It seems there was an off-by-one error in the strspn code in our libc. The buffer was a byte too small and resulted in overwriting the saved ebx which was the offset to the GOT -- but only if strspn was used with a \xff in the second string.
I have a patch here: http://dblaz.beevomit.org/dfly/strspn.patch I've verified it fixes the PHP problem. Also, I tested it against a small program that called strspn with a \xff in the second string and verified that ebx was correctly restored (unlike prior to the patch). -- Dion On Wed, May 14, 2008 at 2:32 PM, Joerg Sonnenberger <[EMAIL PROTECTED]> wrote: > On Wed, May 14, 2008 at 11:30:19AM -0400, Justin C. Sherrill wrote: >> Antonio Huete Jimenez wrote: >>> Antonio Huete Jimenez <[EMAIL PROTECTED]> added the comment: >>> >>> What about the commits between 1.12.1 and 1.12.2 related with threading lib? >> >> I'm still using the same threading library in both cases - libc_r. > > I've been seeing random PHP segfaults lately in the module init code. > That's a standalone PHP using FastCGI. > > Joerg >
