ID: 35074 Updated by: [EMAIL PROTECTED] Reported By: jeff dot potter at hp dot com -Status: Open +Status: Feedback Bug Type: Apache2 related Operating System: Linux (Redhat EL 3 i386) PHP Version: 4.4.1 New Comment:
Please try using this CVS snapshot: http://snaps.php.net/php5-latest.tar.gz For Windows: http://snaps.php.net/win32/php5-win32-latest.zip Previous Comments: ------------------------------------------------------------------------ [2005-11-03 17:16:34] jeff dot potter at hp dot com php4-STABLE-latest (php4-STABLE-200511031356) still appears to have the same symptoms as php-4.4.1 [Thu Nov 03 09:41:35 2005] [notice] child pid 4209 exit signal Segmentation fault (11) [Thu Nov 03 09:41:37 2005] [notice] child pid 4264 exit signal Segmentation fault (11) ------------------------------------------------------------------------ [2005-11-03 09:10:15] [EMAIL PROTECTED] Please try using this CVS snapshot: http://snaps.php.net/php4-STABLE-latest.tar.gz For Windows: http://snaps.php.net/win32/php4-win32-STABLE-latest.zip ------------------------------------------------------------------------ [2005-11-03 00:29:49] jeff dot potter at hp dot com Description: ------------ Just compiled and integrated PHP v4.4.1, and I get an immediate Segmentation fault on my first virtual() call. Same code works fine in PHP 4.3.11 & PHP 4.4.0. Configure script: ./configure $php_dbg_flag --prefix=/opt/hp/hpsmh/php --with-apxs2=/opt/hp/hpsmh/sbin/apxs \ --with-dom=/opt/hp/hpsmh --with-zlib --enable-bcmath --enable-calendar --enable-wddx --enable-ftp make make install Platform: RedHat Enterprise Linux Advanced Server 3 Update 2 Apache 2.0.48 with security patches Reproduce code: --------------- Just call virtual(some_uri). Expected result: ---------------- My page rendered on the screen. Actual result: -------------- It looks like the rr->main structure in PHP_FUNCTION(virtual)is all zeros. Program received signal SIGSEGV, Segmentation fault. [Switching to Thread -1469858896 (LWP 13252)] ap_rflush (r=0x82ef088) at protocol.c:1561 1561 bb = apr_brigade_create(r->pool, c->bucket_alloc); (gdb) bt #0 ap_rflush (r=0x82ef088) at protocol.c:1561 #1 0xb71eba7f in zif_virtual (ht=1, return_value=0x839d264, this_ptr=0x0, return_value_used=0, tsrm_ls=0x8363dd8) at /usr/src/redhat/BUILD/cleansweep-2.1.14-10139/php-4.4.1/sapi/apache2handler/php_functions.c:101 #2 0xb71e2b59 in execute (op_array=0x83987b4, tsrm_ls=0x8363dd8) at /usr/src/redhat/BUILD/cleansweep-2.1.14-10139/php-4.4.1/Zend/zend_execute.c:1675 #3 0xb71cea6c in zend_execute_scripts (type=8, tsrm_ls=0x8363dd8, retval=0x0, file_count=3) at /usr/src/redhat/BUILD/cleansweep-2.1.14-10139/php-4.4.1/Zend/zend.c:938 #4 0xb71a5d3e in php_execute_script (primary_file=0xa863b830, tsrm_ls=0x8363dd8) at /usr/src/redhat/BUILD/cleansweep-2.1.14-10139/php-4.4.1/main/main.c:1743 #5 0xb71eb3ce in php_handler (r=0x82b8e50) at /usr/src/redhat/BUILD/cleansweep-2.1.14-10139/php-4.4.1/sapi/apache2handler/sapi_apache2.c:572 #6 0x080a5b1e in ap_run_handler (r=0x82b8e50) at config.c:151 #7 0x080a6039 in ap_invoke_handler (r=0x82b8e50) at config.c:358 #8 0x080a1d8f in ap_process_request (r=0x82b8e50) at http_request.c:246 #9 0x0809dd04 in ap_process_http_connection (c=0x82abf18) at http_core.c:250 #10 0x080adeca in ap_run_process_connection (c=0x82abf18) at connection.c:42 #11 0x080a2d3f in process_socket (p=0x82abdf0, sock=0x82abe28, my_child_num=0, my_thread_num=22, bucket_alloc=0x82addf8) at worker.c:520 #12 0x080a3332 in worker_thread (thd=0x81dbac8, dummy=0x82a5040) at worker.c:834 #13 0xb747551c in dummy_worker (opaque=0x81dbac8) at thread.c:88 #14 0xb744adec in start_thread () from /lib/tls/libpthread.so.0 #15 0xb7370e8a in clone () from /lib/tls/libc.so.6 (gdb) Frame #0 Code #0 ap_rflush (r=0x82ef088) at protocol.c:1561 1561 bb = apr_brigade_create(r->pool, c->bucket_alloc); (gdb) print bb $1 = (apr_bucket_brigade *) 0x839d264 (gdb) print *bb $2 = {p = 0x0, list = {next = 0x0, prev = 0x10000}, bucket_alloc = 0x0} gdb) print c->bucket_alloc Cannot access memory at address 0x50 (gdb) print *c->bucket_alloc Cannot access memory at address 0x50 (gdb) print &c->bucket_alloc $3 = (struct apr_bucket_alloc_t **) 0x50 (gdb) print r->pool $4 = (apr_pool_t *) 0x0 (gdb) print *r->pool $5 = {parent = 0x82ef088, child = 0x6b637562, sibling = 0x2f737465, ref = 0x92e7887, cleanups = 0x7000058, allocator = 0x31, subprocesses = 0x0, abort_fn = 0, user_data = 0x0, tag = 0x0, active = 0x0, self = 0x0, self_first_avail = 0x0} (gdb) print &r->pool $6 = (apr_pool_t **) 0x82ef088 1555 AP_DECLARE(int) ap_rflush(request_rec *r) 1556 { 1557 conn_rec *c = r->connection; 1558 apr_bucket_brigade *bb; 1559 apr_bucket *b; 1560 1561 bb = apr_brigade_create(r->pool, c->bucket_alloc); 1562 b = apr_bucket_flush_create(c->bucket_alloc); 1563 APR_BRIGADE_INSERT_TAIL(bb, b); 1564 if (ap_pass_brigade(r->output_filters, bb) != APR_SUCCESS) 1565 return -1; 1566 1567 return 0; 1568 } Frame #1 Code (gdb) print rr->main $7 = (request_rec *) 0x82ef088 (gdb) print *rr->main $8 = {pool = 0x0, connection = 0x0, server = 0x0, next = 0x0, prev = 0x0, main = 0x0, the_request = 0x0, assbackwards = 0, proxyreq = 0, header_only = 0, protocol = 0x0, proto_num = 0, hostname = 0x0, request_time = 0, status_line = 0x0, status = 0, method = 0x0, method_number = 0, allowed = 0, allowed_xmethods = 0x0, allowed_methods = 0x0, sent_bodyct = 0, bytes_sent = 0, mtime = 0, chunked = 0, range = 0x0, clength = 0, remaining = 0, read_length = 0, read_body = 0, read_chunked = 0, expecting_100 = 0, headers_in = 0x0, headers_out = 0x0, err_headers_out = 0x0, subprocess_env = 0x0, notes = 0x0, content_type = 0x0, handler = 0x0, content_encoding = 0x0, content_languages = 0x0, vlist_validator = 0x0, user = 0x0, ap_auth_type = 0x0, no_cache = 0, no_local_copy = 0, unparsed_uri = 0x0, uri = 0x0, filename = 0x0, canonical_filename = 0x0, path_info = 0x0, args = 0x0, finfo = {pool = 0x0, valid = 0, protection = 0, filetype = APR_NOFILE, user = 0, group = 0, inode = 0, device = 0, nlink = 0, size = 0, csize = 0, atime = 0, mtime = 0, ctime = 0, fname = 0x0, name = 0x0, filehand = 0x0}, parsed_uri = {scheme = 0x0, hostinfo = 0x0, user = 0x0, password = 0x0, hostname = 0x0, port_str = 0x0, path = 0x0, query = 0x0, fragment = 0x0, hostent = 0x0, port = 0, is_initialized = 0, dns_looked_up = 0, dns_resolved = 0}, used_path_info = 0, per_dir_config = 0x0, request_config = 0x0, htaccess = 0x0, output_filters = 0x0, input_filters = 0x0, proto_output_filters = 0x0, proto_input_filters = 0x0, eos_sent = 0} 70 /* {{{ proto bool virtual(string uri) 71 Perform an apache sub-request */ 72 PHP_FUNCTION(virtual) 73 { 74 zval **filename; 75 request_rec *rr; 76 77 if (ZEND_NUM_ARGS() != 1 || zend_get_parameters_ex(1, &filename) == FAILURE) { 78 WRONG_PARAM_COUNT; 79 } 80 81 convert_to_string_ex(filename); 82 83 84 if (!(rr = php_apache_lookup_uri(Z_STRVAL_PP(filename) TSRMLS_CC))) { 85 php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to include '%s' - URI lookup failed", Z_STRVAL_PP(filename)); 86 RETURN_FALSE; 87 } 88 89 if (rr->status != HTTP_OK) { 90 php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to include '%s' - error finding URI", Z_STRVAL_PP(filename)); 91 ap_destroy_sub_req(rr); 92 RETURN_FALSE; 93 } 94 95 /* Flush everything. */ 96 php_end_ob_buffers(1 TSRMLS_CC); 97 php_header(); 98 99 /* Ensure that the ap_r* layer for the main request is flushed, to 100 * work around http://issues.apache.org/bugzilla/show_bug.cgi?id=17629 */ 101 ap_rflush(rr->main); 102 103 if (ap_run_sub_req(rr)) { 104 php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to include '%s' - request execution failed", Z_STRVAL_PP(filename)); 105 ap_destroy_sub_req(rr); 106 RETURN_FALSE; 107 } 108 ap_destroy_sub_req(rr); 109 RETURN_TRUE; 110 } 111 /* }}} */ 112 ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=35074&edit=1