From: warwick at thusa dot co dot za Operating system: Slackware 10.0 PHP version: 4.3.8 PHP Bug Type: Reproducible crash Bug description: Apache segfaults in php_imap when IMP attempts to log in
Description: ------------ We use IMAP Authenticated Horde via IMP, therefore we need to recompile the stock Slackware PHP and include imap, ldap, gd and other support. PHP configure string follows: './configure' '--prefix=/usr' '--with-apxs2=/usr/sbin/apxs' '--enable-discard-path' '--with-config-file-path=/etc/apache2' '--with-openssl' '--enable-bcmath' '--with-bz2' '--with-gettext' '--enable-pic' '--enable-calendar' '--enable-ctype' '--with-gdbm' '--with-mcrypt' '--with-imap=/usr/src/imap-2002d' '--with-mhash' '--enable-dbase' '--enable-ftp' '--with-gd' '--with-jpeg' '--with-png' '--with-gmp' '--with-mysql' '--with-pgsql' '--with-xml' '--with-mm' '--enable-trans-sid' '--enable-shmop' '--enable-sockets' '--enable-shared' '--enable-debug' '--with-zlib' '--with-dom' '--with-dom-xslt' '--with-pgsql' '--with-mcal=/usr' Apache version is 2.0.50, configured prefork: -D APACHE_MPM_DIR="server/mpm/prefork" -D APR_HAS_SENDFILE -D APR_HAS_MMAP -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled) -D APR_USE_SYSVSEM_SERIALIZE -D APR_USE_PTHREAD_SERIALIZE -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT -D APR_HAS_OTHER_CHILD -D AP_HAVE_RELIABLE_PIPED_LOGS -D HTTPD_ROOT="/usr" -D SUEXEC_BIN="/usr/bin/suexec" -D DEFAULT_PIDLOG="/var/run/httpd.pid" -D DEFAULT_SCOREBOARD="logs/apache_runtime_status" -D DEFAULT_LOCKFILE="/var/run/accept.lock" -D DEFAULT_ERRORLOG="logs/error_log" -D AP_TYPES_CONFIG_FILE="/etc/apache2/mime.types" -D SERVER_CONFIG_FILE="/etc/apache2/httpd.conf" PEAR state (pear list): Installed packages: =================== Package Version State Archive_Tar 1.1 stable Console_Getopt 1.2 stable DB 1.6.2 stable HTTP 1.2.2 stable Log 1.8.5 stable Mail 1.1.3 stable Net_SMTP 1.2.3 stable Net_Socket 1.0.1 stable PEAR 1.3.2 stable XML_Parser 1.0.1 stable XML_RPC 1.1.0 stable php.ini diff from php.ini-dist: [EMAIL PROTECTED]:/etc/apache2# diff php.ini php.ini-dist 411c411 < include_path = ".:/usr/lib/php" --- > ;include_path = ".:/php/includes" 428c428,429 < extension_dir = "./usr/lib/php" --- > ; extension_dir = "./" > extension_dir = "/usr/lib/php/extensions/" 532a534,536 > ; > ; Load the MySQL extension by default. Comment this out if you don't use MySQL. > extension=mysql.so 533a538,540 > ; Load the gettext extension by default. Comment this out if you don't have the > ; gettext shared library installed. > extension=gettext.so System Information: Linux gateway 2.4.26 Courier imapd 3.0.7 OpenLDAP 2.1.29 GCC 3.3.4 i486-slackware-linux Reproduce code: --------------- IMP Login (http://www.horde.org/imp) - IMP is configured to authenticate against IMAP (courier). e.g. IMP causes this problem in imp/mailbox.php: $overview = imap_fetch_overview($imp['stream'], implode(',', $msgs), FT_UID); Expected result: ---------------- Expect successful login, but apache child process segfaults and the three lines like the following show in /var/log/apache/error_log: [Mon Sep 06 11:49:43 2004] [notice] child pid 19707 exit signal Segmentation fault (11) [Mon Sep 06 11:49:44 2004] [notice] child pid 19709 exit signal Segmentation fault (11) [Mon Sep 06 11:49:44 2004] [notice] child pid 19708 exit signal Segmentation fault (11) Actual result: -------------- Program received signal SIGSEGV, Segmentation fault. 0x405d5d08 in _php_imap_address_size (addresslist=0x81f70e0) at /usr/src/php-4.3.8/ext/imap/php_imap.c:3654 3654 ret += _php_rfc822_len(tmp->personal); (gdb) bt #0 0x405d5d08 in _php_imap_address_size (addresslist=0x81f70e0) at /usr/src/php-4.3.8/ext/imap/php_imap.c:3654 #1 0x405d0f77 in zif_imap_fetch_overview (ht=3, return_value=0x84609e4, this_ptr=0x0, return_value_used=1) at /usr/src/php-4.3.8/ext/imap/php_imap.c:2736 #2 0x4070a9f6 in execute (op_array=0x83b6094) at /usr/src/php-4.3.8/Zend/zend_execute.c:1635 #3 0x406f92b1 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /usr/src/php-4.3.8/Zend/zend.c:891 #4 0x406c22d6 in php_execute_script (primary_file=0xbffff470) at /usr/src/php-4.3.8/main/main.c:1734 #5 0x40710d55 in php_handler (r=0x81ce618) at /usr/src/php-4.3.8/sapi/apache2handler/sapi_apache2.c:561 #6 0x08067b66 in ap_run_handler (r=0x81ce618) at config.c:151 #7 0x08068138 in ap_invoke_handler (r=0x81ce618) at config.c:358 #8 0x080650eb in ap_process_request (r=0x81ce618) at http_request.c:246 #9 0x08060c69 in ap_process_http_connection (c=0x81c45d0) at http_core.c:250 #10 0x08070b06 in ap_run_process_connection (c=0x81c45d0) at connection.c:42 #11 0x08066518 in child_main (child_num_arg=81) at prefork.c:609 #12 0x080666ce in make_child (s=0x809f518, slot=0) at prefork.c:649 #13 0x0806673f in startup_children (number_to_start=5) at prefork.c:721 #14 0x08066eb9 in ap_mpm_run (_pconf=0x809d778, plog=0x80c7820, s=0x5) at prefork.c:940 #15 0x0806c608 in main (argc=2, argv=0xbffff7f4) at main.c:617 -- Edit bug report at http://bugs.php.net/?id=29997&edit=1 -- Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=29997&r=trysnapshot4 Try a CVS snapshot (php5.0): http://bugs.php.net/fix.php?id=29997&r=trysnapshot50 Try a CVS snapshot (php5.1): http://bugs.php.net/fix.php?id=29997&r=trysnapshot51 Fixed in CVS: http://bugs.php.net/fix.php?id=29997&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=29997&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=29997&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=29997&r=needscript Try newer version: http://bugs.php.net/fix.php?id=29997&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=29997&r=support Expected behavior: http://bugs.php.net/fix.php?id=29997&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=29997&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=29997&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=29997&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=29997&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=29997&r=dst IIS Stability: http://bugs.php.net/fix.php?id=29997&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=29997&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=29997&r=float