Edit report at https://bugs.php.net/bug.php?id=55121&edit=1
ID: 55121 Updated by: nbpo...@php.net Reported by: nbpo...@php.net Summary: Segfault with multipart/form-data POST / 404 request Status: Assigned Type: Bug Package: Built-in web server Operating System: Ubuntu 10.04.2 LTS (64-bit) PHP Version: 5.4SVN-2011-07-03 (snap) Assigned To: moriyoshi Block user comment: N Private report: N New Comment: Hmm, previous test-case is no longer working for me either. Try the following: $ curl --form a=b "http://localhost:8000/file.php"; $ curl "http://localhost:8000/file2.php"; $ curl "http://localhost:8000/file2.php"; $ curl --form a=b "http://localhost:8000/file.php"; It results in a different segfault. Program received signal SIGSEGV, Segmentation fault. _zend_mm_alloc_int (heap=0x8649170, size=40) at /home/nbpoole/Desktop/php/php5.4-201107201430/Zend/zend_alloc.c:1906 1906 heap->cache[index] = best_fit->prev_free_block; (gdb) bt #0 _zend_mm_alloc_int (heap=0x8649170, size=40) at /home/nbpoole/Desktop/php/php5.4-201107201430/Zend/zend_alloc.c:1906 #1 0x082a79f0 in _ecalloc (nmemb=1, size=40) at /home/nbpoole/Desktop/php/php5.4-201107201430/Zend/zend_alloc.c:2556 #2 0x08275fc5 in multipart_buffer_new (content_type_dup=<value optimized out>, arg=0xb7fc42f8) at /home/nbpoole/Desktop/php/php5.4- 201107201430/main/rfc1867.c:283 #3 rfc1867_post_handler (content_type_dup=<value optimized out>, arg=0xb7fc42f8) at /home/nbpoole/Desktop/php/php5.4- 201107201430/main/rfc1867.c:749 #4 0x08273b46 in sapi_handle_post (arg=0xb7fc42f8) at /home/nbpoole/Desktop/php/php5.4-201107201430/main/SAPI.c:182 #5 0x0827a628 in php_default_treat_data (arg=0, str=0x0, destArray=0x0) at /home/nbpoole/Desktop/php/php5.4-201107201430/main/php_variables.c:330 #6 0x082792aa in php_auto_globals_create_post (name=0xb7ea9bf4 "_POST", name_len=5) at /home/nbpoole/Desktop/php/php5.4- 201107201430/main/php_variables.c:690 #7 0x082a7d45 in zend_auto_global_init (auto_global=0x86524b8) at /home/nbpoole/Desktop/php/php5.4-201107201430/Zend/zend_compile.c:6233 #8 0x082d564f in zend_hash_apply (ht=0x8649478, apply_func=0x82a7d20 <zend_auto_global_init>) at /home/nbpoole/Desktop/php/php5.4- 201107201430/Zend/zend_hash.c:716 #9 0x082b523b in zend_activate_auto_globals () at /home/nbpoole/Desktop/php/php5.4-201107201430/Zend/zend_compile.c:6243 #10 0x0827a7df in php_hash_environment () at /home/nbpoole/Desktop/php/php5.4- 201107201430/main/php_variables.c:650 #11 0x0826ba5d in php_request_startup () at /home/nbpoole/Desktop/php/php5.4- 201107201430/main/main.c:1493 #12 0x0836e610 in php_cli_server_dispatch_script (server=0x86443c0, client=0x872d900) at /home/nbpoole/Desktop/php/php5.4- 201107201430/sapi/cli/php_cli_server.c:1599 #13 0x0836e8f5 in php_cli_server_dispatch (server=0x86443c0, client=0x872d900) at /home/nbpoole/Desktop/php/php5.4-201107201430/sapi/cli/php_cli_server.c:1755 #14 php_cli_server_recv_event_read_request (server=0x86443c0, client=0x872d900) at /home/nbpoole/Desktop/php/php5.4-201107201430/sapi/cli/php_cli_server.c:1924 #15 0x0836f0ff in php_cli_server_do_event_for_each_fd_callback (_params=0xbfffe15c, fd=6, event=1) at /home/nbpoole/Desktop/php/php5.4- 201107201430/sapi/cli/php_cli_server.c:2015 #16 0x0836fbd7 in php_cli_server_poller_iter_on_active (argc=3, argv=0xbffff394) at /home/nbpoole/Desktop/php/php5.4-201107201430/sapi/cli/php_cli_server.c:671 #17 php_cli_server_do_event_for_each_fd (argc=3, argv=0xbffff394) at /home/nbpoole/Desktop/php/php5.4-201107201430/sapi/cli/php_cli_server.c:2036 #18 php_cli_server_do_event_loop (argc=3, argv=0xbffff394) at /home/nbpoole/Desktop/php/php5.4-201107201430/sapi/cli/php_cli_server.c:2046 #19 do_cli_server (argc=3, argv=0xbffff394) at /home/nbpoole/Desktop/php/php5.4- 201107201430/sapi/cli/php_cli_server.c:2147 #20 0x08368143 in main (argc=3, argv=0xbffff394) at /home/nbpoole/Desktop/php/php5.4-201107201430/sapi/cli/php_cli.c:1359 This was done with the latest 5.4 from snaps. Previous Comments: ------------------------------------------------------------------------ [2011-07-20 06:50:25] f...@php.net Just tried this on Debian testing and 5_4-HEAD and can't reproduce it. $ curl --form a=b "http://localhost:8000/file.php"; $ curl "http://localhost:8000/file2.php"; [Wed Jul 20 12:50:05 2011] ::1:50522 POST /file.php - Request read [Wed Jul 20 12:50:05 2011] ::1:50522 POST /file.php - Response sent successfully (200) [Wed Jul 20 12:50:13 2011] ::1:50523 GET /file.txt - Request read [Wed Jul 20 12:50:13 2011] ::1:50523 GET /file.txt - No such file or directory [Wed Jul 20 12:50:13 2011] ::1:50523 GET /file.txt - Sending error page (404) ------------------------------------------------------------------------ [2011-07-03 14:35:11] nbpo...@php.net Description: ------------ The built-in webserver repeatably segfaults for me when I send the following requests (in this order): 1. A multipart/form-data POST request 2. A GET request for a non-existent file Test script: --------------- Create an empty (0 byte) PHP file named file.php. Start the webserver from that file's directory. Then run the following commands: curl --form a=b http://127.0.0.1:8000/file.php curl http://127.0.0.1:8000/does_not_exist Expected result: ---------------- Requests should be returned by the server without segfaulting. Actual result: -------------- After the second request has been made, I receive a segfault: Program received signal SIGSEGV, Segmentation fault. _zend_mm_free_int (heap=0xc91250, p=0xc889c8) at /home/nbpoole/php/php5.4-201107031630/Zend/zend_alloc.c:2100 2100 if (ZEND_MM_IS_FREE_BLOCK(next_block)) { (gdb) bt #0 _zend_mm_free_int (heap=0xc91250, p=0xc889c8) at /home/nbpoole/php/php5.4-201107031630/Zend/zend_alloc.c:2100 #1 0x00000000006272f1 in destroy_uploaded_files_hash () at /home/nbpoole/php/php5.4-201107031630/main/rfc1867.c:199 #2 0x0000000000625585 in sapi_deactivate () at /home/nbpoole/php/php5.4-201107031630/main/SAPI.c:533 #3 0x000000000071fe81 in php_cli_server_send_error_page (server=<value optimized out>, client=<value optimized out>, status=<value optimized out>) at /home/nbpoole/php/php5.4-201107031630/sapi/cli/php_cli_server.c:1524 #4 0x00000000007207c9 in php_cli_server_begin_send_static (server=0xc89ba0, client=0xdfecf0) at /home/nbpoole/php/php5.4-201107031630/sapi/cli/php_cli_server.c:1635 #5 php_cli_server_dispatch (server=0xc89ba0, client=0xdfecf0) at /home/nbpoole/php/php5.4-201107031630/sapi/cli/php_cli_server.c:1747 #6 php_cli_server_recv_event_read_request (server=0xc89ba0, client=0xdfecf0) at /home/nbpoole/php/php5.4-201107031630/sapi/cli/php_cli_server.c:1890 #7 0x00000000007211ea in php_cli_server_do_event_for_each_fd_callback (_params=<value optimized out>, fd=<value optimized out>, event=<value optimized out>) at /home/nbpoole/php/php5.4-201107031630/sapi/cli/php_cli_server.c:1976 #8 0x000000000072185a in php_cli_server_poller_iter_on_active (argc=<value optimized out>, argv=<value optimized out>) at /home/nbpoole/php/php5.4-201107031630/sapi/cli/php_cli_server.c:670 #9 php_cli_server_do_event_for_each_fd (argc=<value optimized out>, argv=<value optimized out>) at /home/nbpoole/php/php5.4-201107031630/sapi/cli/php_cli_server.c:2002 #10 php_cli_server_do_event_loop (argc=<value optimized out>, argv=<value optimized out>) at /home/nbpoole/php/php5.4-201107031630/sapi/cli/php_cli_server.c:2012 #11 do_cli_server (argc=<value optimized out>, argv=<value optimized out>) at /home/nbpoole/php/php5.4-201107031630/sapi/cli/php_cli_server.c:2097 #12 0x000000000071a33e in main (argc=<value optimized out>, argv=<value optimized out>) at /home/nbpoole/php/php5.4-201107031630/sapi/cli/php_cli.c:1359 ------------------------------------------------------------------------ -- Edit this bug report at https://bugs.php.net/bug.php?id=55121&edit=1
