From: rristroph at airlinksystems dot com
Operating system: Fedora Core 3
PHP version: 4.3.11
PHP Bug Type: Reproducible crash
Bug description: crash after returning from custom extension code
Description:
------------
Hi,
This bug report is difficult because I don't have a short bit of code
to reproduce it. However, if you can give me any suggestions of things to
try, I do so and report back.
I have PHP 4.3.11 compiled on Fedora Core 4, running on x86_64. (Note
that Fedora Core 4 comes with PHP 5, and I removed it and installed 4.3.11
from source. Also that Fedora Core 4 uses gcc 4.0, and all the platforms
that have PHP 4 instead of PHP 5 might be using older gcc versions.)
I am compiling and loading a custom extension written in C and C++;
this allows access to some libraries the company owns and has written in
house, they are large and also proprietary, so I can't give you the
extension. However, the crash is not in the extension.
After running a number of different commands in the extension
successfully, it fails after returning from an extension function. The
extension function is relatively simple and returns a long, not a php
object or reference or anything like that.
The segfault occurs in php-4.3.11/Zend/zend_execute.c:1658.
I can work towards trimming code until I have a short piece of php
code that loads a small dummy extension that causes the problem; however
that will take some time (maybe weeks as I have a lot of other stuff to
do). I thought I would at least post what info I have to get any
suggestions.
Here is the terminal output when running gdb:
-----------------------------------------------------------
[EMAIL PROTECTED] html]# gdb php -f login.php
GNU gdb Red Hat Linux (6.3.0.0-1.21rh)
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you
are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for
details.
This GDB was configured as "x86_64-redhat-linux-gnu"...Using host
libthread_db library "/lib64/libthread_db.so.1".
"/home/httpd/html/login.php" is not a core dump: File format not
recognized
(gdb) quit
[EMAIL PROTECTED] html]# gdb php
GNU gdb Red Hat Linux (6.3.0.0-1.21rh)
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you
are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for
details.
This GDB was configured as "x86_64-redhat-linux-gnu"...Using host
libthread_db library "/lib64/libthread_db.so.1".
(gdb) run -f login.php
Starting program: /usr/bin/php -f login.php
about to dl al_util_nodebug.so -- first<br>
[Thread debugging using libthread_db enabled]
[New Thread 46912496277408 (LWP 14795)]
[New Thread 231832879520 (LWP 14795)]
Error while reading shared library symbols:
Cannot find new threads: debugger service failed
result = 1<br>
Functions available in the test extension:<br>
<br>
after<br>
after2<br>
RGR HERE <br>
RGR MARK 1
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 46912496277408 (LWP 14795)]
0x00000000005237db in execute (op_array=Cannot access memory at address
0x7ffefffffe78
) at /root/updates/php/php-4.3.11/Zend/zend_execute.c:1658
1658
EG(current_execute_data) = &execute_data;
(gdb) where
#0 0x00000000005237db in execute (op_array=Cannot access memory at
address 0x7ffefffffe78
) at /root/updates/php/php-4.3.11/Zend/zend_execute.c:1658
Cannot access memory at address 0x7fff00000000
(gdb) bt
#0 0x00000000005237db in execute (op_array=Cannot access memory at
address 0x7ffefffffe78
) at /root/updates/php/php-4.3.11/Zend/zend_execute.c:1658
Cannot access memory at address 0x7fff00000000
(gdb) list
1658
EG(current_execute_data) = &execute_data;
1659 if
(EX(object).ptr) {
1660
EX(object).ptr->refcount--;
1661 }
1662
EX(Ts)[EX(opline)->result.u.var].var.ptr->is_ref = 0;
1663
EX(Ts)[EX(opline)->result.u.var].var.ptr->refcount = 1;
1664 if
(!return_value_used) {
1665
zval_ptr_dtor(&EX(Ts)[EX(opline)->result.u.var].var.ptr);
1666 }
1667 } else if
(EX(function_state).function->type==ZEND_USER_FUNCTION) {
(gdb) p current_execute_data
No symbol "current_execute_data" in current context.
(gdb) p execute_data
Cannot access memory at address 0x7ffefffffed0
(gdb) p &execute_data
$1 = (zend_execute_data *) 0x7ffefffffed0
(gdb)
------------------------------------------------------------
here is the config command I used to compile php 4.3.11:
------------------------------------------------------------
./configure \
--build=x86_64-redhat-linux --host=x86_64-redhat-linux
--target=x86_64-redhat-linux-gnu \
--program-prefix= --prefix=/usr --exec-prefix=/usr --bindir=/usr/bin
--sbindir=/usr/sbin \
--sysconfdir=/etc --datadir=/usr/share --includedir=/usr/include
--libdir=/usr/lib64 \
--libexecdir=/usr/libexec --localstatedir=/var --sharedstatedir=/usr/com
\
--mandir=/usr/share/man --infodir=/usr/share/info \
--cache-file=../config.cache \
--with-config-file-path=/etc --with-config-file-scan-dir=/etc/php.d \
--enable-force-cgi-redirect \
--disable-debug \
--enable-pic \
--disable-rpath \
--enable-inline-optimization \
--with-bz2 \
--with-curl \
--with-exec-dir=/usr/bin \
--with-freetype-dir=/usr \
--with-png-dir=/usr \
--with-gd=shared \
--enable-gd-native-ttf \
--without-gdbm \
--with-gettext \
--with-ncurses=shared \
--with-gmp \
--with-iconv \
--with-jpeg-dir=/usr \
--with-openssl \
--with-png \
--with-xml \
--with-expat-dir=/usr \
--with-dom=shared,/usr \
--with-zlib \
--with-layout=GNU \
--enable-bcmath \
--enable-exif \
--enable-ftp \
--enable-magic-quotes \
--enable-safe-mode \
--enable-sockets \
--enable-sysvsem \
--enable-sysvshm \
--enable-track-vars \
--enable-trans-sid \
--enable-yp \
--enable-wddx \
--with-pear=/usr/share/pear \
--with-kerberos \
--with-mysql=shared,/usr \
--with-pgsql=shared \
--with-snmp=shared,/usr \
--with-snmp=shared \
--enable-ucd-snmp-hack \
--with-unixODBC=shared,/usr \
--enable-memory-limit \
--enable-shmop \
--enable-calendar \
--enable-dbx \
--enable-dio \
--enable-mbstring=shared \
--enable-mbstr-enc-trans \
--enable-mbregex \
--with-mime-magic=/usr/share/file/magic.mime \
--with-apxs2=/usr/sbin/apxs
-----------------------------------------------------------
here is a diff between the php.ini I am using and the php.ini that was
generated by the install, piped through a grep to remove all differences
in comments:
------------------------------------------------------------
[EMAIL PROTECTED] html]# diff /etc/php.ini
/root/updates/php/php-4.3.11/php.ini-dist | grep -v "\;" | wc -l
112
[EMAIL PROTECTED] html]# diff /etc/php.ini
/root/updates/php/php-4.3.11/php.ini-dist | grep -v "\;"
2a3,13
>
>
6,73c17,60
---
95c82
< precision = 14
---
> precision = 12
125,129c112,116
---
167d153
< #allow_call_time_pass_reference = Off
170d155
247,248c232
< memory_limit = 335544320
---
284c268
---
286c270
< error_reporting = E_ALL
---
> error_reporting = E_ALL & ~E_NOTICE
293,294c277
< display_errors = Off
< #display_errors = On
---
> display_errors = On
304d286
< #log_errors = On
330c312
<
---
>
383,384c365
< #register_globals = Off
< register_globals = On
---
> register_globals = Off
401c382
< magic_quotes_gpc = Off
---
> magic_quotes_gpc = On
421c402
---
435,437d415
< include_path=".:./classes:../classes:/home/httpd/html/classes"
<
<
445c423
---
450,451c428
< extension_dir = /usr/lib64/20020429
---
> extension_dir = "./"
480c457
---
495c472
<
---
>
522,523c499,500
---
545c522,526
---
552,553d532
< extension=mysql.so
< extension=gd.so
555,558c534,581
---
>
580c603
< sendmail_path = /usr/sbin/sendmail -t -i
---
671,673c694,695
< pgsql.auto_reset_persistent = Off
---
> pgsql.auto_reset_persistent = Off
682d703
738c759
< dbx.colnames_case = "lowercase"
---
> dbx.colnames_case = "unchanged"
791c812,823
< session.save_path = /var/lib/php/session
---
796c828
---
825c857
< session.gc_divisor = 1000
---
> session.gc_divisor = 100
830a863,870
>
837c877
< session.bug_compat_42 = 0
---
> session.bug_compat_42 = 1
855c895
---
863c903
---
868c908
---
878c918
< url_rewriter.tags =
"a=href,area=href,frame=src,input=src,form=fakeentry"
---
> url_rewriter.tags =
"a=href,area=href,frame=src,input=src,form=,fieldset="
983,986d1022
< [Sockets]
< sockets.use_system_read = On
<
[EMAIL PROTECTED] html]#
-------------------------------------------------------------
I realize it is impossible to ask for a fix here, but if you can suggest
anything I might try, or tell me how to go about doing what you would do
if you had everything, I'll do it.
Thanks in advance for any attention you can give this.
--Rob
--
Edit bug report at http://bugs.php.net/?id=33538&edit=1
--
Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=33538&r=trysnapshot4
Try a CVS snapshot (php5.0):
http://bugs.php.net/fix.php?id=33538&r=trysnapshot50
Try a CVS snapshot (php5.1):
http://bugs.php.net/fix.php?id=33538&r=trysnapshot51
Fixed in CVS: http://bugs.php.net/fix.php?id=33538&r=fixedcvs
Fixed in release: http://bugs.php.net/fix.php?id=33538&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=33538&r=needtrace
Need Reproduce Script: http://bugs.php.net/fix.php?id=33538&r=needscript
Try newer version: http://bugs.php.net/fix.php?id=33538&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=33538&r=support
Expected behavior: http://bugs.php.net/fix.php?id=33538&r=notwrong
Not enough info:
http://bugs.php.net/fix.php?id=33538&r=notenoughinfo
Submitted twice:
http://bugs.php.net/fix.php?id=33538&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=33538&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=33538&r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=33538&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=33538&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=33538&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=33538&r=float
No Zend Extensions: http://bugs.php.net/fix.php?id=33538&r=nozend
MySQL Configuration Error: http://bugs.php.net/fix.php?id=33538&r=mysqlcfg
