Bug #15501 Updated: header call crashes PHP as Apache module

sesser Mon, 11 Feb 2002 05:22:06 -0800

 ID:               15501
 Updated by:       [EMAIL PROTECTED]
 Reported By:      [EMAIL PROTECTED]
-Status:           Open
+Status:           Closed
 Bug Type:         Reproducible crash
 Operating System: RH Linux 7.1
 PHP Version:      4.1.1
 New Comment:


This bug has been fixed in CVS.


Previous Comments:
------------------------------------------------------------------------

[2002-02-11 08:10:11] [EMAIL PROTECTED]

This script crashes my installation of Apache 1.3.22 with PHP 4.1.1 as
module:

<?php 
  //$link = mysql_connect("<host>", "<id>", "<pw>");
  
  if (!isset($PHP_AUTH_USER)) {
    header("WWW-Authenticate: Basic realm=\"My Realm\"");
    header("HTTP/1.0 401 Unauthorized");
    echo "Please login\n";
    exit;
  } else {
    echo "<p>Hello $PHP_AUTH_USER.</p>";
  }
?>

When I un-comment the line //$link = ... (and substitutes my MySQL
server, id and passwd), Apache does not crash. The script correctly
asks for login; however, the realm name is displayed as "My
Realm-507".

All settings on the server can be seen at this phpInfo-page:
http://www3.sdu.dk/phpInfo.php

Apache logs this when crashing:
[Mon Feb 11 13:12:04 2002]  Script:  '/home/web/test/adgang3.php'
---------------------------------------
SAPI.c(505) : Block 0x08197B3C status:
Beginning:      Overrun (magic=0x00000000, expected=0x7312F8DC)
[Mon Feb 11 13:12:05 2002] [notice] child pid 7617 exit signal
Segmentation fault (11)

Apache refuses to produce a core dump, but trace from gdb follows
here:

(gdb) run -X
Starting program: /etc/httpd/bin/httpd -X

Program received signal SIGSEGV, Segmentation fault.
0x4020a07c in memcpy () from /lib/i686/libc.so.6

bt from gdb:
(gdb) bt
#0  0x4020a07c in memcpy () from /lib/i686/libc.so.6
#1  0x081d0ccc in zval_used_for_init ()
#2  0x0810b8f9 in _mem_block_check (ptr=0x8197b60, silent=1,
__zend_filename=0x81742e9 "SAPI.c", __zend_lineno=505, 
    __zend_orig_filename=0x0, __zend_orig_lineno=0) at
zend_alloc.c:659
#3  0x0810aacb in _efree (ptr=0x8197b60, __zend_filename=0x81742e9
"SAPI.c", __zend_lineno=505, 
    __zend_orig_filename=0x0, __zend_orig_lineno=0) at
zend_alloc.c:224
#4  0x0806c4bc in sapi_add_header_ex (header_line=0x823de4c 'Z'
<repeats
41 times>, "\204�\217*", 
    header_line_len=40, duplicate=1 '\001', replace=1 '\001') at
SAPI.c:505
#5  0x080b91de in zif_header (ht=1, return_value=0x823de0c,
this_ptr=0x0, return_value_used=0) at head.c:56
#6  0x0813e437 in execute (op_array=0x823dd24) at
./zend_execute.c:1590
#7  0x0811b8f2 in zend_execute_scripts (type=8, retval=0x0,
file_count=3) at zend.c:814
#8  0x080695ba in php_execute_script (primary_file=0xbffff710) at
main.c:1307
#9  0x08126c22 in apache_php_module_main (r=0x82380f4,
display_source_mode=0) at sapi_apache.c:90
#10 0x08065d14 in send_php ()
#11 0x08065d6d in send_parsed_php ()
#12 0x08148203 in ap_invoke_handler ()
#13 0x0815c3e3 in process_request_internal ()
#14 0x0815c444 in ap_process_request ()
#15 0x081538ad in child_main ()
#16 0x08153a58 in make_child ()
#17 0x08153bcc in startup_children ()
#18 0x08154244 in standalone_main ()
#19 0x08154a97 in main ()
#20 0x4019d627 in __libc_start_main (main=0x8154700 <main>, argc=2,
ubp_av=0xbffffb44, init=0x8063594 <_init>, 
    fini=0x81726f0 <_fini>, rtld_fini=0x4000dcc4 <_dl_fini>,
stack_end=0xbffffb3c)
    at ../sysdeps/generic/libc-start.c:129

Any ideas?

Sven M. Sorensen
University of Southern Denmark

------------------------------------------------------------------------

[2002-02-11 08:05:38] [EMAIL PROTECTED]

This script crashes my installation of Apache 1.3.22 with PHP 4.1.1 as
module:

<?php 
  //$link = mysql_connect("<host>", "<id>", "<pw>");
  
  if (!isset($PHP_AUTH_USER)) {
    header("WWW-Authenticate: Basic realm=\"My Realm\"");
    header("HTTP/1.0 401 Unauthorized");
    echo "Please login\n";
    exit;
  } else {
    echo "<p>Hello $PHP_AUTH_USER.</p>";
  }
?>

When I remove the un-comment the line //$link = ... (and substitutes my
MySQL server, id and passwd), Apache does not crash. The script
correctly asks for login, however, the realm name is displayed as "My
Realm-507".

All settings on the server can be seen at this phpInfo-page:
http://www3.sdu.dk/phpInfo.php

Apache logs this when crashing:
[Mon Feb 11 13:12:04 2002]  Script:  '/home/web/test/adgang3.php'
---------------------------------------
SAPI.c(505) : Block 0x08197B3C status:
Beginning:      Overrun (magic=0x00000000, expected=0x7312F8DC)
[Mon Feb 11 13:12:05 2002] [notice] child pid 7617 exit signal
Segmentation fault (11)

Apache refuses to produce a core dump, but trace from gdb follows
here:

(gdb) run -X
Starting program: /etc/httpd/bin/httpd -X

Program received signal SIGSEGV, Segmentation fault.
0x4020a07c in memcpy () from /lib/i686/libc.so.6

bt from gdb:
(gdb) bt
#0  0x4020a07c in memcpy () from /lib/i686/libc.so.6
#1  0x081d0ccc in zval_used_for_init ()
#2  0x0810b8f9 in _mem_block_check (ptr=0x8197b60, silent=1,
__zend_filename=0x81742e9 "SAPI.c", __zend_lineno=505, 
    __zend_orig_filename=0x0, __zend_orig_lineno=0) at
zend_alloc.c:659
#3  0x0810aacb in _efree (ptr=0x8197b60, __zend_filename=0x81742e9
"SAPI.c", __zend_lineno=505, 
    __zend_orig_filename=0x0, __zend_orig_lineno=0) at
zend_alloc.c:224
#4  0x0806c4bc in sapi_add_header_ex (header_line=0x823de4c 'Z'
<repeats 41 times>, "\204�\217*", 
    header_line_len=40, duplicate=1 '\001', replace=1 '\001') at
SAPI.c:505
#5  0x080b91de in zif_header (ht=1, return_value=0x823de0c,
this_ptr=0x0, return_value_used=0) at head.c:56
#6  0x0813e437 in execute (op_array=0x823dd24) at
./zend_execute.c:1590
#7  0x0811b8f2 in zend_execute_scripts (type=8, retval=0x0,
file_count=3) at zend.c:814
#8  0x080695ba in php_execute_script (primary_file=0xbffff710) at
main.c:1307
#9  0x08126c22 in apache_php_module_main (r=0x82380f4,
display_source_mode=0) at sapi_apache.c:90
#10 0x08065d14 in send_php ()
#11 0x08065d6d in send_parsed_php ()
#12 0x08148203 in ap_invoke_handler ()
#13 0x0815c3e3 in process_request_internal ()
#14 0x0815c444 in ap_process_request ()
#15 0x081538ad in child_main ()
#16 0x08153a58 in make_child ()
#17 0x08153bcc in startup_children ()
#18 0x08154244 in standalone_main ()
#19 0x08154a97 in main ()
#20 0x4019d627 in __libc_start_main (main=0x8154700 <main>, argc=2,
ubp_av=0xbffffb44, init=0x8063594 <_init>, 
    fini=0x81726f0 <_fini>, rtld_fini=0x4000dcc4 <_dl_fini>,
stack_end=0xbffffb3c)
    at ../sysdeps/generic/libc-start.c:129

Any ideas?

Sven M. Sorensen
University of Southern Denmark


------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=15501&edit=1

Bug #15501 Updated: header call crashes PHP as Apache module

Reply via email to