#39749 [Fbk->Opn]: function call returns crash under certain conditions

steve-php-dev at spamwiz dot com Tue, 05 Dec 2006 14:51:27 -0800

 ID:               39749
 User updated by:  steve-php-dev at spamwiz dot com
 Reported By:      steve-php-dev at spamwiz dot com
-Status:           Feedback
+Status:           Open
 Bug Type:         Reproducible crash
 Operating System: CentOS 3
 PHP Version:      5.2.0
 New Comment:


(gdb) run -X
Starting program: /usr/local/apache/bin/httpd -X
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
[Thread debugging using libthread_db enabled]
[New Thread -1218542944 (LWP 8821)]
Processing config directory: /usr/local/apache/conf/vhosts/*.conf
 Processing config file: /usr/local/apache/conf/vhosts/dev-apache.conf
 Processing config file: /usr/local/apache/conf/vhosts/empty.conf
Processing config directory: /etc/httpd/conf.d/*.conf
 Processing config file: /etc/httpd/conf.d/apt-proxy.conf
 Processing config file: /etc/httpd/conf.d/monitor.conf
 Processing config file: /etc/httpd/conf.d/nagios.conf
[Tue Dec  5 15:49:35 2006] [warn] NameVirtualHost *:80 has no
VirtualHosts

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1218542944 (LWP 8821)]
0x080e294e in _zval_ptr_dtor ()
(gdb) bt
#0  0x080e294e in _zval_ptr_dtor ()
#1  0x08109698 in zend_get_zval_ptr_ptr ()
#2  0x08108b28 in execute ()
#3  0x080eecae in zend_execute_scripts ()
#4  0x080b6161 in php_execute_script ()
#5  0x0814fa6a in apache_php_module_main ()
#6  0x080ac6b8 in ap_get_server_built ()
#7  0x080abc71 in ap_get_server_built ()
#8  0x083f0043 in ap_invoke_handler ()
#9  0x08409857 in ap_update_mtime ()
#10 0x08408941 in ap_process_request ()
#11 0x0840179e in suck_in_ap_validate_password ()
#12 0x083fff68 in suck_in_ap_validate_password ()
#13 0x083fef95 in suck_in_ap_validate_password ()
#14 0x083fcb26 in main ()
(gdb)


Previous Comments:
------------------------------------------------------------------------

[2006-12-05 22:41:22] steve-php-dev at spamwiz dot com

The following produces a segfault:

<?

function function_call($arg1, $arg2, $arg3) {}

$arr1 = array(1, 2, 3);
$arr2 = array(4, 5, 6);
$arr3 = array(7, 8, 9);

$arr = function_call($arr1, $arr2, $arr3);

echo "done";

?>

If you echo something and exit inside the function, it does not
segfault.

------------------------------------------------------------------------

[2006-12-05 22:00:56] [EMAIL PROTECTED]

Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read
http://bugs.php.net/bugs-generating-backtrace.php for *NIX and
http://bugs.php.net/bugs-generating-backtrace-win32.php for Win32

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.

What is the difference between these two servers?

------------------------------------------------------------------------

[2006-12-05 21:47:35] steve-php-dev at spamwiz dot com

Description:
------------
If more than two arrays are passed to array_merge(), I get a segfault. 
This happens on one server, but not another.  Here is the configure
command for the one that has the problem, followed by the configure for
the one that does not have the problem:

BAD SERVER
'./configure' '--with-mysql=/usr' '--with-mysqli=/usr/bin/mysql_config'
'--with-zlib' '--enable-soap' '--enable-mbstring' '--with-openssl'
'--with-config-file-path=/etc/php'
'--with-config-file-scan-dir=/etc/php/apache.d'
'--with-apache=../apache_1.3.37' '--enable-track-vars' '--without-pear'
'--disable-cli' '--with-imap' '--with-imap-ssl' '--with-ldap'
'--with-kerberos' '--with-gmp' '--without-spl' '--without-sqlite'
'--without-pdo' '--enable-gd-native-ttf' '--with-gd' '--with-png-dir'
'--with-freetype-dir' '--with-mssql'


GOOD SERVER
'./configure' '--with-mysql=/usr' '--with-mysqli=/usr/bin/mysql_config'
'--enable-soap' '--with-zlib' '--enable-mbstring' '--with-openssl'
'--with-config-file-path=/etc/php'
'--with-config-file-scan-dir=/etc/php/apache.d'
'--with-apache=../apache_1.3.37' '--enable-track-vars' '--without-pear'
'--disable-cli' '--with-gmp' '--without-spl' '--without-sqlite'
'--without-pdo'

Reproduce code:
---------------
<?

$arr1 = array(1, 2, 3);
$arr2 = array(4, 5, 6);
$arr3 = array(7, 8, 9);

$arr = array_merge($arr1, $arr2, $arr3);

header("Content-Type: text/plain");
print_r($arr);

?>

Expected result:
----------------
Array
(
    [0] => 1
    [1] => 2
    [2] => 3
    [3] => 4
    [4] => 5
    [5] => 6
    [6] => 7
    [7] => 8
    [8] => 9
)


Actual result:
--------------
segfault


------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=39749&edit=1

#39749 [Fbk->Opn]: function call returns crash under certain conditions

Reply via email to