From: gw at gnc dot at Operating system: suse sles9 kernel 2.6.5 PHP version: 5.1.2 PHP Bug Type: Reproducible crash Bug description: zend/php crashes with server side includes in 5.0.4
Description: ------------ php 5.0.4,httpd 2.0.55 on a suse sles 9 httpd crashes when using server side includes. no idea if this belongs to php only...i'm not using any 3rd party products.just a plain php504 installation. no changes to php.ini. upgrade is not possible due to external customer scripts . php config: './configure' '--with-apxs2=/usr/local/apache2/bin/apxs' '--with-mysql' '--enable-ftp' '--enable-trans-sid' '--enable-track-vars' '--enable-imap' '--with-gettext' '--with-oci8=/opt/oracle/ora9i' '--without-sqlite' Reproduce code: --------------- <!--#config timefmt="%d. %m., %H:%M" --> Actual result: -------------- zaphod:/usr/local/apache/bin # gdb ./httpd GNU gdb 6.3 Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i586-suse-linux"...Using host libthread_db library "/lib/tls/libthread_db.so.1". (gdb) run -X Starting program: /usr/local/apache2/bin/httpd -X [Thread debugging using libthread_db enabled] [New Thread 1076812448 (LWP 29354)] Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 1076812448 (LWP 29354)] zend_hash_index_find (ht=0x90a3e69, h=2, pData=0x90a3e69) at /root/software/php-5.0.4/Zend/zend_hash.c:955 955 if ((p->h == h) && (p->nKeyLength == 0)) { (gdb) bt #0 zend_hash_index_find (ht=0x90a3e69, h=2, pData=0x90a3e69) at /root/software/php-5.0.4/Zend/zend_hash.c:955 #1 0x4045b038 in _zend_list_delete (id=2) at /root/software/php-5.0.4/Zend/zend_list.c:55 #2 0x404305fc in _php_stream_free (stream=0x82f988c, close_options=3) at /root/software/php-5.0.4/main/streams/streams.c:310 #3 0x40420461 in stream_closer_for_zend (handle=0x82f988c) at /root/software/php-5.0.4/main/main.c:843 #4 0x4043f913 in zend_file_handle_dtor (fh=0x82f99ac) at zend_language_scanner.l:246 #5 0x4044cb29 in zend_llist_del_element (l=0x404cf2d4, element=0xbfffef40, compare=0x4043b770 <zend_compare_file_handles>) at /root/software/php-5.0.4/Zend/zend_llist.c:104 #6 0x4043f769 in zend_destroy_file_handle (file_handle=0xbfffef40) at zend_language_scanner.l:284 #7 0x40452909 in zend_execute_scripts (type=2, retval=0x0, file_count=1) at /root/software/php-5.0.4/Zend/zend.c:1066 #8 0x40482466 in php_handler (r=0x82f76e0) at /root/software/php-5.0.4/sapi/apache2handler/sapi_apache2.c:557 #9 0x0808612b in ap_run_handler (r=0x82f76e0) at config.c:152 #10 0x08088aa5 in ap_invoke_handler (r=0x82f76e0) at config.c:364 #11 0x0809b278 in ap_run_sub_req (r=0x82f76e0) at request.c:1855 #12 0x080658cc in handle_include (ctx=0x82d7878, bb=0xbffff1bc, r=0x82e3298, f=0x82dd438, head_ptr=0x82db850, inserted_head=0xbffff1c0) at mod_include.c:742 #13 0x080638f9 in includes_filter (f=0x82dd438, b=0x82dd578) at mod_include.c:3309 #14 0x0809200b in ap_pass_brigade (next=0x82dd438, bb=0x82dd578) at util_filter.c:512 #15 0x08099aad in default_handler (r=0x82e3298) at core.c:3640 #16 0x0808612b in ap_run_handler (r=0x82e3298) at config.c:152 #17 0x08088aa5 in ap_invoke_handler (r=0x82e3298) at config.c:364 #18 0x0806e7af in ap_process_request (r=0x82e3298) at http_request.c:249 #19 0x08069e1c in ap_process_http_connection (c=0x82d7340) at http_core.c:251 #20 0x0809007b in ap_run_process_connection (c=0x82d7340) at connection.c:43 #21 0x08085238 in child_main (child_num_arg=<value optimized out>) at prefork.c:610 #22 0x0808538e in make_child (s=0x80c6c88, slot=0) at prefork.c:650 #23 0x08085451 in startup_children (number_to_start=5) at prefork.c:722 #24 0x08085b1d in ap_mpm_run (_pconf=0x80c20a8, plog=0x80fc190, s=0x80c6c88) at prefork.c:941 #25 0x0808ac7c in main (argc=2, argv=0xbffff614) at main.c:618 #0 zend_hash_index_find (ht=0x90a3e69, h=2, pData=0x90a3e69) at /root/software/php-5.0.4/Zend/zend_hash.c:955 nIndex = 2 p = (Bucket *) 0x90a3e69 #1 0x4045b038 in _zend_list_delete (id=2) at /root/software/php-5.0.4/Zend/zend_list.c:55 le = <value optimized out> #2 0x404305fc in _php_stream_free (stream=0x82f988c, close_options=3) at /root/software/php-5.0.4/main/streams/streams.c:310 ret = 1 remove_rsrc = <value optimized out> release_cast = 1 #3 0x40420461 in stream_closer_for_zend (handle=0x82f988c) at /root/software/php-5.0.4/main/main.c:843 No locals. #4 0x4043f913 in zend_file_handle_dtor (fh=0x82f99ac) at zend_language_scanner.l:246 No locals. #5 0x4044cb29 in zend_llist_del_element (l=0x404cf2d4, element=0xbfffef40, compare=0x4043b770 <zend_compare_file_handles>) at /root/software/php-5.0.4/Zend/zend_llist.c:104 current = (zend_llist_element *) 0x82f99a4 next = (zend_llist_element *) 0x0 #6 0x4043f769 in zend_destroy_file_handle (file_handle=0xbfffef40) at zend_language_scanner.l:284 No locals. #7 0x40452909 in zend_execute_scripts (type=2, retval=0x0, file_count=1) at /root/software/php-5.0.4/Zend/zend.c:1066 params = <value optimized out> retval2 = (zval *) 0x1 old_exception = (zval *) 0x82f950c ex_class_name = "`\223/[EMAIL PROTECTED]"\000\000F([EMAIL PROTECTED]/[EMAIL PROTECTED]/\000\"", '\0' <repeats 11 times>, "\023\000\000\000H\220/\bô\217/\bÀ\201/\bÚ\002\v\b\bz/\b v/\b3¨\n\b\bz/\bhîÿ¿%ó\b\b\bz/\bÚ\002\v\bÀ\201/\b\020\225/\b" files = <value optimized out> i = 0 file_handle = (zend_file_handle *) 0xbfffef40 orig_op_array = (zend_op_array *) 0x0 local_retval = (zval *) 0x0 #8 0x40482466 in php_handler (r=0x82f76e0) at /root/software/php-5.0.4/sapi/apache2handler/sapi_apache2.c:557 zfd = {type = 5 '\005', filename = 0x82f84d0 "/home/webspace/www.waa.at/htdocs/feat_modules/mod_sem_wise.html", opened_path = 0x82f97ac "/data1/webspace/www.waa.at/htdocs/feat_modules/mod_sem_wise.html", handle = {fd = 137336972, fp = 0x82f988c, stream = {handle = 0x82f988c, reader = 0x4042f9e0 <_php_stream_read>, closer = 0x40420450 <stream_closer_for_zend>, interactive = 0}}, free_filename = 0 '\0'} orig_bailout = {{__jmpbuf = {0, 0, 0, 0, 0, 0}, __mask_was_saved = 0, __saved_mask = {__val = {0 <repeats 32 times>}}}} ctx = (php_struct *) 0x82f7518 brigade = (apr_bucket_brigade *) 0x82f7590 bucket = <value optimized out> rv = <value optimized out> parent_req = (request_rec *) 0x82f56d8 content_type = <value optimized out> content_length = <value optimized out> auth = <value optimized out> #9 0x0808612b in ap_run_handler (r=0x82f76e0) at config.c:152 pHook = (ap_LINK_handler_t *) 0x81e5a7c n = 7 rv = 151666281 #10 0x08088aa5 in ap_invoke_handler (r=0x82f76e0) at config.c:364 new_handler = <value optimized out> p2 = <value optimized out> handler = 0x816b9d8 "application/x-httpd-php" result = <value optimized out> old_handler = 0x0 #11 0x0809b278 in ap_run_sub_req (r=0x82f76e0) at request.c:1855 retval = 0 #12 0x080658cc in handle_include (ctx=0x82d7878, bb=0xbffff1bc, r=0x82e3298, f=0x82dd438, head_ptr=0x82db850, inserted_head=0xbffff1c0) at mod_include.c:742 tag_plus = <value optimized out> tag = <value optimized out> tag_val = 0x82e5348 "/feat_modules/mod_sem_wise.html" tmp_buck = <value optimized out> parsed_string = <value optimized out> #13 0x080638f9 in includes_filter (f=0x82dd438, b=0x82dd578) at mod_include.c:3309 dummy = (apr_bucket *) 0x0 tag = <value optimized out> tag_len = <value optimized out> carg = <value optimized out> handle_func = (include_handler_fn_t *) 0x8065610 <handle_include> r = <value optimized out> ctx = <value optimized out> conf = (include_dir_config *) 0x81016a8 sconf = (include_server_config *) 0x81001a0 #14 0x0809200b in ap_pass_brigade (next=0x82dd438, bb=0x82dd578) at util_filter.c:512 e = <value optimized out> #15 0x08099aad in default_handler (r=0x82e3298) at core.c:3640 req_cfg = <value optimized out> c = (conn_rec *) 0x82d7340 bb = (apr_bucket_brigade *) 0x82dd578 e = (apr_bucket *) 0x82db3f0 d = (core_dir_config *) 0x82e5170 errstatus = 137221500 fd = (apr_file_t *) 0x82dd488 status = <value optimized out> bld_content_md5 = 137212912 #16 0x0808612b in ap_run_handler (r=0x82e3298) at config.c:152 pHook = (ap_LINK_handler_t *) 0x81e5aa4 n = 9 rv = 151666281 #17 0x08088aa5 in ap_invoke_handler (r=0x82e3298) at config.c:364 new_handler = <value optimized out> p2 = <value optimized out> handler = 0x1 <Address 0x1 out of bounds> result = <value optimized out> old_handler = 0x80a4afe "default-handler" #18 0x0806e7af in ap_process_request (r=0x82e3298) at http_request.c:249 access_status = <value optimized out> #19 0x08069e1c in ap_process_http_connection (c=0x82d7340) at http_core.c:251 r = (request_rec *) 0x82e3298 csd_set = 1 csd = (apr_socket_t *) 0x82d7268 #20 0x0809007b in ap_run_process_connection (c=0x82d7340) at connection.c:43 pHook = (ap_LINK_process_connection_t *) 0x81e5e88 n = 0 rv = 151666281 #21 0x08085238 in child_main (child_num_arg=<value optimized out>) at prefork.c:610 ptrans = (apr_pool_t *) 0x82d7230 allocator = (apr_allocator_t *) 0x82d51a0 current_conn = (conn_rec *) 0x82d7340 status = <value optimized out> i = <value optimized out> lr = <value optimized out> curr_pollfd = <value optimized out> last_pollfd = 0 pollset = (apr_pollfd_t *) 0x82d52c0 offset = <value optimized out> csd = (void *) 0x82d7268 sbh = (ap_sb_handle_t *) 0x82d52a0 rv = <value optimized out> bucket_alloc = (apr_bucket_alloc_t *) 0x82db240 #22 0x0808538e in make_child (s=0x80c6c88, slot=0) at prefork.c:650 pid = <value optimized out> #23 0x08085451 in startup_children (number_to_start=5) at prefork.c:722 i = 0 #24 0x08085b1d in ap_mpm_run (_pconf=0x80c20a8, plog=0x80fc190, s=0x80c6c88) at prefork.c:941 pidfile = <value optimized out> index = <value optimized out> remaining_children_to_start = 5 rv = <value optimized out> #25 0x0808ac7c in main (argc=2, argv=0xbffff614) at main.c:618 exit_status = <value optimized out> c = <value optimized out> configtestonly = 0 confname = 0x80ae586 "conf/httpd.conf" def_server_root = 0x80af104 "/usr/local/apache2" temp_error_log = 0x0 process = <value optimized out> server_conf = (server_rec *) 0x80c6c88 pglobal = (apr_pool_t *) 0x80c00a0 pconf = (apr_pool_t *) 0x80c20a8 plog = (apr_pool_t *) 0x80fc190 ptemp = (apr_pool_t *) 0x81051b0 pcommands = (apr_pool_t *) 0x80c40b0 opt = <value optimized out> rv = <value optimized out> mod = <value optimized out> optarg = 0x0 signal_server = <value optimized out> -- Edit bug report at http://bugs.php.net/?id=36293&edit=1 -- Try a CVS snapshot (PHP 4.4): http://bugs.php.net/fix.php?id=36293&r=trysnapshot44 Try a CVS snapshot (PHP 5.1): http://bugs.php.net/fix.php?id=36293&r=trysnapshot51 Try a CVS snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=36293&r=trysnapshot60 Fixed in CVS: http://bugs.php.net/fix.php?id=36293&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=36293&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=36293&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=36293&r=needscript Try newer version: http://bugs.php.net/fix.php?id=36293&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=36293&r=support Expected behavior: http://bugs.php.net/fix.php?id=36293&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=36293&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=36293&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=36293&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=36293&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=36293&r=dst IIS Stability: http://bugs.php.net/fix.php?id=36293&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=36293&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=36293&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=36293&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=36293&r=mysqlcfg