ID: 14599
Comment by: josh dot nospam at hostyour dot info dot nospam
Reported By: darren at coolpink dot net
Status: Closed
Bug Type: Reproducible crash
Operating System: SuSE Linux 6.4
PHP Version: 4.1.0
New Comment:
I've noticed the same problem, and reproduced it in my own. I have PHP
4.3.4 and Zend Optimizer 2.5.0 installed on RH7.3
If I have a function that has a do..while(); construction in it, inside
a block container { }, PHP will segfault on exiting the block container
UNLESS I have a statement in between the end of the while (); and the
closing brace of the block.
This snippet segfaults:
function announce()
{
global $totalRows_announce, $row_announce, $announce, $srs;
$ann = "";
if ($totalRows_announce > 0) {
do {
$author = mysql_result(mysql_query("SELECT nick FROM players
WHERE
id='".$row_announce['author']."'", $srs), 0, "nick") or
die(mysql_error());
$msg_body =
stripslashes(implode("<br>",explode("\n",$row_announce['msg_body'])));
$ann .= textBlock(textBlock($row_announce['subject'], "",
"anntitle") . br() .
textBlock("Posted by:".$author." | On:
".$row_announce['posted_date'], "", "annhead") . br() .
textBlock($msg_body, "", "annbody"), "",
(($row_announce['urgent']
== 1) ? "redrow" : ((($ctr++) % 2) ? "lightrow" : "darkrow"))) . br();
} while ($row_announce = mysql_fetch_assoc($announce));
} else {
$ann = textBlock("No Announcements", "", "loginerr");
}
return $ann;
}
This one does not:
function announce()
{
global $totalRows_announce, $row_announce, $announce, $srs;
$ann = "";
if ($totalRows_announce > 0) {
do {
$author = mysql_result(mysql_query("SELECT nick FROM players
WHERE
id='".$row_announce['author']."'", $srs), 0, "nick") or
die(mysql_error());
$msg_body =
stripslashes(implode("<br>",explode("\n",$row_announce['msg_body'])));
$ann .= textBlock(textBlock($row_announce['subject'], "",
"anntitle") . br() .
textBlock("Posted by:".$author." | On:
".$row_announce['posted_date'], "", "annhead") . br() .
textBlock($msg_body, "", "annbody"), "",
(($row_announce['urgent']
== 1) ? "redrow" : ((($ctr++) % 2) ? "lightrow" : "darkrow"))) . br();
} while ($row_announce = mysql_fetch_assoc($announce));
echo "";
} else {
$ann = textBlock("No Announcements", "", "loginerr");
}
return $ann;
}
Note that the only difference between the two is the echo ""; statement
immediately following the while(); clause.
This does NOT happen in "global" execution. A do..while() loop that
lives outside any function's scope works just fine; I have several
other do..while() constructs outside of functions that work with no
problems. The segfault seems to only happen when the do..while(); is
inside a function AND inside a block container (in this case, belonging
to an if statement).
Any ideas?
Previous Comments:
------------------------------------------------------------------------
[2002-10-31 03:39:38] john at alamak dot com dot sg
I get this all the time when I include a recursive function call. I've
tried rewriting the function several ways and get intermitten
Segmentation faults.
I"ve tried just opening the fh and going down recursive directories
with this, got the seg faults often.This version
buffers the file names in an array, closes the directory handle then
processes the array, to count certain types of files in the directory
tree. Still segfaults often enough to make it unreliable. I turned on
the autoflush in php.ini and it dies in this routine.
FreeBSD 4.5-RELEASE
Apache/1.3.26 (Unix) PHP/4.2.2 mod_ssl/2.8.9 OpenSSL/0.9.6g
RegisterGlobals = On :)
function CountFiles($dir,$d) {
global $home;
global $prod_count;
$farray = array(); $d++;
if (is_dir("$home$dir")) {
print "<!-- ISDIR dir=$dir level=$d -->\n";
if ($dfh = @opendir("$home$dir")) {
while (($fil = readdir($dfh)) !== false) {
if (!preg_match("/^\.+$/", $fil)) {
array_push($farray,"$fil");
}
}
closedir($dfh);
if (count($farray) > 0) {
while (list ($key, $file) = each ($farray)) {
if (is_dir("$home$dir/$file")) {
CountFiles("$dir/$file",$d);
flush();
} else if (preg_match("/^thumb_\w+\.|\.wav$|\.aif$/", $file))
{ $prod_count++;
print "<!-- POST dir=$dir/$file prod_count=$prod_count -->\n";
flush();
}
}
}
}
}
flush();
}
It's not entirely reproducible, but once I got a directory where it
causes the segfault I can comment out this routine and it's okay,
comment it back and reload and it segfaults.
So in that sense it's reproducible. Restarting the web server has no
effect. Though if I reload enough times sometimes the script completes,
there is definitely some sort of bug, maybe the filehandle or array
declaration isn't local or leaks out, not sure.
------------------------------------------------------------------------
[2002-01-09 02:10:59] [EMAIL PROTECTED]
No feedback. Closing.
------------------------------------------------------------------------
[2001-12-19 07:30:43] [EMAIL PROTECTED]
Please provide a small script which can be used to produce this error,
and also, if you can, provide a backtrace.
http://bugs.php.net/bugs-generating-backtrace.php
R.
------------------------------------------------------------------------
[2001-12-19 07:21:39] darren at coolpink dot net
PHP script stops 3/4 of the way down a medium sized page. This happens
in exactly the same place.
Apache log shows:
[Wed Dec 19 11:24:55 2001] [notice] child pid 13078 exit signal
Segmentation fault (11)
[Wed Dec 19 11:26:55 2001] [notice] child pid 12877 exit signal
Segmentation fault (11)
[Wed Dec 19 11:27:51 2001] [notice] child pid 13465 exit signal
Segmentation fault (11)
[Wed Dec 19 11:28:45 2001] [notice] child pid 13468 exit signal
Segmentation fault (11)
[Wed Dec 19 11:30:54 2001] [notice] child pid 13469 exit signal
Segmentation fault (11)
[Wed Dec 19 11:34:17 2001] [notice] child pid 13566 exit signal
Segmentation fault (11)
[Wed Dec 19 11:34:37 2001] [notice] child pid 13580 exit signal
Segmentation fault (11)
[Wed Dec 19 11:34:39 2001] [notice] child pid 13581 exit signal
Segmentation fault (11)
[Wed Dec 19 11:34:48 2001] [notice] child pid 13582 exit signal
Segmentation fault (11)
[Wed Dec 19 11:39:15 2001] [notice] caught SIGTERM, shutting down
[Wed Dec 19 11:43:15 2001] [notice] Apache/1.3.12 (Unix) (SuSE/Linux)
mod_fastcgi/2.2.2 mod_perl/1.21 PHP/4.1.0 configured -- res
uming normal operations
[Wed Dec 19 11:43:15 2001] [notice] suEXEC mechanism enabled (wrapper:
/usr/sbin/suexec)
ild pid 13078 exit signal Segmentation fault (11)[Wed Dec 19 12:05:32
2001] [notice] child pid 163 exit signal Segmentation fault
The PHP page is meant to output a html form containing hidden form
fields.
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=14599&edit=1
