ID: 23040
User updated by: tim at danan dot com
Reported By: tim at danan dot com
Status: Open
Bug Type: Reproducible crash
Operating System: Redhat 8
PHP Version: 4.3.1
New Comment:
AHA! I just checked the script (and all of it's includes). There is
only one putenv call in the entire forum system. Perhaps these code
snippets can provide some insight (I'm going to see if I can crash the
server with a short script containing these functions).
//included from a conf file
$SERVER_TZ = "America/New_York";
// the potential offending code
function set_tz($timezone)
{
if( $timezone ) @putenv("TZ=".$timezone);
}
// one of the fields in users is time_zone. All users are currently
set to "America/New_York"
function get_user_by_id($id)
{
qobj("SELECT * FROM fud2_users WHERE id=".$id, $this);
if( empty($this->id) ) return;
return $this->id;
}
// within this init function the set_tz function is called
function init_user()
{
$s = new fud_session;
$u = new fud_user;
$s->cookie_get_session();
if ( $s->user_id && $s->user_id<2000000000 ) {
if ( !$u->get_user_by_id($s->user_id) ) {
$u=NULL;
$s->delete_session();
}
/* else NOP */
}
else $u = NULL;
if ( empty($u) && empty($s->id) ) $s->save_session();
$rv[0] = $s;
if( !empty($u) ) {
set_tz($u->time_zone);
define('d_thread_view',
(($GLOBALS['TREE_THREADS_ENABLE']=='N'||$u->default_view=='msg'||$u->default_view=='tree_msg')?'msg':'tree'));
define('t_thread_view',
(($GLOBALS['TREE_THREADS_ENABLE']=='N'||$u->default_view=='msg'||$u->default_view=='msg_tree')?'thread':'threadt'));
q("UPDATE fud2_users SET
last_visit=".__request_timestamp__." WHERE id=".$u->id);
$rv[1] = $u;
}else {
set_tz($GLOBALS["SERVER_TZ"]);
define('d_thread_view',
(($GLOBALS['TREE_THREADS_ENABLE']=='N'||$GLOBALS['DEFAULT_THREAD_VIEW']=='msg'||$GLOBALS['DEFAULT_THREAD_VIEW']=='tree_msg')?'msg':'tree'));
define('t_thread_view',
(($GLOBALS['TREE_THREADS_ENABLE']=='N'||$GLOBALS['DEFAULT_THREAD_VIEW']=='msg'||$GLOBALS['DEFAULT_THREAD_VIEW']=='msg_tree')?'thread':'threadt'));
$rv[1] = NULL;
if( !empty($GLOBALS["rid"]) &&
empty($GLOBALS["HTTP_COOKIE_VARS"]["frm_referer_id"]) )
set_referer_cookie($GLOBALS["rid"]);
}
define('s', $s->ses_id);
define('_rsid', 'rid='.$u->id.'&S='.s);
define('_rsidl', 'rid='.$u->id.'&S='.s);
define('_hs', '<input type="hidden" name="S" value="'.s.'">');
define('_uid', (($u->email_conf == 'Y')?$u->id:0));
return $rv;
}
Previous Comments:
------------------------------------------------------------------------
[2003-04-04 08:13:21] tim at danan dot com
I tried the cvs snapshot and I'm still seeing the seg faults. Is it
possible that Apache is the problem here and not PHP? In other words,
is the putenv setting with an enviroment variable for PHP or all of
httpd?
------------------------------------------------------------------------
[2003-04-03 19:38:16] [EMAIL PROTECTED]
Please try using this CVS snapshot:
http://snaps.php.net/php4-STABLE-latest.tar.gz
For Windows:
http://snaps.php.net/win32/php4-win32-STABLE-latest.zip
There have been couple of dozen fixes that might have
also fixed this. So please give the snapshot a go.
------------------------------------------------------------------------
[2003-04-03 16:49:02] [EMAIL PROTECTED]
It looks like putenv() is the last thing called from PHP
land before the crash, so that's a start.
J
------------------------------------------------------------------------
[2003-04-03 16:36:46] tim at danan dot com
I've not been able to narrow it down to anything that specific yet.
I've only just narrowed it down to this page in the past day or so.
Unfortunately, the page almost 700 lines long, so I wouldn't call it
"short".
I'll continue to try to narrow it down to see if I can isolate a
function, but it may not be easy since the page tends to load fine
50-60 times in a row, then blow up. There's probably something unique
going on in the crash instances, but I've not located it yet.
If you'd like the long script I'll be happy to provide it.
I'm not an expert at reading dumps by any means. Does anything jump
out at you? Are there any hints of some place I might be able to look
to help narrow things down?
------------------------------------------------------------------------
[2003-04-03 15:51:54] [EMAIL PROTECTED]
Do you have a short test script that can reproduce this
segfault?
J
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/23040
--
Edit this bug report at http://bugs.php.net/?id=23040&edit=1
