Bug #61757 [Opn]: Apache Segfault zend_hash_quick_find

Tue, 17 Apr 2012 10:20:44 -0700 

Edit report at https://bugs.php.net/bug.php?id=61757&edit=1

 ID:                 61757
 User updated by:    joe at creativeanvil dot com
 Reported by:        joe at creativeanvil dot com
 Summary:            Apache Segfault zend_hash_quick_find
 Status:             Open
 Type:               Bug
 Package:            Apache2 related
 Operating System:   CentOS 6.2
 PHP Version:        5.4.0
 Block user comment: N
 Private report:     N

 New Comment:

Sorry, forgot config line on report:

./configure --with-apxs2=/usr/sbin/apxs --enable-cli --enable-exif 
--enable-mbstring --enable-mbregex --enable-sockets --with-mysql 
--with-mysqli=/usr/bin/mysql_config --with-pdo-
mysql --with-libdir=lib64 --with-zlib --with-gd --with-jpeg-dir=/usr/lib64 
--enable-soap --enable-calendar --with-freetype-dir=/usr/lib64 
--with-libexpat-dir --enable-ftp --enable-
calendar --with-curl


Previous Comments:
------------------------------------------------------------------------
[2012-04-17 17:16:13] joe at creativeanvil dot com

Description:
------------
Appears that in certain cases when trying to access an array key that does not 
exist, apache segfaults.

Test script:
---------------
$this->line_item_array = array('14441454');

foreach($this->line_item_array as $line_num => $line_item) {
                                        if($line_item['pallets'] > 0) {
                                                $pallets = " on 
{$line_item['pallets']} pallet(s)";
                                        } else {
                                                $pallets = '';
                                        }
                                        $line_num += 1;
                                        $handling_unit = 
strtolower($line_item['handling_unit']);
                                        $dims = (!empty($line_item['length'])) 
? ", {$line_item['length']}x{$line_item['width']}x{$line_item['height']}" : '';
                                        $text .= "{$line_item['pieces']} 
$handling_unit$pallets$dims\n";
                                }

Expected result:
----------------
Notices and warnings thrown about non-existent indexes, not a segfault.

Actual result:
--------------
Loaded symbols for /lib64/libkrb5support.so.0
Reading symbols from /lib64/libkeyutils.so.1...(no debugging symbols 
found)...done.
Loaded symbols for /lib64/libkeyutils.so.1
Reading symbols from /usr/lib64/apr-util-1/apr_ldap-1.so...(no debugging 
symbols 
found)...done.
Loaded symbols for /usr/lib64/apr-util-1/apr_ldap-1.so
Core was generated by `/usr/sbin/httpd -k start'.
Program terminated with signal 11, Segmentation fault.
#0  0x00007f7683eb9d71 in zend_hash_quick_find (ht=0x7f76912e0f48, 
arKey=0x7f768e9a25a0 "handling_unit", nKeyLength=14, h=12662310260902317513, 
pData=0x7fffa613be18) at /usr/local/src/php-5.4.0/Zend/zend_hash.c:950
950             p = ht->arBuckets[nIndex];



------------------------------------------------------------------------



-- 
Edit this bug report at https://bugs.php.net/bug.php?id=61757&edit=1

Reply via email to