ID: 41370 Updated by: [EMAIL PROTECTED] Reported By: paul at gracion dot com -Status: Open +Status: Feedback Bug Type: Reproducible crash Operating System: Mac OS X 10.4.9 PHP Version: 5.2.2 New Comment:
Please try using this CVS snapshot: http://snaps.php.net/php5.2-latest.tar.gz For Windows: http://snaps.php.net/win32/php5.2-win32-latest.zip Previous Comments: ------------------------------------------------------------------------ [2007-05-17 06:37:29] paul at gracion dot com See new requested backtraces and error_log below. Simplified steps to reproduce no longer involve fopen. Configure used for debug build: ./configure --with-apxs --enable-debug --with-mysql=/usr/local/mysql --with-xmlrpc --with-pdo-mysql=/usr/ local/mysql Improved steps to reproduce crash: 1 Stop and then start Apache with SSL. 2 Open upload form (https://updebug.html) in browser, choose file (4 to 12K text), submit (HTTPS). 3 If updebug.php page loads, click browser back button and repeat previous 2 steps, until submit does not return data to browser. (happens about 1/3 of the time). 4 Wait for browser to time out (apparently), about 5 minutes. 4a. (error_log records "freeing .... last leak repeated" - see below). 5 Open phpMyAdmin/index.php (2.9.2). This triggers immediate crash of an httpd child thread. updebug.html: <form id="textUploadForm" action="updebug.php" method="post" name="textUploadForm" enctype="multipart/form-data"> <input type="hidden" name="MAX_FILE_SIZE" value="2000000" /> <input type="file" name="texts" size="20"/><br /> <label>textid: </label> <input type="text" name="textid" size="12" /><br /> <label>Number of users: </label> <input type="text" name="numUsers" value="1" size="4" /> <input type="submit" name="submitButtonName" value="Start Upload" /></form> updebug.php: if (array_key_exists('texts', $_FILES) && ($_FILES['texts']['error'] == UPLOAD_ERR_OK)) { print "<p>updebug sees file ok</p>"; } else { print "<p>Error or No upload file.</p>"; } Backtraces (2): Host Name: Ally Date/Time: 2007-05-16 18:30:37.349 -0700 OS Version: 10.4.9 (Build 8P135) Report Version: 4 Command: httpd Path: /usr/sbin/httpd Parent: httpd [28203] Version: ??? (???) PID: 28204 Thread: 0 Exception: EXC_BAD_ACCESS (0x0001) Codes: KERN_PROTECTION_FAILURE (0x0002) at 0x00000000 Thread 0 Crashed: 0 libphp5.so 0x0238d420 _zend_hash_add_or_update + 200 (zend_hash.c:218) 1 libphp5.so 0x0231c2d4 zend_symtable_update + 584 (zend_hash.h: 340) 2 libphp5.so 0x0231be4c php_register_variable_ex + 1880 (php_variables.c:215) 3 libphp5.so 0x0209bc9c php_sapi_filter + 1232 (filter.c:399) 4 libphp5.so 0x0231cd5c php_default_treat_data + 1204 (php_variables.c:369) 5 libphp5.so 0x0231e02c php_hash_environment + 944 (php_variables.c:678) 6 libphp5.so 0x02309a94 php_request_startup + 576 (main.c:1144) 7 libphp5.so 0x0242799c apache_php_module_main + 48 (sapi_apache.c: 33) 8 libphp5.so 0x0242907c send_php + 740 (mod_php5.c:666) 9 libphp5.so 0x024290ec send_parsed_php + 48 (mod_php5.c:678) 10 httpd 0x0000dd18 ap_invoke_handler + 232 11 httpd 0x00017dd4 process_request_internal + 640 12 httpd 0x00017e54 ap_process_request + 72 13 httpd 0x00006b60 child_main + 1832 14 httpd 0x00006dc4 make_child + 312 15 httpd 0x00006e7c startup_children + 116 16 httpd 0x000074ec standalone_main + 480 17 httpd 0x00007d74 main + 1052 18 httpd 0x0000238c _start + 348 19 httpd 0x0000222c start + 60 Thread 0 crashed with PPC Thread State 64: srr0: 0x000000000238d420 srr1: 0x100000000200f030 vrsave: 0x0000000000000000 cr: 0x28000208 xer: 0x0000000000000000 lr: 0x000000000238d3f0 ctr: 0x000000000238d054 r0: 0x0000000000000000 r1: 0x00000000bfffe820 r2: 0x0000000000000000 r3: 0x00000000d646a8cc r4: 0x0000000000000009 r5: 0x00000000000000ce r6: 0x00000000bfffe964 r7: 0x0000000000000004 r8: 0x00000000bfffe968 r9: 0x00000000d646a8cc r10: 0x000000000238cd28 r11: 0x00000000025ea8b8 r12: 0x0000000090132320 r13: 0x0000000000000000 r14: 0x0000000000000000 r15: 0x0000000000000000 r16: 0x0000000000000000 r17: 0x0000000000000000 r18: 0x0000000000000000 r19: 0x0000000000000000 r20: 0x0000000000000000 r21: 0x0000000000000000 r22: 0x0000000000057314 r23: 0x0000000000057314 r24: 0x0000000000057314 r25: 0x0000000000057314 r26: 0x0000000001848638 r27: 0x00000000000001f4 r28: 0x0000000000000017 r29: 0x0000000000259858 r30: 0x00000000bfffe820 r31: 0x000000000238d370 Binary Images Description: 0x1000 - 0x4ffff httpd /usr/sbin/httpd 0x65000 - 0x67fff mod_log_config.so /usr/libexec/httpd/ mod_log_config.so 0x6a000 - 0x6bfff mod_mime.so /usr/libexec/httpd/mod_mime.so 0x6e000 - 0x72fff mod_negotiation.so /usr/libexec/httpd/ mod_negotiation.so 0x75000 - 0x7afff mod_include.so /usr/libexec/httpd/ mod_include.so 0x7e000 - 0x82fff mod_autoindex.so /usr/libexec/httpd/ mod_autoindex.so 0x86000 - 0x86fff mod_dir.so /usr/libexec/httpd/mod_dir.so 0x89000 - 0x8afff mod_cgi.so /usr/libexec/httpd/mod_cgi.so 0x8d000 - 0x8dfff mod_asis.so /usr/libexec/httpd/mod_asis.so 0x90000 - 0x92fff mod_imap.so /usr/libexec/httpd/mod_imap.so 0x95000 - 0x95fff mod_actions.so /usr/libexec/httpd/ mod_actions.so 0x98000 - 0x98fff mod_userdir.so /usr/libexec/httpd/ mod_userdir.so 0x9b000 - 0x9cfff mod_alias.so /usr/libexec/httpd/ mod_alias.so 0x9f000 - 0xa8fff mod_rewrite.so /usr/libexec/httpd/ mod_rewrite.so 0xac000 - 0xadfff mod_access.so /usr/libexec/httpd/ mod_access.so 0xb0000 - 0xb1fff mod_auth.so /usr/libexec/httpd/mod_auth.so 0xb4000 - 0xb5fff mod_log_forensic.so /usr/libexec/httpd/ mod_log_forensic.so 0xb8000 - 0xb8fff mod_setenvif.so /usr/libexec/httpd/ mod_setenvif.so 0xbb000 - 0xd7fff libssl.so /usr/libexec/httpd/libssl.so 0xf4000 - 0xf4fff mod_hfs_apple.so /usr/libexec/httpd/ mod_hfs_apple.so 0xf7000 - 0xfcfff mod_bonjour.so /usr/libexec/httpd/ mod_bonjour.so 0x2008000 - 0x24f1fff libphp5.so /usr/libexec/httpd/libphp5.so 0x8fe00000 - 0x8fe52fff dyld 46.12 /usr/lib/dyld 0x90000000 - 0x901bdfff libSystem.B.dylib /usr/lib/libSystem.B.dylib 0x90215000 - 0x9021afff libmathCommon.A.dylib /usr/lib/system/ libmathCommon.A.dylib 0x907bc000 - 0x90895fff com.apple.CoreFoundation 6.4.7 (368.28) /System/Library/Frameworks/CoreFoundation.framework/Versions/A/ CoreFoundation 0x908e0000 - 0x909e2fff libicucore.A.dylib /usr/lib/ libicucore.A.dylib 0x90a3c000 - 0x90ac0fff libobjc.A.dylib /usr/lib/libobjc.A.dylib 0x90b70000 - 0x90b82fff libauto.dylib /usr/lib/libauto.dylib 0x91110000 - 0x9111efff libz.1.dylib /usr/lib/libz.1.dylib 0x91121000 - 0x912dcfff com.apple.security 4.6 (29770) /System/Library/Frameworks/Security.framework/Versions/A/Security 0x913f7000 - 0x9141ffff com.apple.SystemConfiguration 1.8.3 /System/Library/Frameworks/SystemConfiguration.framework/Versions/ A/SystemConfiguration 0x91a1a000 - 0x91ae1fff libcrypto.0.9.7.dylib /usr/lib/libcrypto. 0.9.7.dylib 0x91d4d000 - 0x91e2bfff libxml2.2.dylib /usr/lib/libxml2.2.dylib 0x92a03000 - 0x92af1fff libiconv.2.dylib /usr/lib/libiconv.2.dylib 0x93702000 - 0x93722fff com.apple.DirectoryService.Framework 3.1 /System/Library/Frameworks/DirectoryService.framework/Versions/A/ DirectoryService 0x95041000 - 0x95070fff libssl.0.9.7.dylib /usr/lib/libssl. 0.9.7.dylib ********** Host Name: Ally Date/Time: 2007-05-16 22:48:20.816 -0700 OS Version: 10.4.9 (Build 8P135) Report Version: 4 Command: httpd Path: /usr/sbin/httpd Parent: httpd [233] Version: ??? (???) PID: 234 Thread: 0 Exception: EXC_BAD_ACCESS (0x0001) Codes: KERN_INVALID_ADDRESS (0x0001) at 0x636d6428 Thread 0 Crashed: 0 libphp5.so 0x0238cc10 _zend_is_inconsistent + 44 (zend_hash.c:53) 1 libphp5.so 0x0238d3a8 _zend_hash_add_or_update + 80 (zend_hash.c: 208) 2 libphp5.so 0x0231c2d4 zend_symtable_update + 584 (zend_hash.h: 340) 3 libphp5.so 0x0231be4c php_register_variable_ex + 1880 (php_variables.c:215) 4 libphp5.so 0x0209bc9c php_sapi_filter + 1232 (filter.c:399) 5 libphp5.so 0x0231cd5c php_default_treat_data + 1204 (php_variables.c:369) 6 libphp5.so 0x0231e02c php_hash_environment + 944 (php_variables.c:678) 7 libphp5.so 0x02309a94 php_request_startup + 576 (main.c:1144) 8 libphp5.so 0x0242799c apache_php_module_main + 48 (sapi_apache.c: 33) 9 libphp5.so 0x0242907c send_php + 740 (mod_php5.c:666) 10 libphp5.so 0x024290ec send_parsed_php + 48 (mod_php5.c:678) 11 httpd 0x0000dd18 ap_invoke_handler + 232 12 httpd 0x00017dd4 process_request_internal + 640 13 httpd 0x00017e54 ap_process_request + 72 14 httpd 0x00006b60 child_main + 1832 15 httpd 0x00006dc4 make_child + 312 16 httpd 0x00006e7c startup_children + 116 17 httpd 0x000074ec standalone_main + 480 18 httpd 0x00007d74 main + 1052 19 httpd 0x0000238c _start + 348 20 httpd 0x0000222c start + 60 Thread 0 crashed with PPC Thread State 64: srr0: 0x000000000238cc10 srr1: 0x100000000000f030 vrsave: 0x0000000000000000 cr: 0x28000204 xer: 0x0000000000000000 lr: 0x000000000238cbfc ctr: 0x0000000000000000 r0: 0x000000000238d3a8 r1: 0x00000000bfffe7d0 r2: 0x00000000636d6400 r3: 0x00000000636d6400 r4: 0x000000000248a9b0 r5: 0x00000000000000ce r6: 0x00000000bfffe964 r7: 0x0000000000000004 r8: 0x00000000bfffe968 r9: 0x0000000000000001 r10: 0x0000000002469a34 r11: 0x00000000025ea8b8 r12: 0x0000000090132320 r13: 0x0000000000000000 r14: 0x0000000000000000 r15: 0x0000000000000000 r16: 0x0000000000000000 r17: 0x0000000000000000 r18: 0x0000000000000000 r19: 0x0000000000000000 r20: 0x0000000000000000 r21: 0x0000000000000000 r22: 0x0000000000057314 r23: 0x0000000000057314 r24: 0x0000000000057314 r25: 0x0000000000057314 r26: 0x0000000001848638 r27: 0x00000000000001f4 r28: 0x0000000000000017 r29: 0x00000000002598cc r30: 0x00000000bfffe7d0 r31: 0x000000000238cbfc Binary Images Description (same as above) error_log: [Wed May 16 18:30:23 2007] Script: '/Library/WebServer/Documents/ ecomm/web-content/backend/updebug.php' /Users/paul/Gray/Documents/Business/eComm/phpdev/php-5.2.2/ext/filter/ filter.c(364) : Freeing 0x00259980 (16 bytes), script=/Library/ WebServer/Documents/ecomm/web-content/backend/updebug.php Last leak repeated 2 times [Wed May 16 18:30:23 2007] Script: '/Library/WebServer/Documents/ ecomm/web-content/backend/updebug.php' /Users/paul/Gray/Documents/Business/eComm/phpdev/php-5.2.2/ext/filter/ filter.c(393) : Freeing 0x00259A98 (11 bytes), script=/Library/ WebServer/Documents/ecomm/web-content/backend/updebug.php Last leak repeated 1 time [Wed May 16 18:30:23 2007] Script: '/Library/WebServer/Documents/ ecomm/web-content/backend/updebug.php' /Users/paul/Gray/Documents/Business/eComm/phpdev/php-5.2.2/main/ php_variables.c(191) : Freeing 0x00259AD0 (16 bytes), script=/ Library/WebServer/Documents/ecomm/web-content/backend/updebug.php Last leak repeated 1 time [Wed May 16 18:30:23 2007] Script: '/Library/WebServer/Documents/ ecomm/web-content/backend/updebug.php' /Users/paul/Gray/Documents/Business/eComm/phpdev/php-5.2.2/Zend/ zend_hash.c(247) : Freeing 0x00259B48 (39 bytes), script=/Library/ WebServer/Documents/ecomm/web-content/backend/updebug.php Last leak repeated 1 time [Wed May 16 18:30:23 2007] Script: '/Library/WebServer/Documents/ ecomm/web-content/backend/updebug.php' /Users/paul/Gray/Documents/Business/eComm/phpdev/php-5.2.2/main/ rfc1867.c(360) : Freeing 0x00259EF8 (28 bytes), script=/Library/ WebServer/Documents/ecomm/web-content/backend/updebug.php /Users/paul/Gray/Documents/Business/eComm/phpdev/php-5.2.2/Zend/ zend_alloc.c(2314) : Actual location (location was relayed) [Wed May 16 18:30:23 2007] Script: '/Library/WebServer/Documents/ ecomm/web-content/backend/updebug.php' /Users/paul/Gray/Documents/Business/eComm/phpdev/php-5.2.2/main/ rfc1867.c(365) : Freeing 0x00259F40 (5121 bytes), script=/Library/ WebServer/Documents/ecomm/web-content/backend/updebug.php /Users/paul/Gray/Documents/Business/eComm/phpdev/php-5.2.2/Zend/ zend_alloc.c(2314) : Actual location (location was relayed) [Wed May 16 18:30:23 2007] Script: '/Library/WebServer/Documents/ ecomm/web-content/backend/updebug.php' /Users/paul/Gray/Documents/Business/eComm/phpdev/php-5.2.2/main/ spprintf.c(222) : Freeing 0x0025B370 (79 bytes), script=/Library/ WebServer/Documents/ecomm/web-content/backend/updebug.php Last leak repeated 1 time [Wed May 16 18:30:23 2007] Script: '/Library/WebServer/Documents/ ecomm/web-content/backend/updebug.php' /Users/paul/Gray/Documents/Business/eComm/phpdev/php-5.2.2/main/ rfc1867.c(837) : Freeing 0x0025B470 (32 bytes), script=/Library/ WebServer/Documents/ecomm/web-content/backend/updebug.php /Users/paul/Gray/Documents/Business/eComm/phpdev/php-5.2.2/Zend/ zend_alloc.c(2314) : Actual location (location was relayed) === Total 14 memory leaks detected === [Wed May 16 18:30:39 2007] [notice] child pid 28204 exit signal Bus error (10) ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/41370 -- Edit this bug report at http://bugs.php.net/?id=41370&edit=1
