krb5.so.2 => /usr/lib64/libgssapi_krb5.so.2
    (0x0000002a96b93000)
    libkrb5.so.3 => /usr/lib64/libkrb5.so.3 (0x0000002a96ca9000)
    libcom_err.so.2 => /lib64/libcom_err.so.2 (0x0000002a96e1a000)
    libk5crypto.so.3 => /usr/lib64/libk5crypto.so.3
    (0x0000002a96f1d000)
    libclntsh.so.10.1 => /ora10/client/lib/libclntsh.so.10.1
    (0x0000002a97040000)
    libxml2.so.2 => /usr/lib64/libxml2.so.2 (0x0000002a9838e000)
    libc.so.6 => /lib64/tls/libc.so.6 (0x0000002a9859d000)
    libpthread.so.0 => /lib64/tls/libpthread.so.0
    (0x0000002a987d0000)
    /lib64/ld-linux-x86-64.so.2 (0x000000552aaaa000)
    libnnz10.so => /ora10/client/lib/libnnz10.so
    (0x0000002a988e6000)

    ------------------------------------------------------------------------

    [2007-01-26 12:51:37] [email]tony2001php.net[/email]

    ldd /path/to/libphp5.so

    ------------------------------------------------------------------------

    [2007-01-26 12:45:59] schotte at mayflower dot de

    We compiled PHP without MySQL (--without-mysql) and using Oracle
    instead. It did not help, same backtrace:

    #0 0x0000000000534ec9 in BN_BLINDING_free ()
    No symbol table info available.
    #1 0x00000000004ef35b in RSA_free ()
    No symbol table info available.
    #2 0x00000000004fefe6 in EVP_PKEY_free ()
    No symbol table info available.
    #3 0x000000000054b91f in pubkey_cb ()
    No symbol table info available.
    #4 0x00000000005066d7 in asn1_item_combine_free ()
    No symbol table info available.
    #5 0x0000000000506955 in asn1_item_combine_free ()
    No symbol table info available.
    #6 0x0000000000506955 in asn1_item_combine_free ()
    No symbol table info available.
    #7 0x0000000000506a72 in ASN1_item_free ()
    No symbol table info available.
    #8 0x00000000004f7acb in sk_pop_free ()
    No symbol table info available.
    #9 0x0000002a95783792 in zif_openssl_pkcs7_encrypt (ht=5,
    return_value=0x2a9e269078, return_value_ptr=0x0, this_ptr=0x0,
    return_value_used=1)
    at
    /usr/local/src/lamp-test/php-5.2.0_9090/ext/openssl/openssl.c:2654
    zrecipcerts = (zval **) 0x2a9e30d1d8
    zheaders = (zval *) 0x2a9e2f5320
    recipcerts = (STACK *) 0x9a0340
    infile = (BIO *) 0x9427f0
    outfile = (BIO *) 0x9a15b0
    flags = 0
    p7 = (PKCS7 *) 0x9a3490
    hpos = 0x0
    zcertval = (zval **) 0x60
    cert = (X509 *) 0x9a1630
    cipher = (const EVP_CIPHER *) 0x595de0
    cipherid = 0
    strindexlen = 42
    intindex = 96
    strindex = 0xf15cdbf00000008 <Address 0xf15cdbf00000008 out of
    bounds>
    infilename = 0x2a9afd8db8
    "/home/web/htdocs/temp/eby_17971241774001_encode_infile_0020.txt"
    infilename_len = 63
    outfilename = 0x2a9e268580
    "/home/web/htdocs/temp/eby_17971241774001_encode_outfile_0020.txt"
    outfilename_len = 64
    #10 0x0000002a95a76b0a in zend_do_fcall_common_helper_SPEC
    (execute_data=0x7fbffd8580) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:200
    return_reference = 0 '\0'
    opline = (zend_op *) 0x2a9b1b23b8
    original_return_value = (zval **) 0xd08dc427f1498234
    current_scope = (zend_class_entry *) 0x0
    current_this = (zval *) 0x0
    return_value_used = 1
    should_change_scope = 0 '\0'
    ctor_opline = (zend_op *) 0x2a95a5e3d0
    #11 0x0000002a95a7c74f in ZEND_DO_FCALL_SPEC_CONST_HANDLER
    (execute_data=0x7fbffd8580) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:1681
    opline = (zend_op *) 0x2a9b1b23b8
    fname = (zval *) 0x2a9b1b23e8
    #12 0x0000002a95a765a2 in execute (op_array=0x91fb30) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:92
    execute_data = {opline = 0x2a9b1b23b8, function_state =
    {function_symbol_table = 0x2a9e38d078, function = 0x803ed0, reserved =
    {0x0, 0x7fbffd86b0, 0x2a95a4b9d9,
    0x7fbffd85e0}}, fbc = 0x0, op_array = 0x91fb30, object = 0x0, Ts
    = 0x7fbffd7710, CVs = 0x7fbffd76b0, original_in_execution = 1 '\001',
    symbol_table = 0x2a9b4b5608,
    prev_execute_data = 0x7fbffd8fb0, old_error_reporting = 0x0}
    #13 0x0000002a95a76caf in zend_do_fcall_common_helper_SPEC
    (execute_data=0x7fbffd8fb0) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:234
    opline = (zend_op *) 0x2a9b1e41e8
    original_return_value = (zval **) 0x7fbffdc0d0
    current_scope = (zend_class_entry *) 0x0
    current_this = (zval *) 0x0
    return_value_used = 1
    should_change_scope = 1 '\001'
    ctor_opline = (zend_op *) 0x2a95a5e3d0
    ---Type <return> to continue, or q <return> to quit---
    #14 0x0000002a95a7c74f in ZEND_DO_FCALL_SPEC_CONST_HANDLER
    (execute_data=0x7fbffd8fb0) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:1681
    opline = (zend_op *) 0x2a9b1e41e8
    fname = (zval *) 0x2a9b1e4218
    #15 0x0000002a95a765a2 in execute (op_array=0x920070) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:92
    execute_data = {opline = 0x2a9b1e41e8, function_state =
    {function_symbol_table = 0x2a9b4b5608, function = 0x91fb30, reserved =
    {0x73a040, 0x2a9e2de880, 0x739e20,
    0x7fbffd90b0}}, fbc = 0x0, op_array = 0x920070, object = 0x0, Ts
    = 0x7fbffd87a0, CVs = 0x7fbffd8740, original_in_execution = 1 '\001',
    symbol_table = 0x2a9b46b790,
    prev_execute_data = 0x7fbffdd300, old_error_reporting = 0x0}
    #16 0x0000002a95a76caf in zend_do_fcall_common_helper_SPEC
    (execute_data=0x7fbffdd300) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:234
    opline = (zend_op *) 0x2a974f6370
    original_return_value = (zval **) 0x7fbffe98c0
    current_scope = (zend_class_entry *) 0x0
    current_this = (zval *) 0x0
    return_value_used = 1
    should_change_scope = 1 '\001'
    ctor_opline = (zend_op *) 0x2a95d616e0
    #17 0x0000002a95a77864 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER
    (execute_data=0x7fbffdd300) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:322
    No locals.
    #18 0x0000002a95a765a2 in execute (op_array=0x91cec0) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:92
    execute_data = {opline = 0x2a974f6370, function_state =
    {function_symbol_table = 0x2a9b46b790, function = 0x920070, reserved =
    {0x2a95a77d61, 0x2a9e38ebd9,
    0x100000058, 0x0}}, fbc = 0x920070, op_array = 0x91cec0, object =
    0x0, Ts = 0x7fbffd9300, CVs = 0x7fbffd9160, original_in_execution = 1
    '\001',
    symbol_table = 0x2a9afd75d0, prev_execute_data = 0x7fbffe9f30,
    old_error_reporting = 0x0}
    #19 0x0000002a95a76caf in zend_do_fcall_common_helper_SPEC
    (execute_data=0x7fbffe9f30) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:234
    opline = (zend_op *) 0x2a974b0380
    original_return_value = (zval **) 0x7fbffeb2f8
    current_scope = (zend_class_entry *) 0x0
    current_this = (zval *) 0x0
    return_value_used = 1
    should_change_scope = 1 '\001'
    ctor_opline = (zend_op *) 0x2a95d616e0
    #20 0x0000002a95a77864 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER
    (execute_data=0x7fbffe9f30) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:322
    No locals.
    #21 0x0000002a95a765a2 in execute (op_array=0x91cd70) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:92
    execute_data = {opline = 0x2a974b0380, function_state =
    {function_symbol_table = 0x2a9afd75d0, function = 0x91cec0, reserved =
    {0x19f95a3f610, 0x2a95b90948,
    0x9500739e20, 0x2a9b46e2a0}}, fbc = 0x91cec0, op_array =
    0x91cd70, object = 0x0, Ts = 0x7fbffdd680, CVs = 0x7fbffdd4b0,
    original_in_execution = 1 '\001',
    symbol_table = 0x2a9afd6e58, prev_execute_data = 0x7fbffeb740,
    old_error_reporting = 0x0}
    #22 0x0000002a95a76caf in zend_do_fcall_common_helper_SPEC
    (execute_data=0x7fbffeb740) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:234
    opline = (zend_op *) 0x2a9ad775e8
    original_return_value = (zval **) 0x7fbffec230
    current_scope = (zend_class_entry *) 0x0
    current_this = (zval *) 0x0
    return_value_used = 0
    should_change_scope = 1 '\001'
    ctor_opline = (zend_op *) 0x2a95a5e3d0
    #23 0x0000002a95a7c74f in ZEND_DO_FCALL_SPEC_CONST_HANDLER
    (execute_data=0x7fbffeb740) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:1681
    opline = (zend_op *) 0x2a9ad775e8
    fname = (zval *) 0x2a9ad77618
    #24 0x0000002a95a765a2 in execute (op_array=0x77a930) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:92
    execute_data = {opline = 0x2a9ad775e8, function_state =
    {function_symbol_table = 0x2a9afd6e58, function = 0x91cd70, reserved =
    {0x2a95b91a30, 0x2dbffeb870,
    0x2a95b94dc8, 0x8}}, fbc = 0x0, op_array = 0x77a930, object =
    0x0, Ts = 0x7fbffea1c0, CVs = 0x7fbffea0f0, original_in_execution = 1
    '\001',
    symbol_table = 0x2a9aca26e0, prev_execute_data = 0x7fbfff6b00,
    old_error_reporting = 0x0}
    #25 0x0000002a95a76caf in zend_do_fcall_common_helper_SPEC
    (execute_data=0x7fbfff6b00) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:234
    opline = (zend_op *) 0x2a9e31a210
    original_return_value = (zval **) 0x7fbfffa1c8
    current_scope = (zend_class_entry *) 0x0
    current_this = (zval *) 0x0
    return_value_used = 1
    should_change_scope = 1 '\001'
    ctor_opline = (zend_op *) 0x2a95a5e3d0
    #26 0x0000002a95a7c74f in ZEND_DO_FCALL_SPEC_CONST_HANDLER
    (execute_data=0x7fbfff6b00) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:1681
    opline = (zend_op *) 0x2a9e31a210
    fname = (zval *) 0x2a9e31a240
    #27 0x0000002a95a765a2 in execute (op_array=0x2a970f33b8) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:92
    execute_data = {opline = 0x2a9e31a210, function_state =
    {function_symbol_table = 0x2a9aca26e0, function = 0x77a930, reserved =
    {0x2a970f34a8, 0x2a9c9c1758,
    ---Type <return> to continue, or q <return> to quit---
    0x2a970f3378, 0xbfff6b05}}, fbc = 0x0, op_array = 0x2a970f33b8,
    object = 0x0, Ts = 0x7fbffebc10, CVs = 0x7fbffeb900,
    original_in_execution = 1 '\001',
    symbol_table = 0x2a95d61868, prev_execute_data = 0x7fbfffa200,
    old_error_reporting = 0x0}
    #28 0x0000002a95a834a5 in ZEND_INCLUDE_OR_EVAL_SPEC_TMP_HANDLER
    (execute_data=0x7fbfffa200) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:4572
    saved_object = (zval *) 0x0
    saved_function = (zend_function *) 0x2a970ef6d8
    opline = (zend_op *) 0x2a97123828
    new_op_array = (zend_op_array *) 0x2a970f33b8
    original_return_value = (zval **) 0x7fbfffb540
    return_value_used = 0
    free_op1 = {var = 0x7fbfffa198}
    inc_filename = (zval *) 0x7fbfffa198
    tmp_inc_filename = {value = {lval = 182900575688, dval =
    9.0364891052027516e-313, str = {
    val = 0x2a95b94dc8
    "/usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_variables.h", len =
    -1073766032}, ht = 0x2a95b94dc8, obj = {handle = 2511949256,
    handlers = 0x7fbfffa170}}, refcount = 3221191808, type = 127
    '\177', is_ref = 0 '\0'}
    failure_retval = 0 '\0'
    #29 0x0000002a95a765a2 in execute (op_array=0x2a970ef6d8) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:92
    execute_data = {opline = 0x2a97123828, function_state =
    {function_symbol_table = 0x2a9aca26e0, function = 0x2a970f33b8,
    reserved = {0x774348, 0x774354,
    0x2a00000001, 0x7fbfffa205}}, fbc = 0x0, op_array = 0x2a970ef6d8,
    object = 0x0, Ts = 0x7fbfff7d30, CVs = 0x7fbfff7ce0,
    original_in_execution = 1 '\001',
    symbol_table = 0x2a95d61868, prev_execute_data = 0x7fbfffb570,
    old_error_reporting = 0x0}
    #30 0x0000002a95a834a5 in ZEND_INCLUDE_OR_EVAL_SPEC_TMP_HANDLER
    (execute_data=0x7fbfffb570) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:4572
    saved_object = (zval *) 0x0
    saved_function = (zend_function *) 0x2a970eca30
    opline = (zend_op *) 0x2a970ed150
    new_op_array = (zend_op_array *) 0x2a970ef6d8
    original_return_value = (zval **) 0x7fbfffc7f0
    return_value_used = 0
    free_op1 = {var = 0x7fbfffb510}
    inc_filename = (zval *) 0x7fbfffb510
    tmp_inc_filename = {value = {lval = 182900575688, dval =
    9.0364891052027516e-313, str = {
    val = 0x2a95b94dc8
    "/usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_variables.h", len =
    -1073761048}, ht = 0x2a95b94dc8, obj = {handle = 2511949256,
    handlers = 0x7fbfffb4e8}}, refcount = 3221205888, type = 127
    '\177', is_ref = 0 '\0'}
    failure_retval = 0 '\0'
    #31 0x0000002a95a765a2 in execute (op_array=0x2a970eca30) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:92
    execute_data = {opline = 0x2a970ed150, function_state =
    {function_symbol_table = 0x0, function = 0x2a970ef6d8, reserved =
    {0x2a970ebc58, 0xbfffb5d0, 0x0,
    0x807bfffb505}}, fbc = 0x0, op_array = 0x2a970eca30, object =
    0x0, Ts = 0x7fbfffb420, CVs = 0x7fbfffb3e0, original_in_execution = 1
    '\001',
    symbol_table = 0x2a95d61868, prev_execute_data = 0x7fbfffc820,
    old_error_reporting = 0x0}
    #32 0x0000002a95a7d655 in ZEND_INCLUDE_OR_EVAL_SPEC_CONST_HANDLER
    (execute_data=0x7fbfffc820) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:2033
    saved_object = (zval *) 0x0
    saved_function = (zend_function *) 0x2a970ebbb8
    opline = (zend_op *) 0x2a970ec438
    new_op_array = (zend_op_array *) 0x2a970eca30
    original_return_value = (zval **) 0x7fbfffc9b8
    return_value_used = 0
    inc_filename = (zval *) 0x2a970ec468
    tmp_inc_filename = {value = {lval = 182922953744, dval =
    9.0375947280717828e-313, str = {val = 0x2a970ec410 "�\004\017\227*",
    len = -1760639992},
    ht = 0x2a970ec410, obj = {handle = 2534327312, handlers =
    0x2a970ec408}}, refcount = 2534327272, type = 42 '*', is_ref = 0 '\0'}
    failure_retval = 0 '\0'
    #33 0x0000002a95a765a2 in execute (op_array=0x2a970ebbb8) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:92
    execute_data = {opline = 0x2a970ec438, function_state =
    {function_symbol_table = 0x0, function = 0x2a970eca30, reserved =
    {0x6395a23674, 0x2a95b91100,
    0x2a970ec0a0, 0x7fbfffc890}}, fbc = 0x0, op_array = 0x2a970ebbb8,
    object = 0x0, Ts = 0x7fbfffc770, CVs = 0x7fbfffc740,
    original_in_execution = 0 '\0',
    symbol_table = 0x2a95d61868, prev_execute_data = 0x0,
    old_error_reporting = 0x0}
    #34 0x0000002a95a50c61 in zend_execute_scripts (type=8, retval=0x0,
    file_count=3) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend.c:1097
    files = {{gp_offset = 40, fp_offset = 48, overflow_arg_area =
    0x7fbfffcaf0, reg_save_area = 0x7fbfffca20}}
    i = 1
    file_handle = (zend_file_handle *) 0x7fbfffee20
    orig_op_array = (zend_op_array *) 0x0
    orig_retval_ptr_ptr = (zval **) 0x0
    local_retval = (zval *) 0x0
    #35 0x0000002a959f7b82 in php_execute_script
    (primary_file=0x7fbfffee20) at
    /usr/local/src/lamp-test/php-5.2.0_9090/main/main.c:1758
    realfile = "
    p\v\233*\000\000\000��p\000\000\000\000\000� ���\177\000\000\000\200\034V\000\000\000\000 \000���\177",
    '\0' <repeats 27 times>, "
    ���\177\000\000\000��\022s\001\000\000\0 00���\177",
    '\0' <repeats 19 times>,
    "��p\000\000\000\000\000\204�\017\227*\000\0 00\000\200\034V\000\001",
    '\0' <repeats 11 times>,
    "�\017\227*\000\000\0000\032�\225*\000\000\00 0N\000\000#\000\000\000\2204C\227*\000\000\000x\2 37s\000\000\000\000\000\220�\017\227*\000\000\00 0
    \236s\000\000\000\000\000p���\177\000\000\00 0��\225*\000\000\000$\000\000\000*\000\000\000 ��p\000\000\000\000\000���"...
    ---Type <return> to continue, or q <return> to quit---
    __orig_bailout = (jmp_buf *) 0x7fbfffef80
    __bailout = {{__jmpbuf = {7401680, 548682067184, 5643392,
    548682069056, 0, 0, 548682058480, 182898882860}, __mask_was_saved = 0,
    __saved_mask = {__val = {
    182902444560, 548682066848, 182896477906, 353, 4294967324,
    548682066880, 182899278338, 182900567152, 8406784, 548682066928,
    182899301238, 72057776938381216, 0,
    182899278284, 182902463424, 548682066944}}}}
    prepend_file_p = (zend_file_handle *) 0x0
    append_file_p = (zend_file_handle *) 0x0
    prepend_file = {type = 0 '\0', filename = 0x0, opened_path =
    0x0, handle = {fd = 0, fp = 0x0, stream = {handle = 0x0, reader = 0,
    closer = 0, fteller = 0,
    interactive = 0}}, free_filename = 0 '\0'}
    append_file = {type = 0 '\0', filename = 0x0, opened_path =
    0x0, handle = {fd = 0, fp = 0x0, stream = {handle = 0x0, reader = 0,
    closer = 0, fteller = 0,
    interactive = 0}}, free_filename = 0 '\0'}
    old_cwd = 0x7fbfffcb10 "/usr/local/apache_9090/bin"
    retval = 0
    #36 0x0000002a95ac7b9f in apache_php_module_main (r=0x70f0d0,
    display_source_mode=0) at
    /usr/local/src/lamp-test/php-5.2.0_9090/sapi/apache/sapi_apache.c:53
    retval = 0
    file_handle = {type = 5 '\005', filename = 0x774700
    "//usr/local/apache_9090/htdocs/pages.eby/eds.php",
    opened_path = 0x2a970ebce8
    "config;service;eds;contact;shop;support;check ", handle = {fd =
    -1760641432, fp = 0x2a970ebe68, stream = {handle = 0x2a970ebe68,
    reader = 0x2a95a0d5be <_php_stream_read>, closer = 0x2a959f5f08
    <stream_closer_for_zend>, fteller = 0x2a959f5f24
    <stream_fteller_for_zend>, interactive = 0}},
    free_filename = 0 '\0'}
    #37 0x0000002a95ac8b25 in send_php (r=0x70f0d0, display_source_mode=0,
    filename=0x774700 "//usr/local/apache_9090/htdocs/pages.eby/eds.php")
    at
    /usr/local/src/lamp-test/php-5.2.0_9090/sapi/apache/mod_php5.c:660
    __orig_bailout = (jmp_buf *) 0x0
    __bailout = {{__jmpbuf = {0, 548682068208, 5643392,
    548682069056, 0, 0, 548682067600, 182899738907}, __mask_was_saved = 0,
    __saved_mask = {__val = {7401608,
    7817760, 0, 5683212, 7817800, 0, 651061555542690057,
    548682068096, 4530537, 1, 7817736, 7817008, 7401608, 7817736, 7404312,
    548682068096}}}}
    retval = 0
    per_dir_conf = (HashTable *) 0x734920
    #38 0x0000002a95ac8b81 in send_pd_php (r=0x70f0d0) at
    /usr/local/src/lamp-test/php-5.2.0_9090/sapi/apache/mod_php5.c:675
    result = 127
    #39 0x000000000048ce58 in ap_invoke_handler ()
    No symbol table info available.
    #40 0x00000000004a4cc2 in process_request_internal ()
    No symbol table info available.
    #41 0x00000000004a4d17 in ap_process_request ()
    No symbol table info available.
    #42 0x000000000049af7a in child_main ()
    No symbol table info available.
    #43 0x000000000049b1ae in make_child ()
    No symbol table info available.
    #44 0x000000000049b32d in startup_children ()
    No symbol table info available.
    #45 0x000000000049ba2e in standalone_main ()
    No symbol table info available.
    #46 0x000000000049c22b in main ()
    No symbol table info available.

    ------------------------------------------------------------------------

    The remainder of the comments for this report are too long. To view
    the rest of the comments, please view the bug report online at
    [url]http://bugs.php.net/40232[/url]

    --
    Edit this bug report at [url]http://bugs.php.net/?id=40232&edit=1[/url]
    tony2001@php.net Guest

  11. #11

    Default #40232 [Fbk]: Apache segfaults when using openssl_pkcs7_encrypt()

    ID: 40232
    Updated by: [email]pajoyephp.net[/email]
    Reported By: schotte at mayflower dot de
    Status: Feedback
    Bug Type: Reproducible crash
    Operating System: RedHat Linux 3.4.4-2 64-bit
    PHP Version: 5.2.0
    New Comment:

    Do you have a script to reproduce the crash?


    Previous Comments:
    ------------------------------------------------------------------------

    [2007-01-26 13:06:19] [email]tony2001php.net[/email]

    Does it work with just ./configure --disable-all --with-opensll ?

    ------------------------------------------------------------------------

    [2007-01-26 13:02:54] schotte at mayflower dot de

    ldd libphp5.so:

    libcrypt.so.1 => /lib64/libcrypt.so.1 (0x0000002a95c3c000)
    librt.so.1 => /lib64/tls/librt.so.1 (0x0000002a95d70000)
    libfreetype.so.6 => /usr/lib64/libfreetype.so.6
    (0x0000002a95e8a000)
    libpng12.so.0 => /usr/lib64/libpng12.so.0 (0x0000002a96015000)
    libz.so.1 => /usr/lib64/libz.so.1 (0x0000002a9613c000)
    libjpeg.so.62 => /usr/lib64/libjpeg.so.62 (0x0000002a9624f000)
    libresolv.so.2 => /lib64/libresolv.so.2 (0x0000002a96371000)
    libm.so.6 => /lib64/tls/libm.so.6 (0x0000002a96486000)
    libdl.so.2 => /lib64/libdl.so.2 (0x0000002a9660c000)
    libnsl.so.1 => /lib64/libnsl.so.1 (0x0000002a96710000)
    libssl.so.4 => /lib64/libssl.so.4 (0x0000002a96827000)
    libcrypto.so.4 => /lib64/libcrypto.so.4 (0x0000002a96963000)
    libgssapi_krb5.so.2 => /usr/lib64/libgssapi_krb5.so.2
    (0x0000002a96b93000)
    libkrb5.so.3 => /usr/lib64/libkrb5.so.3 (0x0000002a96ca9000)
    libcom_err.so.2 => /lib64/libcom_err.so.2 (0x0000002a96e1a000)
    libk5crypto.so.3 => /usr/lib64/libk5crypto.so.3
    (0x0000002a96f1d000)
    libclntsh.so.10.1 => /ora10/client/lib/libclntsh.so.10.1
    (0x0000002a97040000)
    libxml2.so.2 => /usr/lib64/libxml2.so.2 (0x0000002a9838e000)
    libc.so.6 => /lib64/tls/libc.so.6 (0x0000002a9859d000)
    libpthread.so.0 => /lib64/tls/libpthread.so.0
    (0x0000002a987d0000)
    /lib64/ld-linux-x86-64.so.2 (0x000000552aaaa000)
    libnnz10.so => /ora10/client/lib/libnnz10.so
    (0x0000002a988e6000)

    ------------------------------------------------------------------------

    [2007-01-26 12:51:37] [email]tony2001php.net[/email]

    ldd /path/to/libphp5.so

    ------------------------------------------------------------------------

    [2007-01-26 12:45:59] schotte at mayflower dot de

    We compiled PHP without MySQL (--without-mysql) and using Oracle
    instead. It did not help, same backtrace:

    #0 0x0000000000534ec9 in BN_BLINDING_free ()
    No symbol table info available.
    #1 0x00000000004ef35b in RSA_free ()
    No symbol table info available.
    #2 0x00000000004fefe6 in EVP_PKEY_free ()
    No symbol table info available.
    #3 0x000000000054b91f in pubkey_cb ()
    No symbol table info available.
    #4 0x00000000005066d7 in asn1_item_combine_free ()
    No symbol table info available.
    #5 0x0000000000506955 in asn1_item_combine_free ()
    No symbol table info available.
    #6 0x0000000000506955 in asn1_item_combine_free ()
    No symbol table info available.
    #7 0x0000000000506a72 in ASN1_item_free ()
    No symbol table info available.
    #8 0x00000000004f7acb in sk_pop_free ()
    No symbol table info available.
    #9 0x0000002a95783792 in zif_openssl_pkcs7_encrypt (ht=5,
    return_value=0x2a9e269078, return_value_ptr=0x0, this_ptr=0x0,
    return_value_used=1)
    at
    /usr/local/src/lamp-test/php-5.2.0_9090/ext/openssl/openssl.c:2654
    zrecipcerts = (zval **) 0x2a9e30d1d8
    zheaders = (zval *) 0x2a9e2f5320
    recipcerts = (STACK *) 0x9a0340
    infile = (BIO *) 0x9427f0
    outfile = (BIO *) 0x9a15b0
    flags = 0
    p7 = (PKCS7 *) 0x9a3490
    hpos = 0x0
    zcertval = (zval **) 0x60
    cert = (X509 *) 0x9a1630
    cipher = (const EVP_CIPHER *) 0x595de0
    cipherid = 0
    strindexlen = 42
    intindex = 96
    strindex = 0xf15cdbf00000008 <Address 0xf15cdbf00000008 out of
    bounds>
    infilename = 0x2a9afd8db8
    "/home/web/htdocs/temp/eby_17971241774001_encode_infile_0020.txt"
    infilename_len = 63
    outfilename = 0x2a9e268580
    "/home/web/htdocs/temp/eby_17971241774001_encode_outfile_0020.txt"
    outfilename_len = 64
    #10 0x0000002a95a76b0a in zend_do_fcall_common_helper_SPEC
    (execute_data=0x7fbffd8580) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:200
    return_reference = 0 '\0'
    opline = (zend_op *) 0x2a9b1b23b8
    original_return_value = (zval **) 0xd08dc427f1498234
    current_scope = (zend_class_entry *) 0x0
    current_this = (zval *) 0x0
    return_value_used = 1
    should_change_scope = 0 '\0'
    ctor_opline = (zend_op *) 0x2a95a5e3d0
    #11 0x0000002a95a7c74f in ZEND_DO_FCALL_SPEC_CONST_HANDLER
    (execute_data=0x7fbffd8580) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:1681
    opline = (zend_op *) 0x2a9b1b23b8
    fname = (zval *) 0x2a9b1b23e8
    #12 0x0000002a95a765a2 in execute (op_array=0x91fb30) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:92
    execute_data = {opline = 0x2a9b1b23b8, function_state =
    {function_symbol_table = 0x2a9e38d078, function = 0x803ed0, reserved =
    {0x0, 0x7fbffd86b0, 0x2a95a4b9d9,
    0x7fbffd85e0}}, fbc = 0x0, op_array = 0x91fb30, object = 0x0, Ts
    = 0x7fbffd7710, CVs = 0x7fbffd76b0, original_in_execution = 1 '\001',
    symbol_table = 0x2a9b4b5608,
    prev_execute_data = 0x7fbffd8fb0, old_error_reporting = 0x0}
    #13 0x0000002a95a76caf in zend_do_fcall_common_helper_SPEC
    (execute_data=0x7fbffd8fb0) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:234
    opline = (zend_op *) 0x2a9b1e41e8
    original_return_value = (zval **) 0x7fbffdc0d0
    current_scope = (zend_class_entry *) 0x0
    current_this = (zval *) 0x0
    return_value_used = 1
    should_change_scope = 1 '\001'
    ctor_opline = (zend_op *) 0x2a95a5e3d0
    ---Type <return> to continue, or q <return> to quit---
    #14 0x0000002a95a7c74f in ZEND_DO_FCALL_SPEC_CONST_HANDLER
    (execute_data=0x7fbffd8fb0) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:1681
    opline = (zend_op *) 0x2a9b1e41e8
    fname = (zval *) 0x2a9b1e4218
    #15 0x0000002a95a765a2 in execute (op_array=0x920070) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:92
    execute_data = {opline = 0x2a9b1e41e8, function_state =
    {function_symbol_table = 0x2a9b4b5608, function = 0x91fb30, reserved =
    {0x73a040, 0x2a9e2de880, 0x739e20,
    0x7fbffd90b0}}, fbc = 0x0, op_array = 0x920070, object = 0x0, Ts
    = 0x7fbffd87a0, CVs = 0x7fbffd8740, original_in_execution = 1 '\001',
    symbol_table = 0x2a9b46b790,
    prev_execute_data = 0x7fbffdd300, old_error_reporting = 0x0}
    #16 0x0000002a95a76caf in zend_do_fcall_common_helper_SPEC
    (execute_data=0x7fbffdd300) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:234
    opline = (zend_op *) 0x2a974f6370
    original_return_value = (zval **) 0x7fbffe98c0
    current_scope = (zend_class_entry *) 0x0
    current_this = (zval *) 0x0
    return_value_used = 1
    should_change_scope = 1 '\001'
    ctor_opline = (zend_op *) 0x2a95d616e0
    #17 0x0000002a95a77864 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER
    (execute_data=0x7fbffdd300) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:322
    No locals.
    #18 0x0000002a95a765a2 in execute (op_array=0x91cec0) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:92
    execute_data = {opline = 0x2a974f6370, function_state =
    {function_symbol_table = 0x2a9b46b790, function = 0x920070, reserved =
    {0x2a95a77d61, 0x2a9e38ebd9,
    0x100000058, 0x0}}, fbc = 0x920070, op_array = 0x91cec0, object =
    0x0, Ts = 0x7fbffd9300, CVs = 0x7fbffd9160, original_in_execution = 1
    '\001',
    symbol_table = 0x2a9afd75d0, prev_execute_data = 0x7fbffe9f30,
    old_error_reporting = 0x0}
    #19 0x0000002a95a76caf in zend_do_fcall_common_helper_SPEC
    (execute_data=0x7fbffe9f30) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:234
    opline = (zend_op *) 0x2a974b0380
    original_return_value = (zval **) 0x7fbffeb2f8
    current_scope = (zend_class_entry *) 0x0
    current_this = (zval *) 0x0
    return_value_used = 1
    should_change_scope = 1 '\001'
    ctor_opline = (zend_op *) 0x2a95d616e0
    #20 0x0000002a95a77864 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER
    (execute_data=0x7fbffe9f30) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:322
    No locals.
    #21 0x0000002a95a765a2 in execute (op_array=0x91cd70) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:92
    execute_data = {opline = 0x2a974b0380, function_state =
    {function_symbol_table = 0x2a9afd75d0, function = 0x91cec0, reserved =
    {0x19f95a3f610, 0x2a95b90948,
    0x9500739e20, 0x2a9b46e2a0}}, fbc = 0x91cec0, op_array =
    0x91cd70, object = 0x0, Ts = 0x7fbffdd680, CVs = 0x7fbffdd4b0,
    original_in_execution = 1 '\001',
    symbol_table = 0x2a9afd6e58, prev_execute_data = 0x7fbffeb740,
    old_error_reporting = 0x0}
    #22 0x0000002a95a76caf in zend_do_fcall_common_helper_SPEC
    (execute_data=0x7fbffeb740) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:234
    opline = (zend_op *) 0x2a9ad775e8
    original_return_value = (zval **) 0x7fbffec230
    current_scope = (zend_class_entry *) 0x0
    current_this = (zval *) 0x0
    return_value_used = 0
    should_change_scope = 1 '\001'
    ctor_opline = (zend_op *) 0x2a95a5e3d0
    #23 0x0000002a95a7c74f in ZEND_DO_FCALL_SPEC_CONST_HANDLER
    (execute_data=0x7fbffeb740) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:1681
    opline = (zend_op *) 0x2a9ad775e8
    fname = (zval *) 0x2a9ad77618
    #24 0x0000002a95a765a2 in execute (op_array=0x77a930) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:92
    execute_data = {opline = 0x2a9ad775e8, function_state =
    {function_symbol_table = 0x2a9afd6e58, function = 0x91cd70, reserved =
    {0x2a95b91a30, 0x2dbffeb870,
    0x2a95b94dc8, 0x8}}, fbc = 0x0, op_array = 0x77a930, object =
    0x0, Ts = 0x7fbffea1c0, CVs = 0x7fbffea0f0, original_in_execution = 1
    '\001',
    symbol_table = 0x2a9aca26e0, prev_execute_data = 0x7fbfff6b00,
    old_error_reporting = 0x0}
    #25 0x0000002a95a76caf in zend_do_fcall_common_helper_SPEC
    (execute_data=0x7fbfff6b00) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:234
    opline = (zend_op *) 0x2a9e31a210
    original_return_value = (zval **) 0x7fbfffa1c8
    current_scope = (zend_class_entry *) 0x0
    current_this = (zval *) 0x0
    return_value_used = 1
    should_change_scope = 1 '\001'
    ctor_opline = (zend_op *) 0x2a95a5e3d0
    #26 0x0000002a95a7c74f in ZEND_DO_FCALL_SPEC_CONST_HANDLER
    (execute_data=0x7fbfff6b00) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:1681
    opline = (zend_op *) 0x2a9e31a210
    fname = (zval *) 0x2a9e31a240
    #27 0x0000002a95a765a2 in execute (op_array=0x2a970f33b8) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:92
    execute_data = {opline = 0x2a9e31a210, function_state =
    {function_symbol_table = 0x2a9aca26e0, function = 0x77a930, reserved =
    {0x2a970f34a8, 0x2a9c9c1758,
    ---Type <return> to continue, or q <return> to quit---
    0x2a970f3378, 0xbfff6b05}}, fbc = 0x0, op_array = 0x2a970f33b8,
    object = 0x0, Ts = 0x7fbffebc10, CVs = 0x7fbffeb900,
    original_in_execution = 1 '\001',
    symbol_table = 0x2a95d61868, prev_execute_data = 0x7fbfffa200,
    old_error_reporting = 0x0}
    #28 0x0000002a95a834a5 in ZEND_INCLUDE_OR_EVAL_SPEC_TMP_HANDLER
    (execute_data=0x7fbfffa200) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:4572
    saved_object = (zval *) 0x0
    saved_function = (zend_function *) 0x2a970ef6d8
    opline = (zend_op *) 0x2a97123828
    new_op_array = (zend_op_array *) 0x2a970f33b8
    original_return_value = (zval **) 0x7fbfffb540
    return_value_used = 0
    free_op1 = {var = 0x7fbfffa198}
    inc_filename = (zval *) 0x7fbfffa198
    tmp_inc_filename = {value = {lval = 182900575688, dval =
    9.0364891052027516e-313, str = {
    val = 0x2a95b94dc8
    "/usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_variables.h", len =
    -1073766032}, ht = 0x2a95b94dc8, obj = {handle = 2511949256,
    handlers = 0x7fbfffa170}}, refcount = 3221191808, type = 127
    '\177', is_ref = 0 '\0'}
    failure_retval = 0 '\0'
    #29 0x0000002a95a765a2 in execute (op_array=0x2a970ef6d8) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:92
    execute_data = {opline = 0x2a97123828, function_state =
    {function_symbol_table = 0x2a9aca26e0, function = 0x2a970f33b8,
    reserved = {0x774348, 0x774354,
    0x2a00000001, 0x7fbfffa205}}, fbc = 0x0, op_array = 0x2a970ef6d8,
    object = 0x0, Ts = 0x7fbfff7d30, CVs = 0x7fbfff7ce0,
    original_in_execution = 1 '\001',
    symbol_table = 0x2a95d61868, prev_execute_data = 0x7fbfffb570,
    old_error_reporting = 0x0}
    #30 0x0000002a95a834a5 in ZEND_INCLUDE_OR_EVAL_SPEC_TMP_HANDLER
    (execute_data=0x7fbfffb570) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:4572
    saved_object = (zval *) 0x0
    saved_function = (zend_function *) 0x2a970eca30
    opline = (zend_op *) 0x2a970ed150
    new_op_array = (zend_op_array *) 0x2a970ef6d8
    original_return_value = (zval **) 0x7fbfffc7f0
    return_value_used = 0
    free_op1 = {var = 0x7fbfffb510}
    inc_filename = (zval *) 0x7fbfffb510
    tmp_inc_filename = {value = {lval = 182900575688, dval =
    9.0364891052027516e-313, str = {
    val = 0x2a95b94dc8
    "/usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_variables.h", len =
    -1073761048}, ht = 0x2a95b94dc8, obj = {handle = 2511949256,
    handlers = 0x7fbfffb4e8}}, refcount = 3221205888, type = 127
    '\177', is_ref = 0 '\0'}
    failure_retval = 0 '\0'
    #31 0x0000002a95a765a2 in execute (op_array=0x2a970eca30) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:92
    execute_data = {opline = 0x2a970ed150, function_state =
    {function_symbol_table = 0x0, function = 0x2a970ef6d8, reserved =
    {0x2a970ebc58, 0xbfffb5d0, 0x0,
    0x807bfffb505}}, fbc = 0x0, op_array = 0x2a970eca30, object =
    0x0, Ts = 0x7fbfffb420, CVs = 0x7fbfffb3e0, original_in_execution = 1
    '\001',
    symbol_table = 0x2a95d61868, prev_execute_data = 0x7fbfffc820,
    old_error_reporting = 0x0}
    #32 0x0000002a95a7d655 in ZEND_INCLUDE_OR_EVAL_SPEC_CONST_HANDLER
    (execute_data=0x7fbfffc820) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:2033
    saved_object = (zval *) 0x0
    saved_function = (zend_function *) 0x2a970ebbb8
    opline = (zend_op *) 0x2a970ec438
    new_op_array = (zend_op_array *) 0x2a970eca30
    original_return_value = (zval **) 0x7fbfffc9b8
    return_value_used = 0
    inc_filename = (zval *) 0x2a970ec468
    tmp_inc_filename = {value = {lval = 182922953744, dval =
    9.0375947280717828e-313, str = {val = 0x2a970ec410 "�\004\017\227*",
    len = -1760639992},
    ht = 0x2a970ec410, obj = {handle = 2534327312, handlers =
    0x2a970ec408}}, refcount = 2534327272, type = 42 '*', is_ref = 0 '\0'}
    failure_retval = 0 '\0'
    #33 0x0000002a95a765a2 in execute (op_array=0x2a970ebbb8) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:92
    execute_data = {opline = 0x2a970ec438, function_state =
    {function_symbol_table = 0x0, function = 0x2a970eca30, reserved =
    {0x6395a23674, 0x2a95b91100,
    0x2a970ec0a0, 0x7fbfffc890}}, fbc = 0x0, op_array = 0x2a970ebbb8,
    object = 0x0, Ts = 0x7fbfffc770, CVs = 0x7fbfffc740,
    original_in_execution = 0 '\0',
    symbol_table = 0x2a95d61868, prev_execute_data = 0x0,
    old_error_reporting = 0x0}
    #34 0x0000002a95a50c61 in zend_execute_scripts (type=8, retval=0x0,
    file_count=3) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend.c:1097
    files = {{gp_offset = 40, fp_offset = 48, overflow_arg_area =
    0x7fbfffcaf0, reg_save_area = 0x7fbfffca20}}
    i = 1
    file_handle = (zend_file_handle *) 0x7fbfffee20
    orig_op_array = (zend_op_array *) 0x0
    orig_retval_ptr_ptr = (zval **) 0x0
    local_retval = (zval *) 0x0
    #35 0x0000002a959f7b82 in php_execute_script
    (primary_file=0x7fbfffee20) at
    /usr/local/src/lamp-test/php-5.2.0_9090/main/main.c:1758
    realfile = "
    p\v\233*\000\000\000��p\000\000\000\000\000� ���\177\000\000\000\200\034V\000\000\000\000 \000���\177",
    '\0' <repeats 27 times>, "
    ���\177\000\000\000��\022s\001\000\000\0 00���\177",
    '\0' <repeats 19 times>,
    "��p\000\000\000\000\000\204�\017\227*\000\0 00\000\200\034V\000\001",
    '\0' <repeats 11 times>,
    "�\017\227*\000\000\0000\032�\225*\000\000\00 0N\000\000#\000\000\000\2204C\227*\000\000\000x\2 37s\000\000\000\000\000\220�\017\227*\000\000\00 0
    \236s\000\000\000\000\000p���\177\000\000\00 0��\225*\000\000\000$\000\000\000*\000\000\000 ��p\000\000\000\000\000���"...
    ---Type <return> to continue, or q <return> to quit---
    __orig_bailout = (jmp_buf *) 0x7fbfffef80
    __bailout = {{__jmpbuf = {7401680, 548682067184, 5643392,
    548682069056, 0, 0, 548682058480, 182898882860}, __mask_was_saved = 0,
    __saved_mask = {__val = {
    182902444560, 548682066848, 182896477906, 353, 4294967324,
    548682066880, 182899278338, 182900567152, 8406784, 548682066928,
    182899301238, 72057776938381216, 0,
    182899278284, 182902463424, 548682066944}}}}
    prepend_file_p = (zend_file_handle *) 0x0
    append_file_p = (zend_file_handle *) 0x0
    prepend_file = {type = 0 '\0', filename = 0x0, opened_path =
    0x0, handle = {fd = 0, fp = 0x0, stream = {handle = 0x0, reader = 0,
    closer = 0, fteller = 0,
    interactive = 0}}, free_filename = 0 '\0'}
    append_file = {type = 0 '\0', filename = 0x0, opened_path =
    0x0, handle = {fd = 0, fp = 0x0, stream = {handle = 0x0, reader = 0,
    closer = 0, fteller = 0,
    interactive = 0}}, free_filename = 0 '\0'}
    old_cwd = 0x7fbfffcb10 "/usr/local/apache_9090/bin"
    retval = 0
    #36 0x0000002a95ac7b9f in apache_php_module_main (r=0x70f0d0,
    display_source_mode=0) at
    /usr/local/src/lamp-test/php-5.2.0_9090/sapi/apache/sapi_apache.c:53
    retval = 0
    file_handle = {type = 5 '\005', filename = 0x774700
    "//usr/local/apache_9090/htdocs/pages.eby/eds.php",
    opened_path = 0x2a970ebce8
    "config;service;eds;contact;shop;support;check ", handle = {fd =
    -1760641432, fp = 0x2a970ebe68, stream = {handle = 0x2a970ebe68,
    reader = 0x2a95a0d5be <_php_stream_read>, closer = 0x2a959f5f08
    <stream_closer_for_zend>, fteller = 0x2a959f5f24
    <stream_fteller_for_zend>, interactive = 0}},
    free_filename = 0 '\0'}
    #37 0x0000002a95ac8b25 in send_php (r=0x70f0d0, display_source_mode=0,
    filename=0x774700 "//usr/local/apache_9090/htdocs/pages.eby/eds.php")
    at
    /usr/local/src/lamp-test/php-5.2.0_9090/sapi/apache/mod_php5.c:660
    __orig_bailout = (jmp_buf *) 0x0
    __bailout = {{__jmpbuf = {0, 548682068208, 5643392,
    548682069056, 0, 0, 548682067600, 182899738907}, __mask_was_saved = 0,
    __saved_mask = {__val = {7401608,
    7817760, 0, 5683212, 7817800, 0, 651061555542690057,
    548682068096, 4530537, 1, 7817736, 7817008, 7401608, 7817736, 7404312,
    548682068096}}}}
    retval = 0
    per_dir_conf = (HashTable *) 0x734920
    #38 0x0000002a95ac8b81 in send_pd_php (r=0x70f0d0) at
    /usr/local/src/lamp-test/php-5.2.0_9090/sapi/apache/mod_php5.c:675
    result = 127
    #39 0x000000000048ce58 in ap_invoke_handler ()
    No symbol table info available.
    #40 0x00000000004a4cc2 in process_request_internal ()
    No symbol table info available.
    #41 0x00000000004a4d17 in ap_process_request ()
    No symbol table info available.
    #42 0x000000000049af7a in child_main ()
    No symbol table info available.
    #43 0x000000000049b1ae in make_child ()
    No symbol table info available.
    #44 0x000000000049b32d in startup_children ()
    No symbol table info available.
    #45 0x000000000049ba2e in standalone_main ()
    No symbol table info available.
    #46 0x000000000049c22b in main ()
    No symbol table info available.

    ------------------------------------------------------------------------

    The remainder of the comments for this report are too long. To view
    the rest of the comments, please view the bug report online at
    [url]http://bugs.php.net/40232[/url]

    --
    Edit this bug report at [url]http://bugs.php.net/?id=40232&edit=1[/url]
    pajoye@php.net Guest

  12. #12

    Default #40232 [Fbk]: Apache segfaults when using openssl_pkcs7_encrypt()

    ID: 40232
    Updated by: [email]pajoyephp.net[/email]
    Reported By: schotte at mayflower dot de
    Status: Feedback
    Bug Type: Reproducible crash
    Operating System: RedHat Linux 3.4.4-2 64-bit
    PHP Version: 5.2.0
    New Comment:

    A script and the necessary data (sample cert, mail data, anything you
    use in the script)


    Previous Comments:
    ------------------------------------------------------------------------

    [2007-01-26 14:32:53] [email]pajoyephp.net[/email]

    Do you have a script to reproduce the crash?

    ------------------------------------------------------------------------

    [2007-01-26 13:06:19] [email]tony2001php.net[/email]

    Does it work with just ./configure --disable-all --with-opensll ?

    ------------------------------------------------------------------------

    [2007-01-26 13:02:54] schotte at mayflower dot de

    ldd libphp5.so:

    libcrypt.so.1 => /lib64/libcrypt.so.1 (0x0000002a95c3c000)
    librt.so.1 => /lib64/tls/librt.so.1 (0x0000002a95d70000)
    libfreetype.so.6 => /usr/lib64/libfreetype.so.6
    (0x0000002a95e8a000)
    libpng12.so.0 => /usr/lib64/libpng12.so.0 (0x0000002a96015000)
    libz.so.1 => /usr/lib64/libz.so.1 (0x0000002a9613c000)
    libjpeg.so.62 => /usr/lib64/libjpeg.so.62 (0x0000002a9624f000)
    libresolv.so.2 => /lib64/libresolv.so.2 (0x0000002a96371000)
    libm.so.6 => /lib64/tls/libm.so.6 (0x0000002a96486000)
    libdl.so.2 => /lib64/libdl.so.2 (0x0000002a9660c000)
    libnsl.so.1 => /lib64/libnsl.so.1 (0x0000002a96710000)
    libssl.so.4 => /lib64/libssl.so.4 (0x0000002a96827000)
    libcrypto.so.4 => /lib64/libcrypto.so.4 (0x0000002a96963000)
    libgssapi_krb5.so.2 => /usr/lib64/libgssapi_krb5.so.2
    (0x0000002a96b93000)
    libkrb5.so.3 => /usr/lib64/libkrb5.so.3 (0x0000002a96ca9000)
    libcom_err.so.2 => /lib64/libcom_err.so.2 (0x0000002a96e1a000)
    libk5crypto.so.3 => /usr/lib64/libk5crypto.so.3
    (0x0000002a96f1d000)
    libclntsh.so.10.1 => /ora10/client/lib/libclntsh.so.10.1
    (0x0000002a97040000)
    libxml2.so.2 => /usr/lib64/libxml2.so.2 (0x0000002a9838e000)
    libc.so.6 => /lib64/tls/libc.so.6 (0x0000002a9859d000)
    libpthread.so.0 => /lib64/tls/libpthread.so.0
    (0x0000002a987d0000)
    /lib64/ld-linux-x86-64.so.2 (0x000000552aaaa000)
    libnnz10.so => /ora10/client/lib/libnnz10.so
    (0x0000002a988e6000)

    ------------------------------------------------------------------------

    [2007-01-26 12:51:37] [email]tony2001php.net[/email]

    ldd /path/to/libphp5.so

    ------------------------------------------------------------------------

    [2007-01-26 12:45:59] schotte at mayflower dot de

    We compiled PHP without MySQL (--without-mysql) and using Oracle
    instead. It did not help, same backtrace:

    #0 0x0000000000534ec9 in BN_BLINDING_free ()
    No symbol table info available.
    #1 0x00000000004ef35b in RSA_free ()
    No symbol table info available.
    #2 0x00000000004fefe6 in EVP_PKEY_free ()
    No symbol table info available.
    #3 0x000000000054b91f in pubkey_cb ()
    No symbol table info available.
    #4 0x00000000005066d7 in asn1_item_combine_free ()
    No symbol table info available.
    #5 0x0000000000506955 in asn1_item_combine_free ()
    No symbol table info available.
    #6 0x0000000000506955 in asn1_item_combine_free ()
    No symbol table info available.
    #7 0x0000000000506a72 in ASN1_item_free ()
    No symbol table info available.
    #8 0x00000000004f7acb in sk_pop_free ()
    No symbol table info available.
    #9 0x0000002a95783792 in zif_openssl_pkcs7_encrypt (ht=5,
    return_value=0x2a9e269078, return_value_ptr=0x0, this_ptr=0x0,
    return_value_used=1)
    at
    /usr/local/src/lamp-test/php-5.2.0_9090/ext/openssl/openssl.c:2654
    zrecipcerts = (zval **) 0x2a9e30d1d8
    zheaders = (zval *) 0x2a9e2f5320
    recipcerts = (STACK *) 0x9a0340
    infile = (BIO *) 0x9427f0
    outfile = (BIO *) 0x9a15b0
    flags = 0
    p7 = (PKCS7 *) 0x9a3490
    hpos = 0x0
    zcertval = (zval **) 0x60
    cert = (X509 *) 0x9a1630
    cipher = (const EVP_CIPHER *) 0x595de0
    cipherid = 0
    strindexlen = 42
    intindex = 96
    strindex = 0xf15cdbf00000008 <Address 0xf15cdbf00000008 out of
    bounds>
    infilename = 0x2a9afd8db8
    "/home/web/htdocs/temp/eby_17971241774001_encode_infile_0020.txt"
    infilename_len = 63
    outfilename = 0x2a9e268580
    "/home/web/htdocs/temp/eby_17971241774001_encode_outfile_0020.txt"
    outfilename_len = 64
    #10 0x0000002a95a76b0a in zend_do_fcall_common_helper_SPEC
    (execute_data=0x7fbffd8580) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:200
    return_reference = 0 '\0'
    opline = (zend_op *) 0x2a9b1b23b8
    original_return_value = (zval **) 0xd08dc427f1498234
    current_scope = (zend_class_entry *) 0x0
    current_this = (zval *) 0x0
    return_value_used = 1
    should_change_scope = 0 '\0'
    ctor_opline = (zend_op *) 0x2a95a5e3d0
    #11 0x0000002a95a7c74f in ZEND_DO_FCALL_SPEC_CONST_HANDLER
    (execute_data=0x7fbffd8580) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:1681
    opline = (zend_op *) 0x2a9b1b23b8
    fname = (zval *) 0x2a9b1b23e8
    #12 0x0000002a95a765a2 in execute (op_array=0x91fb30) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:92
    execute_data = {opline = 0x2a9b1b23b8, function_state =
    {function_symbol_table = 0x2a9e38d078, function = 0x803ed0, reserved =
    {0x0, 0x7fbffd86b0, 0x2a95a4b9d9,
    0x7fbffd85e0}}, fbc = 0x0, op_array = 0x91fb30, object = 0x0, Ts
    = 0x7fbffd7710, CVs = 0x7fbffd76b0, original_in_execution = 1 '\001',
    symbol_table = 0x2a9b4b5608,
    prev_execute_data = 0x7fbffd8fb0, old_error_reporting = 0x0}
    #13 0x0000002a95a76caf in zend_do_fcall_common_helper_SPEC
    (execute_data=0x7fbffd8fb0) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:234
    opline = (zend_op *) 0x2a9b1e41e8
    original_return_value = (zval **) 0x7fbffdc0d0
    current_scope = (zend_class_entry *) 0x0
    current_this = (zval *) 0x0
    return_value_used = 1
    should_change_scope = 1 '\001'
    ctor_opline = (zend_op *) 0x2a95a5e3d0
    ---Type <return> to continue, or q <return> to quit---
    #14 0x0000002a95a7c74f in ZEND_DO_FCALL_SPEC_CONST_HANDLER
    (execute_data=0x7fbffd8fb0) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:1681
    opline = (zend_op *) 0x2a9b1e41e8
    fname = (zval *) 0x2a9b1e4218
    #15 0x0000002a95a765a2 in execute (op_array=0x920070) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:92
    execute_data = {opline = 0x2a9b1e41e8, function_state =
    {function_symbol_table = 0x2a9b4b5608, function = 0x91fb30, reserved =
    {0x73a040, 0x2a9e2de880, 0x739e20,
    0x7fbffd90b0}}, fbc = 0x0, op_array = 0x920070, object = 0x0, Ts
    = 0x7fbffd87a0, CVs = 0x7fbffd8740, original_in_execution = 1 '\001',
    symbol_table = 0x2a9b46b790,
    prev_execute_data = 0x7fbffdd300, old_error_reporting = 0x0}
    #16 0x0000002a95a76caf in zend_do_fcall_common_helper_SPEC
    (execute_data=0x7fbffdd300) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:234
    opline = (zend_op *) 0x2a974f6370
    original_return_value = (zval **) 0x7fbffe98c0
    current_scope = (zend_class_entry *) 0x0
    current_this = (zval *) 0x0
    return_value_used = 1
    should_change_scope = 1 '\001'
    ctor_opline = (zend_op *) 0x2a95d616e0
    #17 0x0000002a95a77864 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER
    (execute_data=0x7fbffdd300) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:322
    No locals.
    #18 0x0000002a95a765a2 in execute (op_array=0x91cec0) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:92
    execute_data = {opline = 0x2a974f6370, function_state =
    {function_symbol_table = 0x2a9b46b790, function = 0x920070, reserved =
    {0x2a95a77d61, 0x2a9e38ebd9,
    0x100000058, 0x0}}, fbc = 0x920070, op_array = 0x91cec0, object =
    0x0, Ts = 0x7fbffd9300, CVs = 0x7fbffd9160, original_in_execution = 1
    '\001',
    symbol_table = 0x2a9afd75d0, prev_execute_data = 0x7fbffe9f30,
    old_error_reporting = 0x0}
    #19 0x0000002a95a76caf in zend_do_fcall_common_helper_SPEC
    (execute_data=0x7fbffe9f30) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:234
    opline = (zend_op *) 0x2a974b0380
    original_return_value = (zval **) 0x7fbffeb2f8
    current_scope = (zend_class_entry *) 0x0
    current_this = (zval *) 0x0
    return_value_used = 1
    should_change_scope = 1 '\001'
    ctor_opline = (zend_op *) 0x2a95d616e0
    #20 0x0000002a95a77864 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER
    (execute_data=0x7fbffe9f30) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:322
    No locals.
    #21 0x0000002a95a765a2 in execute (op_array=0x91cd70) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:92
    execute_data = {opline = 0x2a974b0380, function_state =
    {function_symbol_table = 0x2a9afd75d0, function = 0x91cec0, reserved =
    {0x19f95a3f610, 0x2a95b90948,
    0x9500739e20, 0x2a9b46e2a0}}, fbc = 0x91cec0, op_array =
    0x91cd70, object = 0x0, Ts = 0x7fbffdd680, CVs = 0x7fbffdd4b0,
    original_in_execution = 1 '\001',
    symbol_table = 0x2a9afd6e58, prev_execute_data = 0x7fbffeb740,
    old_error_reporting = 0x0}
    #22 0x0000002a95a76caf in zend_do_fcall_common_helper_SPEC
    (execute_data=0x7fbffeb740) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:234
    opline = (zend_op *) 0x2a9ad775e8
    original_return_value = (zval **) 0x7fbffec230
    current_scope = (zend_class_entry *) 0x0
    current_this = (zval *) 0x0
    return_value_used = 0
    should_change_scope = 1 '\001'
    ctor_opline = (zend_op *) 0x2a95a5e3d0
    #23 0x0000002a95a7c74f in ZEND_DO_FCALL_SPEC_CONST_HANDLER
    (execute_data=0x7fbffeb740) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:1681
    opline = (zend_op *) 0x2a9ad775e8
    fname = (zval *) 0x2a9ad77618
    #24 0x0000002a95a765a2 in execute (op_array=0x77a930) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:92
    execute_data = {opline = 0x2a9ad775e8, function_state =
    {function_symbol_table = 0x2a9afd6e58, function = 0x91cd70, reserved =
    {0x2a95b91a30, 0x2dbffeb870,
    0x2a95b94dc8, 0x8}}, fbc = 0x0, op_array = 0x77a930, object =
    0x0, Ts = 0x7fbffea1c0, CVs = 0x7fbffea0f0, original_in_execution = 1
    '\001',
    symbol_table = 0x2a9aca26e0, prev_execute_data = 0x7fbfff6b00,
    old_error_reporting = 0x0}
    #25 0x0000002a95a76caf in zend_do_fcall_common_helper_SPEC
    (execute_data=0x7fbfff6b00) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:234
    opline = (zend_op *) 0x2a9e31a210
    original_return_value = (zval **) 0x7fbfffa1c8
    current_scope = (zend_class_entry *) 0x0
    current_this = (zval *) 0x0
    return_value_used = 1
    should_change_scope = 1 '\001'
    ctor_opline = (zend_op *) 0x2a95a5e3d0
    #26 0x0000002a95a7c74f in ZEND_DO_FCALL_SPEC_CONST_HANDLER
    (execute_data=0x7fbfff6b00) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:1681
    opline = (zend_op *) 0x2a9e31a210
    fname = (zval *) 0x2a9e31a240
    #27 0x0000002a95a765a2 in execute (op_array=0x2a970f33b8) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:92
    execute_data = {opline = 0x2a9e31a210, function_state =
    {function_symbol_table = 0x2a9aca26e0, function = 0x77a930, reserved =
    {0x2a970f34a8, 0x2a9c9c1758,
    ---Type <return> to continue, or q <return> to quit---
    0x2a970f3378, 0xbfff6b05}}, fbc = 0x0, op_array = 0x2a970f33b8,
    object = 0x0, Ts = 0x7fbffebc10, CVs = 0x7fbffeb900,
    original_in_execution = 1 '\001',
    symbol_table = 0x2a95d61868, prev_execute_data = 0x7fbfffa200,
    old_error_reporting = 0x0}
    #28 0x0000002a95a834a5 in ZEND_INCLUDE_OR_EVAL_SPEC_TMP_HANDLER
    (execute_data=0x7fbfffa200) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:4572
    saved_object = (zval *) 0x0
    saved_function = (zend_function *) 0x2a970ef6d8
    opline = (zend_op *) 0x2a97123828
    new_op_array = (zend_op_array *) 0x2a970f33b8
    original_return_value = (zval **) 0x7fbfffb540
    return_value_used = 0
    free_op1 = {var = 0x7fbfffa198}
    inc_filename = (zval *) 0x7fbfffa198
    tmp_inc_filename = {value = {lval = 182900575688, dval =
    9.0364891052027516e-313, str = {
    val = 0x2a95b94dc8
    "/usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_variables.h", len =
    -1073766032}, ht = 0x2a95b94dc8, obj = {handle = 2511949256,
    handlers = 0x7fbfffa170}}, refcount = 3221191808, type = 127
    '\177', is_ref = 0 '\0'}
    failure_retval = 0 '\0'
    #29 0x0000002a95a765a2 in execute (op_array=0x2a970ef6d8) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:92
    execute_data = {opline = 0x2a97123828, function_state =
    {function_symbol_table = 0x2a9aca26e0, function = 0x2a970f33b8,
    reserved = {0x774348, 0x774354,
    0x2a00000001, 0x7fbfffa205}}, fbc = 0x0, op_array = 0x2a970ef6d8,
    object = 0x0, Ts = 0x7fbfff7d30, CVs = 0x7fbfff7ce0,
    original_in_execution = 1 '\001',
    symbol_table = 0x2a95d61868, prev_execute_data = 0x7fbfffb570,
    old_error_reporting = 0x0}
    #30 0x0000002a95a834a5 in ZEND_INCLUDE_OR_EVAL_SPEC_TMP_HANDLER
    (execute_data=0x7fbfffb570) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:4572
    saved_object = (zval *) 0x0
    saved_function = (zend_function *) 0x2a970eca30
    opline = (zend_op *) 0x2a970ed150
    new_op_array = (zend_op_array *) 0x2a970ef6d8
    original_return_value = (zval **) 0x7fbfffc7f0
    return_value_used = 0
    free_op1 = {var = 0x7fbfffb510}
    inc_filename = (zval *) 0x7fbfffb510
    tmp_inc_filename = {value = {lval = 182900575688, dval =
    9.0364891052027516e-313, str = {
    val = 0x2a95b94dc8
    "/usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_variables.h", len =
    -1073761048}, ht = 0x2a95b94dc8, obj = {handle = 2511949256,
    handlers = 0x7fbfffb4e8}}, refcount = 3221205888, type = 127
    '\177', is_ref = 0 '\0'}
    failure_retval = 0 '\0'
    #31 0x0000002a95a765a2 in execute (op_array=0x2a970eca30) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:92
    execute_data = {opline = 0x2a970ed150, function_state =
    {function_symbol_table = 0x0, function = 0x2a970ef6d8, reserved =
    {0x2a970ebc58, 0xbfffb5d0, 0x0,
    0x807bfffb505}}, fbc = 0x0, op_array = 0x2a970eca30, object =
    0x0, Ts = 0x7fbfffb420, CVs = 0x7fbfffb3e0, original_in_execution = 1
    '\001',
    symbol_table = 0x2a95d61868, prev_execute_data = 0x7fbfffc820,
    old_error_reporting = 0x0}
    #32 0x0000002a95a7d655 in ZEND_INCLUDE_OR_EVAL_SPEC_CONST_HANDLER
    (execute_data=0x7fbfffc820) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:2033
    saved_object = (zval *) 0x0
    saved_function = (zend_function *) 0x2a970ebbb8
    opline = (zend_op *) 0x2a970ec438
    new_op_array = (zend_op_array *) 0x2a970eca30
    original_return_value = (zval **) 0x7fbfffc9b8
    return_value_used = 0
    inc_filename = (zval *) 0x2a970ec468
    tmp_inc_filename = {value = {lval = 182922953744, dval =
    9.0375947280717828e-313, str = {val = 0x2a970ec410 "�\004\017\227*",
    len = -1760639992},
    ht = 0x2a970ec410, obj = {handle = 2534327312, handlers =
    0x2a970ec408}}, refcount = 2534327272, type = 42 '*', is_ref = 0 '\0'}
    failure_retval = 0 '\0'
    #33 0x0000002a95a765a2 in execute (op_array=0x2a970ebbb8) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend_vm_execute.h:92
    execute_data = {opline = 0x2a970ec438, function_state =
    {function_symbol_table = 0x0, function = 0x2a970eca30, reserved =
    {0x6395a23674, 0x2a95b91100,
    0x2a970ec0a0, 0x7fbfffc890}}, fbc = 0x0, op_array = 0x2a970ebbb8,
    object = 0x0, Ts = 0x7fbfffc770, CVs = 0x7fbfffc740,
    original_in_execution = 0 '\0',
    symbol_table = 0x2a95d61868, prev_execute_data = 0x0,
    old_error_reporting = 0x0}
    #34 0x0000002a95a50c61 in zend_execute_scripts (type=8, retval=0x0,
    file_count=3) at
    /usr/local/src/lamp-test/php-5.2.0_9090/Zend/zend.c:1097
    files = {{gp_offset = 40, fp_offset = 48, overflow_arg_area =
    0x7fbfffcaf0, reg_save_area = 0x7fbfffca20}}
    i = 1
    file_handle = (zend_file_handle *) 0x7fbfffee20
    orig_op_array = (zend_op_array *) 0x0
    orig_retval_ptr_ptr = (zval **) 0x0
    local_retval = (zval *) 0x0
    #35 0x0000002a959f7b82 in php_execute_script
    (primary_file=0x7fbfffee20) at
    /usr/local/src/lamp-test/php-5.2.0_9090/main/main.c:1758
    realfile = "
    p\v\233*\000\000\000��p\000\000\000\000\000� ���\177\000\000\000\200\034V\000\000\000\000 \000���\177",
    '\0' <repeats 27 times>, "
    ���\177\000\000\000��\022s\001\000\000\0 00���\177",
    '\0' <repeats 19 times>,
    "��p\000\000\000\000\000\204�\017\227*\000\0 00\000\200\034V\000\001",
    '\0' <repeats 11 times>,
    "�\017\227*\000\000\0000\032�\225*\000\000\00 0N\000\000#\000\000\000\2204C\227*\000\000\000x\2 37s\000\000\000\000\000\220�\017\227*\000\000\00 0
    \236s\000\000\000\000\000p���\177\000\000\00 0��\225*\000\000\000$\000\000\000*\000\000\000 ��p\000\000\000\000\000���"...
    ---Type <return> to continue, or q <return> to quit---
    __orig_bailout = (jmp_buf *) 0x7fbfffef80
    __bailout = {{__jmpbuf = {7401680, 548682067184, 5643392,
    548682069056, 0, 0, 548682058480, 182898882860}, __mask_was_saved = 0,
    __saved_mask = {__val = {
    182902444560, 548682066848, 182896477906, 353, 4294967324,
    548682066880, 182899278338, 182900567152, 8406784, 548682066928,
    182899301238, 72057776938381216, 0,
    182899278284, 182902463424, 548682066944}}}}
    prepend_file_p = (zend_file_handle *) 0x0
    append_file_p = (zend_file_handle *) 0x0
    prepend_file = {type = 0 '\0', filename = 0x0, opened_path =
    0x0, handle = {fd = 0, fp = 0x0, stream = {handle = 0x0, reader = 0,
    closer = 0, fteller = 0,
    interactive = 0}}, free_filename = 0 '\0'}
    append_file = {type = 0 '\0', filename = 0x0, opened_path =
    0x0, handle = {fd = 0, fp = 0x0, stream = {handle = 0x0, reader = 0,
    closer = 0, fteller = 0,
    interactive = 0}}, free_filename = 0 '\0'}
    old_cwd = 0x7fbfffcb10 "/usr/local/apache_9090/bin"
    retval = 0
    #36 0x0000002a95ac7b9f in apache_php_module_main (r=0x70f0d0,
    display_source_mode=0) at
    /usr/local/src/lamp-test/php-5.2.0_9090/sapi/apache/sapi_apache.c:53
    retval = 0
    file_handle = {type = 5 '\005', filename = 0x774700
    "//usr/local/apache_9090/htdocs/pages.eby/eds.php",
    opened_path = 0x2a970ebce8
    "config;service;eds;contact;shop;support;check ", handle = {fd =
    -1760641432, fp = 0x2a970ebe68, stream = {handle = 0x2a970ebe68,
    reader = 0x2a95a0d5be <_php_stream_read>, closer = 0x2a959f5f08
    <stream_closer_for_zend>, fteller = 0x2a959f5f24
    <stream_fteller_for_zend>, interactive = 0}},
    free_filename = 0 '\0'}
    #37 0x0000002a95ac8b25 in send_php (r=0x70f0d0, display_source_mode=0,
    filename=0x774700 "//usr/local/apache_9090/htdocs/pages.eby/eds.php")
    at
    /usr/local/src/lamp-test/php-5.2.0_9090/sapi/apache/mod_php5.c:660
    __orig_bailout = (jmp_buf *) 0x0
    __bailout = {{__jmpbuf = {0, 548682068208, 5643392,
    548682069056, 0, 0, 548682067600, 182899738907}, __mask_was_saved = 0,
    __saved_mask = {__val = {7401608,
    7817760, 0, 5683212, 7817800, 0, 651061555542690057,
    548682068096, 4530537, 1, 7817736, 7817008, 7401608, 7817736, 7404312,
    548682068096}}}}
    retval = 0
    per_dir_conf = (HashTable *) 0x734920
    #38 0x0000002a95ac8b81 in send_pd_php (r=0x70f0d0) at
    /usr/local/src/lamp-test/php-5.2.0_9090/sapi/apache/mod_php5.c:675
    result = 127
    #39 0x000000000048ce58 in ap_invoke_handler ()
    No symbol table info available.
    #40 0x00000000004a4cc2 in process_request_internal ()
    No symbol table info available.
    #41 0x00000000004a4d17 in ap_process_request ()
    No symbol table info available.
    #42 0x000000000049af7a in child_main ()
    No symbol table info available.
    #43 0x000000000049b1ae in make_child ()
    No symbol table info available.
    #44 0x000000000049b32d in startup_children ()
    No symbol table info available.
    #45 0x000000000049ba2e in standalone_main ()
    No symbol table info available.
    #46 0x000000000049c22b in main ()
    No symbol table info available.

    ------------------------------------------------------------------------

    The remainder of the comments for this report are too long. To view
    the rest of the comments, please view the bug report online at
    [url]http://bugs.php.net/40232[/url]

    --
    Edit this bug report at [url]http://bugs.php.net/?id=40232&edit=1[/url]
    pajoye@php.net Guest

Similar Threads

  1. #40256 [NEW]: PHP & Apache segfaults when using curl
    By pentarh at gmail dot com in forum PHP Bugs
    Replies: 3
    Last Post: January 27th, 03:49 PM
  2. #37438 [Ana]: PDO_MySQL segfaults Apache child
    By john@php.net in forum PHP Bugs
    Replies: 0
    Last Post: September 22nd, 03:49 PM
  3. #37438 [Bgs->Ana]: PDO_MySQL segfaults Apache child
    By john@php.net in forum PHP Bugs
    Replies: 0
    Last Post: September 22nd, 03:49 PM
  4. #37438 [Bgs]: PDO_MySQL segfaults Apache child
    By john@php.net in forum PHP Bugs
    Replies: 0
    Last Post: September 22nd, 03:48 PM
  5. #20249 [Com]: Apache child segfaults when using OCILogon.
    By ratahamahata at php4 dot ru in forum PHP Development
    Replies: 1
    Last Post: August 22nd, 11:21 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139