#41611 [Fbk->Opn]: xmlrpc_server_call_method() causes segfault on x86_64 platform

glen at delfi dot ee Wed, 06 Jun 2007 08:16:05 -0700

 ID:               41611
 User updated by:  glen at delfi dot ee
 Reported By:      glen at delfi dot ee
-Status:           Feedback
+Status:           Open
 Bug Type:         XMLRPC-EPI related
 Operating System: PLD Linux/x86_64
 PHP Version:      5.2.3
 New Comment:


yes. appears that the bug is somewhere in xmlrpc-epi-0.51, as if 
compiled without system xmlrpc-epi (either statically or as module) 
it won't segfault.


Previous Comments:
------------------------------------------------------------------------

[2007-06-06 14:57:11] [EMAIL PROTECTED]

Does it matter if you compile the extension statically or not?
I can't reproduce it on Linux x86_64 and the backtrace IMo shows that
the problem is somewhere in libxmlrpc, not in PHP.

------------------------------------------------------------------------

[2007-06-06 14:49:38] glen at delfi dot ee

also tested `alpha` architecture which has also 64bit cpu:

[EMAIL PROTECTED] ~]$ php xmlrpc-segv.php
*** glibc detected *** free(): invalid next size (fast): 
0x0000000120151f40 ***
Aborted
[EMAIL PROTECTED] ~]$ arch
alpha

------------------------------------------------------------------------

[2007-06-06 14:42:34] glen at delfi dot ee

Description:
------------
appears there's regression or the bug was not really fixed:
http://bugs.php.net/bug.php?id=25428

17:22:58 glen[pts/[EMAIL PROTECTED] ~$ php xmlrpc-segv.php
Segmentation fault
17:23:00 glen[pts/[EMAIL PROTECTED] ~$ cat xmlrpc-segv.php
<?
$request = xmlrpc_encode_request("system.listMethods", array());
$server = xmlrpc_server_create();
echo xmlrpc_server_call_method($server, $request, false);
17:23:02 glen[pts/[EMAIL PROTECTED] ~$ php -v
PHP 5.2.3 (cli) (built: Jun  1 2007 08:53:57)
Copyright (c) 1997-2007 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2007 Zend Technologies

also tested:
PHP 5.2.3 - x86_64 - segfault
PHP 5.2.2 - x86_64 - segfault
PHP 5.2.1 - x86_64 - segfault
PHP 5.2.1 - x86 - no segfault
PHP 5.2.3 - x86 - no segfault

also tested with php5.2-200706061230 as i tought it's first response 
i get to the bug to try the latest snap.

and the problem is still there...

./configure \
 --enable-debug \
 --enable-maintainer-zts \
 --enable-inline-optimization \
 --with-xmlrpc=shared,/usr

17:38:35 glen[pts/[EMAIL PROTECTED] BUILD/php5.2-200706061230$ 
gdb ./sapi/cli/php
GNU gdb 6.5
Copyright (C) 2006 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and 
you are
welcome to change it and/or distribute copies of it under certain 
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for 
details.
This GDB was configured as "amd64-pld-linux"...Using host 
libthread_db library "/lib64/tls/libthread_db.so.1".

(gdb) set 
args -dextension=xmlrpc.so -dextension_dir=modules
/home/glen/xmlrpc-segv.php
(gdb) run
Starting 
program: /home/glen/rpm/pld/BUILD/php5.2-200706061230/sapi/cli/php
-dextension=xmlrpc.so -dextension_dir=modules
/home/glen/xmlrpc-segv.php

Program received signal SIGSEGV, Segmentation fault.
0x00002ba84931164b in simplestring_addn () 
from /usr/lib64/libxmlrpc.so.0
(gdb) bt
#0  0x00002ba84931164b in simplestring_addn () 
from /usr/lib64/libxmlrpc.so.0
#1  0x00002ba84931224f in xml_elem_serialize_to_stream () 
from /usr/lib64/libxmlrpc.so.0
#2  0x0000003e6bf064cc in XML_GetFeatureList () 
from /usr/lib64/libexpat.so.0
#3  0x0000003e6bf0593d in XML_GetFeatureList () 
from /usr/lib64/libexpat.so.0
#4  0x0000003e6bf0843d in XML_GetFeatureList () 
from /usr/lib64/libexpat.so.0
#5  0x0000003e6bf0824b in XML_GetFeatureList () 
from /usr/lib64/libexpat.so.0
#6  0x0000003e6bf051b3 in XML_ParseBuffer () 
from /usr/lib64/libexpat.so.0
#7  0x0000003e6bf0511f in XML_Parse () from /usr/lib64/libexpat.so.0
#8  0x00002ba8493123c0 in xml_elem_parse_buf () 
from /usr/lib64/libxmlrpc.so.0
#9  0x00002ba849315163 in XMLRPC_REQUEST_FromXML () 
from /usr/lib64/libxmlrpc.so.0
#10 0x00002ba8491ec593 in zif_xmlrpc_server_call_method (ht=3, 
return_value=0x2ba848e91570, return_value_ptr=0x0, this_ptr=0x0,
    return_value_used=1, tsrm_ls=0x9db030) 
at
/home/glen/rpm/pld/BUILD/php5.2-200706061230/ext/xmlrpc/xmlrpc-epi-php.c:1048
#11 0x000000000072bf88 in zend_do_fcall_common_helper_SPEC 
(execute_data=0x7fffffa5d110, tsrm_ls=0x9db030)
    
at
/home/glen/rpm/pld/BUILD/php5.2-200706061230/Zend/zend_vm_execute.h:200
#12 0x00000000007307ed in ZEND_DO_FCALL_SPEC_CONST_HANDLER 
(execute_data=0x7fffffa5d110, tsrm_ls=0x9db030)
    
at
/home/glen/rpm/pld/BUILD/php5.2-200706061230/Zend/zend_vm_execute.h:1681
#13 0x000000000072b959 in execute (op_array=0x2ba848e90470, 
tsrm_ls=0x9db030)
    
at
/home/glen/rpm/pld/BUILD/php5.2-200706061230/Zend/zend_vm_execute.h:92
#14 0x0000000000700787 in zend_execute_scripts (type=8, 
tsrm_ls=0x9db030, retval=0x0, file_count=3)
    at /home/glen/rpm/pld/BUILD/php5.2-200706061230/Zend/zend.c:1134
#15 0x0000000000695033 in php_execute_script 
(primary_file=0x7fffffa5f860, tsrm_ls=0x9db030)
    at /home/glen/rpm/pld/BUILD/php5.2-200706061230/main/main.c:1794
#16 0x0000000000787de9 in main (argc=4, argv=0x7fffffa5f9f8) 
at
/home/glen/rpm/pld/BUILD/php5.2-200706061230/sapi/cli/php_cli.c:1151
(gdb)


i'm also attaching backtrace from working x86 gdb (breakpoint on 
zif_xmlrpc_server_call_method):
(gdb) bt
#0  zif_xmlrpc_server_call_method (ht=3, return_value=0xb7bfdd40, 
return_value_ptr=0x0, this_ptr=0x0, return_value_used=1,
    tsrm_ls=0x8474018) 
at
/home/glen/rpm/pld/BUILD/php5.2-200706061230/ext/xmlrpc/xmlrpc-epi-php.c:1021
#1  0x08332a5a in zend_do_fcall_common_helper_SPEC 
(execute_data=0xbf853cb0, tsrm_ls=0x8474018)
    
at
/home/glen/rpm/pld/BUILD/php5.2-200706061230/Zend/zend_vm_execute.h:200
#2  0x08336a98 in ZEND_DO_FCALL_SPEC_CONST_HANDLER 
(execute_data=0xbf853cb0, tsrm_ls=0x8474018)
    
at
/home/glen/rpm/pld/BUILD/php5.2-200706061230/Zend/zend_vm_execute.h:1681
#3  0x08332568 in execute (op_array=0xb7bfd248, tsrm_ls=0x8474018)
    
at
/home/glen/rpm/pld/BUILD/php5.2-200706061230/Zend/zend_vm_execute.h:92
#4  0x0830c0f9 in zend_execute_scripts (type=8, tsrm_ls=0x8474018, 
retval=0x0, file_count=3)
    at /home/glen/rpm/pld/BUILD/php5.2-200706061230/Zend/zend.c:1134
#5  0x082aead7 in php_execute_script (primary_file=0xbf8560d0, 
tsrm_ls=0x8474018)
    at /home/glen/rpm/pld/BUILD/php5.2-200706061230/main/main.c:1794
#6  0x08388a38 in main (argc=4, argv=0xbf8561b4) 
at
/home/glen/rpm/pld/BUILD/php5.2-200706061230/sapi/cli/php_cli.c:1151
(gdb)





------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=41611&edit=1

#41611 [Fbk->Opn]: xmlrpc_server_call_method() causes segfault on x86_64 platform

Reply via email to