#22417 [NEW]: Error while using sessions with MM

2003-02-25 Thread juliano at cyberweb dot com dot br 
From: juliano at cyberweb dot com dot br
Operating system: Linux RH 7.3
PHP version:  4.3.1
PHP Bug Type: Apache related
Bug description:  Error while using sessions with MM

I had a fast experience to increase the performance of PHP scripts in about
100%. Fast, but unhappy. The problem is the following one: when using PHP
with Sessions being recorded dinamicaly with module MM
(session.save_handler = mm), after some minutes of activities (about
executed hundreds of scripts), start to appear ackward messages in
apache's error_log, as:  

[ Tue Feb 25 15:45:14 2003 ] [ notice ] child pid 1340 exit signal
Segmentation fault (11)

... and in few minutes later, apache crashes. 

Some solution? I'm looking for and I did not find nothing... I arrived to
read something about create the file /tmp/session_mm.sem but... the
problem continues  repeating.  

Unhappyly I had that to come back toward the traditional method, using
files.  

I don't know if this problem is on PHP, Apache or MM, but.. I know it only
appears when I change the method of sessions be saved.

InfoI had the fast experience to obtain to increase the performance of the
PHP in a server in about 100%.  Fast, but unhappy.  The problem is the
following one:  when using PHP with Sessions being recorded dinamicamente
with module MM (to session.save_handler = mm), after some minutes of
activities (about executed hundreds of scripts), start to appear ackward
messages as:  

[ Tue Feb 25 15:45:14 2003 ] [ notice ] child pid 1340 exit signal
Segmentation fault (11)

... and in few minutes later, apache crashes.  

Some solution?  I looked for in the InterNet and I did not find nothing...
I arrived to read something it type to create the archive
in/tmp/session_mm.sem but... the problem continues if repeating.  

Unhappyly I had that to come back toward the traditional method, using
files.  

Using: Apache 1.3.27, PHP 4.3.1 and MM 1.2.2

Juliano Primavesi
CyberWeb Networks
-- 
Edit bug report at http://bugs.php.net/?id=22417edit=1
-- 
Try a CVS snapshot: http://bugs.php.net/fix.php?id=22417r=trysnapshot
Fixed in CVS:   http://bugs.php.net/fix.php?id=22417r=fixedcvs
Fixed in release:   http://bugs.php.net/fix.php?id=22417r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=22417r=needtrace
Try newer version:  http://bugs.php.net/fix.php?id=22417r=oldversion
Not developer issue:http://bugs.php.net/fix.php?id=22417r=support
Expected behavior:  http://bugs.php.net/fix.php?id=22417r=notwrong
Not enough info:http://bugs.php.net/fix.php?id=22417r=notenoughinfo
Submitted twice:http://bugs.php.net/fix.php?id=22417r=submittedtwice
register_globals:   http://bugs.php.net/fix.php?id=22417r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=22417r=php3
Daylight Savings:   http://bugs.php.net/fix.php?id=22417r=dst
IIS Stability:  http://bugs.php.net/fix.php?id=22417r=isapi
Install GNU Sed:http://bugs.php.net/fix.php?id=22417r=gnused

#20763 [NEW]: PHP crashes with signal 11 while trying to parse message with uncommon headers

2002-12-02 Thread juliano 
From: [EMAIL PROTECTED]
Operating system: RH Linux 7.3
PHP version:  4.2.3
PHP Bug Type: IMAP related
Bug description:  PHP crashes with signal 11 while trying to parse message with 
uncommon headers

Hi,

I found two bugs on the imap handling functions in PHP 4.2.3:
  - If a message contains a header with empty contents (like Reply-to: 
or Sender: ), the web server running php crashes whenever a script tries
to parse this message. I ran Apache 1.3.26 compiled agains ElectricFence
and found out that the bug is on _php_make_header_object: if thethe header
contents are empty, _php_imap_parse_address won't allocate memory for
fulladdress, but the function will call free() on fulladdress
nevertheless.This leads to heap corruption and subsequent segmentation
fault.
   - It seems like _php_imap_address_size doesn't compute the header size
correctly. If the number of addresses in a field is very large, this leads
to a buffer overflow in c-client's rfc822_address.

My setup is:
Apache 1.3.26
PHP 4.2.3 compiled as a DSO with the following options:
/configure  --prefix=/data/www/consumer/conf --enable-track-vars
--with-imap=/usr/local/app/imap-2002 --with-ldap=/usr/local/app/openldap
--with-oracle=/usr/local/app/oracle_client
--with-oci8=/usr/local/app/oracle_client
--with-apxs=/data/www/consumer/bin/apxs
--with-msession=/usr/local/app/phoenix --with-mysql
--with-openssl=/usr/local/app/openssl --with-xml
--with-curl=/usr/local/app/curl

Test messages:
   - For the first bug: any message with a header field with empty
contents (like Sender:  )
   - For the second bug: any message with a large(In my test there were
500) number of recipients on the To: or Cc: fields.

Backtrace for the first bug:
0x4009fa01 in __kill () at __kill:-1
#1  0x0809a69d in EF_Abort (pattern=0x80aa540 free(%a): address not from
malloc().) at print.c:137
#2  0x08099f2a in free (address=0x4eacabcc) at efence.c:632
#3  0x404cc5b3 in _php_make_header_object (myzvalue=0x4ec6ffec,
en=0x4ee32fbc) at php_imap.c:3724
#4  0x404c186b in zif_imap_headerinfo (ht=2, return_value=0x4ec6ffec,
this_ptr=0x0, return_value_used=1) at php_imap.c:1631
#5  0x40482e39 in execute (op_array=0x463affa4) at ./zend_execute.c:1598
#6  0x40493b2c in zend_execute_scripts (type=8, retval=0x0, file_count=3)
at zend.c:812
#7  0x404a63b6 in php_execute_script (primary_file=0xb6b0) at
main.c:1383
#8  0x404a0dbe in apache_php_module_main (r=0x445b9028,
display_source_mode=0) at sapi_apache.c:90
#9  0x404a1c2c in send_php (r=0x445b9028, display_source_mode=0,
filename=0x445bacc8 /data/www/consumer/htdocs/memail/mailbox.php3)
at mod_php4.c:575
#10 0x404a1c99 in send_parsed_php (r=0x445b9028) at mod_php4.c:590
#11 0x08055287 in ap_invoke_handler ()
#12 0x0806a307 in process_request_internal ()
#13 0x0806a368 in ap_process_request ()
#14 0x08061289 in child_main ()
#15 0x08061458 in make_child ()
#16 0x080615cc in startup_children ()
#17 0x08061c44 in standalone_main ()
#18 0x080624c3 in main ()
#19 0x4008d507 in __libc_start_main (main=0x8062100 main, argc=2,
ubp_av=0xbae4, init=0x804f718 _init,
fini=0x809a8f0 _fini, rtld_fini=0x4000dc14 _dl_fini,
stack_end=0xbadc) at ../sysdeps/generic/libc-start.c:129

Backtrace for the second bug:
#0  0x400f68f7 in strcat () at strcat:-1
#1  0x4f5e7fe8 in ?? ()
#2  0x405b74b9 in rfc822_write_address_full (
dest=0x4faa36a8 \[EMAIL PROTECTED]\ [EMAIL PROTECTED],
\[EMAIL PROTECTED]\ [EMAIL PROTECTED],
\[EMAIL PROTECTED]\ [EMAIL PROTECTED],
\[EMAIL PROTECTED]\ agre...,
adr=0x4eea7fe8, base=0x0) at rfc822.c:193
#3  0x404cbce6 in _php_imap_parse_address (addresslist=0x4eea7fe8,
fulladdress=0xbfff472c, paddress=0x4f6eafec)
at php_imap.c:3626
#4  0x404cc173 in _php_make_header_object (myzvalue=0x4f6adfec,
en=0x4eba5fbc) at php_imap.c:3667
#5  0x404c186b in zif_imap_headerinfo (ht=2, return_value=0x4f6adfec,
this_ptr=0x0, return_value_used=1) at php_imap.c:1631
#6  0x40482e39 in execute (op_array=0x446b1fa4) at ./zend_execute.c:1598
#7  0x40493b2c in zend_execute_scripts (type=8, retval=0x0, file_count=3)
at zend.c:812
#8  0x404a63b6 in php_execute_script (primary_file=0xb6d0) at
main.c:1383
#9  0x404a0dbe in apache_php_module_main (r=0x445b9028,
display_source_mode=0) at sapi_apache.c:90
#10 0x404a1c2c in send_php (r=0x445b9028, display_source_mode=0,
filename=0x445bace8 /data/www/consumer/htdocs/memail/mailbox.php3)
at mod_php4.c:575
#11 0x404a1c99 in send_parsed_php (r=0x445b9028) at mod_php4.c:590
#12 0x08055287 in ap_invoke_handler ()
#13 0x0806a307 in process_request_internal ()
#14 0x0806a368 in ap_process_request ()
#15 0x08061289 in child_main ()
#16 0x08061458 in make_child ()
#17 0x080615cc in startup_children ()
#18 0x08061c44 in standalone_main ()
#19 0x080624c3 in main ()
#20 0x4008d507 in __libc_start_main (main=0x8062100 main, argc=2,
ubp_av=0xbb04, init=0x804f718 _init,
fini=0x809a8f0 _fini,