ID: 19919 Updated by: [EMAIL PROTECTED] Reported By: [EMAIL PROTECTED] -Status: Open +Status: Feedback Bug Type: Reproducible crash Operating System: FreeBSD 4.7 PHP Version: 4.2.3 New Comment:
Please try using this CVS snapshot: http://snaps.php.net/php4-latest.tar.gz For Windows: http://snaps.php.net/win32/php4-win32-latest.zip Previous Comments: ------------------------------------------------------------------------ [2002-10-15 15:14:04] [EMAIL PROTECTED] es, it is a single cpu hw.machine: i386 hw.model: AMD Athlon(tm) Processor hw.ncpu: 1 hw.byteorder: 1234 hw.physmem: 533811200 hw.usermem: 462032896 hw.pagesize: 4096 hw.floatingpoint: 1 hw.machine_arch: i386 hw.ata.ata_dma: 1 hw.ata.wc: 1 hw.ata.tags: 0 hw.ata.atapi_dma: 0 hw.fxp_rnr: 0 hw.instruction_sse: 0 hw.availpages: 130159 hw.fxp0.int_delay: 1000 hw.fxp0.bundle_max: 6 ------------------------------------------------------------------------ [2002-10-15 14:53:30] [EMAIL PROTECTED] Is this a single CPU machine? ------------------------------------------------------------------------ [2002-10-15 14:46:47] [EMAIL PROTECTED] of course - I should have put that info in the original post. my apologies. Bingo - null pointer. #0 0x282207ab in sapi_apache_header_handler (sapi_header=0xbfbfe748, sapi_headers=0x282edc70) at mod_php4.c:208 208 table_add(r->headers_out, header_name, header_content); (gdb) l 203 } while (*header_content==' '); 204 205 if (!strcasecmp(header_name, "Content-Type")) { 206 r->content_type = pstrdup(r->pool, header_content); 207 } else if (!strcasecmp(header_name, "Set-Cookie")) { 208 table_add(r->headers_out, header_name, header_content); 209 } else { 210 table_set(r->headers_out, header_name, header_content); 211 } 212 (gdb) p r $2 = (request_rec *) 0x0 (gdb) up #1 0x28227399 in sapi_add_header_ex (header_line=0x830700c "Set-Cookie", header_line_len=2238, duplicate=0 '\000', replace=0 '\000') at SAPI.c:558 558 retval = sapi_module.header_handler(&sapi_header, &SG(sapi_headers) TSRMLS_CC); (gdb) l 553 } 554 } 555 } 556 557 if (sapi_module.header_handler) { 558 retval = sapi_module.header_handler(&sapi_header, &SG(sapi_headers) TSRMLS_CC); 559 } else { 560 retval = SAPI_HEADER_ADD; 561 } 562 if (retval & SAPI_HEADER_DELETE_ALL) { ------------------------------------------------------------------------ [2002-10-15 12:21:42] [EMAIL PROTECTED] Hrm.. That's an odd segfault. Could you type 'l' in gdb to get the source lines listed. I want to make sure I have the right line. In 4.2.3 line 208 in mod_php4.c is: table_add(r->headers_out, header_name, header_content); the only way I see for that to segfault is if r is bogus. So please type, 'p r' and 'p *r' and let us know what that produces. ------------------------------------------------------------------------ [2002-10-15 12:07:13] [EMAIL PROTECTED] Under heavy load, i.e., when the cpu load is 100%, I see http core-dumping in php (the same spot all the time) as shown in the follow gdb backtrace. It is a reproducable bug under heavy load, but I do not have an isolated test case that always causes the problem. Since it only appears under load, it may be a timing issue? It might be worth noting that output buffering is being used on many of the pages. PHP Version 4.2.3 System FreeBSD intern6.eng.tvol.net 4.7-RC FreeBSD 4.7-RC #10: Mon Sep 23 09:44:37 EDT 2002 XXXXX:/usr/ src/sys/compile/DEVEL i386 Build Date Oct 9 2002 11:49:18 Configure './configure' '--with-apxs=/usr/local/sbin/apxs' Command '--with-config-file-path=/usr/local/etc' '--enable-versioning' '--with-regex=system' '--without-gd' '--without-mysql' '--with-zlib' '--with-imap=/usr/local' '--with-pgsql=/usr/local' '--enable-wddx' '--with-gettext=/ usr/local' '--enable-sockets' '--enable-trans-sid' '--with-expat-dir=/usr/local' '--prefix=/usr/local' 'i386-portbld-freebsd4.7' Server API Apache Server version: Apache/1.3.26 (Unix) Server built: Jul 1 2002 11:32:52 Server's Module Magic Number: 19990320:13 Core was generated by `httpd'. Program terminated with signal 11, Segmentation fault. #0 0x282207ab in sapi_apache_header_handler (sapi_header=0xbfbfe748, sapi_headers=0x282edc70) at mod_php4.c:208 #0 0x282207ab in sapi_apache_header_handler (sapi_header=0xbfbfe748, sapi_headers=0x282edc70) at mod_php4.c:208 #1 0x28227399 in sapi_add_header_ex (header_line=0x87b300c "Set-Cookie", header_line_len=2226, duplicate=0 '\000', replace=0 '\000') at SAPI.c:558 #2 0x2827848e in php_setcookie (name=0x875a72c "TICS0", name_len=5, value=0x87b000c "TG9naW58YToxMzp7czo1OiJCb3hJRCI7czoxMjoiMDAwMDAwMDAyNzY2IjtzOjc6IkJveFR5cGUiO3M6MToiNCI7czoxMzoiQ2hhbm5lbE51bWJlciI7czoxOiIwIjtzOjQ6Ik5vZGUiO3M6MToiMCI7czo5OiJTZXNzaW9uSUQiO3M6MTY6IjJNMVZGVlEwVVFPODU4"..., value_len=2200, expires=0, path=0x875a80c "/", path_len=1, domain=0x875a76c "", domain_len=0, secure=0) at head.c:124 #3 0x28278537 in zif_setcookie (ht=5, return_value=0x86b91ec, this_ptr=0x0, return_value_used=0) at head.c:144 #4 0x28209541 in execute (op_array=0x86d2b80) at ./zend_execute.c:1598 #5 0x2820efe9 in call_user_function_ex (function_table=0x8100200, object_pp=0x0, function_name=0x81bdeac, retval_ptr_ptr=0xbfbff2e0, param_count=2, params=0x875a8ac, no_separation=1, symbol_table=0x0) at zend_execute_API.c:517 #6 0x2820ea74 in call_user_function (function_table=0x8100200, object_pp=0x0, function_name=0x81bdeac, retval_ptr=0x879546c, param_count=2, params=0xbfbff36c) at zend_execute_API.c:373 #7 0x28256dbf in ps_call_handler (func=0x81bdeac, argc=2, argv=0xbfbff36c) at mod_user.c:60 #8 0x28257164 in ps_write_user (mod_data=0x282edf30, key=0x869908c "ab20624057e7dea39d78749f7119bee5", val=0x81a680c "Login|a:13:{s:5:\"BoxID\";s:12:\"000000002766\";s:7:\"BoxType\";s:1:\"4\";s:13:\"ChannelNumber\";s:1:\"0\";s:4:\"Node\";s:1:\"0\";s:9:\"SessionID\";s:16:\"2M1VFVQ0UQO8582H\";s:9:\"LoginType\";s:2:\"WG\";s:6:\"TocsIP\";s:17:\"17"..., vallen=1650) at mod_user.c:148 #9 0x28253f62 in php_session_save_current_state () at session.c:589 #10 0x282564f9 in php_session_flush () at session.c:1457 #11 0x2825651c in zif_session_write_close (ht=0, return_value=0x86b94ec, this_ptr=0x0, return_value_used=0) at session.c:1466 #12 0x28209541 in execute (op_array=0x86d2d80) at ./zend_execute.c:1598 #13 0x2820efe9 in call_user_function_ex (function_table=0x8100200, object_pp=0x0, function_name=0x86b9b0c, retval_ptr_ptr=0xbfbff658, param_count=2, params=0xbfbff660, no_separation=1, symbol_table=0x0) at zend_execute_API.c:517 #14 0x2822b4de in php_end_ob_buffer (send_buffer=1 '\001', just_flush=0 '\000') at output.c:177 #15 0x2822b7cf in php_end_ob_buffers (send_buffer=1) at output.c:268 #16 0x28223286 in php_request_shutdown (dummy=0x0) at main.c:763 #17 0x28220a43 in php_apache_request_shutdown (dummy=0x0) at mod_php4.c:317 #18 0x805008e in run_cleanups () #19 0x804f11f in ap_clear_pool () #20 0x804f180 in ap_destroy_pool () #21 0x804f10b in ap_clear_pool () #22 0x805a99a in child_main () #23 0x805af91 in make_child () #24 0x805b200 in perform_idle_server_maintenance () #25 0x805b6ad in standalone_main () #26 0x805bbdf in main () #27 0x804eb91 in _start () ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=19919&edit=1
