From: gavin at vess dot com Operating system: Linux 2.6.5 PHP version: 4CVS-2004-05-29 (stable) PHP Bug Type: Zend Engine 2 problem Bug description: overrun / crash
Description: ------------ First, this is a Zend engine 1 problem (but I don't see that as an option in the bug report form). I am using a copy of php4-STABLE from 2 days ago, compiled with debuging enabled. Backtrace included below showing SEGV. Zend's output ============= pws/setup/set_config.php --------------------------------------- Zend/zend_ini.c(53) : Block 0x08A06B40 status: Beginning: Overrun (magic=0x6D6F682F, expected=0x7312F8DC) The fast cgi process then terminated itself. Reproduce code: --------------- Download http://phpwebsite.appstate.edu/downloads/daily-cvs/phpwebsite-cvs-core.tar.gz In setup/set_config.php, find "PHPWS_Form::formHidden" near line 234. Replace all code from there to end of file with: echo PHPWS_Form::formHidden($back); echo PHPWS_Form::formSubmit("Return to Setup"); } } ?> </body> </html> Expected result: ---------------- PHP process dies when accesing the web page /pws/. Strangely, commenting out either one of the two echo's above results in a normal page creation. Also, replacing the trivial method bodies of formHidden and/or formSubmit with a simple "return 'hello world'" does not stop PHP from dying. Also odd, adding "<? exit(); ?>" to the end of the file results in a normal page creation .. but looking at the backtrace, I can see how that is related to the area seg faulting. Actual result: -------------- '/home/vess/tiffany.vess.com/pws/setup/set_config.php' --------------------------------------- /var/tmp/portage/gb_phpbeta-4.3.7/work/gb_phpbeta-4.3.7/Zend/zend_ini.c(53) : Block 0x082D7348 status: Beginning: Overrun (magic=0x6D6F682F, expected=0x7312F8DC) Program received signal SIGSEGV, Segmentation fault. _mem_block_check (ptr=0x82d736c, silent=0, __zend_filename=0x81bb228 "/var/tmp/portage/gb_phpbeta-4.3.7/work/gb_phpbeta-4.3.7/Zend/zend_ini.c", __zend_lineno=53, __zend_orig_filename=0x0, __zend_orig_lineno=0) at /var/tmp/portage/gb_phpbeta-4.3.7/work/gb_phpbeta-4.3.7/Zend/zend_alloc.c:675 675 memcpy(&end_magic, (((char *) p)+sizeof(zend_mem_header)+MEM_HEADER_PADDING+p->size), sizeof(long)); (gdb) bt #0 _mem_block_check (ptr=0x82d736c, silent=0, __zend_filename=0x81bb228 "/var/tmp/portage/gb_phpbeta-4.3.7/work/gb_phpbeta-4.3.7/Zend/zend_ini.c", __zend_lineno=53, __zend_orig_filename=0x0, __zend_orig_lineno=0) at /var/tmp/portage/gb_phpbeta-4.3.7/work/gb_phpbeta-4.3.7/Zend/zend_alloc.c:675 #1 0x08151592 in _mem_block_check (ptr=0x82d736c, silent=1, __zend_filename=0x81bb228 "/var/tmp/portage/gb_phpbeta-4.3.7/work/gb_phpbeta-4.3.7/Zend/zend_ini.c", __zend_lineno=53, __zend_orig_filename=0x0, __zend_orig_lineno=0) at /var/tmp/portage/gb_phpbeta-4.3.7/work/gb_phpbeta-4.3.7/Zend/zend_alloc.c:683 #2 0x08150ae2 in _efree (ptr=0x82d736c, __zend_lineno=53, __zend_orig_lineno=0) at /var/tmp/portage/gb_phpbeta-4.3.7/work/gb_phpbeta-4.3.7/Zend/zend_alloc.c:243 #3 0x08168cdd in zend_restore_ini_entry_cb (ini_entry=0x81dfda8, stage=8) at /var/tmp/portage/gb_phpbeta-4.3.7/work/gb_phpbeta-4.3.7/Zend/zend_ini.c:53 #4 0x08163d7c in zend_hash_apply_with_argument (ht=0x81dbbe0, apply_func=0x8168c93 <zend_restore_ini_entry_cb>, argument=0x8) at /var/tmp/portage/gb_phpbeta-4.3.7/work/gb_phpbeta-4.3.7/Zend/zend_hash.c:717 #5 0x08168dda in zend_ini_deactivate () at /var/tmp/portage/gb_phpbeta-4.3.7/work/gb_phpbeta-4.3.7/Zend/zend_ini.c:89 #6 0x0815ee33 in zend_deactivate () at /var/tmp/portage/gb_phpbeta-4.3.7/work/gb_phpbeta-4.3.7/Zend/zend.c:674 #7 0x081353d9 in php_request_shutdown (dummy=0x0) at /var/tmp/portage/gb_phpbeta-4.3.7/work/gb_phpbeta-4.3.7/main/main.c:996 #8 0x08175c80 in main (argc=7, argv=0xbffff7e4) at /var/tmp/portage/gb_phpbeta-4.3.7/work/gb_phpbeta-4.3.7/sapi/cgi/cgi_main.c:1774 (gdb) -- Edit bug report at http://bugs.php.net/?id=28565&edit=1 -- Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=28565&r=trysnapshot4 Try a CVS snapshot (php5): http://bugs.php.net/fix.php?id=28565&r=trysnapshot5 Fixed in CVS: http://bugs.php.net/fix.php?id=28565&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=28565&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=28565&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=28565&r=needscript Try newer version: http://bugs.php.net/fix.php?id=28565&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=28565&r=support Expected behavior: http://bugs.php.net/fix.php?id=28565&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=28565&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=28565&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=28565&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=28565&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=28565&r=dst IIS Stability: http://bugs.php.net/fix.php?id=28565&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=28565&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=28565&r=float
