ID: 48744 Updated by: ras...@php.net Reported By: tom at ideaweb dot de Status: Feedback Bug Type: Safe Mode/open_basedir Operating System: Linux Debian Etch PHP Version: 5.3.0 New Comment:
Aha, I just checked that snapshot you said you used. It does not have my fix yet. Mystery solved, I hope. You can make this one-line change manually in your code to check it: http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/main/fopen_wrappers.c?r1=282359&r2=286602&pathrev=286602 Previous Comments: ------------------------------------------------------------------------ [2009-08-01 14:56:35] ras...@php.net There is something very fishy going on. Your backtrace shows that OnUpdateBaseDir was called with stage=4 and then it shows the segfault at the line that has: if (!*p || !**p) { But that was exactly what I fixed when I fixed bug #48880 stage 4 is PHP_INI_STAGE_ACTIVATE and the current code has: if (stage == PHP_INI_STAGE_STARTUP || stage == PHP_INI_STAGE_SHUTDOWN || stage == PHP_INI_STAGE_ACTIVATE || stage == PHP_INI_STAGE_DEACTIVATE) { /* We're in a PHP_INI_SYSTEM context, no restrictions */ *p = new_value; return SUCCESS; } /* Otherwise we're in runtime */ if (!*p || !**p) { /* open_basedir not set yet, go ahead and give it a value */ *p = new_value; return SUCCESS; } So I don't see how a call to OnUpdateBaseDir with stage=4 could have gotten to that condition if you are indeed running the latest code. Please check main/fopen_wrappers.c line 96 and make sure it has the check for PHP_INI_STAGE_ACTIVATE there. ------------------------------------------------------------------------ [2009-08-01 10:00:43] tom at ideaweb dot de i forgot to write: /var/www/ecolint.ch/dev:/var/www/ecolint.ch/tmp:/var/www/ecolint.ch/mysql /www/htdocs/ecolint.ch/dev:/www/htdocs/ecolint.ch/tmp:/www/htdocs/ecolint.ch/mysql are the same, and will crash too if there is no /www/prog/php.. sorry for confusion =)) ------------------------------------------------------------------------ [2009-08-01 09:57:06] tom at ideaweb dot de I installed php5.3-200908010830: with the "prefix" directory php_admin_value open_basedir /var/www/ecolint.ch/dev:/var/www/ecolint.ch/tmp:/var/www/ecolint.ch/my sql:/www/prog/php everything works as expected, but without it php_admin_value open_basedir /www/htdocs/ecolint.ch/dev:/www/htdocs/ecolint.ch/tmp:/www/htdocs/ecol int.ch/mysql it crashes again: (gdb) run -X Starting program: /www/apache/2.2.11/bin/httpd -X Failed to read a valid object file image from memory. [Thread debugging using libthread_db enabled] [New Thread -1213593920 (LWP 22640)] Program received signal SIGSEGV, Segmentation fault. [Switching to Thread -1213593920 (LWP 22640)] 0xb74bf52b in OnUpdateBaseDir (entry=0x824fb10, new_value=0x84d3ce8 "/www/htdocs/ecolint.ch/dev:/www/htdocs/ecolint.ch/tmp:/www/htdocs/eco lint.ch/mysql", new_value_length=82, mh_arg1=0x48, mh_arg2=0xb7a9eee0, mh_arg3=0x0, stage=4) at /www/src/php5.3-200908010830/main/fopen_wrappers.c:103 103 if (!*p || !**p) { (gdb) bt #0 0xb74bf52b in OnUpdateBaseDir (entry=0x824fb10, new_value=0x84d3ce8 "/www/htdocs/ecolint.ch/dev:/www/htdocs/ecolint.ch/tmp:/www/htdocs/eco lint.ch/mysql", new_value_length=82, mh_arg1=0x48, mh_arg2=0xb7a9eee0, mh_arg3=0x0, stage=4) at /www/src/php5.3-200908010830/main/fopen_wrappers.c:103 #1 0xb753bb45 in zend_alter_ini_entry_ex (name=0x819a7a0 "open_basedir", name_length=13, new_value=0x81fad60 "/www/htdocs/ecolint.ch/dev:/www/htdocs/ecolint.ch/tmp:/www/htdocs/eco lint.ch/mysql", new_value_length=82, modify_type=4, stage=4, force_change=0) at /www/src/php5.3-200908010830/Zend/zend_ini.c:291 #2 0xb753b94b in zend_alter_ini_entry (name=0x819a7a0 "open_basedir", name_length=13, new_value=0x81fad60 "/www/htdocs/ecolint.ch/dev:/www/htdocs/ecolint.ch/tmp:/www/htdocs/eco lint.ch/mysql", new_value_length=82, modify_type=4, stage=4) at /www/src/php5.3- 200908010830/Zend/zend_ini.c:249 #3 0xb75ed4fe in apply_config (dummy=0x81fb3e8) at /www/src/php5.3- 200908010830/sapi/apache2handler/apache_config.c:197 #4 0xb75ec8bb in php_handler (r=0x8384c18) at /www/src/php5.3- 200908010830/sapi/apache2handler/sapi_apache2.c:547 #5 0x0807dad7 in ap_run_handler (r=0x8384c18) at config.c:157 #6 0x08080bc7 in ap_invoke_handler (r=0x8384c18) at config.c:372 #7 0x080c84da in ap_internal_redirect (new_uri=0x8384be8 "/index.php/contacts/form_contacts_browse/1?", r=0x837fee0) at http_request.c:501 #8 0x080f3f41 in handler_redirect (r=0x837fee0) at mod_rewrite.c:4801 #9 0x0807dad7 in ap_run_handler (r=0x837fee0) at config.c:157 #10 0x08080bc7 in ap_invoke_handler (r=0x837fee0) at config.c:372 #11 0x080c8658 in ap_process_request (r=0x837fee0) at http_request.c:282 #12 0x080c581e in ap_process_http_connection (c=0x836fdf0) at http_core.c:190 #13 0x08084a87 in ap_run_process_connection (c=0x836fdf0) at connection.c:43 #14 0x080f846d in child_main (child_num_arg=<value optimized out>) at prefork.c:650 #15 0x080f86a5 in make_child (s=0x813d648, slot=0) at prefork.c:690 #16 0x080f944c in ap_mpm_run (_pconf=0x81380a8, plog=0x8188328, s=0x813d648) at prefork.c:966 #17 0x0806b44f in main (argc=135487648, argv=0x836dc10) at main.c:740 the strange output (bug #48880) i will check later....) ------------------------------------------------------------------------ [2009-07-31 23:05:06] j...@php.net Please try using this snapshot: http://snaps.php.net/php5.3-latest.tar.gz For Windows: http://windows.php.net/snapshots/ This is most likely fixed now. See also bug #48880 ------------------------------------------------------------------------ [2009-07-31 16:52:49] tom at ideaweb dot de Maybe i'm wrong, if add the "prefix" path where php is installed to open_basedir directive, the segmentation fault and the strange "unicode" outputs are gone on all my machines (linux+osx) ./configure \ --prefix=/www/prog/php/5.3.0 \ php_admin_value open_basedir /www/htdocs/ecolint.ch/dev:/www/htdocs/ecolint.ch/tmp:/www/htdocs/ecol int.ch/mysql:/www/prog/php but... it should be confirmed by others! =)) ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/48744 -- Edit this bug report at http://bugs.php.net/?id=48744&edit=1
