From:
Operating system: Linux
PHP version: 5.3.9
Package: Apache2 related
Bug Type: Bug
Bug description:php crash after http post without content type header set
Description:
------------
I wrote some software which post a binary (image) to our server.
phplib crashes at the end of a http post without the content type header
set.
Version apache:
[root@www ~]# /usr/sbin/httpd -V
Server version: Apache/2.2.3
Server built: Oct 20 2011 17:00:12
Server's Module Magic Number: 20051115:3
Server loaded: APR 1.2.7, APR-Util 1.2.7
Compiled using: APR 1.2.7, APR-Util 1.2.7
Architecture: 64-bit
Server MPM: Prefork
threaded: no
forked: yes (variable process count)
Server compiled with....
-D APACHE_MPM_DIR="server/mpm/prefork"
-D APR_HAS_SENDFILE
-D APR_HAS_MMAP
-D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
-D APR_USE_SYSVSEM_SERIALIZE
-D APR_USE_PTHREAD_SERIALIZE
-D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
-D APR_HAS_OTHER_CHILD
-D AP_HAVE_RELIABLE_PIPED_LOGS
-D DYNAMIC_MODULE_LIMIT=128
-D HTTPD_ROOT="/etc/httpd"
-D SUEXEC_BIN="/usr/sbin/suexec"
-D DEFAULT_PIDLOG="run/httpd.pid"
-D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
-D DEFAULT_LOCKFILE="logs/accept.lock"
-D DEFAULT_ERRORLOG="logs/error_log"
-D AP_TYPES_CONFIG_FILE="conf/mime.types"
-D SERVER_CONFIG_FILE="conf/httpd.conf"
On kill/error/fault I found in error_log:
Sat Jan 28 12:56:09 2012] [notice] child pid 17077 exit signal Segmentation
fault (11), possible coredump in /tmp
So made a coredump: gdb: bt all:
[sorry, no debug mode, its commercial server, can't recompile etc]
Core was generated by `/usr/sbin/httpd -k start'.
Program terminated with signal 11, Segmentation fault.
#0 0x00007fe25c5696c0 in zend_hash_num_elements () from
/etc/httpd/modules/libphp5.so
(gdb) bt full
#0 0x00007fe25c5696c0 in zend_hash_num_elements () from
/etc/httpd/modules/libphp5.so
No symbol table info available.
#1 0x00007fe25c519606 in php_register_variable_ex () from
/etc/httpd/modules/libphp5.so
No symbol table info available.
#2 0x00007fe25c432625 in ?? () from /etc/httpd/modules/libphp5.so
No symbol table info available.
#3 0x00007fe25c51a0e9 in php_std_post_handler () from
/etc/httpd/modules/libphp5.so
No symbol table info available.
#4 0x00007fe25c513dd3 in sapi_handle_post () from
/etc/httpd/modules/libphp5.so
No symbol table info available.
#5 0x00007fe25c519d2b in php_default_treat_data () from
/etc/httpd/modules/libphp5.so
No symbol table info available.
#6 0x00007fe257248134 in mbstr_treat_data () from
/usr/lib64/php/modules/mbstring.so
No symbol table info available.
#7 0x00007fe25c51a2a1 in ?? () from /etc/httpd/modules/libphp5.so
No symbol table info available.
#8 0x00007fe25c50ab65 in php_request_startup () from
/etc/httpd/modules/libphp5.so
No symbol table info available.
#9 0x00007fe25c5e66d8 in ?? () from /etc/httpd/modules/libphp5.so
No symbol table info available.
#10 0x00007fe268e89aca in ap_run_handler ()
No symbol table info available.
#11 0x00007fe268e8cf58 in ap_invoke_handler ()
No symbol table info available.
#12 0x00007fe268e97a18 in ap_process_request ()
No symbol table info available.
#13 0x00007fe268e94c50 in ?? ()
No symbol table info available.
#14 0x00007fe268e90d52 in ap_run_process_connection ()
No symbol table info available.
#15 0x00007fe268e9be49 in ?? ()
No symbol table info available.
#16 0x00007fe268e9c0da in ?? ()
No symbol table info available.
#17 0x00007fe268e9c190 in ?? ()
No symbol table info available.
#18 0x00007fe268e9ce7b in ap_mpm_run ()
No symbol table info available.
#19 0x00007fe268e76e48 in main ()
No symbol table info available.
Test script:
---------------
Qt source for posting binary without content type set:
QString filename = QFileDialog::getOpenFileName(this);
QFile* f = new QFile(filename);
f->open(QFile::ReadOnly);
QNetworkAccessManager* manager = new QNetworkAccessManager(this);
QNetworkRequest req(QUrl("http://www.server.com/post.php";));
// uncomment line below for bypassing error
// req.setHeader(QNetworkRequest::ContentTypeHeader,"image/jpeg");
QNetworkReply* rep = manager->post(req,f);
f->setParent(rep);
--
Edit bug report at https://bugs.php.net/bug.php?id=60928&edit=1
--
Try a snapshot (PHP 5.4):
https://bugs.php.net/fix.php?id=60928&r=trysnapshot54
Try a snapshot (PHP 5.3):
https://bugs.php.net/fix.php?id=60928&r=trysnapshot53
Try a snapshot (trunk):
https://bugs.php.net/fix.php?id=60928&r=trysnapshottrunk
Fixed in SVN:
https://bugs.php.net/fix.php?id=60928&r=fixed
Fixed in SVN and need be documented:
https://bugs.php.net/fix.php?id=60928&r=needdocs
Fixed in release:
https://bugs.php.net/fix.php?id=60928&r=alreadyfixed
Need backtrace:
https://bugs.php.net/fix.php?id=60928&r=needtrace
Need Reproduce Script:
https://bugs.php.net/fix.php?id=60928&r=needscript
Try newer version:
https://bugs.php.net/fix.php?id=60928&r=oldversion
Not developer issue:
https://bugs.php.net/fix.php?id=60928&r=support
Expected behavior:
https://bugs.php.net/fix.php?id=60928&r=notwrong
Not enough info:
https://bugs.php.net/fix.php?id=60928&r=notenoughinfo
Submitted twice:
https://bugs.php.net/fix.php?id=60928&r=submittedtwice
register_globals:
https://bugs.php.net/fix.php?id=60928&r=globals
PHP 4 support discontinued:
https://bugs.php.net/fix.php?id=60928&r=php4
Daylight Savings: https://bugs.php.net/fix.php?id=60928&r=dst
IIS Stability:
https://bugs.php.net/fix.php?id=60928&r=isapi
Install GNU Sed:
https://bugs.php.net/fix.php?id=60928&r=gnused
Floating point limitations:
https://bugs.php.net/fix.php?id=60928&r=float
No Zend Extensions:
https://bugs.php.net/fix.php?id=60928&r=nozend
MySQL Configuration Error:
https://bugs.php.net/fix.php?id=60928&r=mysqlcfg
