ID: 20551 Updated by: [EMAIL PROTECTED] Reported By: [EMAIL PROTECTED] -Status: Open +Status: Feedback Bug Type: Apache related Operating System: RedHat 7.2 PHP Version: 4.3.0 New Comment:
keep at feedback status until the actual feedback request is completed (testing of the latest stable snapshot) Previous Comments: ------------------------------------------------------------------------ [2003-01-31 11:01:15] [EMAIL PROTECTED] I now have verified that the bug remains into the release version of 4.3.0. I'll check the php4-STABLE-latest.tar.gz version this weekend. (Note that with this patch upgrading to v4.3 I no longer see segfaults in the Apache log!! Sweet!) ------------------------------------------------------------------------ [2003-01-31 01:00:03] [EMAIL PROTECTED] No feedback was provided for this bug for over 2 weeks, so it is being suspended automatically. If you are able to provide the information that was originally requested, please do so and change the status of the bug back to "Open". ------------------------------------------------------------------------ [2003-01-15 20:46:50] [EMAIL PROTECTED] Please try using this CVS snapshot: http://snaps.php.net/php4-STABLE-latest.tar.gz For Windows: http://snaps.php.net/win32/php4-win32-STABLE-latest.zip ------------------------------------------------------------------------ [2002-12-12 15:06:41] [EMAIL PROTECTED] Reclassifying since it is the Apache module code where the actual segfaults occur. Short version: SG(server_context) is not checked for null before dereferencing it in sapi_apache_header_handler() while it is checked in other functions. ------------------------------------------------------------------------ [2002-12-06 09:30:55] [EMAIL PROTECTED] Finally. In file: sapi/apache/mod_php4.c The crash is in sapi_apache_header_handler(). This line is apparently not guaranteed: request_rec *r = (request_rec *) SG(server_context); As r is dereferenced and not valid some small percent of the time. It may be indicative of some other error. Further investigation as to why needs to be done. I added a few other checks while tracking this bug down. Here is the function as I have it now. No more segfaults in the error_log. The line to note is the check for !r. Also, I don't think it hurts to check for null in other places (!sapi_header || !sapi_header->header). /* {{{ sapi_apache_header_handler */ int sapi_apache_header_handler(sapi_header_struct *sapi_header, sapi_headers_struct *sapi_headers TSRMLS_DC) { char *header_name, *header_content, *p; request_rec *r = (request_rec *) SG(server_context); if (!sapi_header) { return 0; } if (!sapi_header->header) { return 0; } header_name = sapi_header->header; header_content = strchr(header_name, ':'); if (!header_content || !r) { efree(sapi_header->header); return 0; } header_name = estrndup(header_name,header_content-header_name); if (!header_name){ return 0; } do { header_content++; } while (*header_content==' '); if (!strcasecmp(header_name, "Content-Type")) { r->content_type = pstrdup(r->pool, header_content); } else if (!strcasecmp(header_name, "Set-Cookie")) { table_add(r->headers_out, header_name, header_content); } else if (sapi_header->replace) { table_set(r->headers_out, header_name, header_content); } else { table_add(r->headers_out, header_name, header_content); efree(header_name); efree(sapi_header->header); return 0; /* don't use the default SAPI mechanism, Apache duplicates this functionality */ } /* }}} */ ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/20551 -- Edit this bug report at http://bugs.php.net/?id=20551&edit=1