ID: 24526 User updated by: kaMe at barcolabeach dot org Reported By: kaMe at barcolabeach dot org -Status: Feedback +Status: Open Bug Type: PCRE related Operating System: Linux 2.4 PHP Version: 4.3.3RC2-dev New Comment:
Here i am. Now with Apache/1.3.27 (Unix) PHP/4.3.3RC2-dev and the original bug (imap-related). #0 0x401e0e96 in _php_imap_address_size (addresslist=0x82b08e8) at /root/temp-apache/php4-STABLE-200307141330/ext/imap/php_imap.c:3643 #1 0x401db8c4 in zif_imap_fetch_overview (ht=3, return_value=0x8374ebc, this_ptr=0x0, return_value_used=1) at /root/temp-apache/php4-STABLE-200307141330/ext/imap/php_imap.c:2722 #2 0x4030c622 in execute (op_array=0x81586bc) at /root/temp-apache/php4-STABLE-200307141330/Zend/zend_execute.c:1616 #3 0x402f9494 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /root/temp-apache/php4-STABLE-200307141330/Zend/zend.c:886 #4 0x402bdfec in php_execute_script (primary_file=0xbffff284) at /root/temp-apache/php4-STABLE-200307141330/main/main.c:1685 #5 0x40311cfe in apache_php_module_main (r=0x811a714, display_source_mode=0) at /root/temp-apache/php4-STABLE-200307141330/sapi/apache/sapi_apache.c:54 #6 0x40312dc0 in send_php (r=0x811a714, display_source_mode=0, filename=0x811b45c "/usr/local/apache1.3.27/htdocs/horde/imp/mailbox.php") at /root/temp-apache/php4-STABLE-200307141330/sapi/apache/mod_php4.c:620 #7 0x40312e3f in send_parsed_php (r=0x811a714) at /root/temp-apache/php4-STABLE-200307141330/sapi/apache/mod_php4.c:635 #8 0x806c0d9 in ap_invoke_handler () at eval.c:88 #9 0x8081c7f in process_request_internal () at eval.c:88 #10 0x8081ce6 in ap_process_request () at eval.c:88 #11 0x8078576 in child_main () at eval.c:88 #12 0x8078731 in make_child () at eval.c:88 #13 0x80788ac in startup_children () at eval.c:88 #14 0x8078f3d in standalone_main () at eval.c:88 #15 0x80797ac in main () at eval.c:88 #16 0x4008d2eb in __libc_start_main (main=0x8079408 <main>, argc=2, ubp_av=0xbffff6c4, init=0x804eec8 <_init>, fini=0x80af73c <_fini>, rtld_fini=0x4000c130 <_dl_fini>, stack_end=0xbffff6bc) at ../sysdeps/generic/libc-start.c:129 Previous Comments: ------------------------------------------------------------------------ [2003-07-10 08:50:36] [EMAIL PROTECTED] PLEASE try this under Apache 1.3.27 before we continue hunting ghosts here. ------------------------------------------------------------------------ [2003-07-10 02:23:15] kaMe at barcolabeach dot org It seems like it segfaults reading the file, not executing it. Thinking was the regexp to cause the segfault, i tryed to delete it; the result was that the segfault comes on the next regexp. I tryed to delete both.. No more regexp in the function: apache segfaults reading a comment! So i tryed to delete some characters from the top of the file, now apache segfaults some characters down than before, reading a comment. (I have the full strace session, if you want) open("/usr/local/apache2/htdocs/horde/lib/Browser.php", O_RDONLY) = 9 fstat64(0x9, 0xbfffa27c) = 0 fstat64(0x9, 0xbfffa1dc) = 0 lseek(9, 0, SEEK_CUR) = 0 lseek(9, 0, SEEK_SET) = 0 read(9, "<?php\n/**\n * @author Chuck Hage"..., 8192) = 8192 brk(0x81b8000) = 0x81b8000 read(9, "ublic\n *\n * @param strin"..., 8192) = 5945 read(9, "", 8192) = 0 close(9) = 0 --- SIGSEGV (Segmentation fault) --- ------------------------------------------------------------------------ [2003-07-09 18:00:11] [EMAIL PROTECTED] This might actually be same as bug #24563 is about. Please try it under Apache 1.3.27. ------------------------------------------------------------------------ [2003-07-09 17:59:09] [EMAIL PROTECTED] Add some debugging echo's or something there to see what that $this->agent contains when it segfaults. ------------------------------------------------------------------------ [2003-07-08 11:07:11] kaMe at barcolabeach dot org I tryed stracing a httpd -X process, the last few lines was: open("/usr/local/apache2/htdocs/horde/lib/Browser.php", [.. cut] read(10, "<?php\n/**\n * The Browser:: class"..., 8192) = 8192 brk(0x827e000) = 0x827e000 brk(0x827f000) = 0x827f000 brk(0x8283000) = 0x8283000 brk(0x8293000) = 0x8293000 read(10, "(\'|HotJava/([0-9]+)|\', $this->ag"..., 8192) = 7787 read(10, "", 8192) = 0 close(10) = 0 --- SIGSEGV (Segmentation fault) --- In the /horde/lib/Browser.php, the line with that HotJava regexp is the number 240: } elseif (preg_match('|HotJava/([0-9]+)|', $this->agent, $version)) { Hope this helps.. Tell me if I can help more.. ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/24526 -- Edit this bug report at http://bugs.php.net/?id=24526&edit=1