#27011 [Fbk->Opn]: Seg Fault During preg_match_all

ehicks at binarymagi dot com Mon, 26 Jan 2004 00:38:00 -0800

 ID:               27011
 User updated by:  ehicks at binarymagi dot com
-Summary:          Seg Fault While View A Message In IMP
 Reported By:      ehicks at binarymagi dot com
-Status:           Feedback
+Status:           Open
 Bug Type:         PCRE related
 Operating System: Solaris 9
 PHP Version:      4CVS-2004-01-23
 New Comment:


Solaris does not have an ld.so.conf file so the LDFLAGS are manditory
in order for the final module to execute properly.

I did remove the CFLAGS, though, and it compiled and ran just fine.  I
also recompiled PCRE without the CFLAGS and it also seems alright. 
It's still crashes when I execute the preg_match_all, though.

I have also tried this on a Linux server and it worked just fine so it
must be something unique to Solaris or Ultrasparc systems.  If someone
would like an account on my server to experiment on I would be happy to
give them one.


Previous Comments:
------------------------------------------------------------------------

[2004-01-24 23:58:56] [EMAIL PROTECTED]

I can not reproduce this crash in Linux.
Try recompiling PHP without setting CFLAGS / LDFLAGs.


------------------------------------------------------------------------

[2004-01-23 15:28:45] ehicks at binarymagi dot com

Alright, I can do that.

<?php preg_match_all('|(\w+)://([^\s"<]*[\w+#?/&=])|', "This is a text
string", $matches, PREG_SET_ORDER); ?>

That is straight out of IMP and consistantly crashes my server.  Here
is the backtrace that is creates:

Program received signal SIGSEGV, Segmentation fault.
0xffffffff7bad0cf4 in zend_parse_arg_impl (arg=0x10038b528,
va=0xffffffff7fffe118, spec=0xffffffff7fffe0e8)
    at /root/build/php4-STABLE-200401230430/Zend/zend_API.c:259
259                                                     *p =
Z_LVAL_PP(arg);
(gdb) bt
#0  0xffffffff7bad0cf4 in zend_parse_arg_impl (arg=0x10038b528,
va=0xffffffff7fffe118, spec=0xffffffff7fffe0e8)
    at /root/build/php4-STABLE-200401230430/Zend/zend_API.c:259
#1  0xffffffff7bad197c in zend_parse_arg (arg_num=4, arg=0x10038b528,
va=0xffffffff7fffe118, 
    spec=0xffffffff7fffe0e8, quiet=0) at
/root/build/php4-STABLE-200401230430/Zend/zend_API.c:439
#2  0xffffffff7bad1e68 in zend_parse_va_args (num_args=0,
type_spec=0xffffffff7bb6b34c "ll", 
    va=0xffffffff7fffe118, flags=0) at
/root/build/php4-STABLE-200401230430/Zend/zend_API.c:524
#3  0xffffffff7bad2254 in zend_parse_parameters (num_args=4,
type_spec=0xffffffff7bb6b348 "ssz|ll")
    at /root/build/php4-STABLE-200401230430/Zend/zend_API.c:551
#4  0xffffffff7b94a3e4 in php_pcre_match (ht=4,
return_value=0x100398fa0, this_ptr=0x0, return_value_used=0, 
    global=1) at
/root/build/php4-STABLE-200401230430/ext/pcre/php_pcre.c:374
#5  0xffffffff7b94b480 in zif_preg_match_all (ht=4,
return_value=0x100398fa0, this_ptr=0x0, return_value_used=0)
    at /root/build/php4-STABLE-200401230430/ext/pcre/php_pcre.c:607
#6  0xffffffff7baec798 in execute (op_array=0x100394320)
    at /root/build/php4-STABLE-200401230430/Zend/zend_execute.c:1616
#7  0xffffffff7bacfd4c in zend_execute_scripts (type=8, retval=0x0,
file_count=3)
    at /root/build/php4-STABLE-200401230430/Zend/zend.c:884
#8  0xffffffff7ba6faf8 in php_execute_script
(primary_file=0xffffffff7fffef30)
    at /root/build/php4-STABLE-200401230430/main/main.c:1727
#9  0xffffffff7baf581c in php_handler (r=0x1003840f0)
    at
/root/build/php4-STABLE-200401230430/sapi/apache2handler/sapi_apache2.c:536
#10 0x00000001000ac8a0 in ap_run_handler ()
#11 0x00000001000ad798 in ap_invoke_handler ()
#12 0x000000010007b6d0 in ap_process_request ()
#13 0x00000001000712e4 in ap_process_http_connection ()
#14 0x00000001000c55b8 in ap_run_process_connection ()
#15 0x00000001000c5c18 in ap_process_connection ()
#16 0x00000001000a8e28 in child_main ()
#17 0x00000001000a9030 in make_child ()
#18 0x00000001000a92a4 in startup_children ()
#19 0x00000001000a9da8 in ap_mpm_run ()
#20 0x00000001000b79d8 in main ()
(gdb) print (char
*)(executor_globals.function_state_ptr->function)->common.function_name
$1 = 0xffffffff7bb6b530 "preg_match_all"
(gdb) frame 6
#6  0xffffffff7baec798 in execute (op_array=0x100394320)
    at /root/build/php4-STABLE-200401230430/Zend/zend_execute.c:1616
1616                                                           
((zend_internal_function *)
EX(function_state).function)->handler(EX(opline)->extended_value,
EX(Ts)[EX(opline)->result.u.var].var.ptr, EX(object).ptr,
return_value_used TSRMLS_CC);

PCRE is v4.5, if that's important.  You need anything else?

------------------------------------------------------------------------

[2004-01-23 01:38:00] [EMAIL PROTECTED]

Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves. 

A proper reproducing script starts with <?php and ends with ?>,
is max. 10-20 lines long and does not require any external 
resources such as databases, etc.

If possible, make the script source available online and provide
an URL to it here. Try avoid embedding huge scripts into the report.

(And no, we will NOT install IMP to test this)


------------------------------------------------------------------------

[2004-01-22 14:53:37] ehicks at binarymagi dot com

Description:
------------
The error occurs when trying to view a message in Horde's IMP.  My
configure line is as follows:

LDFLAGS="-L/usr/local/lib/sparcv9 -L/usr/local/lib -L/home/pgsql/lib
-L/home/mysql/lib/mysql -L/usr/local/ssl/lib -R/usr/local/lib/sparcv9
-R/usr/local/lib -R/home/pgsql/lib -R/home/mysql/lib/mysql
-R/usr/local/ssl/lib" \
CFLAGS="-mcpu=ultrasparc -Wa,-xarch=v9 -Wl,-R/usr/local/lib/sparcv9
-Wl,-R/usr/local/lib -Wl,-R/usr/local/ssl/lib -Wl,-R/home/pgsql/lib
-Wl,-R/home/mysql/lib/mysql" \
./configure \
--host=sparcv9-sun-solaris2 \
--prefix=/home/httpd/php \
--with-apxs2=/home/httpd/bin/apxs \
--with-openssl=/usr/local/ssl \
--with-mhash=/usr/local \
--with-mcrypt=/usr/local \
--with-mysql=/home/mysql \
--with-pgsql=/home/pgsql \
--with-mm=/usr/local \
--with-curl=/usr/local \
--with-gd \
--enable-memory-limit=yes \
--enable-debug=no \
--with-pear \
--with-jpeg-dir=/usr/local \
--with-png-dir=/usr/local \
--enable-bcmath \
--with-gdbm \
--enable-ftp \
--with-xpm-dir=/usr/local \
--with-gettext \
--with-zlib \
--with-zlib-dir=/usr/local \
--with-gnu-ld \
--with-xml \
--with-imap

My IMAP server is from the Courier package and IMAP client is from WU's
c-client v2002e

Reproduce code:
---------------
The code seems to be in the message.php in IMP.

Expected result:
----------------
I should see the message I requested

Actual result:
--------------
[EMAIL PROTECTED] httpd]# gdb /home/httpd/bin/httpd
GNU gdb 5.3
Copyright 2002 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and
you are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for
details.
This GDB was configured as "sparcv9-sun-solaris2"...(no debugging
symbols found)...
(gdb) run -X
Starting program: /home/httpd/bin/httpd -X
(no debugging symbols found)...(no debugging symbols found)...(no
debugging symbols found)...
(no debugging symbols found)...


((Then I hit a page I knew would crash Apache))


Program received signal SIGSEGV, Segmentation fault.
0xffffffff7bacedcc in zend_parse_arg_impl (arg=0x1003853d0,
va=0xffffffff7ffe3a78, spec=0xffffffff7ffe3a48)
    at /root/build/php-4.3.4/Zend/zend_API.c:259
259                                                     *p =
Z_LVAL_PP(arg);
(gdb) bt
#0  0xffffffff7bacedcc in zend_parse_arg_impl (arg=0x1003853d0,
va=0xffffffff7ffe3a78, spec=0xffffffff7ffe3a48)
    at /root/build/php-4.3.4/Zend/zend_API.c:259
#1  0xffffffff7bacfa54 in zend_parse_arg (arg_num=4, arg=0x1003853d0,
va=0xffffffff7ffe3a78, 
    spec=0xffffffff7ffe3a48, quiet=0) at
/root/build/php-4.3.4/Zend/zend_API.c:439
#2  0xffffffff7bacff40 in zend_parse_va_args (num_args=0,
type_spec=0xffffffff7bb6906c "ll", 
    va=0xffffffff7ffe3a78, flags=0) at
/root/build/php-4.3.4/Zend/zend_API.c:524
#3  0xffffffff7bad032c in zend_parse_parameters (num_args=4,
type_spec=0xffffffff7bb69068 "ssz|ll")
    at /root/build/php-4.3.4/Zend/zend_API.c:551
#4  0xffffffff7b9493cc in php_pcre_match (ht=4,
return_value=0x1008c4c60, this_ptr=0x0, return_value_used=0, 
    global=1) at /root/build/php-4.3.4/ext/pcre/php_pcre.c:375
#5  0xffffffff7b94a464 in zif_preg_match_all (ht=4,
return_value=0x1008c4c60, this_ptr=0x0, return_value_used=0)
    at /root/build/php-4.3.4/ext/pcre/php_pcre.c:608
#6  0xffffffff7baea870 in execute (op_array=0x1008ac670) at
/root/build/php-4.3.4/Zend/zend_execute.c:1616
#7  0xffffffff7baeabe4 in execute (op_array=0x100884c20) at
/root/build/php-4.3.4/Zend/zend_execute.c:1660
#8  0xffffffff7baeabe4 in execute (op_array=0x1003a07d0) at
/root/build/php-4.3.4/Zend/zend_execute.c:1660
#9  0xffffffff7baeabe4 in execute (op_array=0x1003af0c0) at
/root/build/php-4.3.4/Zend/zend_execute.c:1660
#10 0xffffffff7baeabe4 in execute (op_array=0x10038f230) at
/root/build/php-4.3.4/Zend/zend_execute.c:1660
#11 0xffffffff7bacde24 in zend_execute_scripts (type=8, retval=0x0,
file_count=3)
    at /root/build/php-4.3.4/Zend/zend.c:884
#12 0xffffffff7ba6dd08 in php_execute_script
(primary_file=0xffffffff7fffef20)
    at /root/build/php-4.3.4/main/main.c:1729
#13 0xffffffff7baf3914 in php_handler (r=0x10037e6e0)
    at /root/build/php-4.3.4/sapi/apache2handler/sapi_apache2.c:537
#14 0x00000001000ac8a0 in ap_run_handler ()
#15 0x00000001000ad798 in ap_invoke_handler ()
#16 0x000000010007b6d0 in ap_process_request ()
#17 0x00000001000712e4 in ap_process_http_connection ()
#18 0x00000001000c55b8 in ap_run_process_connection ()
#19 0x00000001000c5c18 in ap_process_connection ()
#20 0x00000001000a8e28 in child_main ()
#21 0x00000001000a9030 in make_child ()
#22 0x00000001000a92a4 in startup_children ()
#23 0x00000001000a9da8 in ap_mpm_run ()
#24 0x00000001000b79d8 in main ()
(gdb) print (char
*)(executor_globals.function_state_ptr->function)->common.function_name
$1 = 0xffffffff7bb69250 "preg_match_all"
(gdb) frame 6
#6  0xffffffff7baea870 in execute (op_array=0x1008ac670) at
/root/build/php-4.3.4/Zend/zend_execute.c:1616
1616                                                           
((zend_internal_function *)
EX(function_state).function)->handler(EX(opline)->extended_value,
EX(Ts)[EX(opline)->result.u.var].var.ptr, EX(object).ptr,
return_value_used TSRMLS_CC);
(gdb) frame 7
#7  0xffffffff7baeabe4 in execute (op_array=0x100884c20) at
/root/build/php-4.3.4/Zend/zend_execute.c:1660
1660                                                   
zend_execute(EG(active_op_array) TSRMLS_CC);
(gdb) frame 8
#8  0xffffffff7baeabe4 in execute (op_array=0x1003a07d0) at
/root/build/php-4.3.4/Zend/zend_execute.c:1660
1660                                                   
zend_execute(EG(active_op_array) TSRMLS_CC);
(gdb) frame 9
#9  0xffffffff7baeabe4 in execute (op_array=0x1003af0c0) at
/root/build/php-4.3.4/Zend/zend_execute.c:1660
1660                                                   
zend_execute(EG(active_op_array) TSRMLS_CC);
(gdb) frame 10
#10 0xffffffff7baeabe4 in execute (op_array=0x10038f230) at
/root/build/php-4.3.4/Zend/zend_execute.c:1660
1660                                                   
zend_execute(EG(active_op_array) TSRMLS_CC);


If you need anything more, please email me directly as, for some
reason, I can't access bugs.php.net from my computer.  (Traceroue shows
the link dieing at cr0.pc0.rdu.redundant.com)  I am currently suffering
through a lynx session on a server that can connect successfully.


------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=27011&edit=1

#27011 [Fbk->Opn]: Seg Fault During preg_match_all

Reply via email to