#19919 [Opn->Fbk]: segmentation violation in sapi_apache_header_handler, mod_php4.c line 208

rasmus Tue, 15 Oct 2002 12:27:10 -0700

 ID:               19919
 Updated by:       [EMAIL PROTECTED]
 Reported By:      [EMAIL PROTECTED]
-Status:           Open
+Status:           Feedback
 Bug Type:         Reproducible crash
 Operating System: FreeBSD 4.7
 PHP Version:      4.2.3
 New Comment:


Is this a single CPU machine?


Previous Comments:
------------------------------------------------------------------------

[2002-10-15 14:46:47] [EMAIL PROTECTED]

of course - I should have put that info in the
original post.  my apologies.

Bingo - null pointer.


#0  0x282207ab in sapi_apache_header_handler (sapi_header=0xbfbfe748,
sapi_headers=0x282edc70)
    at mod_php4.c:208
208                     table_add(r->headers_out, header_name,
header_content);
(gdb) l
203             } while (*header_content==' ');
204
205             if (!strcasecmp(header_name, "Content-Type")) {
206                     r->content_type = pstrdup(r->pool,
header_content);
207             } else if (!strcasecmp(header_name, "Set-Cookie")) {
208                     table_add(r->headers_out, header_name,
header_content);
209             } else {
210                     table_set(r->headers_out, header_name,
header_content);
211             }
212
(gdb) p r
$2 = (request_rec *) 0x0
(gdb) up
#1  0x28227399 in sapi_add_header_ex (header_line=0x830700c
"Set-Cookie", header_line_len=2238, 
    duplicate=0 '\000', replace=0 '\000') at SAPI.c:558
558                     retval =
sapi_module.header_handler(&sapi_header, &SG(sapi_headers) TSRMLS_CC);
(gdb) l
553                             }
554                     }
555             }
556
557             if (sapi_module.header_handler) {
558                     retval =
sapi_module.header_handler(&sapi_header, &SG(sapi_headers) TSRMLS_CC);
559             } else {
560                     retval = SAPI_HEADER_ADD;
561             }
562             if (retval & SAPI_HEADER_DELETE_ALL) {

------------------------------------------------------------------------

[2002-10-15 12:21:42] [EMAIL PROTECTED]

Hrm..  That's an odd segfault.  Could you type 'l' in gdb to get the
source lines listed.  I want to make sure I have the right line.  In
4.2.3 line 208 in mod_php4.c is:

table_add(r->headers_out, header_name, header_content);

the only way I see for that to segfault is if r is bogus.  So please
type, 'p r' and 'p *r' and let us know what that produces.

------------------------------------------------------------------------

[2002-10-15 12:07:13] [EMAIL PROTECTED]

Under heavy load, i.e., when the cpu load is 100%, I see http
core-dumping in php (the same spot all the time) as shown in the follow
gdb backtrace.  It is a reproducable
bug under heavy load, but I do not have an isolated test
case that always causes the problem.

Since it only appears under load, it may be
a timing issue? 

It might be worth noting that output buffering is being
used on many of the pages.

PHP Version 4.2.3


System        FreeBSD intern6.eng.tvol.net 4.7-RC FreeBSD 4.7-RC #10:
Mon
              Sep 23 09:44:37 EDT 2002 XXXXX:/usr/
              src/sys/compile/DEVEL i386

Build Date    Oct 9 2002 11:49:18

Configure     './configure' '--with-apxs=/usr/local/sbin/apxs'
Command       '--with-config-file-path=/usr/local/etc'
              '--enable-versioning' '--with-regex=system'
'--without-gd'
              '--without-mysql' '--with-zlib' '--with-imap=/usr/local'
              '--with-pgsql=/usr/local' '--enable-wddx'
'--with-gettext=/
              usr/local' '--enable-sockets' '--enable-trans-sid'
              '--with-expat-dir=/usr/local' '--prefix=/usr/local'
              'i386-portbld-freebsd4.7'

Server API    Apache

Server version: Apache/1.3.26 (Unix)
Server built:   Jul  1 2002 11:32:52
Server's Module Magic Number: 19990320:13


Core was generated by `httpd'.
Program terminated with signal 11, Segmentation fault.
#0  0x282207ab in sapi_apache_header_handler (sapi_header=0xbfbfe748, 
    sapi_headers=0x282edc70) at mod_php4.c:208
#0  0x282207ab in sapi_apache_header_handler (sapi_header=0xbfbfe748, 
    sapi_headers=0x282edc70) at mod_php4.c:208
#1  0x28227399 in sapi_add_header_ex (header_line=0x87b300c
"Set-Cookie", 
    header_line_len=2226, duplicate=0 '\000', replace=0 '\000') at
SAPI.c:558
#2  0x2827848e in php_setcookie (name=0x875a72c "TICS0", name_len=5, 
    value=0x87b000c
"TG9naW58YToxMzp7czo1OiJCb3hJRCI7czoxMjoiMDAwMDAwMDAyNzY2IjtzOjc6IkJveFR5cGUiO3M6MToiNCI7czoxMzoiQ2hhbm5lbE51bWJlciI7czoxOiIwIjtzOjQ6Ik5vZGUiO3M6MToiMCI7czo5OiJTZXNzaW9uSUQiO3M6MTY6IjJNMVZGVlEwVVFPODU4"...,

    value_len=2200, expires=0, path=0x875a80c "/", path_len=1, 
    domain=0x875a76c "", domain_len=0, secure=0) at head.c:124
#3  0x28278537 in zif_setcookie (ht=5, return_value=0x86b91ec,
this_ptr=0x0, 
    return_value_used=0) at head.c:144
#4  0x28209541 in execute (op_array=0x86d2b80) at
./zend_execute.c:1598
#5  0x2820efe9 in call_user_function_ex (function_table=0x8100200, 
    object_pp=0x0, function_name=0x81bdeac, retval_ptr_ptr=0xbfbff2e0,

    param_count=2, params=0x875a8ac, no_separation=1,
symbol_table=0x0)
    at zend_execute_API.c:517
#6  0x2820ea74 in call_user_function (function_table=0x8100200,
object_pp=0x0, 
    function_name=0x81bdeac, retval_ptr=0x879546c, param_count=2, 
    params=0xbfbff36c) at zend_execute_API.c:373
#7  0x28256dbf in ps_call_handler (func=0x81bdeac, argc=2,
argv=0xbfbff36c)
    at mod_user.c:60
#8  0x28257164 in ps_write_user (mod_data=0x282edf30, 
    key=0x869908c "ab20624057e7dea39d78749f7119bee5", 
    val=0x81a680c
"Login|a:13:{s:5:\"BoxID\";s:12:\"000000002766\";s:7:\"BoxType\";s:1:\"4\";s:13:\"ChannelNumber\";s:1:\"0\";s:4:\"Node\";s:1:\"0\";s:9:\"SessionID\";s:16:\"2M1VFVQ0UQO8582H\";s:9:\"LoginType\";s:2:\"WG\";s:6:\"TocsIP\";s:17:\"17"...,
vallen=1650) at mod_user.c:148
#9  0x28253f62 in php_session_save_current_state () at session.c:589
#10 0x282564f9 in php_session_flush () at session.c:1457
#11 0x2825651c in zif_session_write_close (ht=0,
return_value=0x86b94ec, 
    this_ptr=0x0, return_value_used=0) at session.c:1466
#12 0x28209541 in execute (op_array=0x86d2d80) at
./zend_execute.c:1598
#13 0x2820efe9 in call_user_function_ex (function_table=0x8100200, 
    object_pp=0x0, function_name=0x86b9b0c, retval_ptr_ptr=0xbfbff658,

    param_count=2, params=0xbfbff660, no_separation=1,
symbol_table=0x0)
    at zend_execute_API.c:517
#14 0x2822b4de in php_end_ob_buffer (send_buffer=1 '\001', just_flush=0
'\000')
    at output.c:177
#15 0x2822b7cf in php_end_ob_buffers (send_buffer=1) at output.c:268
#16 0x28223286 in php_request_shutdown (dummy=0x0) at main.c:763
#17 0x28220a43 in php_apache_request_shutdown (dummy=0x0) at
mod_php4.c:317
#18 0x805008e in run_cleanups ()
#19 0x804f11f in ap_clear_pool ()
#20 0x804f180 in ap_destroy_pool ()
#21 0x804f10b in ap_clear_pool ()
#22 0x805a99a in child_main ()
#23 0x805af91 in make_child ()
#24 0x805b200 in perform_idle_server_maintenance ()
#25 0x805b6ad in standalone_main ()
#26 0x805bbdf in main ()
#27 0x804eb91 in _start ()



------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=19919&edit=1

#19919 [Opn->Fbk]: segmentation violation in sapi_apache_header_handler, mod_php4.c line 208

Reply via email to