Edit report at http://bugs.php.net/bug.php?id=54580&edit=1
ID: 54580 Patch added by: cataphr...@php.net Reported by: tomas dot brastavicius at quantum dot lt Summary: get_browser() segmentation fault Status: Assigned Type: Bug Package: Unknown/Other Function Operating System: Ubuntu 10.10 (x86_64) PHP Version: trunk-SVN-2011-04-20 (SVN) Assigned To: cataphract Block user comment: N Private report: N New Comment: The following patch has been added/updated: Patch Name: browscap.diff Revision: 1303783306 URL: http://bugs.php.net/patch-display.php?bug=54580&patch=browscap.diff&revision=1303783306 Previous Comments: ------------------------------------------------------------------------ [2011-04-21 13:54:12] cataphr...@php.net The problem is not ini_set, the segault occurs because PHP assumes the parse result of the code is initialized when the ini setting is non-empty; however, by using php_admin_value, the ini setting value is set after when the parsing code runs, so when it runs it leaves memory initialized because the ini setting is empty. This should be fixed by having the ini setting change via php_admin_value trigger the ini reading and structure initialization. ------------------------------------------------------------------------ [2011-04-21 00:06:11] tomas dot brastavicius at quantum dot lt Description: ------------ PHP is running as an Apache module. The following configuration was used to compile PHP: ./configure --with-apxs2=/usr/bin/apxs2 --enable-debug --disable-all Test script: --------------- 1. Be sure browscap directive is commented out in php.ini 2. Set browscap setting in Apache configuration file, i.e. php_admin_value browscap "/some/path/browscap.ini" 3. Run the following PHP script: <?php ini_set('browscap', '/some/path/browscap.ini'); get_browser(); Expected result: ---------------- Notice or another type of message that indicates a misconfiguration (browscap directive is of the PHP_INI_SYSTEM type and can not be set/changed with ini_set() function or in Apache configuration file) Actual result: -------------- Program received signal SIGSEGV, Segmentation fault. 0x00007ffff09db2af in zend_hash_find (ht=0x7ffff0e6e100, arKey=0x7ffff7f6b760 "User-Agent", nKeyLength=109, pData=0x7fffffffbdb8) at /a/php-trunk/Zend/zend_hash.c:905 905 p = ht->arBuckets[nIndex]; Full backtrace: #0 0x00007ffff09db2af in zend_hash_find (ht=0x7ffff0e6e100, arKey=0x7ffff7f6b760 "User-Agent", nKeyLength=109, pData=0x7fffffffbdb8) at /a/php-trunk/Zend/zend_hash.c:905 #1 0x00007ffff08ac3b1 in zif_get_browser (ht=0, return_value=0x7ffff7f62be8, return_value_ptr=0x0, this_ptr=0x0, return_value_used=1) at /a/php-trunk/ext/standard/browscap.c:360 #2 0x00007ffff0a09972 in zend_do_fcall_common_helper_SPEC (execute_data=0x7ffff7f2e338) at /a/php-trunk/Zend/zend_vm_execute.h:642 #3 0x00007ffff0a0ffd2 in ZEND_DO_FCALL_SPEC_CONST_HANDLER (execute_data=0x7ffff7f2e338) at /a/php-trunk/Zend/zend_vm_execute.h:1963 #4 0x00007ffff0a08077 in execute (op_array=0x7ffff7f611c0) at /a/php-trunk/Zend/zend_vm_execute.h:410 #5 0x00007ffff09c88a3 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /a/php-trunk/Zend/zend.c:1212 #6 0x00007ffff0933982 in php_execute_script (primary_file=0x7fffffffe670) at /a/php-trunk/main/main.c:2349 #7 0x00007ffff0b0de48 in php_handler (r=0x7ffff84bbea0) at /a/php-trunk/sapi/apache2handler/sapi_apache2.c:667 #8 0x00007ffff7fd6310 in ap_run_handler (r=0x7ffff84bbea0) at /build/buildd/apache2-2.2.16/server/config.c:159 #9 0x00007ffff7fd9c9e in ap_invoke_handler (r=0x7ffff84bbea0) at /build/buildd/apache2-2.2.16/server/config.c:377 #10 0x00007ffff7fe77b8 in ap_process_request (r=0x7ffff84bbea0) at /build/buildd/apache2-2.2.16/modules/http/http_request.c:282 #11 0x00007ffff7fe4748 in ap_process_http_connection (c=0x7ffff84adc90) at /build/buildd/apache2-2.2.16/modules/http/http_core.c:190 #12 0x00007ffff7fddef8 in ap_run_process_connection (c=0x7ffff84adc90) at /build/buildd/apache2-2.2.16/server/connection.c:43 #13 0x00007ffff7fec177 in child_main (child_num_arg=<value optimized out>) at /build/buildd/apache2-2.2.16/server/mpm/prefork/prefork.c:662 #14 0x00007ffff7fec446 in make_child (s=0x7ffff8214938, slot=0) at /build/buildd/apache2-2.2.16/server/mpm/prefork/prefork.c:702 #15 0x00007ffff7feca93 in ap_mpm_run (_pconf=<value optimized out>, plog=<value optimized out>, s=<value optimized out>) at /build/buildd/apache2-2.2.16/server/mpm/prefork/prefork.c:978 #16 0x00007ffff7fc2530 in main (argc=2, argv=0x7fffffffecf8) at /build/buildd/apache2-2.2.16/server/main.c:742 ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/bug.php?id=54580&edit=1
