ID: 20551 User updated by: [EMAIL PROTECTED] Reported By: [EMAIL PROTECTED] -Status: No Feedback +Status: Open Bug Type: Apache related Operating System: RedHat 7.2 -PHP Version: 4.3.0RC3 +PHP Version: 4.3.0 New Comment:
I now have verified that the bug remains into the release version of 4.3.0. I'll check the php4-STABLE-latest.tar.gz version this weekend. (Note that with this patch upgrading to v4.3 I no longer see segfaults in the Apache log!! Sweet!) Previous Comments: ------------------------------------------------------------------------ [2003-01-31 01:00:03] [EMAIL PROTECTED] No feedback was provided for this bug for over 2 weeks, so it is being suspended automatically. If you are able to provide the information that was originally requested, please do so and change the status of the bug back to "Open". ------------------------------------------------------------------------ [2003-01-15 20:46:50] [EMAIL PROTECTED] Please try using this CVS snapshot: http://snaps.php.net/php4-STABLE-latest.tar.gz For Windows: http://snaps.php.net/win32/php4-win32-STABLE-latest.zip ------------------------------------------------------------------------ [2002-12-12 15:06:41] [EMAIL PROTECTED] Reclassifying since it is the Apache module code where the actual segfaults occur. Short version: SG(server_context) is not checked for null before dereferencing it in sapi_apache_header_handler() while it is checked in other functions. ------------------------------------------------------------------------ [2002-12-06 09:30:55] [EMAIL PROTECTED] Finally. In file: sapi/apache/mod_php4.c The crash is in sapi_apache_header_handler(). This line is apparently not guaranteed: request_rec *r = (request_rec *) SG(server_context); As r is dereferenced and not valid some small percent of the time. It may be indicative of some other error. Further investigation as to why needs to be done. I added a few other checks while tracking this bug down. Here is the function as I have it now. No more segfaults in the error_log. The line to note is the check for !r. Also, I don't think it hurts to check for null in other places (!sapi_header || !sapi_header->header). /* {{{ sapi_apache_header_handler */ int sapi_apache_header_handler(sapi_header_struct *sapi_header, sapi_headers_struct *sapi_headers TSRMLS_DC) { char *header_name, *header_content, *p; request_rec *r = (request_rec *) SG(server_context); if (!sapi_header) { return 0; } if (!sapi_header->header) { return 0; } header_name = sapi_header->header; header_content = strchr(header_name, ':'); if (!header_content || !r) { efree(sapi_header->header); return 0; } header_name = estrndup(header_name,header_content-header_name); if (!header_name){ return 0; } do { header_content++; } while (*header_content==' '); if (!strcasecmp(header_name, "Content-Type")) { r->content_type = pstrdup(r->pool, header_content); } else if (!strcasecmp(header_name, "Set-Cookie")) { table_add(r->headers_out, header_name, header_content); } else if (sapi_header->replace) { table_set(r->headers_out, header_name, header_content); } else { table_add(r->headers_out, header_name, header_content); efree(header_name); efree(sapi_header->header); return 0; /* don't use the default SAPI mechanism, Apache duplicates this functionality */ } /* }}} */ ------------------------------------------------------------------------ [2002-12-05 18:34:16] [EMAIL PROTECTED] OK, I was able to have gbb attach to one of the 500 children and wait for a segault. This is version 4.2.3, as this is from our production site (late at night I'll try and do the same for a full debug version of 4.3RC2): Program received signal SIGSEGV, Segmentation fault. 0x080a9b2c in sapi_apache_header_handler () (gdb) bt #0 0x080a9b2c in sapi_apache_header_handler () #1 0x080af403 in sapi_add_header_ex () #2 0x080b5700 in zif_ob_gzhandler () #3 0x08124392 in call_user_function_ex () #4 0x080b20f9 in php_end_ob_buffer () #5 0x080b23bb in php_end_ob_buffers () #6 0x080ac0a7 in php_request_shutdown () #7 0x081530d8 in run_cleanups () #8 0x08151ec8 in ap_clear_pool () #9 0x08151f28 in ap_destroy_pool () #10 0x08151e9b in ap_clear_pool () #11 0x0815e92b in child_main () #12 0x0815ef0b in make_child () #13 0x0815f1e9 in perform_idle_server_maintenance () #14 0x0815f69a in standalone_main () #15 0x0815fc2c in main () ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/20551 -- Edit this bug report at http://bugs.php.net/?id=20551&edit=1
