From: alex dot dean at pni dot com
Operating system: RHEL 4
PHP version: 5.1.5RC1
PHP Bug Type: Apache2 related
Bug description: Apache2 segfaults when virtual() is called in .php
ErrorDocument
Description:
------------
Using a PHP script as an Apache ErrorDocument causes PHP to segfault if
the PHP script uses the virtual() function.
PHP Configuration :
./configure
--with-apxs2=/apps/apache_2.0.54/bin/apxs --with-mysql=/usr/local/mysql
--with-zlib --with-mysqli=/usr/local/mysql/bin/mysql_config --with-gettext
--enable-ftp --with-cgi --enable-cgi --with-openssl --with-gd
--with-jpeg-dir=/usr --enable-mbstring=all --enable-debug
Apache Configuration :
./configure --enable-ssl --prefix=/apps/apache_2.0.54 --enable-so
--enable-rewrite --with-mpm=prefork --enable-deflate --enable-headers
--enable-file-cache
Reproduce code:
---------------
httpd.conf :
ErrorDocument 404 virtual1.php
virtual1.php :
<html>
<head>
<title>Virtual and SSI Tests</title>
</head>
<body>
<? virtual('/virtual2.php'); ?>
</body>
</html>
virtual2.php :
<? echo 'Included virtual2.php.' ?>
Start browser and browse to any non-existent URL.
Neither virtual1.php and virtual2.php cause errors when browsed to
directly. Using virtual2.php as an ErrorDocument does not cause any
errors.
Expected result:
----------------
I should see 'Included virtual2.php' displayed in the browser window.
Actual result:
--------------
Actual result is a segmentation fault.
[EMAIL PROTECTED] htdocs]# gdb /apps/apache_2.0.54/bin/httpd
This GDB was configured as "i386-redhat-linux-gnu"...Using host
libthread_db library "/lib/tls/libthread_db.so.1".
(gdb) run -X
Starting program: /apps/apache_2.0.54/bin/httpd -X
[Thread debugging using libthread_db enabled]
[New Thread -1208023360 (LWP 23963)]
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1208023360 (LWP 23963)]
0x010ad9aa in _zval_ptr_dtor (zval_ptr=0x8377314,
__zend_filename=0x12ebddc
"/usr/local/src/php-5.1-cvs/Zend/zend_execute.h", __zend_lineno=146)
at /usr/local/src/php-5.1-cvs/Zend/zend_execute_API.c:393
393 (*zval_ptr)->refcount--;
(gdb) bt
#0 0x010ad9aa in _zval_ptr_dtor (zval_ptr=0x8377314,
__zend_filename=0x12ebddc
"/usr/local/src/php-5.1-cvs/Zend/zend_execute.h", __zend_lineno=146)
at /usr/local/src/php-5.1-cvs/Zend/zend_execute_API.c:393
#1 0x010d5410 in zend_do_fcall_common_helper_SPEC
(execute_data=0xbfffd260) at zend_execute.h:146
#2 0x010d4f11 in execute (op_array=0x83700d4) at zend_vm_execute.h:92
#3 0x010bae5e in zend_execute_scripts (type=8, retval=0x0, file_count=3)
at /usr/local/src/php-5.1-cvs/Zend/zend.c:1109
#4 0x01082045 in php_execute_script (primary_file=0xbffff5b0) at
/usr/local/src/php-5.1-cvs/main/main.c:1737
#5 0x01140898 in php_handler (r=0x835fb30) at
/usr/local/src/php-5.1-cvs/sapi/apache2handler/sapi_apache2.c:586
#6 0x080b883a in ap_run_handler (r=0x835fb30) at config.c:152
#7 0x080b8c05 in ap_invoke_handler (r=0x835fb30) at config.c:364
#8 0x080a164d in ap_internal_redirect (new_uri=0x1c <Address 0x1c out of
bounds>, r=0x0) at http_request.c:465
#9 0x080a1976 in ap_process_request (r=0x83584f0) at http_request.c:262
#10 0x0809d691 in ap_process_http_connection (c=0x8352258) at
http_core.c:251
#11 0x080c1cd2 in ap_run_process_connection (c=0x8352258) at
connection.c:43
#12 0x080b7015 in child_main (child_num_arg=28) at prefork.c:610
#13 0x080b7209 in make_child (s=0x81c9ba8, slot=0) at prefork.c:650
#14 0x080b72d0 in startup_children (number_to_start=100) at prefork.c:722
#15 0x080b79a3 in ap_mpm_run (_pconf=0xbffff910, plog=0x8200198,
s=0xbffff914) at prefork.c:941
#16 0x080bca73 in main (argc=2, argv=0xbffffab4) at main.c:618
--
Edit bug report at http://bugs.php.net/?id=38456&edit=1
--
Try a CVS snapshot (PHP 4.4):
http://bugs.php.net/fix.php?id=38456&r=trysnapshot44
Try a CVS snapshot (PHP 5.2):
http://bugs.php.net/fix.php?id=38456&r=trysnapshot52
Try a CVS snapshot (PHP 6.0):
http://bugs.php.net/fix.php?id=38456&r=trysnapshot60
Fixed in CVS: http://bugs.php.net/fix.php?id=38456&r=fixedcvs
Fixed in release:
http://bugs.php.net/fix.php?id=38456&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=38456&r=needtrace
Need Reproduce Script: http://bugs.php.net/fix.php?id=38456&r=needscript
Try newer version: http://bugs.php.net/fix.php?id=38456&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=38456&r=support
Expected behavior: http://bugs.php.net/fix.php?id=38456&r=notwrong
Not enough info:
http://bugs.php.net/fix.php?id=38456&r=notenoughinfo
Submitted twice:
http://bugs.php.net/fix.php?id=38456&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=38456&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=38456&r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=38456&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=38456&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=38456&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=38456&r=float
No Zend Extensions: http://bugs.php.net/fix.php?id=38456&r=nozend
MySQL Configuration Error: http://bugs.php.net/fix.php?id=38456&r=mysqlcfg
