ID: 40921 Updated by: [EMAIL PROTECTED] Reported By: trickie at gmail dot com -Status: Open +Status: Assigned Bug Type: Reproducible crash Operating System: Gentoo Linux PHP Version: 5.2.1 -Assigned To: +Assigned To: iliaa
Previous Comments: ------------------------------------------------------------------------ [2007-03-26 14:09:25] trickie at gmail dot com Description: ------------ If you POST a request that triggers the default post reader (php_default_post_reader), and that request exceeds post_max_size then apache will segmentation fault. I first found this using the SOAP extension. Reproduce code: --------------- I have not been able to come up with a simple reproduce code, i can submit some of the more complex soap code i am using if necessary Expected result: ---------------- Normal processing of a POST request Actual result: -------------- Patch available: http://trickie.org/code/max_post_fix.patch GDB backtrace: Starting program: /usr/sbin/apache2 -X -D DEFAULT_VHOST -D PHP5 -f /etc/apache2/httpd.conf -k start (no debugging symbols found) Failed to read a valid object file image from memory. (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) [Thread debugging using libthread_db enabled] [New Thread -1213380944 (LWP 4640)] Program received signal SIGSEGV, Segmentation fault. [Switching to Thread -1213380944 (LWP 4640)] 0xb7747565 in _estrndup (s=0x0, length=743, __zend_filename=0xb7a05214 "/var/tmp/portage/dev-lang/php-5.2.1-r300/work/php5.2-200703260630/main/php_content_types.c", __zend_lineno=49, __zend_orig_filename=0x0, __zend_orig_lineno=0) at /var/tmp/portage/dev-lang/php-5.2.1-r300/work/php5.2-200703260630/Zend/zend_alloc.c:2351 2351 /var/tmp/portage/dev-lang/php-5.2.1-r300/work/php5.2-200703260630/Zend/zend_alloc.c: No such file or directory. in /var/tmp/portage/dev-lang/php-5.2.1-r300/work/php5.2-200703260630/Zend/zend_alloc.c (gdb) bt #0 0xb7747565 in _estrndup (s=0x0, length=743, __zend_filename=0xb7a05214 "/var/tmp/portage/dev-lang/php-5.2.1-r300/work/php5.2-200703260630/main/php_content_types.c", __zend_lineno=49, __zend_orig_filename=0x0, __zend_orig_lineno=0) at /var/tmp/portage/dev-lang/php-5.2.1-r300/work/php5.2-200703260630/Zend/zend_alloc.c:2351 #1 0xb771d24a in php_default_post_reader () at /var/tmp/portage/dev-lang/php-5.2.1-r300/work/php5.2-200703260630/main/php_content_types.c:49 #2 0xb7717e32 in sapi_read_post_data () at /var/tmp/portage/dev-lang/php-5.2.1-r300/work/php5.2-200703260630/main/SAPI.c:190 #3 0xb77185e8 in sapi_activate () at /var/tmp/portage/dev-lang/php-5.2.1-r300/work/php5.2-200703260630/main/SAPI.c:372 #4 0xb77108d6 in php_request_startup () at /var/tmp/portage/dev-lang/php-5.2.1-r300/work/php5.2-200703260630/main/main.c:1105 #5 0xb77dc3c8 in php_apache_request_ctor (r=0x8254238, ctx=0x8255700) at /var/tmp/portage/dev-lang/php-5.2.1-r300/work/php5.2-200703260630/sapi/apache2handler/sapi_apache2.c:458 #6 0xb77dc989 in php_handler (r=0x8254238) at /var/tmp/portage/dev-lang/php-5.2.1-r300/work/php5.2-200703260630/sapi/apache2handler/sapi_apache2.c:574 #7 0x0806a4f8 in ap_run_handler () #8 0x0806d5c1 in ap_invoke_handler () #9 0x0806735e in ap_process_request () #10 0x0806116b in _start () ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=40921&edit=1
