ID: 20190 Updated by: [EMAIL PROTECTED] Reported By: [EMAIL PROTECTED] Status: Feedback Bug Type: Apache related Operating System: FreeBSD -PHP Version: 4.2.3 +PHP Version: 4.3.0-dev New Comment:
If you try a snapshot, put the version correctly here. Also, you added comment to http://bugs.php.net/bug.php?id=19292 that it should be critical, and now you say it's fixed. So what's the real thing here? Previous Comments: ------------------------------------------------------------------------ [2002-10-31 11:27:10] [EMAIL PROTECTED] Previous dump was not the right one, sorry. I had dumps for children disabled. This is now the right one ... (gdb) bt #0 0x280de8e1 in strlen () from /usr/lib/libc.so.4 #1 0x17 in ?? () #2 0x2836decb in php_check_open_basedir (path=0x8c79c98 "/www/doc/www.skkonline.ch-80/top/scripts2/schools.php") at fopen_wrappers.c:211 #3 0x2836e19f in php_fopen_and_set_opened_path ( path=0x8c79c98 "/www/doc/www.skkonline.ch-80/top/scripts2/schools.php", mode=0x284e1ac3 "rb", opened_path=0xbfbff8d8) at fopen_wrappers.c:309 #4 0x2836e89d in php_fopen_with_path (filename=0x8c79c98 "/www/doc/www.skkonline.ch-80/top/scripts2/schools.php", mode=0x284e1ac3 "rb", path=0x81ebb50 ".", opened_path=0xbfbff8d8) at fopen_wrappers.c:494 #5 0x2836edc0 in php_fopen_url_wrapper (path=0x8c79c98 "/www/doc/www.skkonline.ch-80/top/scripts2/schools.php", mode=0x284e1ac3 "rb", options=1, issock=0xbfbfe6f0, socketd=0xbfbfe6ec, opened_path=0xbfbff8d8) at fopen_wrappers.c:612 #6 0x2836e26d in php_fopen_wrapper (path=0x8c79c98 "/www/doc/www.skkonline.ch-80/top/scripts2/schools.php", mode=0x284e1ac3 "rb", options=1, issock=0xbfbfe6f0, socketd=0xbfbfe6ec, opened_path=0xbfbff8d8) at fopen_wrappers.c:335 #7 0x2836b38c in php_fopen_wrapper_for_zend ( filename=0x8c79c98 "/www/doc/www.skkonline.ch-80/top/scripts2/schools.php", opened_path=0xbfbff8d8) at main.c:583 #8 0x28336463 in open_file_for_scanning (file_handle=0xbfbff8d0) at zend_language_scanner.c:2952 #9 0x28336611 in compile_file (file_handle=0xbfbff8d0, type=2) at zend_language_scanner.c:3009 #10 0x2835bb4f in zend_execute_scripts (type=8, retval=0x0, file_count=3) at zend.c:823 #11 0x2836d0b9 in php_execute_script (primary_file=0xbfbff8d0) at main.c:1399 #12 0x28367d82 in apache_php_module_main (r=0x8c78038, display_source_mode=0) at sapi_apache.c:98 #13 0x28368c2c in send_php (r=0x8c78038, display_source_mode=0, filename=0x8c79c98 "/www/doc/www.skkonline.ch-80/top/scripts2/schools.php") at mod_php4.c:684 #14 0x28368c9f in send_parsed_php (r=0x8c78038) at mod_php4.c:703 (gdb) list 206 char *newpath; 207 char *ptr; 208 char *end; 209 210 pathbuf = estrdup(PG(open_basedir)); 211 newpath = estrdup(zend_get_executed_filename(TSRMLS_C)); 212 213 ptr = pathbuf; 214 while (ptr && *ptr) { 215 end = strchr(ptr, DEFAULT_DIR_SEPARATOR); ------------------------------------------------------------------------ [2002-10-31 10:40:02] [EMAIL PROTECTED] If I allow the open_basedir restriction to pass, I get now random segfaults : Program terminated with signal 11, Segmentation fault. #0 0x2835d21e in _object_and_properties_init (arg=0xbfbffccc, class_type=0x0, properties=0xbfbffce2) at zend_API.c:584 584 ALLOC_HASHTABLE_REL(arg->value.obj.properties); (gdb) bt #0 0x2835d21e in _object_and_properties_init (arg=0xbfbffccc, class_type=0x0, properties=0xbfbffce2) at zend_API.c:584 (gdb) list 579 } 580 581 if (properties) { 582 arg->value.obj.properties = properties; 583 } else { 584 ALLOC_HASHTABLE_REL(arg->value.obj.properties); 585 zend_hash_init(arg->value.obj.properties, 0, NULL, ZVAL_PTR_DTOR, 0); 586 zend_hash_copy(arg->value.obj.properties, &class_type->default_properties, (copy_ctor_func_t) zval_add_ref, (void *) &tmp, sizeof(zval *)); 587 } 588 arg->type = IS_OBJECT; (gdb) p arg->value.obj.properties $1 = (HashTable *) 0x636f6c2f (gdb) p *arg->value.obj.properties Cannot access memory at address 0x636f6c2f. (gdb) p properties $2 = (HashTable *) 0xbfbffce2 (gdb) p *properties $3 = {nTableSize = 1212367181, nTableMask = 1162893652, nNumOfElements = 942893373, nNextFreeElement = 1714236726, pInternalPointer = 0x62656572, pListHead = 0x2e346473, pListTail = 0x53550033, arBuckets = 0x743d5245, pDestructor = 0x726f6f, persistent = 77 'M', nApplyCount = 65 'A', bApplyProtection = 73 'I'} (gdb) p *arg $4 = {value = {lval = 1920169263, dval = 9.4870166287391071e+170, str = {val = 0x7273752f <Address 0x7273752f out of bounds>, len = 1668246575}, ht = 0x7273752f, obj = {ce = 0x7273752f, properties = 0x636f6c2f}}, type = 97 'a', is_ref = 108 'l', refcount = 29487} ------------------------------------------------------------------------ [2002-10-31 10:03:59] [EMAIL PROTECTED] I already use this snapshot. And it still happens. I'll post soon more info. I'm compiling now a debug version. Martin ------------------------------------------------------------------------ [2002-10-31 09:23:36] [EMAIL PROTECTED] Please try using this CVS snapshot: http://snaps.php.net/php4-latest.tar.gz For Windows: http://snaps.php.net/win32/php4-win32-latest.zip ------------------------------------------------------------------------ [2002-10-31 09:01:33] [EMAIL PROTECTED] Note that this bug is similar to a other bug, http://bugs.php.net/bug.php?id=19292 It's not the same bug. There were some checks wrong in fopen_wrappers.c. This is fixed in cvs. This bug does show similar results as 19292, but the source of the problem is completly different. This a webserver with ~400 virtual servers, ~100 have php enabled. I see the bug happen if I access frequently pages of customer 1 (php enabled) and at the same time customer 2. ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/20190 -- Edit this bug report at http://bugs.php.net/?id=20190&edit=1
