ID: 25385
Updated by: [EMAIL PROTECTED]
Reported By: sroussey at network54 dot com
-Status: Feedback
+Status: No Feedback
Bug Type: Output Control
Operating System: Linux 2.4.20
PHP Version: 4.3.3
New Comment:
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Open". Thank you.
Previous Comments:
------------------------------------------------------------------------
[2003-09-03 13:53:51] [EMAIL PROTECTED]
You don't need to paste us the code, we know it already.
(providing patches is different)
Please provide a short example script that can be used to reproduce
this bug.
------------------------------------------------------------------------
[2003-09-03 13:15:25] sroussey at network54 dot com
Description:
------------
While similar to bug#20551, this has a different backtrace.
Apache 1.3.27 error_log has a long list of segfaults (usually 3-12 a
minute, but not every minute). Disabling output compression (via
ob_start ('ob_gzhandler');) stops the segfaults.
This the backtrace:
#0 0x080a3de8 in _efree ()
#1 0x08093099 in sapi_add_header_ex ()
#2 0x080c2c9e in zif_ob_gzhandler ()
#3 0x080aa49c in call_user_function_ex ()
#4 0x0809c584 in php_end_ob_buffer ()
#5 0x0809c6d8 in php_end_ob_buffers ()
#6 0x0808ec05 in php_request_shutdown ()
#7 0x080c0b7b in apache_php_module_main ()
#8 0x08087d0e in ap_get_server_built ()
#9 0x08087eb1 in ap_get_server_built ()
#10 0x081c73bc in ap_invoke_handler ()
#11 0x081dc36a in ap_some_auth_required ()
#12 0x081929de in tsrm_strtok_r ()
#13 0x081c73bc in ap_invoke_handler ()
#14 0x081dc36a in ap_some_auth_required ()
#15 0x081dc5bb in ap_process_request ()
#16 0x081d3ded in ap_child_terminate ()
#17 0x081d3fe5 in ap_child_terminate ()
#18 0x081d438f in ap_child_terminate ()
#19 0x081d4e05 in ap_child_terminate ()
#20 0x081d51f2 in main ()
#21 0x420158f7 in __libc_start_main () from /lib/i686/libc.so.6
For reference, here is sapi_add_header_ex:
SAPI_API int sapi_add_header_ex(char *header_line, uint
header_line_len, zend_bool duplicate, zend_bool replace TSRMLS_DC)
{
sapi_header_line ctr = {0};
int r;
ctr.line = header_line;
ctr.line_len = header_line_len;
r = sapi_header_op(replace ? SAPI_HEADER_REPLACE :
SAPI_HEADER_ADD,
&ctr TSRMLS_CC);
if (!duplicate)
efree(header_line);
return r;
}
In PHP_FUNCTION(ob_gzhandler) these are the relevant lines:
------------------------------------------------
switch (coding) {
case CODING_GZIP:
if (sapi_add_header("Content-Encoding: gzip", sizeof("Content-Encoding:
gzip") - 1, 1) == FAILURE) {
return_original = 1;
}
if (sapi_add_header_ex("Vary: Accept-Encoding", sizeof("Vary:
Accept-Encoding") - 1, 1, 0 TSRMLS_CC)==FAILURE) {
return_original = 1;
}
break;
case CODING_DEFLATE:
if (sapi_add_header("Content-Encoding: deflate",
sizeof("Content-Encoding: deflate") - 1, 1) == FAILURE) {
return_original = 1;
}
if (sapi_add_header_ex("Vary: Accept-Encoding", sizeof("Vary:
Accept-Encoding") - 1, 1, 0 TSRMLS_CC)==FAILURE) {
return_original = 1;
}
break;
------------------------------------------------
>From my view, sapi_add_header_ex() should never be calling efree()
since it is passed duplicate value of 1.
So why is it crashing there? What am I missing? How can I make it
stop?
gcc version 3.2 20020903 (Red Hat Linux 8.0 3.2-7)
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=25385&edit=1
