ID: 20358
Comment by: [EMAIL PROTECTED]
Reported By: [EMAIL PROTECTED]
Status: Verified
Bug Type: Session related
Operating System: RedHat7.3
PHP Version: 4.3.0-dev
New Comment:
Same problem here
Tried the latest snapshot no difference
Willing to produce a backtrace if neccesary
Redhat 7.3
Apache 2.0.43
PHP 4.3.0 and latest snapshot
I have a Typo3 CMS and can make the segmentation fault happen on
command with the install tool.
Previous Comments:
------------------------------------------------------------------------
[2002-12-16 14:37:58] [EMAIL PROTECTED]
Same problem here...
Sparc Solaris 8, php-4.2.3, apache-1.3.27
------------------------------------------------------------------------
[2002-12-16 02:41:49] [EMAIL PROTECTED]
Hi,
I have experienced the same bug on my linux box with several versions
of httpd/php
Redhat7.3 PHP 4.3.2 4.3.0-pre1 4.3.0-rc1 4.3.0-rc2
Apache 1.3.27.
It can happen at any time (like 24h after launching httpd) and it then
crashes every apache child.
Obviously, the structure data->hash[slot] is not properly initialized
before entering in ps_sd_lookup, but that is quite strange !
It think it should be fixed before 4.3.0 release.
------------------------------------------------------------------------
[2002-12-13 08:46:30] [EMAIL PROTECTED]
FreeBSD, Apache 1.3.27, PHP 4.2.3
#0 0x48287655 in ps_sd_destroy (data=0x811b0a0, sd=0x4c6c2354) at
mod_mm.c:168
168 for (prev = data->hash[slot]; prev->next != sd;
prev = prev->next);
(gdb) bt
#0 0x48287655 in ps_sd_destroy (data=0x811b0a0, sd=0x4c6c2354) at
mod_mm.c:168
#1 0x4828784f in ps_mm_destroy (data=0x811b0a0) at mod_mm.c:242
#2 0x48287a25 in zm_shutdown_ps_mm (type=1, module_number=11) at
mod_mm.c:293
#3 0x48231e93 in module_destructor (module=0x811c500) at
zend_API.c:1127
#4 0x482338d3 in zend_hash_destroy (ht=0x48333b80) at zend_hash.c:541
#5 0x4822ef3f in zend_shutdown () at zend.c:492
#6 0x4823c107 in php_module_shutdown () at main.c:1052
#7 0x4823c0d4 in php_module_shutdown_wrapper
(sapi_globals=0x48311880)
at main.c:1029
#8 0x48239abc in apache_php_module_shutdown_wrapper () at
mod_php4.c:800
#9 0x805003a in run_cleanups ()
#10 0x804f09f in ap_clear_pool ()
#11 0x804f100 in ap_destroy_pool ()
#12 0x804f08b in ap_clear_pool ()
#13 0x804f100 in ap_destroy_pool ()
#14 0x8059460 in clean_parent_exit ()
#15 0x805b925 in standalone_main ()
#16 0x805bd6b in main ()
#17 0x804eb0d in _start ()
(gdb) print *data
$3 = {mm = 0x4c69b414, hash = 0x4c69b434, hash_max = 511, hash_cnt =
0,
owner = 81324}
(gdb) print *sd
$4 = {next = 0x3e0, hv = 979, ctime = 1282159212, data = 0x74656c73,
datalen = 2087871860, alloclen = 976304755, key = "\""}
(gdb) print slot
$5 = 1282155348
(gdb) print data->hash
$6 = (ps_sd **) 0x4c69b434
(gdb) print *(data->hash)
$7 = (ps_sd *) 0x4c6c2354
(gdb) print *prev
Cannot access memory at address 0x10.
------------------------------------------------------------------------
[2002-11-12 06:01:38] [EMAIL PROTECTED]
more info...
(gdb) list
182
183 hv = ps_sd_hash(key, strlen(key));
184 slot = hv & data->hash_max;
185
186 for (prev = NULL, ret = data->hash[slot]; ret; prev =
ret, ret =
ret->next)
187 if (ret->hv == hv && !strcmp(ret->key, key))
188 break;
189
190 if (ret && rw && ret != data->hash[slot]) {
191 /* Move the entry to the top of the linked list
*/
(gdb) print key
$1 = 0x8136f2c "136"
(gdb) print hv
$2 = 1943406893
(gdb) print slot
$3 = 301
(gdb) print data->hash_max
$4 = 511
(gdb) print prev
$5 = (ps_sd *) 0x4413df00
(gdb) print ret
$6 = (ps_sd *) 0x1f
(gdb) print ret->next
Cannot access memory at address 0x1f
(gdb) print data->hash[slot]->next
$7 = (struct ps_sd *) 0x1f
------------------------------------------------------------------------
[2002-11-12 05:51:51] [EMAIL PROTECTED]
Apache was re-compiled with -DBIG_SECURITY_HOLE option.
edit /usr/local/apache/conf/httpd.conf
User root
Group root
CoreDumpDirectory /tmp
# /usr/local/apache/bin/apachectl start
# sh loop.sh
# tail -f /usr/local/apache/logs/error_log
[Tue Nov 12 20:41:49 2002] [notice] child pid 23351 exit signal
Segmentation fault (11), possible coredump in /tmp
child proccess of apache was core dumped.
back trace
----
(gdb) bt
#0 0x40148a33 in ps_sd_lookup (data=0x80d4418, key=0x8136f2c "136",
rw=0)
at /home/work/httpd/php-4.3.0pre2/ext/session/mod_mm.c:187
#1 0x40148ec8 in ps_read_mm (mod_data=0x4029ea70, key=0x8136f2c
"136",
val=0xbfffd1e0, vallen=0xbfffd1dc)
at /home/work/httpd/php-4.3.0pre2/ext/session/mod_mm.c:326
#2 0x401446b9 in php_session_initialize ()
at /home/work/httpd/php-4.3.0pre2/ext/session/session.c:608
#3 0x40145864 in php_session_start ()
at /home/work/httpd/php-4.3.0pre2/ext/session/session.c:1004
#4 0x40147438 in zif_session_start (ht=0, return_value=0x8136fd4,
this_ptr=0x0, return_value_used=0)
at /home/work/httpd/php-4.3.0pre2/ext/session/session.c:1445
#5 0x4022cfc7 in execute (op_array=0x8136c3c)
at /home/work/httpd/php-4.3.0pre2/Zend/zend_execute.c:1595
#6 0x4021a174 in zend_execute_scripts (type=8, retval=0x0,
file_count=3)
at /home/work/httpd/php-4.3.0pre2/Zend/zend.c:839
#7 0x401e1f13 in php_execute_script (primary_file=0xbffff6b0)
at /home/work/httpd/php-4.3.0pre2/main/main.c:1542
#8 0x40231f36 in apache_php_module_main (r=0x812ff2c,
display_source_mode=0)
at /home/work/httpd/php-4.3.0pre2/sapi/apache/sapi_apache.c:55
#9 0x40232e00 in send_php (r=0x812ff2c, display_source_mode=0,
filename=0x813093c
"/usr/local/apache/htdocs/php/samples/session/bug.phtml")
at /home/work/httpd/php-4.3.0pre2/sapi/apache/mod_php4.c:556
#10 0x40232e6d in send_parsed_php (r=0x812ff2c)
at /home/work/httpd/php-4.3.0pre2/sapi/apache/mod_php4.c:571
#11 0x0806a7bb in ap_invoke_handler ()
#12 0x0807f723 in process_request_internal ()
#13 0x0807f784 in ap_process_request ()
#14 0x080765c1 in child_main ()
#15 0x0807682f in make_child ()
#16 0x08076bac in perform_idle_server_maintenance ()
#17 0x08077181 in standalone_main ()
#18 0x080777bb in main ()
#19 0x42017589 in __libc_start_main () from /lib/i686/libc.so.6
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/20358
--
Edit this bug report at http://bugs.php.net/?id=20358&edit=1
