Edit report at https://bugs.php.net/bug.php?id=61757&edit=1
ID: 61757
User updated by: joe at creativeanvil dot com
Reported by: joe at creativeanvil dot com
Summary: Apache Segfault zend_hash_quick_find
Status: Open
Type: Bug
Package: Apache2 related
Operating System: CentOS 6.2
PHP Version: 5.4.0
Block user comment: N
Private report: N
New Comment:
Also, tried the latest 5.4 build and still have the same issue. 5.3.10 does not
produce the same problem. Additional backtrace info on latest 5.4 build:
#0 0x00007f5604d87661 in gc_zval_possible_root (zv=0x7f5611cabf20) at
/usr/local/src/php5.4-201204171930/Zend/zend_gc.c:143
#1 0x00007f5604d9aabd in gc_zval_check_possible_root
(execute_data=0x7f560f922aa0) at /usr/local/src/php5.4-
201204171930/Zend/zend_gc.h:183
#2 i_zval_ptr_dtor (execute_data=0x7f560f922aa0) at /usr/local/src/php5.4-
201204171930/Zend/zend_execute.h:97
#3 zend_leave_helper_SPEC (execute_data=0x7f560f922aa0) at
/usr/local/src/php5.4-201204171930/Zend/zend_vm_execute.h:468
#4 0x00007f5604dd0700 in execute (op_array=0x7f5611e80f10) at
/usr/local/src/php5.4-201204171930/Zend/zend_vm_execute.h:410
#5 0x00007f5604d678cf in zend_execute_scripts (type=8, retval=0x0,
file_count=3)
at /usr/local/src/php5.4-201204171930/Zend/zend.c:1272
#6 0x00007f5604d0b3e7 in php_execute_script (primary_file=0x7fff71019fc0) at
/usr/local/src/php5.4-201204171930/main/main.c:2473
#7 0x00007f5604e11765 in php_handler (r=0x7f5611c6d348) at
/usr/local/src/php5.4-201204171930/sapi/apache2handler/sapi_apache2.c:667
#8 0x00007f560fa14b00 in ap_run_handler ()
#9 0x00007f560fa183be in ap_invoke_handler ()
#10 0x00007f560fa23a30 in ap_process_request ()
#11 0x00007f560fa208f8 in ?? ()
#12 0x00007f560fa1c608 in ap_run_process_connection ()
#13 0x00007f560fa28807 in ?? ()
#14 0x00007f560fa28b1a in ?? ()
#15 0x00007f560fa28e4b in ap_mpm_run ()
#16 0x00007f560fa00900 in main ()
Previous Comments:
------------------------------------------------------------------------
[2012-04-17 17:20:25] joe at creativeanvil dot com
Sorry, forgot config line on report:
./configure --with-apxs2=/usr/sbin/apxs --enable-cli --enable-exif
--enable-mbstring --enable-mbregex --enable-sockets --with-mysql
--with-mysqli=/usr/bin/mysql_config --with-pdo-
mysql --with-libdir=lib64 --with-zlib --with-gd --with-jpeg-dir=/usr/lib64
--enable-soap --enable-calendar --with-freetype-dir=/usr/lib64
--with-libexpat-dir --enable-ftp --enable-
calendar --with-curl
------------------------------------------------------------------------
[2012-04-17 17:16:13] joe at creativeanvil dot com
Description:
------------
Appears that in certain cases when trying to access an array key that does not
exist, apache segfaults.
Test script:
---------------
$this->line_item_array = array('14441454');
foreach($this->line_item_array as $line_num => $line_item) {
if($line_item['pallets'] > 0) {
$pallets = " on
{$line_item['pallets']} pallet(s)";
} else {
$pallets = '';
}
$line_num += 1;
$handling_unit =
strtolower($line_item['handling_unit']);
$dims = (!empty($line_item['length']))
? ", {$line_item['length']}x{$line_item['width']}x{$line_item['height']}" : '';
$text .= "{$line_item['pieces']}
$handling_unit$pallets$dims\n";
}
Expected result:
----------------
Notices and warnings thrown about non-existent indexes, not a segfault.
Actual result:
--------------
Loaded symbols for /lib64/libkrb5support.so.0
Reading symbols from /lib64/libkeyutils.so.1...(no debugging symbols
found)...done.
Loaded symbols for /lib64/libkeyutils.so.1
Reading symbols from /usr/lib64/apr-util-1/apr_ldap-1.so...(no debugging
symbols
found)...done.
Loaded symbols for /usr/lib64/apr-util-1/apr_ldap-1.so
Core was generated by `/usr/sbin/httpd -k start'.
Program terminated with signal 11, Segmentation fault.
#0 0x00007f7683eb9d71 in zend_hash_quick_find (ht=0x7f76912e0f48,
arKey=0x7f768e9a25a0 "handling_unit", nKeyLength=14, h=12662310260902317513,
pData=0x7fffa613be18) at /usr/local/src/php-5.4.0/Zend/zend_hash.c:950
950 p = ht->arBuckets[nIndex];
------------------------------------------------------------------------
--
Edit this bug report at https://bugs.php.net/bug.php?id=61757&edit=1
