ID: 38017
User updated by: baco at infomaniak dot ch
Reported By: baco at infomaniak dot ch
-Status: Feedback
+Status: Open
Bug Type: XML related
Operating System: Linux Debian Sarge
PHP Version: 5.1.4
New Comment:
Thanks for the link how-to debug PHP because with first
method I wasn't able to have a core file.
gdb bin/httpd
...
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1210309344 (LWP 29253)]
0xb7e3d07f in memcpy () from /lib/tls/libc.so.6
bt
0xb7e3d07f in memcpy () from /lib/tls/libc.so.6
(gdb) bt
#0 0xb7e3d07f in memcpy () from /lib/tls/libc.so.6
#1 0x0808b76f in XML_Parse ()
#2 0x085f03e4 in ?? ()
#3 0x00000039 in ?? ()
#4 0xb78e225e in _emalloc (size=140444644,
__zend_filename=0xb78a1ac0
"U1À\211å\203ì(\211D$\0301À\211D$\024¸Ç",
__zend_lineno=0, __zend_orig_filename=0x0,
__zend_orig_lineno=0)
at
/tmp/INFOMANIAK/BUILD/php-5.1.4/20060705185658/php-5.1.4/Zend/zend_alloc.c:214
#5 0xb7919aa8 in zend_do_fcall_common_helper_SPEC
(execute_data=0xbfb698c0)
at zend_vm_execute.h:200
#6 0xb79191c8 in execute (op_array=0x85f009c) at
zend_vm_execute.h:92
#7 0xb78fb430 in zend_execute_scripts (type=8, retval=0x0,
file_count=3)
at
/tmp/INFOMANIAK/BUILD/php-5.1.4/20060705185658/php-5.1.4/Zend/zend.c:1109
#8 0xb78b77c3 in php_execute_script
(primary_file=0xbfb6bc40)
at
/tmp/INFOMANIAK/BUILD/php-5.1.4/20060705185658/php-5.1.4/main/main.c:1732
#9 0xb796fee9 in apache_php_module_main (r=0x812289c,
display_source_mode=0)
at
/tmp/INFOMANIAK/BUILD/php-5.1.4/20060705185658/php-5.1.4/sapi/apache/sapi_apache.c:53
#10 0xb7970aca in send_php (r=0x812289c,
display_source_mode=0, filename=0x0)
at
/tmp/INFOMANIAK/BUILD/php-5.1.4/20060705185658/php-5.1.4/sapi/apache/mod_php5.c:661
#11 0xb7970c53 in send_parsed_php (r=0x812289c)
at
/tmp/INFOMANIAK/BUILD/php-5.1.4/20060705185658/php-5.1.4/sapi/apache/mod_php5.c:676
#12 0x08055dff in ap_invoke_handler ()
#13 0x0812289c in ?? ()
#14 0xb7b3f394 in zend_vm_decode.1 ()
from /opt/apache/libexec/libphp5.so
#15 0x00000017 in ?? ()
#16 0xffffffff in ?? ()
#17 0xffffffff in ?? ()
#18 0xffffffff in ?? ()
#19 0x080c19b4 in ?? ()
#20 0x080c19a4 in ?? ()
#21 0x08122ba4 in ?? ()
#22 0xbfb6bfa0 in ?? ()
#23 0x00000002 in ?? ()
#24 0x0805592c in run_method ()
#25 0x00000017 in ?? ()
#26 0x085c5ce8 in ?? ()
#27 0x0812289c in ?? ()
#28 0x084ce32c in ?? ()
#29 0x0812289c in ?? ()
#30 0xb7f54d32 in add_env_module_vars_unset ()
from /opt/apache/libexec/mod_env.so
#31 0x00000017 in ?? ()
#32 0x00000000 in ?? ()
#33 0x084ce32c in ?? ()
#34 0x085c5ce8 in ?? ()
#35 0x0806f3c1 in process_request_internal ()
#36 0x0812289c in ?? ()
#37 0xb7f4dd68 in ?? ()
#38 0x00000001 in ?? ()
#39 0x00000000 in ?? ()
#40 0x0812421c in ?? ()
#41 0x080acece in priorities ()
#42 0xb7dd8974 in __libc_start_main ()
from /lib/tls/libc.so.6
#43 0xb7dd8974 in __libc_start_main ()
from /lib/tls/libc.so.6
#44 0x08050051 in _start ()
at ../sysdeps/i386/elf/start.S:102
Previous Comments:
------------------------------------------------------------------------
[2006-07-05 18:11:23] [EMAIL PROTECTED]
strace does not add any value.
But GDB backtrace could do that.
See this link http://bugs.php.net/bugs-generating-backtrace.php
------------------------------------------------------------------------
[2006-07-05 18:06:29] baco at infomaniak dot ch
New strace of previous code
open("/home/www/29212ea8a58d20e52ba0886bd64685bb/web/test.php",
O_RDONLY) = 7
fstat64(7, {st_mode=S_IFREG|0644, st_size=235, ...}) = 0
lseek(7, 0, SEEK_CUR) = 0
read(7, "<?php\n\t$data = \'<?xml version=\"1"..., 8192) =
235
read(7, "", 8192) = 0
read(7, "", 8192) = 0
brk(0) = 0x85f2000
brk(0x8613000) = 0x8613000
close(7) = 0
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
chdir("/opt/apache") = 0
rt_sigaction(SIGSEGV, {SIG_DFL}, {SIG_DFL}, 8) = 0
getpid() = 29068
kill(29068, SIGSEGV) = 0
sigreturn() = ? (mask now [])
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
Process 29068 detached
New gdb output from new code
(gdb) continue
Continuing.
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1210239712 (LWP 29128)]
0xb7e4e07f in memcpy () from /lib/tls/libc.so.6
------------------------------------------------------------------------
[2006-07-05 17:51:45] baco at infomaniak dot ch
Exemple without any external xml.
$ cat test.php
<?php
$data = '<?xml version="1.0"
encoding="ISO-8859-1" ?><baco></baco>';
$xml_parser = xml_parser_create("ISO-8859-1");
xml_parse_into_struct($xml_parser, $data, $vals, $index);
xml_parser_free($xml_parser);
print_r($vals);
?>
$ /opt/php/bin/php test.php
Array
(
[0] => Array
(
[tag] => BACO
[type] => complete
[level] => 1
)
)
$ wget -O- http://localhost/test.php
Connecting to localhost[127.0.0.1]:80... connected.
HTTP request sent, awaiting response...
End of file while parsing headers.
Retrying.
...looping forever...
$ tail -n1 /var/log/httpd/error
[Wed Jul 5 19:48:49 2006] [notice] child pid 28993 exit
signal Segmentation fault (11)
------------------------------------------------------------------------
[2006-07-05 17:34:19] [EMAIL PROTECTED]
Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves.
A proper reproducing script starts with <?php and ends with ?>,
is max. 10-20 lines long and does not require any external
resources such as databases, etc.
If possible, make the script source available online and provide
an URL to it here. Try to avoid embedding huge scripts into the report.
------------------------------------------------------------------------
[2006-07-05 17:32:55] baco at infomaniak dot ch
Description:
------------
PHP5 Segmentation fault when a script call
xml_parser_create() under Apache but not when called
from the CLI ?!?
$ wget -O- http://.../xml.php
=> Crash of Apache thread
HTTP request sent, awaiting response...
End of file while parsing headers.
Retrying.
child pid ... exit signal Segmentation fault (11)
$ php xml.php
=> result OK
Reproduce code:
---------------
PHP Code to reproduce the segmentation fault inside Apache
$file = "data.xml";
$data = '';
if (!($fp = fopen($file, "r"))) {
die("could not open XML input");
}
while (!feof($fp)) {
$data .= fread($fp, 8192);
}
fclose($fp);
$xml_parser = xml_parser_create("ISO-8859-1");
# crash at this point
xml_parse_into_struct($xml_parser, $data, $vals, $index);
xml_parser_free($xml_parser);
print_r($vals);
Expected result:
----------------
Expected to return on Apache but only output this when I
call the script from PHP CLI.
Array
(
[0] => Array
(
...
)
...
)
Actual result:
--------------
N.B.
php.ini and php-cli.ini are the same.
ldd on php cli and on libphp5.so both
use same libxml2 from Debian Sarge.
Result
(gdb) continue
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1210239712 (LWP 28800)]
0x0808b14c in XML_ParserFree ()
strace
open("/home/www/29212ea8a58d20e52ba0886bd64685bb/web/test-xml/data.xml",
O_RDONLY) = 7
fstat64(7, {st_mode=S_IFREG|0644, st_size=113, ...}) = 0
lseek(7, 0, SEEK_CUR) = 0
read(7, "<?xml version=\"1.0\" encoding=\"IS"..., 8192) =
113
read(7, "", 8192) = 0
close(7) = 0
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
chdir("/opt/apache") = 0
rt_sigaction(SIGSEGV, {SIG_DFL}, {SIG_DFL}, 8) = 0
getpid() = 28871
kill(28871, SIGSEGV) = 0
sigreturn() = ? (mask now [])
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
PHP Compiled with
'./configure' '--prefix=/opt/php' '--mandir=/usr/share/man'
'--with-apxs=/opt/apache/bin/apxs' '--disable-cgi'
'--with-config-file-path=/opt/php/lib' '--disable-sigchild'
'--disable-ipv6' '--disable-all' '--enable-libxml'
'--with-libxml-dir' '--with-openssl' '--with-kerberos'
'--with-pcre-regex' '--with-zlib' '--with-zlib-dir'
'--enable-bcmath' '--enable-calendar' '--enable-ctype'
'--with-curl' '--enable-dom' '--enable-exif' '--enable-ftp'
'--with-openssl-dir' '--with-gd' '--with-jpeg-dir'
'--with-png-dir' '--with-xpm-dir' '--with-ttf'
'--with-freetype-dir' '--enable-gd-native-ttf'
'--with-gettext' '--with-gmp' '--with-iconv' '--with-imap'
'--with-imap-ssl' '--enable-mbstring' '--enable-mbregex'
'--with-mcrypt' '--with-mhash'
'--with-mysql=/opt/misc/mysql'
'--with-mysqli=/opt/misc/mysql/bin/mysql_config'
'--enable-pdo' '--with-pdo-mysql=/opt/misc/mysql'
'--enable-posix' '--enable-session' '--enable-simplexml'
'--enable-soap' '--enable-spl' '--with-tidy'
'--enable-tokenizer' '--enable-wddx' '--enable-xml'
'--with-libexpat-dir' '--with-xmlrpc' '--with-iconv-dir'
'--with-xsl' '--with-pear' '--enable-memory-limit'
'--enable-zend-multibyte' '--with-ming=/opt/misc/ming'
'--enable-debug'
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=38017&edit=1
