We observe regular segfaults on Ubuntu 14.04 LTS with Apache and PHP in
its default packages presenting these backtraces in a Coredump file:
#0 0x00007f9911e619ad in zend_stack_push (
stack=stack@entry=0x7f9912627ca0 <compiler_globals+608>,
element=element@entry=0x7f9912627c78 <compiler_globals+568>,
size=size@entry=40) at /build/buildd/php5-5.5.9+dfsg/Zend/zend_stack.c:42
#1 0x00007f9911e2d34e in compile_file (
file_handle=file_handle@entry=0x7fffe74e7e00, type=2)
at Zend/zend_language_scanner.l:586
#2 0x00007f9911e52b2a in dtrace_compile_file (file_handle=0x7fffe74e7e00,
type=<optimized out>)
at /build/buildd/php5-5.5.9+dfsg/Zend/zend_dtrace.c:40
#3 0x00007f9911cdbce4 in phar_compile_file (file_handle=<optimized out>,
type=<optimized out>) at /build/buildd/php5-5.5.9+dfsg/ext/phar/phar.c:3383
#4 0x00007f990baca1d4 in persistent_compile_file (file_handle=0x7fffe74e7e00,
type=2) at /build/buildd/php5-5.5.9+dfsg/ext/opcache/ZendAccelerator.c:1634
#5 0x00007f990bd64f19 in ?? ()
from /usr/lib/php5/20121212/ioncube_loader_lin_5.5.so
#6 0x00007f9911e645af in zend_execute_scripts (type=type@entry=2,
retval=retval@entry=0x0, file_count=file_count@entry=1)
at /build/buildd/php5-5.5.9+dfsg/Zend/zend.c:1308
#7 0x00007f9911f1452d in php_handler (r=<optimized out>)
at /build/buildd/php5-5.5.9+dfsg/sapi/apache2handler/sapi_apache2.c:669
#8 0x00007f9918178680 in ap_run_handler (r=0x7f9912f040a0) at config.c:169
#9 0x00007f9918178bc9 in ap_invoke_handler (r=r@entry=0x7f9912f040a0)
---Type <return> to continue, or q <return> to quit---
at config.c:439
#10 0x00007f991818e16a in ap_process_async_request (r=0x7f9912f040a0)
at http_request.c:317
#11 0x00007f991818e444 in ap_process_request (r=r@entry=0x7f9912f040a0)
at http_request.c:363
#12 0x00007f991818af02 in ap_process_http_sync_connection (c=0x7f991479e290)
at http_core.c:190
#13 ap_process_http_connection (c=0x7f991479e290) at http_core.c:231
#14 0x00007f9918181cc0 in ap_run_process_connection (c=0x7f991479e290)
at connection.c:41
#15 0x00007f99181820a8 in ap_process_connection (c=c@entry=0x7f991479e290,
csd=<optimized out>) at connection.c:202
#16 0x00007f991333f767 in child_main (child_num_arg=child_num_arg@entry=92)
at prefork.c:704
#17 0x00007f991333f9a6 in make_child (s=0x7f99180dfde0, slot=92)
at prefork.c:800
#18 0x00007f991334060e in perform_idle_server_maintenance (p=<optimized out>)
at prefork.c:902
#19 prefork_run (_pconf=<optimized out>, plog=<optimized out>,
s=<optimized out>) at prefork.c:1090
#20 0x00007f991815f69e in ap_run_mpm (pconf=0x7f9918115028,
plog=0x7f99180e3028, s=0x7f99180dfde0) at mpm_common.c:96
#21 0x00007f9918158e36 in main (argc=3, argv=0x7fffe74e8508) at main.c:777
PHP is coming in to the stack push function thinking that it is already
initialized (stack_max=64) while its elements pointer is null, so it
segfaults when trying to store a heap segment in its stack.
This may very well be an upstream bug in the PHP SAPI module for Apache.
In this case I think this bug report
(https://bugs.php.net/bug.php?id=68486) on PHP is highly relevant. It is
said to not be present on Apache 2.2 and is probably related to client
side pipelining of HTTP 1.1 requests.
Regards,
Gerrit
** Bug watch added: bugs.php.net/ #68486
http://bugs.php.net/bug.php?id=68486
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1407990
Title:
apache2.4 mod-php5.5 random segmentation faults in zend_stack_push()
and zend_hash_find()
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/php5/+bug/1407990/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
