#28807 [NEW]: Apache 2 child segfaults on request after script with xinclude

rmolier at more-it dot com Wed, 16 Jun 2004 08:48:04 -0700

From:             rmolier at more-it dot com
Operating system: Fedora Core 1+2 / RHEL AS 3
PHP version:      4.3.6
PHP Bug Type:     DOM XML related
Bug description:  Apache 2 child segfaults on request after script with xinclude


Description:
------------
I am currently working on a website which is making intensive use of the
DOM XML functionality within PHP.

All scripts thusfar created seem to work properly, however the last one,
which uses 8 xi:include statements causes Apache to generate a segfault
([notice] child pid xxxx exit signal Segmentation fault (11)) now and
then.

Running the Apache2 server within GDB generates an exception with the
following backtrace:

#0  0x002c26ad in malloc_consolidate () from /lib/tls/libc.so.6
No symbol table info available.
#1  0x002c1caa in _int_malloc () from /lib/tls/libc.so.6
No symbol table info available.
#2  0x002c109d in malloc () from /lib/tls/libc.so.6
No symbol table info available.
#3  0x0110b931 in _emalloc (size=16384)
    at /usr/src/debug/php-4.3.6/Zend/zend_alloc.c:158
        p = (zend_mem_header *) 0x379780
        real_size = 16384
        cache_index = 0
#4  0x0107ba50 in zm_activate_sockets (type=1, module_number=8)
    at /usr/src/debug/php-4.3.6/ext/sockets/sockets.c:486
No locals.
#5  0x0111df50 in module_registry_request_startup (module=0x9056018)
    at /usr/src/debug/php-4.3.6/Zend/zend_API.c:1147
No locals.
#6  0x01120409 in zend_hash_apply (ht=0x12f4660,
    apply_func=0x111df10 <module_registry_request_startup>)
    at /usr/src/debug/php-4.3.6/Zend/zend_hash.c:698
        p = (Bucket *) 0x9055fe8
#7  0x0111ae7c in zend_activate_modules ()
    at /usr/src/debug/php-4.3.6/Zend/zend.c:644
....

Looking at this backtrace I guessed the exception is thrown on the first
request after finishing the script with the xinclude, which seems to be
right checking the process id's of killed children with the process id's
of the requests handled in the log files.

The following I tested is if the script cause the same problems in case
the xinclude was disabled. And yes, no segmentation faults, only the
included XML is not processed.

Running Apache2 with MALLOC_CHECK_=1 shows me there are (in this
particular script) 17! free problems, all at the same address:

free(): invalid pointer 0x908e4d6!

Running the apache in GDB with MALLOC_CHECK_2=1 gives me the expected
exception resulting in the following backtrace:

#0  0x00111402 in ?? ()
No symbol table info available.
#1  0x00bb7e49 in raise () from /lib/tls/libc.so.6
No symbol table info available.
#2  0x00bb9872 in abort () from /lib/tls/libc.so.6
No symbol table info available.
#3  0x00bf3c7f in free_check () from /lib/tls/libc.so.6
No symbol table info available.
#4  0x00bf36e5 in free () from /lib/tls/libc.so.6
No symbol table info available.
#5  0x01a55073 in xmlFreeNode () from /usr/lib/libxml2.so.2
No symbol table info available.
#6  0x00690ee3 in php_free_xml_node (rsrc=0x0)
    at /usr/src/debug/php-4.3.6/ext/domxml/php_domxml.c:759
        node = 0x9bce8a8
#7  0x01173882 in list_entry_destructor (ptr=0x9bf2a3c)
    at /usr/src/debug/php-4.3.6/Zend/zend_list.c:177
        ld = (zend_rsrc_list_dtors_entry *) 0x9a6bd98
#8  0x011722e8 in zend_hash_apply_deleter (ht=0x13464c0, p=0x9bf29fc)
    at /usr/src/debug/php-4.3.6/Zend/zend_hash.c:608
        retval = (Bucket *) 0x0
#9  0x0117238c in zend_hash_graceful_reverse_destroy (ht=0x13464c0)
    at /usr/src/debug/php-4.3.6/Zend/zend_hash.c:674

Anybody knows what is going on?




-- 
Edit bug report at http://bugs.php.net/?id=28807&edit=1
-- 
Try a CVS snapshot (php4):  http://bugs.php.net/fix.php?id=28807&r=trysnapshot4
Try a CVS snapshot (php5):  http://bugs.php.net/fix.php?id=28807&r=trysnapshot5
Fixed in CVS:               http://bugs.php.net/fix.php?id=28807&r=fixedcvs
Fixed in release:           http://bugs.php.net/fix.php?id=28807&r=alreadyfixed
Need backtrace:             http://bugs.php.net/fix.php?id=28807&r=needtrace
Need Reproduce Script:      http://bugs.php.net/fix.php?id=28807&r=needscript
Try newer version:          http://bugs.php.net/fix.php?id=28807&r=oldversion
Not developer issue:        http://bugs.php.net/fix.php?id=28807&r=support
Expected behavior:          http://bugs.php.net/fix.php?id=28807&r=notwrong
Not enough info:            http://bugs.php.net/fix.php?id=28807&r=notenoughinfo
Submitted twice:            http://bugs.php.net/fix.php?id=28807&r=submittedtwice
register_globals:           http://bugs.php.net/fix.php?id=28807&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=28807&r=php3
Daylight Savings:           http://bugs.php.net/fix.php?id=28807&r=dst
IIS Stability:              http://bugs.php.net/fix.php?id=28807&r=isapi
Install GNU Sed:            http://bugs.php.net/fix.php?id=28807&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=28807&r=float

#28807 [NEW]: Apache 2 child segfaults on request after script with xinclude

Reply via email to