#25620 [Fbk-Opn]: Crash / String is not zero-terminated
ID: 25620 User updated by: xris at farcaster dot net Reported By: xris at farcaster dot net -Status: Feedback +Status: Open Bug Type: Scripting Engine problem Operating System: GNU/Linux 2.4.20 PHP Version: 4.3.4-dev New Comment: Put the zend_language_scanner.c file online somewhere, http://farcaster.net/zend_language_scanner.c Both Bundesland and SetVerband are most likely class methods. Previous Comments: [2003-09-27 07:56:54] [EMAIL PROTECTED] Put the zend_language_scanner.c file online somewhere, (it's generated file and I'm not sure if it's the same for all) Also, check your script where that Bundesland might come from. (and in your first comment, SetVerband) [2003-09-26 09:45:42] xris at farcaster dot net I don't know if it's of any help, but i found out that the 4.3.4-dev version prints out more debug information as the 4.3.3 i initially ([21 Sep 11:21am EDT]) used (if compiled --with-debug), so here once again a debug output: --- snip --- Warning: String is not zero-terminated (BundeslandÿÌ*ZÌ*ZZÌ*) (source: /var/tmp/portage/php-4.3.4/work/php-4.3.4/Zend/zend_opcode.c:159) in Unknown on line 0 [Fri Sep 26 15:14:21 2003] Script: 'htdocs/sport/auswahl.php' --- /home/develop/php-4.3.4/Zend/zend_opcode.c(159) : Block 0x424DB744 status: /home/develop/php-4.3.4/Zend/zend_variables.c(44) : Actual location (location was relayed) Beginning: OK (allocated on Zend/zend_language_scanner.c:4492, 11 bytes) End: Overflown (magic=0x2A8FCC83 instead of 0x2A8FCC84) 1 byte(s) overflown --- [2003-09-26 07:45:02] xris at farcaster dot net Just to be sure, i compiled a new valgrind using the latest stable version: valgrind-20030725 As far as i can tell, the output is identical... 1) valgrind --run-libc-freeres=yes ;# SEGFAULT http://farcaster.net/valgrind2-err.log 1) valgrind --run-libc-freeres=no ;# NO SEGFAULT http://farcaster.net/valgrind2-noerr.log [2003-09-26 07:28:45] xris at farcaster dot net - valgrind-1.9.6 - PHP (4.3.x-dev) snapshot from Sep 23, 2003 09:30 (as in all of my latest tests), CLI version [2003-09-26 07:20:35] [EMAIL PROTECTED] With what PHP version are you getting those valgrind outputs? And are you using the latest valgrind? The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/25620 -- Edit this bug report at http://bugs.php.net/?id=25620edit=1
#25620 [Fbk-Opn]: Crash / String is not zero-terminated
ID: 25620
User updated by: xris at farcaster dot net
Reported By: xris at farcaster dot net
-Status: Feedback
+Status: Open
Bug Type: Scripting Engine problem
Operating System: GNU/Linux 2.4.20
PHP Version: 4.3.4-dev
New Comment:
So far i checked 600 methods, but could'nt find any
return's similar to your examples. What about these
constructs, are they known to cause heap corruption, too?
// Example 1
function return_ref_constant() {
return FALSE; // or return (12):
}
// Example 2
function a() {
return $b
}
function return_ref_method() {
return $this-a();
}
// Example 3
function return_ref_array() {
return array();
}
Yes, i know, some of them are wrong.
Previous Comments:
[2003-09-27 11:00:41] [EMAIL PROTECTED]
Seems to me the same issue addressed in bug #22510. I suspect you are
trying to return a value by reference that is not originated from a
variable somewhere in a function. That is,
function return_ref_a() {
return $a + $b;
}
function return_ref_b() {
return @$a;
}
function return_ref_c() {
return -$a;
}
None of the above examples don't actually work, which are verified to
cause random heap corruption. Please check if such an error is
somewhere in your code.
[2003-09-27 09:22:58] xris at farcaster dot net
Rechecked both strings; SetVerband is definitely a method (theres no
other usage of this string in the whole system), but Bundesland is a
variable (i replaced all '$Bundesland' variables with '$dnalsednuB').
I'll try to identify the
offending usage of this var, but there are 146 places where
such a variable name is used. In almost all cases, $Bundesland contains
a class, though..
[2003-09-27 08:58:34] xris at farcaster dot net
Don't you KNOW what that file has in it???
well.. actually.. it's not that simple.
As i stated on various occasions, our code is quite complex. We are
using a self-made on demand dynamic class loading system. But as you
mention it, i could propably modify the
class loader to generate one huge script containg the
complete code which would otherwise just be include()d.
To answer the question: i do have methods called like these,
but Bundesland might be an ordinary string, a var or
anything. i'll check, but i'm pretty sure it's a method.
- bison (GNU Bison) 1.35
- flex version 2.5.4
[2003-09-27 08:43:22] [EMAIL PROTECTED]
Most likely class methods ?!?! Don't you KNOW what that file has in
it??? (in latter case, htdocs/sport/auswahl.php)
Put it online (as .txt) so we can actually see what's in it.
Also, what do these output:
# bison --version
# flex --version
[2003-09-27 08:27:26] xris at farcaster dot net
Put the zend_language_scanner.c file online somewhere,
http://farcaster.net/zend_language_scanner.c
Both Bundesland and SetVerband are most likely class methods.
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/25620
--
Edit this bug report at http://bugs.php.net/?id=25620edit=1
#25620 [Fbk-Opn]: Crash / String is not zero-terminated
ID: 25620
User updated by: xris at farcaster dot net
Reported By: xris at farcaster dot net
-Status: Feedback
+Status: Open
Bug Type: Scripting Engine problem
Operating System: GNU/Linux 2.4.20
PHP Version: 4.3.4-dev
New Comment:
I had to modify some minor stuff of the script (our system) to get it
working with php5.
Then php complained on a couple of occasions about an illegal return
value for a refercence return method ( we had some calls like the one
in my Example 2 and some methods doing return new XYZ();).
I fixed these by first assigning the return value to a
variable, then returned this var.
After that, php5 ran the code without complaints/errors.
The same (modified) code, run by the php4 version, still throws the
error.
Previous Comments:
[2003-09-27 13:20:19] [EMAIL PROTECTED]
Please try using this CVS snapshot:
http://snaps.php.net/php5-latest.tar.gz
For Windows:
http://snaps.php.net/win32/php5-win32-latest.zip
[2003-09-27 12:07:11] xris at farcaster dot net
So far i checked 600 methods, but could'nt find any
return's similar to your examples. What about these
constructs, are they known to cause heap corruption, too?
// Example 1
function return_ref_constant() {
return FALSE; // or return (12):
}
// Example 2
function a() {
return $b
}
function return_ref_method() {
return $this-a();
}
// Example 3
function return_ref_array() {
return array();
}
Yes, i know, some of them are wrong.
[2003-09-27 11:00:41] [EMAIL PROTECTED]
Seems to me the same issue addressed in bug #22510. I suspect you are
trying to return a value by reference that is not originated from a
variable somewhere in a function. That is,
function return_ref_a() {
return $a + $b;
}
function return_ref_b() {
return @$a;
}
function return_ref_c() {
return -$a;
}
None of the above examples don't actually work, which are verified to
cause random heap corruption. Please check if such an error is
somewhere in your code.
[2003-09-27 09:22:58] xris at farcaster dot net
Rechecked both strings; SetVerband is definitely a method (theres no
other usage of this string in the whole system), but Bundesland is a
variable (i replaced all '$Bundesland' variables with '$dnalsednuB').
I'll try to identify the
offending usage of this var, but there are 146 places where
such a variable name is used. In almost all cases, $Bundesland contains
a class, though..
[2003-09-26 09:45:42] xris at farcaster dot net
I don't know if it's of any help, but i found out that the 4.3.4-dev
version prints out more debug information as the 4.3.3 i initially ([21
Sep 11:21am EDT]) used (if compiled --with-debug), so here once again
a debug output:
--- snip ---
Warning: String is not zero-terminated
(BundeslandÿÌ*ZÌ*ZZÌ*) (source:
/var/tmp/portage/php-4.3.4/work/php-4.3.4/Zend/zend_opcode.c:159) in
Unknown on line 0
[Fri Sep 26 15:14:21 2003] Script: 'htdocs/sport/auswahl.php'
---
/home/develop/php-4.3.4/Zend/zend_opcode.c(159) : Block 0x424DB744
status:
/home/develop/php-4.3.4/Zend/zend_variables.c(44) : Actual location
(location was relayed)
Beginning: OK (allocated on Zend/zend_language_scanner.c:4492, 11
bytes)
End: Overflown (magic=0x2A8FCC83 instead of 0x2A8FCC84)
1 byte(s) overflown
---
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/25620
--
Edit this bug report at http://bugs.php.net/?id=25620edit=1
#25620 [Fbk-Opn]: Crash / String is not zero-terminated
ID: 25620 User updated by: xris at farcaster dot net Reported By: xris at farcaster dot net -Status: Feedback +Status: Open Bug Type: Scripting Engine problem Operating System: GNU/Linux 2.4.20 PHP Version: 4.3.4-dev New Comment: - valgrind-1.9.6 - PHP (4.3.x-dev) snapshot from Sep 23, 2003 09:30 (as in all of my latest tests), CLI version Previous Comments: [2003-09-26 07:20:35] [EMAIL PROTECTED] With what PHP version are you getting those valgrind outputs? And are you using the latest valgrind? [2003-09-25 17:45:26] xris at farcaster dot net BTW: i don't know if this might help, but here are two valgrind traces: 1) valgrind --run-libc-freeres=yes ;# SEGFAULT http://farcaster.net/valgrind-err.log 1) valgrind --run-libc-freeres=no ;# NO SEGFAULT http://farcaster.net/valgrind-noerr.log [2003-09-25 16:43:59] xris at farcaster dot net Please provide a short example script which can be used to reproduce this. i'll try- but i fear i'll fast get to a state like [21 Sep 2:50pm EDT] ... isn't there any other way to trace this? possibly using some kind of memory debugger? And don't mix any Zend extensions in this mess, such as debuggers, optimizers or caches. I didn't mean to; i was just curious about being possibly able to figure out what actually led to this problem. [2003-09-25 14:39:45] [EMAIL PROTECTED] Please provide a short example script which can be used to reproduce this. (yes, it's hard, but we can't do anything without it). And don't mix any Zend extensions in this mess, such as debuggers, optimizers or caches. [2003-09-25 14:06:05] xris at farcaster dot net I have been too fast declaring my last config was working, as i obviously missed a sideeffect from the DB usage. But I have spent the last two days extensively testing dozens of php builds and now i'm fairly sure i have gotten to a minimalistic config and _still_ being able to reproduce the error (really..): '--prefix=/usr' '--host=i686-pc-linux-gnu' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--datadir=/usr/share' '--sysconfdir=/etc' '--localstatedir=/var/lib' '--disable-all' '--with-pcre-regex' '--without-pear' '--without-gd' '--disable-cgi' '--enable-cli' '--with-mysql=/usr' '--with-mysql-sock=/var/run/mysqld/mysqld.sock' '--with-config-file-path=/etc/php/cli-php4' I'm still getting the same backtrace as in my [22 Sep 3:56pm EDT] post. Using gdb it's segfaulting regardless of having register_globals on or off) - if i just use the CLI from the bash prompt directly, it segfaults only using a register_globals=on php.ini . ahrgl. BTW: i experimented with using the APD (debugger), strangely enough: when i load the apd extension, the error does not appear, the script works just fine... Maybe its some problem wit the memory management after all (since the error does not seem to be linked to specific extension .. but thats just speculation)? The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/25620 -- Edit this bug report at http://bugs.php.net/?id=25620edit=1
#25620 [Fbk-Opn]: Crash / String is not zero-terminated
ID: 25620 User updated by: xris at farcaster dot net Reported By: xris at farcaster dot net -Status: Feedback +Status: Open Bug Type: Gettext related Operating System: GNU/Linux 2.4.20 PHP Version: 4.3.3 New Comment: I have been too fast declaring my last config was working, as i obviously missed a sideeffect from the DB usage. But I have spent the last two days extensively testing dozens of php builds and now i'm fairly sure i have gotten to a minimalistic config and _still_ being able to reproduce the error (really..): '--prefix=/usr' '--host=i686-pc-linux-gnu' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--datadir=/usr/share' '--sysconfdir=/etc' '--localstatedir=/var/lib' '--disable-all' '--with-pcre-regex' '--without-pear' '--without-gd' '--disable-cgi' '--enable-cli' '--with-mysql=/usr' '--with-mysql-sock=/var/run/mysqld/mysqld.sock' '--with-config-file-path=/etc/php/cli-php4' I'm still getting the same backtrace as in my [22 Sep 3:56pm EDT] post. Using gdb it's segfaulting regardless of having register_globals on or off) - if i just use the CLI from the bash prompt directly, it segfaults only using a register_globals=on php.ini . ahrgl. BTW: i experimented with using the APD (debugger), strangely enough: when i load the apd extension, the error does not appear, the script works just fine... Maybe its some problem wit the memory management after all (since the error does not seem to be linked to specific extension .. but thats just speculation)? Previous Comments: [2003-09-23 12:56:45] [EMAIL PROTECTED] Yes, add them one by one..and remember to rm -f config.cache always before running configure! [2003-09-23 12:37:23] xris at farcaster dot net mod_php, 4.3.x-dev, configure: '--prefix=/usr' '--host=i686-pc-linux-gnu' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--datadir=/usr/share' '--sysconfdir=/etc' '--localstatedir=/var/lib' '--disable-all' '--without-pear' '--with-pcre-regex' '--without-readline' '--with-apxs2=/usr/sbin/apxs2' '--with-gd' '--with-mysql=/usr' '--with-mysql-sock=/var/run/mysqld/mysqld.sock' '--with-gettext' '--with-zlib' '--with-zlib-dir=/usr/lib' '--with-config-file-path=/etc/php/apache2-php4' = NO segfault CLI php, 4.3.x-dev, configure: '--prefix=/usr' '--host=i686-pc-linux-gnu' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--datadir=/usr/share' '--sysconfdir=/etc' '--localstatedir=/var/lib' '--disable-all' '--without-pear' '--with-pcre-regex' '--disable-cgi' '--enable-cli' '--with-gd' '--enable-gd-native-ttf' '--with-mysql=/usr' '--with-mysql-sock=/var/run/mysqld/mysqld.sock' '--with-gettext' '--with-zlib' '--with-zlib-dir=/usr/lib' '--with-config-file-path=/etc/php/cli-php4' = NO segfault (Both setups tested with register_globals On and Off) Shall i incrementally add the configure options missing from this build in comparison to the [22 Sep 8:42pm EDT] setup and test each one until it breaks? [2003-09-23 11:06:37] [EMAIL PROTECTED] *sigh* so try this: # rm config.cache # ./configure --disable-all (+ all NECESSARY options needed to run the test) # make clean make [2003-09-23 10:33:06] xris at farcaster dot net Sorry, i made a crucial mistake testing the CLI versions - i used a different php.ini all the time (the difference being register_globals=Off (RG) ). To clear up any possible confusion, here a summary of all previous tests (dates referring to my postings): --- snip --- [21 Sep 11:21am EDT], mod_php 4.3.3, RG=On - segfault [22 Sep 3:56pm EDT], php CLI 4.3.3, RG=Off - segfault [22 Sep 8:42pm EDT], php CLI 4.3.3 (different configure-opts), RG=Off - segfault [23 Sep 9:15am EDT], php CLI 4.3.x-dev, RG=Off - NO segfault --- snip --- Just tested the last configuration (php CLI 4.3.x-dev, options as in the [22 Sep 8:42pm EDT] post) with a php.ini with register_globals = On - segfault again (same backtrace). A newly build mod_php using 4.3.x-dev and my initial configure options causes a segfault, too - regardless of RG=On or RG=off ... arhgl .. [2003-09-23 09:56:43] [EMAIL PROTECTED] Okay, so latest CVS snapshot works for you. Then try your original configure line with the latest CVS snapshot. (remember to 'rm config.cache' first!) Note that many of those options you have used don't even exist or they are of no use to you. Check 'configure --help' for more information. The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at
#25620 [Fbk-Opn]: Crash / String is not zero-terminated
ID: 25620 User updated by: xris at farcaster dot net Reported By: xris at farcaster dot net -Status: Feedback +Status: Open Bug Type: Scripting Engine problem Operating System: GNU/Linux 2.4.20 PHP Version: 4.3.4-dev New Comment: Please provide a short example script which can be used to reproduce this. i'll try- but i fear i'll fast get to a state like [21 Sep 2:50pm EDT] ... isn't there any other way to trace this? possibly using some kind of memory debugger? And don't mix any Zend extensions in this mess, such as debuggers, optimizers or caches. I didn't mean to; i was just curious about being possibly able to figure out what actually led to this problem. Previous Comments: [2003-09-25 14:39:45] [EMAIL PROTECTED] Please provide a short example script which can be used to reproduce this. (yes, it's hard, but we can't do anything without it). And don't mix any Zend extensions in this mess, such as debuggers, optimizers or caches. [2003-09-25 14:06:05] xris at farcaster dot net I have been too fast declaring my last config was working, as i obviously missed a sideeffect from the DB usage. But I have spent the last two days extensively testing dozens of php builds and now i'm fairly sure i have gotten to a minimalistic config and _still_ being able to reproduce the error (really..): '--prefix=/usr' '--host=i686-pc-linux-gnu' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--datadir=/usr/share' '--sysconfdir=/etc' '--localstatedir=/var/lib' '--disable-all' '--with-pcre-regex' '--without-pear' '--without-gd' '--disable-cgi' '--enable-cli' '--with-mysql=/usr' '--with-mysql-sock=/var/run/mysqld/mysqld.sock' '--with-config-file-path=/etc/php/cli-php4' I'm still getting the same backtrace as in my [22 Sep 3:56pm EDT] post. Using gdb it's segfaulting regardless of having register_globals on or off) - if i just use the CLI from the bash prompt directly, it segfaults only using a register_globals=on php.ini . ahrgl. BTW: i experimented with using the APD (debugger), strangely enough: when i load the apd extension, the error does not appear, the script works just fine... Maybe its some problem wit the memory management after all (since the error does not seem to be linked to specific extension .. but thats just speculation)? [2003-09-23 12:56:45] [EMAIL PROTECTED] Yes, add them one by one..and remember to rm -f config.cache always before running configure! [2003-09-23 12:37:23] xris at farcaster dot net mod_php, 4.3.x-dev, configure: '--prefix=/usr' '--host=i686-pc-linux-gnu' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--datadir=/usr/share' '--sysconfdir=/etc' '--localstatedir=/var/lib' '--disable-all' '--without-pear' '--with-pcre-regex' '--without-readline' '--with-apxs2=/usr/sbin/apxs2' '--with-gd' '--with-mysql=/usr' '--with-mysql-sock=/var/run/mysqld/mysqld.sock' '--with-gettext' '--with-zlib' '--with-zlib-dir=/usr/lib' '--with-config-file-path=/etc/php/apache2-php4' = NO segfault CLI php, 4.3.x-dev, configure: '--prefix=/usr' '--host=i686-pc-linux-gnu' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--datadir=/usr/share' '--sysconfdir=/etc' '--localstatedir=/var/lib' '--disable-all' '--without-pear' '--with-pcre-regex' '--disable-cgi' '--enable-cli' '--with-gd' '--enable-gd-native-ttf' '--with-mysql=/usr' '--with-mysql-sock=/var/run/mysqld/mysqld.sock' '--with-gettext' '--with-zlib' '--with-zlib-dir=/usr/lib' '--with-config-file-path=/etc/php/cli-php4' = NO segfault (Both setups tested with register_globals On and Off) Shall i incrementally add the configure options missing from this build in comparison to the [22 Sep 8:42pm EDT] setup and test each one until it breaks? [2003-09-23 11:06:37] [EMAIL PROTECTED] *sigh* so try this: # rm config.cache # ./configure --disable-all (+ all NECESSARY options needed to run the test) # make clean make The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/25620 -- Edit this bug report at http://bugs.php.net/?id=25620edit=1
#25620 [Fbk-Opn]: Crash / String is not zero-terminated
ID: 25620 User updated by: xris at farcaster dot net Reported By: xris at farcaster dot net -Status: Feedback +Status: Open Bug Type: Gettext related Operating System: GNU/Linux 2.4.20 PHP Version: 4.3.3 New Comment: Sorry, i made a crucial mistake testing the CLI versions - i used a different php.ini all the time (the difference being register_globals=Off (RG) ). To clear up any possible confusion, here a summary of all previous tests (dates referring to my postings): --- snip --- [21 Sep 11:21am EDT], mod_php 4.3.3, RG=On - segfault [22 Sep 3:56pm EDT], php CLI 4.3.3, RG=Off - segfault [22 Sep 8:42pm EDT], php CLI 4.3.3 (different configure-opts), RG=Off - segfault [23 Sep 9:15am EDT], php CLI 4.3.x-dev, RG=Off - NO segfault --- snip --- Just tested the last configuration (php CLI 4.3.x-dev, options as in the [22 Sep 8:42pm EDT] post) with a php.ini with register_globals = On - segfault again (same backtrace). A newly build mod_php using 4.3.x-dev and my initial configure options causes a segfault, too - regardless of RG=On or RG=off ... arhgl .. Previous Comments: [2003-09-23 09:56:43] [EMAIL PROTECTED] Okay, so latest CVS snapshot works for you. Then try your original configure line with the latest CVS snapshot. (remember to 'rm config.cache' first!) Note that many of those options you have used don't even exist or they are of no use to you. Check 'configure --help' for more information. [2003-09-23 09:15:35] xris at farcaster dot net Using the stable (4.3.x-dev) snapshot from Sep 23, 2003 09:30 to build a CLI PHP (and the last set of configure options), the error ceased to appear. I'll try building mod_php again. Anyway, thanks so far helping me out- sorry for any possibly unneccessary work on your side. [2003-09-23 03:35:50] [EMAIL PROTECTED] And get the latest stable CVS snapshot from http://snaps.php.net first. [2003-09-22 20:42:02] xris at farcaster dot net same behaviour, same backtrace with a stripped down php CLI version, using the following configure options: '--prefix=/usr' '--host=i686-pc-linux-gnu' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--datadir=/usr/share' '--sysconfdir=/etc' '--localstatedir=/var/lib' '--with-readline' '--with--ncurses' '--disable-cgi' '--enable-cli' '--without-db3' '--without-db4' '--without-db2' '--with-gd' '--enable-gd-native-ttf' '--with-png-dir=/usr' '--with-jpeg' '--with-jpeg-dir=/usr' '--enable-exif' '--with-tiff-dir=/usr' '--with-mysql=/usr' '--with-mysql-sock=/var/run/mysqld/mysqld.sock' '--with-gettext' '--with-qtdom' '--enable-dbx' '--with-zlib' '--with-zlib-dir=/usr/lib' '--enable-mbstring=all' '--enable-mbregex' '--enable-track-vars' '--enable-trans-sid' '--enable-versioning' '--with-config-file-path=/etc/php/cli-php4 [2003-09-22 20:27:46] xris at farcaster dot net The backtrace was from a standalone PHP, standard Gentoo (rather overcomplete) install: --prefix=/usr --host=i686-pc-linux-gnu --mandir=/usr/share/man --infodir=/usr/share/info --datadir=/usr/share --sysconfdir=/etc --localstatedir=/var/lib --with-readline --with--ncurses --disable-cgi --enable-cli --without-db3 --without-db4 --without-db2 --with-mcrypt=/usr --with-mhash --with-gdbm=/usr --with-mcal=/usr --without-pgsql --with-xpm-dir=/usr/X11R6 --with-pdflib=/usr --with-gd --with-png-dir=/usr --with-jpeg --with-jpeg-dir=/usr --enable-exif --without-jpeg --with-tiff-dir=/usr --with-mysql=/usr --with-mysql-sock=/var/run/mysqld/mysqld.sock --with-ttf --with-t1lib --with-gettext --with-qtdom --with-pspell --with-openssl --with-curl --without-imap --with-ldap --with-dom --with-dom-xslt --without-kerberos --with-pam --disable-memory-limit --disable-mbstring --disable-mbregex --disable-ipv6 --enable-dbx --with-zlib --with-zlib-dir=/usr/lib --with-sablot=/usr --enable-xslt --with-xslt-sablot --with-xmlrpc --enable-wddx --with-xml --with-bz2 --with-crack --with-ndbm --with-cdb --enable-bcmath --enable-calendar --enable-dbase --enable-filepro --enable-ftp --with-mime-magic --enable-sockets --enable-sysvsem --enable-sysvshm --enable-sysvipc --with-iconv --enable-shmop --enable-dio --enable-inline-optimization --enable-track-vars --enable-trans-sid --enable-versioning --with-config-file-path=/etc/php/cli-php4 I'll build a stripped down version of php and try again. I think my apache configure options are not really of any concern, as the problem persists using a CLI version of PHP? The remainder of the comments for this report are too long. To view the rest of the
#25620 [Fbk-Opn]: Crash / String is not zero-terminated
ID: 25620 User updated by: xris at farcaster dot net Reported By: xris at farcaster dot net -Status: Feedback +Status: Open Bug Type: Gettext related Operating System: GNU/Linux 2.4.20 PHP Version: 4.3.3 New Comment: mod_php, 4.3.x-dev, configure: '--prefix=/usr' '--host=i686-pc-linux-gnu' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--datadir=/usr/share' '--sysconfdir=/etc' '--localstatedir=/var/lib' '--disable-all' '--without-pear' '--with-pcre-regex' '--without-readline' '--with-apxs2=/usr/sbin/apxs2' '--with-gd' '--with-mysql=/usr' '--with-mysql-sock=/var/run/mysqld/mysqld.sock' '--with-gettext' '--with-zlib' '--with-zlib-dir=/usr/lib' '--with-config-file-path=/etc/php/apache2-php4' = NO segfault CLI php, 4.3.x-dev, configure: '--prefix=/usr' '--host=i686-pc-linux-gnu' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--datadir=/usr/share' '--sysconfdir=/etc' '--localstatedir=/var/lib' '--disable-all' '--without-pear' '--with-pcre-regex' '--disable-cgi' '--enable-cli' '--with-gd' '--enable-gd-native-ttf' '--with-mysql=/usr' '--with-mysql-sock=/var/run/mysqld/mysqld.sock' '--with-gettext' '--with-zlib' '--with-zlib-dir=/usr/lib' '--with-config-file-path=/etc/php/cli-php4' = NO segfault (Both setups tested with register_globals On and Off) Shall i incrementally add the configure options missing from this build in comparison to the [22 Sep 8:42pm EDT] setup and test each one until it breaks? Previous Comments: [2003-09-23 11:06:37] [EMAIL PROTECTED] *sigh* so try this: # rm config.cache # ./configure --disable-all (+ all NECESSARY options needed to run the test) # make clean make [2003-09-23 10:33:06] xris at farcaster dot net Sorry, i made a crucial mistake testing the CLI versions - i used a different php.ini all the time (the difference being register_globals=Off (RG) ). To clear up any possible confusion, here a summary of all previous tests (dates referring to my postings): --- snip --- [21 Sep 11:21am EDT], mod_php 4.3.3, RG=On - segfault [22 Sep 3:56pm EDT], php CLI 4.3.3, RG=Off - segfault [22 Sep 8:42pm EDT], php CLI 4.3.3 (different configure-opts), RG=Off - segfault [23 Sep 9:15am EDT], php CLI 4.3.x-dev, RG=Off - NO segfault --- snip --- Just tested the last configuration (php CLI 4.3.x-dev, options as in the [22 Sep 8:42pm EDT] post) with a php.ini with register_globals = On - segfault again (same backtrace). A newly build mod_php using 4.3.x-dev and my initial configure options causes a segfault, too - regardless of RG=On or RG=off ... arhgl .. [2003-09-23 09:56:43] [EMAIL PROTECTED] Okay, so latest CVS snapshot works for you. Then try your original configure line with the latest CVS snapshot. (remember to 'rm config.cache' first!) Note that many of those options you have used don't even exist or they are of no use to you. Check 'configure --help' for more information. [2003-09-23 09:15:35] xris at farcaster dot net Using the stable (4.3.x-dev) snapshot from Sep 23, 2003 09:30 to build a CLI PHP (and the last set of configure options), the error ceased to appear. I'll try building mod_php again. Anyway, thanks so far helping me out- sorry for any possibly unneccessary work on your side. [2003-09-23 03:35:50] [EMAIL PROTECTED] And get the latest stable CVS snapshot from http://snaps.php.net first. The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/25620 -- Edit this bug report at http://bugs.php.net/?id=25620edit=1
#25620 [Fbk-Opn]: Crash / String is not zero-terminated
ID: 25620 User updated by: xris at farcaster dot net Reported By: xris at farcaster dot net -Status: Feedback +Status: Open Bug Type: Gettext related Operating System: GNU/Linux 2.4.20 PHP Version: 4.3.3 New Comment: Could you try providing a short script that uses gettext functions which can be used to reproduce this..? Sorry, i can't - the bug seems to occurr in larger scripts only... (at least i wasn't able to reproduce in a small script) I'd love to provide a backtrace, but all my efforts so far haven't been very successful, neither by following the steps here at bugs.php.net nor the description at the apache.org site. It doesn't matter if i try gdb or strace, both tools quit with s.th. like: ptrace: Operation not permitted Any hints on that? I googled for nearly an hour but couldn't find a reason for gdb to fail with that err. I tried gdb/apache with -X -PHP4 as well as attaching to the apache process afterwards but i keep getting the mentioned ptrace error - or do i have to use Apache1.3 to trace the problem? Any help is greatly appreciated. Previous Comments: [2003-09-22 07:32:58] [EMAIL PROTECTED] And/or provide a backtrace of the crash (without --enable-debug, of course as you said it happens only then) [2003-09-22 07:30:27] [EMAIL PROTECTED] Could you try providing a short script that uses gettext functions which can be used to reproduce this..? [2003-09-21 19:34:26] [EMAIL PROTECTED] It should be a relatively simple fix. I am about to get on a plane, but I will have a look when I get a chance. I have a feeling that now that we think we know there is a string somewhere in gettext not getting null-terminated someone will jump in and find it before me. [2003-09-21 18:58:51] xris at farcaster dot net Good guess. A 4.3.3 without Gettext doesn't show the symptoms. How to proceed next? ... i wouldn't be too fond of the idea having to reimplement _() in php ... [2003-09-21 16:31:25] [EMAIL PROTECTED] I doubt it is mysql. Too many others would have hit it. GD doesn't tend to work with strings very much outside of the font stuff. My initial guess is that it is a problem in the gettext extension as that is the least used out of the ones you list. Any chance you could test without gettext() ? The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/25620 -- Edit this bug report at http://bugs.php.net/?id=25620edit=1
#25620 [Fbk-Opn]: Crash / String is not zero-terminated
ID: 25620 User updated by: xris at farcaster dot net Reported By: xris at farcaster dot net -Status: Feedback +Status: Open Bug Type: Gettext related Operating System: GNU/Linux 2.4.20 PHP Version: 4.3.3 New Comment: The backtrace was from a standalone PHP, standard Gentoo (rather overcomplete) install: --prefix=/usr --host=i686-pc-linux-gnu --mandir=/usr/share/man --infodir=/usr/share/info --datadir=/usr/share --sysconfdir=/etc --localstatedir=/var/lib --with-readline --with--ncurses --disable-cgi --enable-cli --without-db3 --without-db4 --without-db2 --with-mcrypt=/usr --with-mhash --with-gdbm=/usr --with-mcal=/usr --without-pgsql --with-xpm-dir=/usr/X11R6 --with-pdflib=/usr --with-gd --with-png-dir=/usr --with-jpeg --with-jpeg-dir=/usr --enable-exif --without-jpeg --with-tiff-dir=/usr --with-mysql=/usr --with-mysql-sock=/var/run/mysqld/mysqld.sock --with-ttf --with-t1lib --with-gettext --with-qtdom --with-pspell --with-openssl --with-curl --without-imap --with-ldap --with-dom --with-dom-xslt --without-kerberos --with-pam --disable-memory-limit --disable-mbstring --disable-mbregex --disable-ipv6 --enable-dbx --with-zlib --with-zlib-dir=/usr/lib --with-sablot=/usr --enable-xslt --with-xslt-sablot --with-xmlrpc --enable-wddx --with-xml --with-bz2 --with-crack --with-ndbm --with-cdb --enable-bcmath --enable-calendar --enable-dbase --enable-filepro --enable-ftp --with-mime-magic --enable-sockets --enable-sysvsem --enable-sysvshm --enable-sysvipc --with-iconv --enable-shmop --enable-dio --enable-inline-optimization --enable-track-vars --enable-trans-sid --enable-versioning --with-config-file-path=/etc/php/cli-php4 I'll build a stripped down version of php and try again. I think my apache configure options are not really of any concern, as the problem persists using a CLI version of PHP? Previous Comments: [2003-09-22 19:33:06] [EMAIL PROTECTED] What are the configure lines you used to configure Apache and PHP? [2003-09-22 15:56:41] xris at farcaster dot net Okay, i just managed to get PHP to segfault using the command line version.. here's the backtrace: #0 0x409bdc4d in _int_free () from /lib/libc.so.6 #1 0x409bcaba in free () from /lib/libc.so.6 #2 0x081b0ad2 in shutdown_memory_manager () #3 0x08196956 in php_request_shutdown () #4 0x081cef1c in main () #5 0x4095f7a7 in __libc_start_main () from /lib/libc.so.6 I guess this doesn't look too good and/or doesn't help much. Any hints on how to proceed? [2003-09-22 15:44:54] xris at farcaster dot net Could you try providing a short script that uses gettext functions which can be used to reproduce this..? Sorry, i can't - the bug seems to occurr in larger scripts only... (at least i wasn't able to reproduce in a small script) I'd love to provide a backtrace, but all my efforts so far haven't been very successful, neither by following the steps here at bugs.php.net nor the description at the apache.org site. It doesn't matter if i try gdb or strace, both tools quit with s.th. like: ptrace: Operation not permitted Any hints on that? I googled for nearly an hour but couldn't find a reason for gdb to fail with that err. I tried gdb/apache with -X -PHP4 as well as attaching to the apache process afterwards but i keep getting the mentioned ptrace error - or do i have to use Apache1.3 to trace the problem? Any help is greatly appreciated. [2003-09-22 07:32:58] [EMAIL PROTECTED] And/or provide a backtrace of the crash (without --enable-debug, of course as you said it happens only then) [2003-09-22 07:30:27] [EMAIL PROTECTED] Could you try providing a short script that uses gettext functions which can be used to reproduce this..? The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/25620 -- Edit this bug report at http://bugs.php.net/?id=25620edit=1
#25620 [Fbk-Opn]: Crash / String is not zero-terminated
ID: 25620
User updated by: xris at farcaster dot net
Reported By: xris at farcaster dot net
-Status: Feedback
+Status: Open
Bug Type: Reproducible crash
Operating System: GNU/Linux 2.4.20
PHP Version: 4.3.3
New Comment:
Well, just as i guessed, it's very strange.
I have been able to isolate a simple piece of code which
influences the ocurrence of the Segfault/PHP Warning.
Have a look at this code fragement from one of my classes:
--- snip ---
1 var_dump( $this-mBuffer);
2
3 if ( $this-mBuffer) {
4$Client-Buffer( TRUE );
5 } else {
6$Client-Buffer( FALSE );
7 };
8
9 $Client-Buffer( $this-mBuffer );
---snip---
The $this-mBuffer object property holds a boolean value
(checked via var_dump()).
Obviously, line 8 should be equivalent to lines 3-7, but
with lines 3-7 in place, the error doesn't show up, while
using the statement on line 8, PHP segfaults ...
Just in case you ask, the Buffer() method of the client
object class is declared as:
--- snip ---
function Buffer( $Value = TRUE ) {
$this-mBuffer = $Value;
}
--- snip ---
How to proceed on isolating the reason for the Error?
Previous Comments:
[2003-09-21 11:37:09] [EMAIL PROTECTED]
It is natural that an unterminated string bug doesn't always cause a
crash, but at the same time, it is also very much related to a specific
function call somewhere. For us to have any chance of finding this you
need to narrow it down for us. Start commenting out bits of code until
the problem goes away, then tell us which piece of code caused it.
[2003-09-21 11:21:36] xris at farcaster dot net
Description:
I run a rather large PHP System (250k+ LOC).
Recently, a number of Segmentation-Faults started popping up
in my Apache error log. Only some of the PHP pages caused a segfault.
These segfaults are mostly reproducible, but could be suppressed by
moving code around - like changing order of method definitions, etc.
So i set up an identical system as our production server, but with
--enable debug. The segfaults did not happen anymore, but i keep
getting notices like these:
[21-Sep-2003 16:25:34] PHP Warning: String is not zero-terminated
(SetVerbandÿÌ**rtID' aa) (source:
/home/develop/mod_php-4.3.3/Zend/zend_opcode.c:165) in Unknown on line
0
The problem occurres with PHP from at least 4.2.2 to 4.3.3, regardless
wether running with Apache 1.3x or Apache 2.0.
I would like to provide more information, but i don't know how .. any
info on how to trace the reason for this problem would greatly
appreciated.
Reproduce code:
---
sorry, i'cant construct a small snippted reproducing this error - it
seems to pop up on pages with a large amount of used objects, though
(but thats only a guess ..)
Expected result:
well, no php crash?
--
Edit this bug report at http://bugs.php.net/?id=25620edit=1
#25620 [Fbk-Opn]: Crash / String is not zero-terminated
ID: 25620
User updated by: xris at farcaster dot net
Reported By: xris at farcaster dot net
-Status: Feedback
+Status: Open
Bug Type: Reproducible crash
Operating System: GNU/Linux 2.4.20
PHP Version: 4.3.3
New Comment:
I know that my previous code example would run fine, if being isolated
- i just don't know how to home in on the error ..
The system is really quite big, for every page are about 40.000 method
calls, using classes from hundreds of files
(php is really fast ...). The class-framework is highly
dependent on each of its parts, so its almost impossible
to (easily) only use a simple part of it.
The only extension we use are mysql, gd, gettext and pcre.
I could try removing mysql/gd calls to see if the problem
persist, though.
Most of the pages work just fine; i cannot identify
anything special about this specific page.
As i already mentioned, i encountered this problem some
time ago, but was able to work around it by restructuring
some parts of the code, so i have a feeling like it might
be some kind of garbage collection / memory management
problem.
Thanks for your efforts- i really have no idea on how to
isolate the problem .. i could strip down the system and
surely get to a point where the page will work again, but
like my previous code example showed, i might not find
the real source of the error. Any help on how to proceed
would be great.
Previous Comments:
[2003-09-21 15:30:32] [EMAIL PROTECTED]
That's unlikely to be causing this. If you ran this simple code in
isolation I bet you wouldn't see the error.
What else is being called in the script that contains this code? Any
non-standard extension calls of any sort?
[2003-09-21 14:50:07] xris at farcaster dot net
Well, just as i guessed, it's very strange.
I have been able to isolate a simple piece of code which
influences the ocurrence of the Segfault/PHP Warning.
Have a look at this code fragement from one of my classes:
--- snip ---
1 var_dump( $this-mBuffer);
2
3 if ( $this-mBuffer) {
4$Client-Buffer( TRUE );
5 } else {
6$Client-Buffer( FALSE );
7 };
8
9 $Client-Buffer( $this-mBuffer );
---snip---
The $this-mBuffer object property holds a boolean value
(checked via var_dump()).
Obviously, line 8 should be equivalent to lines 3-7, but
with lines 3-7 in place, the error doesn't show up, while
using the statement on line 8, PHP segfaults ...
Just in case you ask, the Buffer() method of the client
object class is declared as:
--- snip ---
function Buffer( $Value = TRUE ) {
$this-mBuffer = $Value;
}
--- snip ---
How to proceed on isolating the reason for the Error?
[2003-09-21 11:37:09] [EMAIL PROTECTED]
It is natural that an unterminated string bug doesn't always cause a
crash, but at the same time, it is also very much related to a specific
function call somewhere. For us to have any chance of finding this you
need to narrow it down for us. Start commenting out bits of code until
the problem goes away, then tell us which piece of code caused it.
[2003-09-21 11:21:36] xris at farcaster dot net
Description:
I run a rather large PHP System (250k+ LOC).
Recently, a number of Segmentation-Faults started popping up
in my Apache error log. Only some of the PHP pages caused a segfault.
These segfaults are mostly reproducible, but could be suppressed by
moving code around - like changing order of method definitions, etc.
So i set up an identical system as our production server, but with
--enable debug. The segfaults did not happen anymore, but i keep
getting notices like these:
[21-Sep-2003 16:25:34] PHP Warning: String is not zero-terminated
(SetVerbandÿÌ**rtID' aa) (source:
/home/develop/mod_php-4.3.3/Zend/zend_opcode.c:165) in Unknown on line
0
The problem occurres with PHP from at least 4.2.2 to 4.3.3, regardless
wether running with Apache 1.3x or Apache 2.0.
I would like to provide more information, but i don't know how .. any
info on how to trace the reason for this problem would greatly
appreciated.
Reproduce code:
---
sorry, i'cant construct a small snippted reproducing this error - it
seems to pop up on pages with a large amount of used objects, though
(but thats only a guess ..)
Expected result:
well, no php crash?
--
Edit this bug report at http://bugs.php.net/?id=25620edit=1
