ID: 27469
User updated by: friosa at pnpitalia dot it
Reported By: friosa at pnpitalia dot it
-Status: Feedback
+Status: Open
Bug Type: Zend Engine 2 problem
Operating System: Linux 2.4.18-4GB
PHP Version: 5.0.0b4 (beta4)
New Comment:
opened a new bug report for the unserialize issue, #27484
Previous Comments:
------------------------------------------------------------------------
[2004-03-03 04:32:58] [EMAIL PROTECTED]
Please open a seperate bug for that, once you've done that I'll remove
the comment from this bug report as it is not related to this one.
------------------------------------------------------------------------
[2004-03-02 19:59:09] friosa at pnpitalia dot it
Trying to make a short script I think to have seen a different bug in
the serialize function, this time the code to reproduce it is a lot
shorter:
<?php
$mime_part=unserialize(base64_decode("TzoxMjoiTUlNRV9NZXNzYWdlIjoxOTp7czo2OiJfYnVpbGQiO2I6MTtzOjE0OiJfZGVmYXVsdFNlcnZlciI7czo4OiJ3d3cyLnBucCI7czo1OiJfdHlwZSI7czo0OiJ0ZXh0IjtzOjg6Il9zdWJ0eXBlIjtpOjA7czo5OiJfY29udGVudHMiO3M6MDoiIjtzOjE3OiJfdHJhbnNmZXJFbmNvZGluZyI7czo0OiI3Yml0IjtzOjExOiJfZW5jb2RlN2JpdCI7YjoxO3M6MTI6Il9kZXNjcmlwdGlvbiI7czowOiIiO3M6MTI6Il9kaXNwb3NpdGlvbiI7czo2OiJpbmxpbmUiO3M6MjI6Il9kaXNwb3NpdGlvblBhcmFtZXRlcnMiO2E6MDp7fXM6MjI6Il9jb250ZW50VHlwZVBhcmFtZXRlcnMiO2k6MDtzOjY6Il9wYXJ0cyI7YTowOnt9czoxMjoiX2luZm9ybWF0aW9uIjtpOjA7czo2OiJfYnl0ZXMiO3I6MTtzOjU6Il9jaWRzIjthOjA6e31zOjc6Il9taW1laWQiO2k6MDtzOjQ6Il9lb2wiO3M6MToiCiI7czo2OiJfZmxhZ3MiO2k6MDtzOjY6Il9pZG1hcCI7YTowOnt9fQ=="));
$pluto=unserialize(base64_decode("TzoxMjoiSU1QX0NvbnRlbnRzIjoxNTp7czo1OiJfYm9keSI7czowOiIiO3M6OToiX2JvZHlwYXJ0IjthOjA6e31zOjY6Il9pbmRleCI7czozOiIxMDQiO3M6NjoiX3N0cmlwIjtiOjA7czo4OiJfbWVzc2FnZSI7TzoxMjoiTUlNRV9NZXNzYWdlIjoxOTp7czo2OiJfYnVpbGQiO2I6MTtzOjE0OiJfZGVmYXVsdFNlcnZlciI7czo4OiJ3d3cyLnBucCI7czo1OiJfdHlwZSI7czo0OiJ0ZXh0IjtzOjg6Il9zdWJ0eXBlIjtpOjA7czo5OiJfY29udGVudHMiO3M6MDoiIjtzOjE3OiJfdHJhbnNmZXJFbmNvZGluZyI7czo0OiI3Yml0IjtzOjExOiJfZW5jb2RlN2JpdCI7YjoxO3M6MTI6Il9kZXNjcmlwdGlvbiI7czowOiIiO3M6MTI6Il9kaXNwb3NpdGlvbiI7czo2OiJpbmxpbmUiO3M6MjI6Il9kaXNwb3NpdGlvblBhcmFtZXRlcnMiO2E6MDp7fXM6MjI6Il9jb250ZW50VHlwZVBhcmFtZXRlcnMiO2k6MDtzOjY6Il9wYXJ0cyI7YTowOnt9czoxMjoiX2luZm9ybWF0aW9uIjtpOjA7czo2OiJfYnl0ZXMiO3M6MDoiIjtzOjU6Il9jaWRzIjthOjA6e31zOjc6Il9taW1laWQiO2k6MDtzOjQ6Il9lb2wiO3M6MToiCiI7czo2OiJfZmxhZ3MiO2k6MDtzOjY6Il9pZG1hcCI7YTowOnt9fXM6NDoiX2F0YyI7YTowOnt9czo2OiJfcGFydHMiO2E6MDp7fXM6ODoiX3N1bW1hcnkiO2E6MDp7fXM6MTU6Il9zZXNzaW9uQ2FjaGVJRCI7TjtzOjEyOiJfdmlld2VyQ2FjaGUiO2E6MDp7fXM6MTI6Il9kaXNwbGF5VHlwZSI7czo0OiJsaXN0IjtzOjg6Il9taW1la2V5IjtOO3M6NzoiX3ZpZXdJRCI7YToyOntzOjg6ImRvd25sb2FkIjtzOjQzOiJmYWlsZWQgdG8gZmx1c2ggYnVmZmVyLiBObyBidWZmZXIgdG8gZmx1c2guIjtzOjQ6InZpZXciO3M6MTE6InZpZXdfYXR0YWNoIjt9czo2OiJfbGlua3MiO2I6MTtzOjU6Il9iYXNlIjtOO30="));
$pluto->buildMessagePart($mime_part);
/* @constant MIME_CONTENTS_CACHE The name of the URL parameter that
holds the MIME_Contents cache identifier. */
define('MIME_CONTENTS_CACHE', 'mimecache');
class MIME_Contents {
function MIME_Contents($messageOb, $viewID = array(), $contents =
array()) {}
function buildMessagePart(&$mime_part)
{
$msg = '';
// CRASH HERE
echo "<pre>" . addslashes(serialize($mime_part)) . "</pre>";
return $msg;
}
}
class IMP_Contents extends MIME_Contents {
function IMP_Contents($index)
{
}
}
?>
backtrace:
(gdb) run -X -f /TEST/apache/conf/httpd.conf
The program being debugged has been started already.
Start it from the beginning? (y or n) y
Starting program: /TEST/apache/bin/httpd -X -f
/TEST/apache/conf/httpd.conf
[New Thread 1024 (LWP 26563)]
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1024 (LWP 26563)]
0x4035080f in memcpy () from /lib/libc.so.6
(gdb) bt
#0 0x4035080f in memcpy () from /lib/libc.so.6
#1 0x405f8b0b in php_var_serialize_class_name (buf=0xbfffc69c,
struc=0x16f1520) at /TEST/php5-200403022230/ext/standard/var.c:480
#2 0x40698d73 in zend_do_fcall_common_helper (execute_data=0xbfffca10,
opline=0xbfffc695, op_array=0xa) at
/TEST/php5-200403022230/Zend/zend_execute.c:2677
#3 0x406703b9 in zend_execute_scripts (type=1081403672,
retval=0x40d0936c, file_count=516) at
/TEST/php5-200403022230/Zend/zend.c:1041
(gdb)
It's the case to open another bug or they depend from the same source
?
In every case I think It's best speak about it tommorrow err.. today
after a good sleep.
------------------------------------------------------------------------
[2004-03-02 18:33:15] friosa at pnpitalia dot it
Not so easy bring out 20 lines of code from a project like horde + imp
+ other (Megs of code). It was hard for me find the right point to look
for.
I will try but I think that it will be impossible for me.
Also the fact that var_dump and print_r change the flow of the script
make me think that there is something in the object variable that make
the difference.
P.S.
I've tryed the latest cvs snapshot with this results (!= the
previous):
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1024 (LWP 26281)]
0x4067659b in _zend_is_inconsistent (ht=0x100, file=0x406f1520
"/TEST/php5-200403022230/Zend/zend_hash.c", line=504)
at /TEST/php5-200403022230/Zend/zend_hash.c:53
53 if (ht->inconsistent==HT_OK) {
(gdb) bt
#0 0x4067659b in _zend_is_inconsistent (ht=0x100, file=0x406f1520
"/TEST/php5-200403022230/Zend/zend_hash.c", line=504)
at /TEST/php5-200403022230/Zend/zend_hash.c:53
#1 0x00000010 in ?? ()
#2 0x40698d73 in zend_do_fcall_common_helper (execute_data=0x100,
opline=0x40730980, op_array=0x4074eb40)
at /TEST/php5-200403022230/Zend/zend_execute.c:2677
#3 0x40698d73 in zend_do_fcall_common_helper (execute_data=0x100,
opline=0x40730980, op_array=0x4074eb40)
at /TEST/php5-200403022230/Zend/zend_execute.c:2677
#4 0x40698d73 in zend_do_fcall_common_helper (execute_data=0x100,
opline=0x40730980, op_array=0x4074eb40)
at /TEST/php5-200403022230/Zend/zend_execute.c:2677
#5 0x40698d73 in zend_do_fcall_common_helper (execute_data=0x100,
opline=0x40730980, op_array=0x4074eb40)
at /TEST/php5-200403022230/Zend/zend_execute.c:2677
#6 0x40698d73 in zend_do_fcall_common_helper (execute_data=0x100,
opline=0x40730980, op_array=0x4074eb40)
at /TEST/php5-200403022230/Zend/zend_execute.c:2677
#7 0x40698d73 in zend_do_fcall_common_helper (execute_data=0x100,
opline=0x40730980, op_array=0x4074eb40)
at /TEST/php5-200403022230/Zend/zend_execute.c:2677
#8 0x406703b9 in zend_execute_scripts (type=256, retval=0x4127cb4c,
file_count=1) at /TEST/php5-200403022230/Zend/zend.c:1041
(gdb)
------------------------------------------------------------------------
[2004-03-02 18:20:14] [EMAIL PROTECTED]
Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves.
A proper reproducing script starts with <?php and ends with ?>,
is max. 10-20 lines long and does not require any external
resources such as databases, etc.
If possible, make the script source available online and provide
an URL to it here. Try avoid embedding huge scripts into the report.
------------------------------------------------------------------------
[2004-03-02 18:00:40] friosa at pnpitalia dot it
Description:
------------
I continue to get a core dump using imp with imap from the horde
project.
The crash is reproducible but the gdb backtrace has changed after i've
inserted the debug code.
Also I think it's important to mention that if u substitute the
"var_dump()" code below with "print_r()" the crash disappear !!!
so we can switch this three cases:
case "code without debug": crash();
case "code with vardump($mime_part)": crash();
case "code with print_r($mime_part)": --> continue (but I can't still
see the page)
If I can help with something else please contact me, I' will keep a
copy of the code, also I can send U a tar.gz of all this stuff (may be
not usefull with my conf.)
follow:
PHP compiling flags
APACHE
PRINT_R
VARDUMP
*********************************************
* PHP compiling flags
*********************************************
CFLAGS = CPPFLAGS = -march=k6 -O0 -pipe -fomit-frame-pointer -I[...]
./configure \
--prefix=/TEST/php \
--with-apxs2=/TEST/apache/bin/apxs \
--with-config-file-path=/TEST/php/lib/php.ini \
--with-informix=/opt/informix \
--with-mysql=/pnp/mysql \
--with-mysql-sock=/tmp/mysql.sock \
--enable-libgcc \
--with-curl=/pnp \
--disable-ipv6 \
--enable-ftp \
--with-openssl=/pnp \
--with-gd \
--enable-gd-native-ttf \
--with-zlib-dir=/usr \
--with-jpeg-dir=/usr \
--enable-exif \
--with-tiff-lib=/usr \
--with-png-dir=/usr \
--with-freetype-dir=/usr \
--with-pdflib=/TEST \
--enable-bcmath \
--enable-shmop \
--enable-sysvmsg \
--enable-sysvsem \
--enable-sysvshm \
--enable-mime-magic \
--with-qtdom \
--enable-pcntl \
--enable-sockets \
--x-includes=/usr/X11/include/X11 \
--x-libraries=/usr/X11/lib \
--with-readline \
--with-gnu-ld \
--enable-static \
--with-gettext \
--with-libxml-dir=/TEST \
--with-xml=/TEST \
--with-dom=/TEST \
--with-xsl=/TEST \
--with-dom-xslt=/TEST \
--with-dom-exslt=/TEST \
--with-mcrypt=/pnp \
--with-imap \
--enable-debug \
&& make && make install
*********************************************
* APACHE
*********************************************
./httpd -V
Server version: Apache/2.1.0-dev
Server built: Jan 26 2004 12:02:10
Server's Module Magic Number: 20030821:3
Architecture: 32-bit
Server MPM: Prefork
threaded: no
forked: yes (variable process count)
Server compiled with....
-D APR_HAS_SENDFILE
-D APR_HAS_MMAP
-D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
-D APR_USE_SYSVSEM_SERIALIZE
-D APR_USE_PTHREAD_SERIALIZE
-D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
-D APR_HAS_OTHER_CHILD
-D AP_HAVE_RELIABLE_PIPED_LOGS
-D HTTPD_ROOT="/TEST/apache"
-D SUEXEC_BIN="/TEST/apache/bin/suexec"
-D DEFAULT_PIDLOG="logs/httpd.pid"
-D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
-D DEFAULT_LOCKFILE="logs/accept.lock"
-D DEFAULT_ERRORLOG="logs/error_log"
-D AP_TYPES_CONFIG_FILE="conf/mime.types"
-D SERVER_CONFIG_FILE="conf/httpd.conf"
*********************************************
* PRINT_R
*********************************************
MIME_Message Object
(
[_build] => 1
[_defaultServer] => www2.pnp
[_type] => text
[_subtype] => Array
(
[download] => download_attach
[view] => view_attach
)
[_contents] =>
[_transferEncoding] => 7bit
[_encode7bit] => 1
[_description] =>
[_disposition] => inline
[_dispositionParameters] => Array
(
)
[_contentTypeParameters] => 0
*********************************************
* VARDUMP
*********************************************
object(MIME_Message)#19 (19) {
["_build"]=>
bool(true)
["_defaultServer"]=>
string(8) "www2.pnp"
["_type"]=>
string(4) "text"
["_subtype"]=>
array(2) {
["download"]=>
string(15) "download_attach"
["view"]=>
string(11) "view_attach"
}
["_contents"]=>
string(0) ""
["_transferEncoding"]=>
string(4) "7bit"
["_encode7bit"]=>
bool(true)
["_description"]=>
string(0) ""
["_disposition"]=>
string(6) "inline"
["_dispositionParameters"]=>
array(0) {
}
["_contentTypeParameters"]=>
&UNKNOWN:0
["_parts"]=>
array(0) {
}
["_information"]=>
UNKNOWN:0
["_bytes"]=>
object(MIME_Message)#19 (19) {
["_build"]=>
bool(true)
["_defaultServer"]=>
string(8) "www2.pnp"
["_type"]=>
string(4) "text"
["_subtype"]=>
array(2) {
["download"]=>
string(15) "download_attach"
["view"]=>
string(11) "view_attach"
}
["_contents"]=>
string(0) ""
["_transferEncoding"]=>
string(4) "7bit"
["_encode7bit"]=>
bool(true)
["_description"]=>
string(0) ""
["_disposition"]=>
string(6) "inline"
["_dispositionParameters"]=>
array(0) {
}
["_contentTypeParameters"]=>
&UNKNOWN:0
["_parts"]=>
array(0) {
}
["_information"]=>
UNKNOWN:0
["_bytes"]=>
*RECURSION*
["_cids"]=>
array(0) {
}
["_mimeid"]=>
UNKNOWN:0
["_eol"]=>
string(1) "
"
["_flags"]=>
UNKNOWN:0
["_idmap"]=>
array(0) {
}
}
["_cids"]=>
array(0) {
}
["_mimeid"]=>
UNKNOWN:0
["_eol"]=>
string(1) "
"
["_flags"]=>
UNKNOWN:0
["_idmap"]=>
array(0) {
}
}
Reproduce code:
---------------
class MIME_Contents {
[...]
function buildMessagePart(&$mime_part)
{
$msg = '';
if (!$this->canDisplayInline($mime_part) &&
($mime_part->getMIMEId() != 0)) {
if (($this->_displayType == 'list') ||
($this->_displayType == 'both')) {
$this->setSummary($mime_part, 'attachment');
}
if (($this->_displayType == 'inline') ||
($this->_displayType == 'both')) {
$this->setSummary($mime_part, 'part');
}
} else {
// poor man debug code ...
echo "<pre>";
var_dump($mime_part);
echo "pippo".$i++; str_pad(" ", 300); ob_flush();flush();
echo "</pre>";
// ... poor man debug code
///// CRASH HERE, FIRST LINE OF "$this->renderMIMEPart($mime_part);"
WILL NEVER EXECUTED
$msg = $this->renderMIMEPart($mime_part);
[...]
Actual result:
--------------
gdb ./httpd
GNU gdb 5.1.1
[...]
(gdb) run -X -f /TEST/apache/conf/httpd.conf
Starting program: /TEST/apache/bin/./httpd -X -f
/TEST/apache/conf/httpd.conf
[New Thread 1024 (LWP 30012)]
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1024 (LWP 30012)]
0x4066c571 in _zval_dtor (zvalue=0x4127d6a0, __zend_filename=0x406ed780
"/TEST/php-5.0.0b4/Zend/zend_execute_API.c", __zend_lineno=359)
at /TEST/php-5.0.0b4/Zend/zend_variables.c:44
44 CHECK_ZVAL_STRING_REL(zvalue);
(gdb) bt
#0 0x4066c571 in _zval_dtor (zvalue=0x4127d6a0,
__zend_filename=0x406ed780 "/TEST/php-5.0.0b4/Zend/zend_execute_API.c",
__zend_lineno=359)
at /TEST/php-5.0.0b4/Zend/zend_variables.c:44
#1 0x412b11cc in ?? ()
#2 0x406972f7 in zend_do_fcall_common_helper (execute_data=0x40cf4b64,
opline=0x406f2a20, op_array=0x74) at
/TEST/php-5.0.0b4/Zend/zend_execute.c:2671
#3 0x406972f7 in zend_do_fcall_common_helper (execute_data=0x40cf4b64,
opline=0x406f2a20, op_array=0x74) at
/TEST/php-5.0.0b4/Zend/zend_execute.c:2671
#4 0x406972f7 in zend_do_fcall_common_helper (execute_data=0x40cf4b64,
opline=0x406f2a20, op_array=0x74) at
/TEST/php-5.0.0b4/Zend/zend_execute.c:2671
#5 0x406972f7 in zend_do_fcall_common_helper (execute_data=0x40cf4b64,
opline=0x406f2a20, op_array=0x74) at
/TEST/php-5.0.0b4/Zend/zend_execute.c:2671
#6 0x4066eaf7 in zend_execute_scripts (type=0, retval=0x0,
file_count=4) at /TEST/php-5.0.0b4/Zend/zend.c:1052
(gdb)
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=27469&edit=1
