ID: 20551 User updated by: [EMAIL PROTECTED] Reported By: [EMAIL PROTECTED] Status: Open Bug Type: Output Control Operating System: RedHat 7.2 PHP Version: 4.3.0RC2 New Comment:
Finally. In file: sapi/apache/mod_php4.c The crash is in sapi_apache_header_handler(). This line is apparently not guaranteed: request_rec *r = (request_rec *) SG(server_context); As r is dereferenced and not valid some small percent of the time. It may be indicative of some other error. Further investigation as to why needs to be done. I added a few other checks while tracking this bug down. Here is the function as I have it now. No more segfaults in the error_log. The line to note is the check for !r. Also, I don't think it hurts to check for null in other places (!sapi_header || !sapi_header->header). /* {{{ sapi_apache_header_handler */ int sapi_apache_header_handler(sapi_header_struct *sapi_header, sapi_headers_struct *sapi_headers TSRMLS_DC) { char *header_name, *header_content, *p; request_rec *r = (request_rec *) SG(server_context); if (!sapi_header) { return 0; } if (!sapi_header->header) { return 0; } header_name = sapi_header->header; header_content = strchr(header_name, ':'); if (!header_content || !r) { efree(sapi_header->header); return 0; } header_name = estrndup(header_name,header_content-header_name); if (!header_name){ return 0; } do { header_content++; } while (*header_content==' '); if (!strcasecmp(header_name, "Content-Type")) { r->content_type = pstrdup(r->pool, header_content); } else if (!strcasecmp(header_name, "Set-Cookie")) { table_add(r->headers_out, header_name, header_content); } else if (sapi_header->replace) { table_set(r->headers_out, header_name, header_content); } else { table_add(r->headers_out, header_name, header_content); efree(header_name); efree(sapi_header->header); return 0; /* don't use the default SAPI mechanism, Apache duplicates this functionality */ } /* }}} */ Previous Comments: ------------------------------------------------------------------------ [2002-12-05 18:34:16] [EMAIL PROTECTED] OK, I was able to have gbb attach to one of the 500 children and wait for a segault. This is version 4.2.3, as this is from our production site (late at night I'll try and do the same for a full debug version of 4.3RC2): Program received signal SIGSEGV, Segmentation fault. 0x080a9b2c in sapi_apache_header_handler () (gdb) bt #0 0x080a9b2c in sapi_apache_header_handler () #1 0x080af403 in sapi_add_header_ex () #2 0x080b5700 in zif_ob_gzhandler () #3 0x08124392 in call_user_function_ex () #4 0x080b20f9 in php_end_ob_buffer () #5 0x080b23bb in php_end_ob_buffers () #6 0x080ac0a7 in php_request_shutdown () #7 0x081530d8 in run_cleanups () #8 0x08151ec8 in ap_clear_pool () #9 0x08151f28 in ap_destroy_pool () #10 0x08151e9b in ap_clear_pool () #11 0x0815e92b in child_main () #12 0x0815ef0b in make_child () #13 0x0815f1e9 in perform_idle_server_maintenance () #14 0x0815f69a in standalone_main () #15 0x0815fc2c in main () ------------------------------------------------------------------------ [2002-12-04 17:59:13] [EMAIL PROTECTED] status -> open, updated version. (please, don't use 'Add Comment' when you edit your own submission..use 'Edit Submission') ------------------------------------------------------------------------ [2002-12-04 11:36:49] [EMAIL PROTECTED] Yes, the problem occurs without the Zend addon. Zend Accelerator won't work with PHP 4.3 anyhow, so I turned it off. In the other message I proved myself to be a bad typist. :( I meant to say _without_ Zend Accelerator... ------------------------------------------------------------------------ [2002-12-04 00:38:50] [EMAIL PROTECTED] Does the crash still occur when you disable Zend Accelerator? Derick ------------------------------------------------------------------------ [2002-12-03 20:41:29] [EMAIL PROTECTED] I tried with 4.3RC2. Bug still exists, crashing at least 13 times in the couple of minutes the server was able to run with Zend accelerator... I HATE this bug. Grr. I case I can take the time to do a walkthrough since it still exists... ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/20551 -- Edit this bug report at http://bugs.php.net/?id=20551&edit=1