From: olle at compound dot se Operating system: Redhat7.2/kernel 2.4.9 PHP version: 4.3.1 PHP Bug Type: Reproducible crash Bug description: Segmentation violation
We are running a commercial flight-booking website based upon Apache 1.3.27 and php 4.3.1, querying a PostgresQL 7.1.3 database via ODBC (UnixODBC). The php-interpeter is run as a Apache-module. Occasionally (30 times a day?) a httpd server process dies caused by segmentation violation. We have collected and looked at 30 dumped cores and the calling stack appear to be somewhat different each time. Our conclusion is that the segmentation violations are probably not a result of the functions appearing on the stack of the dumped cores, but more likely caused by corrupted datastructures which may have been around for some time. In an attempt to isolate the cause of our problems we ran a single httpd server in control of valgrind (an I386 emulator/memory allocation analyser in software). Valgrind indicates that the PHP 4.3.1 ODBC-functions repeatedly write and read from invalid memory adresses. Typically 4 bytes beyond a malloced block of memory. We believe these writes (or reads?) may be the cause of our crashing httpd processes. Below is a quote of the Valgrind output. Furter down you will fins our PHP configuration. ==29000== Invalid write of size 4 ==29000== at 0x4664821F: CLConnect (SQLConnect.c:258) ==29000== by 0x43D11110: ??? (SQLConnect.c:1852) ==29000== by 0x43D13555: SQLConnect (SQLConnect.c:3483) ==29000== by 0x44B4DE09: odbc_sqlconnect (/opt/tools/php/php-4.3.1/ext/odbc/php_odbc.c:2136) ==29000== Address 0x40FC254C is 4 bytes after a block of size 4 alloc'd ==29000== at 0x400483E4: malloc (vg_clientfuncs.c:100) ==29000== by 0x466481EB: CLConnect (SQLConnect.c:241) ==29000== by 0x43D11110: ??? (SQLConnect.c:1852) ==29000== by 0x43D13555: SQLConnect (SQLConnect.c:3483) ==29000== ==29000== Invalid write of size 4 ==29000== at 0x46648393: CLConnect (SQLConnect.c:341) ==29000== by 0x43D11110: ??? (SQLConnect.c:1852) ==29000== by 0x43D13555: SQLConnect (SQLConnect.c:3483) ==29000== by 0x44B4DE09: odbc_sqlconnect (/opt/tools/php/php-4.3.1/ext/odbc/php_odbc.c:2136) ==29000== Address 0x40FC2548 is 0 bytes after a block of size 4 alloc'd ==29000== at 0x400483E4: malloc (vg_clientfuncs.c:100) ==29000== by 0x466481EB: CLConnect (SQLConnect.c:241) ==29000== by 0x43D11110: ??? (SQLConnect.c:1852) ==29000== by 0x43D13555: SQLConnect (SQLConnect.c:3483) ==29000== ==29000== Invalid read of size 4 ==29000== at 0x466483B7: CLConnect (SQLConnect.c:350) ==29000== by 0x43D11110: ??? (SQLConnect.c:1852) ==29000== by 0x43D13555: SQLConnect (SQLConnect.c:3483) ==29000== by 0x44B4DE09: odbc_sqlconnect (/opt/tools/php/php-4.3.1/ext/odbc/php_odbc.c:2136) ==29000== Address 0x40FC2548 is 0 bytes after a block of size 4 alloc'd ==29000== at 0x400483E4: malloc (vg_clientfuncs.c:100) ==29000== by 0x466481EB: CLConnect (SQLConnect.c:241) ==29000== by 0x43D11110: ??? (SQLConnect.c:1852) ==29000== by 0x43D13555: SQLConnect (SQLConnect.c:3483) ==29000== ==29000== Invalid write of size 2 ==29000== at 0x4676214C: SQLGetInfo (info.c:671) ==29000== by 0x466483BF: CLConnect (SQLConnect.c:360) ==29000== by 0x43D11110: ??? (SQLConnect.c:1852) ==29000== by 0x43D13555: SQLConnect (SQLConnect.c:3483) ==29000== Address 0x40FC2554 is 12 bytes after a block of size 4 alloc'd ==29000== at 0x400483E4: malloc (vg_clientfuncs.c:100) ==29000== by 0x466481EB: CLConnect (SQLConnect.c:241) ==29000== by 0x43D11110: ??? (SQLConnect.c:1852) ==29000== by 0x43D13555: SQLConnect (SQLConnect.c:3483) #! /bin/sh # # Created by configure './configure' \ '--enable-shared' \ '--with-apxs' \ '--with-unixODBC' \ '--with-xml' \ '--enable-xslt' \ '--with-xslt-sablot=/usr/local' \ '--enable-sablot-errors-descriptive' \ '--with-dom=/usr/local' \ '--with-zlib' \ '--enable-trans-sid' \ '--with-iconv=/usr/local' \ '--with-imap' \ '--with-gettext' \ '--with-tsrm-pthreads' \ '--enable-roxen-zts' \ '--with-mysql' \ '-with-kerberos=/usr/kerberos' \ "$@" -- Edit bug report at http://bugs.php.net/?id=22437&edit=1 -- Try a CVS snapshot: http://bugs.php.net/fix.php?id=22437&r=trysnapshot Fixed in CVS: http://bugs.php.net/fix.php?id=22437&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=22437&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=22437&r=needtrace Try newer version: http://bugs.php.net/fix.php?id=22437&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=22437&r=support Expected behavior: http://bugs.php.net/fix.php?id=22437&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=22437&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=22437&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=22437&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=22437&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=22437&r=dst IIS Stability: http://bugs.php.net/fix.php?id=22437&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=22437&r=gnused
