#39620 [NEW]: SEGV in zend_do_fcall_common_helper_SPEC

[jens at strawberry dot com]

From:             jens at strawberry dot com
Operating system: Solaris 8, 32bit
PHP version:      5.2.0
PHP Bug Type:     Reproducible crash
Bug description:  SEGV in zend_do_fcall_common_helper_SPEC 

Description:
------------
I've compiled and installed PHP version 5.2.0
in the following environment:

   Server:  SparcStation 20 dual CPU
   OS:      Solaris 8, Kernel patch 117350-41
   Apache:  2.2.2

The apache server starts and answers requests.
Upon loading a php test page from this server, the
http server process begins consuming 100% CPU and
finally crashes in format_converter with signal 11
(SEGV).

Reproduce code:
---------------
Enable short tags in php.ini.
Load the following page from the server

test.php:
<?phpinfo()?>


Expected result:
----------------
Info page should show up.
http process should keep stable.

Actual result:
--------------
http server enters a loop between the functions
zend_do_fcall_common_helper_SPEC and 
execute_internal which after a while leads to the SEGV
in format_converter

The following output is produced using adb attached to a
nonfork apache server:



SIGSEGV: Segmentation Fault (address not mapped to object)
stopped at:
format_converter+8:             st      %i0, [%sp + 0x64]
symbol not found
process terminated

$c
...
execute_internal(0xed4bd430,0x14,0xefff7f08,0xed673178,0x501be8,0x50) +
204
        [savfp=0xefff7f48,savpc=0xed4bd064]
zend_do_fcall_common_helper_SPEC(0xefff8088,0xefff808c,0xce2c,0xefff8494,0x1,0x0)
+ 4c8
        [savfp=0xefff7fa8,savpc=0xed4bcb18]
execute_internal(0xed4bd430,0x1,0xefff8088,0xed673178,0x457a80,0x4) + 204
        [savfp=0xefff80c8,savpc=0xed4bd064]
zend_do_fcall_common_helper_SPEC(0xefff84a8,0xefff84ac,0xce2c,0xefff8724,0x1,0x0)
+ 4c8
        [savfp=0xefff8128,savpc=0xed4bcb18]
execute_internal(0xed4bd430,0x7,0xefff84a8,0xed673178,0x4f8578,0x1c) +
204
        [savfp=0xefff84e8,savpc=0xed4bd064]
zend_do_fcall_common_helper_SPEC(0xefff8768,0xefff876c,0xce2c,0xefff914c,0x1,0x0)
+ 4c8
        [savfp=0xefff8548,savpc=0xed4bcb18]
execute_internal(0xed4bd430,0xa,0xefff8768,0xed673178,0x5324e8,0x28) +
204
        [savfp=0xefff87a8,savpc=0xed4bd064]
zend_do_fcall_common_helper_SPEC(0xefffef80,0xefffef84,0xce2c,0xeffff0b4,0x1,0x0)
+ 4c8
        [savfp=0xefff8808,savpc=0xed4bcb18]
execute_internal(0xed4bd430,0x76,0xefffef80,0xed673178,0x41e4c0,0x1d8) +
204
        [savfp=0xefffefc0,savpc=0xed489a30]
zend_execute_scripts(0x8,0x0,0x3,0xeffff65c,0xed672f58,0x0) + 110
        [savfp=0xeffff0b8,savpc=0xed4111f8]
php_execute_script(0xa800,0x25edc8,0xed5c9f8c,0xed6729a8,0xd000,0x3c) +
350
        [savfp=0xeffff5b8,savpc=0xed502f0c]
php_handler(0x262178,0xd018,0xed5c9f8c,0xd400,0xc800,0x0) + 588
        [savfp=0xeffff6e0,savpc=0x402e0]
ap_run_handler(0x25cf98,0x94980,0x948f0,0xffffffff,0x6,0x948f0) + 48
        [savfp=0xeffff740,savpc=0x409a4]
ap_invoke_handler(0x25cf98,0x238018,0x25cf98,0x953a8,0x0,0x0) + f8
        [savfp=0xeffff7a8,savpc=0x4d7cc]
ap_process_request(0x25cf98,0x0,0xc8,0x25cf98,0x0,0x0) + 54
        [savfp=0xeffff808,savpc=0x4ac78]
ap_filter_protocol(0x246680,0x25cf98,0x79800,0x1,0x1000,0x5) + 31c
        [savfp=0xeffff868,savpc=0x46db8]
ap_run_process_connection(0x246680,0x95064,0x95010,0xffffffff,0x3,0x95010)
+ 48
        [savfp=0xeffff8c8,savpc=0x520a0]
ap_graceful_stop_signalled(0x53dac,0x246680,0x7c400,0x7e800,0x0,0x1) +
40c
        [savfp=0xeffff960,savpc=0x52190]
ap_graceful_stop_signalled(0x88448,0x0,0x94e0c,0x94de0,0xffffffff,0x79800)
+ 4fc
        [savfp=0xeffff9c0,savpc=0x5270c]
ap_mpm_run(0x865a8,0x79800,0x88448,0x79800,0x79b6c,0x7c6e8) + 1c8
        [savfp=0xeffffa40,savpc=0x2c8d4]
main(0x79800,0x0,0x5e400,0x0,0x78958,0x88448) + 97c
        [savfp=0xeffffac8,savpc=0x2b714]


-- 
Edit bug report at http://bugs.php.net/?id=39620&edit=1
-- 
Try a CVS snapshot (PHP 4.4): 
http://bugs.php.net/fix.php?id=39620&r=trysnapshot44
Try a CVS snapshot (PHP 5.2): 
http://bugs.php.net/fix.php?id=39620&r=trysnapshot52
Try a CVS snapshot (PHP 6.0): 
http://bugs.php.net/fix.php?id=39620&r=trysnapshot60
Fixed in CVS:                 http://bugs.php.net/fix.php?id=39620&r=fixedcvs
Fixed in release:             
http://bugs.php.net/fix.php?id=39620&r=alreadyfixed
Need backtrace:               http://bugs.php.net/fix.php?id=39620&r=needtrace
Need Reproduce Script:        http://bugs.php.net/fix.php?id=39620&r=needscript
Try newer version:            http://bugs.php.net/fix.php?id=39620&r=oldversion
Not developer issue:          http://bugs.php.net/fix.php?id=39620&r=support
Expected behavior:            http://bugs.php.net/fix.php?id=39620&r=notwrong
Not enough info:              
http://bugs.php.net/fix.php?id=39620&r=notenoughinfo
Submitted twice:              
http://bugs.php.net/fix.php?id=39620&r=submittedtwice
register_globals:             http://bugs.php.net/fix.php?id=39620&r=globals
PHP 3 support discontinued:   http://bugs.php.net/fix.php?id=39620&r=php3
Daylight Savings:             http://bugs.php.net/fix.php?id=39620&r=dst
IIS Stability:                http://bugs.php.net/fix.php?id=39620&r=isapi
Install GNU Sed:              http://bugs.php.net/fix.php?id=39620&r=gnused
Floating point limitations:   http://bugs.php.net/fix.php?id=39620&r=float
No Zend Extensions:           http://bugs.php.net/fix.php?id=39620&r=nozend
MySQL Configuration Error:    http://bugs.php.net/fix.php?id=39620&r=mysqlcfg