ID: 20190 Comment by: [EMAIL PROTECTED] Reported By: [EMAIL PROTECTED] Status: Feedback Bug Type: Apache related Operating System: FreeBSD PHP Version: 4.2.3 New Comment:
Previous dump was not the right one, sorry. I had dumps for children disabled. This is now the right one ... (gdb) bt #0 0x280de8e1 in strlen () from /usr/lib/libc.so.4 #1 0x17 in ?? () #2 0x2836decb in php_check_open_basedir (path=0x8c79c98 "/www/doc/www.skkonline.ch-80/top/scripts2/schools.php") at fopen_wrappers.c:211 #3 0x2836e19f in php_fopen_and_set_opened_path ( path=0x8c79c98 "/www/doc/www.skkonline.ch-80/top/scripts2/schools.php", mode=0x284e1ac3 "rb", opened_path=0xbfbff8d8) at fopen_wrappers.c:309 #4 0x2836e89d in php_fopen_with_path (filename=0x8c79c98 "/www/doc/www.skkonline.ch-80/top/scripts2/schools.php", mode=0x284e1ac3 "rb", path=0x81ebb50 ".", opened_path=0xbfbff8d8) at fopen_wrappers.c:494 #5 0x2836edc0 in php_fopen_url_wrapper (path=0x8c79c98 "/www/doc/www.skkonline.ch-80/top/scripts2/schools.php", mode=0x284e1ac3 "rb", options=1, issock=0xbfbfe6f0, socketd=0xbfbfe6ec, opened_path=0xbfbff8d8) at fopen_wrappers.c:612 #6 0x2836e26d in php_fopen_wrapper (path=0x8c79c98 "/www/doc/www.skkonline.ch-80/top/scripts2/schools.php", mode=0x284e1ac3 "rb", options=1, issock=0xbfbfe6f0, socketd=0xbfbfe6ec, opened_path=0xbfbff8d8) at fopen_wrappers.c:335 #7 0x2836b38c in php_fopen_wrapper_for_zend ( filename=0x8c79c98 "/www/doc/www.skkonline.ch-80/top/scripts2/schools.php", opened_path=0xbfbff8d8) at main.c:583 #8 0x28336463 in open_file_for_scanning (file_handle=0xbfbff8d0) at zend_language_scanner.c:2952 #9 0x28336611 in compile_file (file_handle=0xbfbff8d0, type=2) at zend_language_scanner.c:3009 #10 0x2835bb4f in zend_execute_scripts (type=8, retval=0x0, file_count=3) at zend.c:823 #11 0x2836d0b9 in php_execute_script (primary_file=0xbfbff8d0) at main.c:1399 #12 0x28367d82 in apache_php_module_main (r=0x8c78038, display_source_mode=0) at sapi_apache.c:98 #13 0x28368c2c in send_php (r=0x8c78038, display_source_mode=0, filename=0x8c79c98 "/www/doc/www.skkonline.ch-80/top/scripts2/schools.php") at mod_php4.c:684 #14 0x28368c9f in send_parsed_php (r=0x8c78038) at mod_php4.c:703 (gdb) list 206 char *newpath; 207 char *ptr; 208 char *end; 209 210 pathbuf = estrdup(PG(open_basedir)); 211 newpath = estrdup(zend_get_executed_filename(TSRMLS_C)); 212 213 ptr = pathbuf; 214 while (ptr && *ptr) { 215 end = strchr(ptr, DEFAULT_DIR_SEPARATOR); Previous Comments: ------------------------------------------------------------------------ [2002-10-31 10:40:02] [EMAIL PROTECTED] If I allow the open_basedir restriction to pass, I get now random segfaults : Program terminated with signal 11, Segmentation fault. #0 0x2835d21e in _object_and_properties_init (arg=0xbfbffccc, class_type=0x0, properties=0xbfbffce2) at zend_API.c:584 584 ALLOC_HASHTABLE_REL(arg->value.obj.properties); (gdb) bt #0 0x2835d21e in _object_and_properties_init (arg=0xbfbffccc, class_type=0x0, properties=0xbfbffce2) at zend_API.c:584 (gdb) list 579 } 580 581 if (properties) { 582 arg->value.obj.properties = properties; 583 } else { 584 ALLOC_HASHTABLE_REL(arg->value.obj.properties); 585 zend_hash_init(arg->value.obj.properties, 0, NULL, ZVAL_PTR_DTOR, 0); 586 zend_hash_copy(arg->value.obj.properties, &class_type->default_properties, (copy_ctor_func_t) zval_add_ref, (void *) &tmp, sizeof(zval *)); 587 } 588 arg->type = IS_OBJECT; (gdb) p arg->value.obj.properties $1 = (HashTable *) 0x636f6c2f (gdb) p *arg->value.obj.properties Cannot access memory at address 0x636f6c2f. (gdb) p properties $2 = (HashTable *) 0xbfbffce2 (gdb) p *properties $3 = {nTableSize = 1212367181, nTableMask = 1162893652, nNumOfElements = 942893373, nNextFreeElement = 1714236726, pInternalPointer = 0x62656572, pListHead = 0x2e346473, pListTail = 0x53550033, arBuckets = 0x743d5245, pDestructor = 0x726f6f, persistent = 77 'M', nApplyCount = 65 'A', bApplyProtection = 73 'I'} (gdb) p *arg $4 = {value = {lval = 1920169263, dval = 9.4870166287391071e+170, str = {val = 0x7273752f <Address 0x7273752f out of bounds>, len = 1668246575}, ht = 0x7273752f, obj = {ce = 0x7273752f, properties = 0x636f6c2f}}, type = 97 'a', is_ref = 108 'l', refcount = 29487} ------------------------------------------------------------------------ [2002-10-31 10:03:59] [EMAIL PROTECTED] I already use this snapshot. And it still happens. I'll post soon more info. I'm compiling now a debug version. Martin ------------------------------------------------------------------------ [2002-10-31 09:23:36] [EMAIL PROTECTED] Please try using this CVS snapshot: http://snaps.php.net/php4-latest.tar.gz For Windows: http://snaps.php.net/win32/php4-win32-latest.zip ------------------------------------------------------------------------ [2002-10-31 09:01:33] [EMAIL PROTECTED] Note that this bug is similar to a other bug, http://bugs.php.net/bug.php?id=19292 It's not the same bug. There were some checks wrong in fopen_wrappers.c. This is fixed in cvs. This bug does show similar results as 19292, but the source of the problem is completly different. This a webserver with ~400 virtual servers, ~100 have php enabled. I see the bug happen if I access frequently pages of customer 1 (php enabled) and at the same time customer 2. ------------------------------------------------------------------------ [2002-10-31 08:55:47] [EMAIL PROTECTED] I've done this change in main/fopen_wrappers.c to see what happens: - php_error(E_WARNING, "open_basedir restriction - in effect. File is in wrong directory"); + php_error(E_WARNING, "open_basedir: File should + be in %s, but is in %s file (%s)", + pathbuf, path, + zend_get_executed_filename(TSRMLS_C)); let's say pathbuf=$a, path=$b, zend_get_executed_filename=$c As you see $a (which is PG(open_basedir)), should be identical to the path without added filename of both $b and $c. The error is random. Sometimes $a and $c are correct, and $b is plain wrong (from a previous request). Sometimes $a and $c are correct, and $b is wrong. [24-Oct-2002 10:49:19] PHP Warning: open_basedir: File should be in /www/doc/www.aaa.ch-80, but is in /www/doc/ www.bbb.ch-80/html/visions/php/include/globals.inc in /www/doc/www.aaa.ch-80/index.php on line 2 [24-Oct-2002 10:49:19] PHP Warning: open_basedir: File should be in /www/doc/www.aaa.ch-80, but is in /www/doc/ www.bbb.ch-80/html/visions/php//wrapper.php in /www/doc/www.aaa.ch-80/index.php on line 6 [24-Oct-2002 10:53:45] PHP Warning: open_basedir: File should be in /www/doc/www.aaa.ch-80, but is in /www/doc/ www.bbb.ch-80/html/visions/php//include/globals.inc in /www/doc/www.aaa.ch-80/index.php on line 2 [24-Oct-2002 10:53:45] PHP Warning: open_basedir: File should be in /www/doc/www.aaa.ch-80, but is in /www/doc/ www.bbb.ch-80/html/visions/php//wrapper.php in /www/doc/www.aaa.ch-80/index.php on line 6 This bug is critical and not fixed in cvs. I just tried the newest snapshot and it's not fixed. Martin ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=20190&edit=1