ID: 20551
User updated by: [EMAIL PROTECTED]
Reported By: [EMAIL PROTECTED]
Status: Open
Bug Type: Output Control
Operating System: RedHat 7.2
PHP Version: 4.3.0RC2
New Comment:
Finally.
In file:
sapi/apache/mod_php4.c
The crash is in sapi_apache_header_handler(). This line is apparently
not guaranteed:
request_rec *r = (request_rec *) SG(server_context);
As r is dereferenced and not valid some small percent of the time. It
may be indicative of some other error. Further investigation as to why
needs to be done.
I added a few other checks while tracking this bug down. Here is the
function as I have it now. No more segfaults in the error_log. The line
to note is the check for !r. Also, I don't think it hurts to check for
null in other places (!sapi_header || !sapi_header->header).
/* {{{ sapi_apache_header_handler
*/
int sapi_apache_header_handler(sapi_header_struct *sapi_header,
sapi_headers_struct *sapi_headers TSRMLS_DC)
{
char *header_name, *header_content, *p;
request_rec *r = (request_rec *) SG(server_context);
if (!sapi_header) {
return 0;
}
if (!sapi_header->header) {
return 0;
}
header_name = sapi_header->header;
header_content = strchr(header_name, ':');
if (!header_content || !r) {
efree(sapi_header->header);
return 0;
}
header_name =
estrndup(header_name,header_content-header_name);
if (!header_name){
return 0;
}
do {
header_content++;
} while (*header_content==' ');
if (!strcasecmp(header_name, "Content-Type")) {
r->content_type = pstrdup(r->pool, header_content);
} else if (!strcasecmp(header_name, "Set-Cookie")) {
table_add(r->headers_out, header_name,
header_content);
} else if (sapi_header->replace) {
table_set(r->headers_out, header_name,
header_content);
} else {
table_add(r->headers_out, header_name,
header_content);
efree(header_name);
efree(sapi_header->header);
return 0; /* don't use the default SAPI mechanism, Apache
duplicates this functionality */
}
/* }}} */
Previous Comments:
------------------------------------------------------------------------
[2002-12-05 18:34:16] [EMAIL PROTECTED]
OK, I was able to have gbb attach to one of the 500 children and wait
for a segault. This is version 4.2.3, as this is from our production
site (late at night I'll try and do the same for a full debug version
of 4.3RC2):
Program received signal SIGSEGV, Segmentation fault.
0x080a9b2c in sapi_apache_header_handler ()
(gdb) bt
#0 0x080a9b2c in sapi_apache_header_handler ()
#1 0x080af403 in sapi_add_header_ex ()
#2 0x080b5700 in zif_ob_gzhandler ()
#3 0x08124392 in call_user_function_ex ()
#4 0x080b20f9 in php_end_ob_buffer ()
#5 0x080b23bb in php_end_ob_buffers ()
#6 0x080ac0a7 in php_request_shutdown ()
#7 0x081530d8 in run_cleanups ()
#8 0x08151ec8 in ap_clear_pool ()
#9 0x08151f28 in ap_destroy_pool ()
#10 0x08151e9b in ap_clear_pool ()
#11 0x0815e92b in child_main ()
#12 0x0815ef0b in make_child ()
#13 0x0815f1e9 in perform_idle_server_maintenance ()
#14 0x0815f69a in standalone_main ()
#15 0x0815fc2c in main ()
------------------------------------------------------------------------
[2002-12-04 17:59:13] [EMAIL PROTECTED]
status -> open, updated version.
(please, don't use 'Add Comment' when you edit your own submission..use
'Edit Submission')
------------------------------------------------------------------------
[2002-12-04 11:36:49] [EMAIL PROTECTED]
Yes, the problem occurs without the Zend addon. Zend Accelerator won't
work with PHP 4.3 anyhow, so I turned it off. In the other message I
proved myself to be a bad typist. :( I meant to say _without_ Zend
Accelerator...
------------------------------------------------------------------------
[2002-12-04 00:38:50] [EMAIL PROTECTED]
Does the crash still occur when you disable Zend Accelerator?
Derick
------------------------------------------------------------------------
[2002-12-03 20:41:29] [EMAIL PROTECTED]
I tried with 4.3RC2. Bug still exists, crashing at least 13 times in
the couple of minutes the server was able to run with Zend
accelerator...
I HATE this bug. Grr. I case I can take the time to do a walkthrough
since it still exists...
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/20551
--
Edit this bug report at http://bugs.php.net/?id=20551&edit=1
