ID: 50399
Updated by: [email protected]
Reported By: ikickdogsforfun at hotmail dot com
Status: Assigned
Bug Type: Scripting Engine problem
Operating System: Debian 5
PHP Version: 5.3.1
Assigned To: dmitry
New Comment:
Can you try using the following within php_set_superglobal_server as
the way to modify the _SERVER value.
php_register_variable_ex("name", type,
PG(http_globals)[TRACK_VARS_SERVER]);
Also you don't need to destroy the servers zval, it will be handled by
php_embed_shutdown()
Previous Comments:
------------------------------------------------------------------------
[2009-12-07 15:33:32] [email protected]
Dmitry, can you take a look at it pls?
------------------------------------------------------------------------
[2009-12-07 15:28:19] ikickdogsforfun at hotmail dot com
I added that line to my php.ini and checked phpinfo(); which showed
zend.gc=off
Still having the same problem I'm afraid and valgrind output shows
segfault at the same location.
------------------------------------------------------------------------
[2009-12-07 14:20:40] [email protected]
Can you try with:
zend.enable_gc=Off
In your php.ini please?
------------------------------------------------------------------------
[2009-12-07 13:56:16] ikickdogsforfun at hotmail dot com
Description:
------------
When using PHP SAPI and values have been added to the global $_SERVER
variable, shutdown segfaults in zend_gc. If I remove the setting of the
global variables it doesn't seg fault.
This is possibly not a fault the SAPI, but I've been unable to resolve,
removing the destroy and free commands in shutdown function doesn't stop
it from segfaulting.
Reproduce code:
---------------
The entire source code file is available at
https://crispycrisp.org/php.txt this is the function that causes a
segfault in shutdown if it has been called:
void php_set_superglobal_server(char *name, char *val)
{
zend_first_try {
HashTable* locals = &EG(symbol_table);
zval *type;
/* Fetch $_SERVER from the global scope */
zend_hash_find(locals, "_SERVER", sizeof("_SERVER"),
(void**)&SERVER);
ALLOC_INIT_ZVAL(type);
ZVAL_STRING(type, val, 1);
ZEND_SET_SYMBOL(Z_ARRVAL_PP(SERVER), name, type);
} zend_end_try();
}
Expected result:
----------------
No segfault
Actual result:
--------------
==17605== Thread 2:
==17605== Invalid read of size 4
==17605== at 0x43B4BB9: gc_remove_zval_from_buffer (zend_gc.h:189)
==17605== by 0x438E18F: _zval_ptr_dtor (zend_execute_API.c:434)
==17605== by 0x43A4C7D: zend_hash_destroy (zend_hash.c:526)
==17605== by 0x804A88A: php_shutdown (php.c:143)
==17605== by 0x804A955: php (php.c:168)
==17605== by 0x8049D94: parsing_request (handler.c:180)
==17605== by 0x80496FE: handle (handler.c:25)
==17605== by 0x4032F3A: start_thread (in /lib/libpthread-2.7.so)
==17605== by 0x4793BED: clone (in /lib/libc-2.7.so)
==17605== Address 0x1c is not stack'd, malloc'd or (recently) free'd
==17605==
==17605== Process terminating with default action of signal 11
(SIGSEGV)
==17605== Access not within mapped region at address 0x1C
==17605== at 0x43B4BB9: gc_remove_zval_from_buffer (zend_gc.h:189)
==17605== by 0x438E18F: _zval_ptr_dtor (zend_execute_API.c:434)
==17605== by 0x43A4C7D: zend_hash_destroy (zend_hash.c:526)
==17605== by 0x804A88A: php_shutdown (php.c:143)
==17605== by 0x804A955: php (php.c:168)
==17605== by 0x8049D94: parsing_request (handler.c:180)
==17605== by 0x80496FE: handle (handler.c:25)
==17605== by 0x4032F3A: start_thread (in /lib/libpthread-2.7.so)
==17605== by 0x4793BED: clone (in /lib/libc-2.7.so)
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=50399&edit=1
