From: JimmyPaterson at gmx dot de Operating system: Fedora Core 6 PHP version: 5CVS-2007-04-22 (snap) PHP Bug Type: Reproducible crash Bug description: Segmentation fault in single script
Description: ------------ Segmentation fault... and I have no idea why. php.ini is the same as CVS snapshot php.ini-recommended with output_buffering = On instead of output_buffering = 4096. PHP Configure line: ./configure --with-pic --disable-rpath --without-pear --with-bz2 --with-curl --with-exec-dir=/usr/bin --enable-gd-native-ttf --without-gdbm --with-gettext --with-gmp --with-iconv --with-openssl --with-png --with-zlib --with-layout=GNU --enable-exif --enable-ftp --enable-magic-quotes --enable-sockets --enable-sysvsem --enable-sysvshm --enable-sysvmsg --enable-track-vars --enable-trans-sid --enable-yp --enable-wddx --with-kerberos --enable-ucd-snmp-hack --enable-memory-limit --enable-shmop --enable-calendar --enable-dbx --enable-dio --with-mime-magic=/usr/share/file/magic --with-xml --with-apxs2=/usr/sbin/apxs --with-mysql --with-gd --prefix=/usr/local/php5 --enable-debug Reproduce code: --------------- Full code, stripped of any includes: http://rafb.net/p/tSDfY786.html Expected result: ---------------- <pre> Header 1 Topic 11 Topic 12 Topic 13 Header 2 Topic 21 Topic 22 Topic 23 </pre> Actual result: -------------- [EMAIL PROTECTED] system]# gdb /usr/sbin/httpd GNU gdb Red Hat Linux (6.5-15.fc6rh) Copyright (C) 2006 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-redhat-linux-gnu"...(no debugging symbols found) Using host libthread_db library "/lib/libthread_db.so.1". (gdb) run -X Starting program: /usr/sbin/httpd -X (no debugging symbols found) ... (no debugging symbols found) [Thread debugging using libthread_db enabled] [New Thread -1208940848 (LWP 11923)] (no debugging symbols found) ... (no debugging symbols found) [Thread debugging using libthread_db enabled] [New Thread -1208940848 (LWP 11923)] (no debugging symbols found) ... (no debugging symbols found) [Sun Apr 22 18:51:10 2007] [warn] module php5_module is already loaded, skipping httpd: Could not reliably determine the server's fully qualified domain name, using ::1 for ServerName Program received signal SIGSEGV, Segmentation fault. [Switching to Thread -1208760624 (LWP 11884)] 0x0105fe9a in _zval_dtor (zvalue=0x5a5a5a5a, __zend_filename=0x13ebe2c "/usr/local/src/php5.2-200704221230/ext/pcre/php_pcre.c", __zend_lineno=1328) at /usr/local/src/php5.2-200704221230/Zend/zend_variables.h:32 32 if (zvalue->type <= IS_BOOL) { (gdb) bt #0 0x0105fe9a in _zval_dtor (zvalue=0x5a5a5a5a, __zend_filename=0x13ebe2c "/usr/local/src/php5.2-200704221230/ext/pcre/php_pcre.c", __zend_lineno=1328) at /usr/local/src/php5.2-200704221230/Zend/zend_variables.h:32 #1 0x010628b8 in preg_replace_impl (ht=5, return_value=0x81be6f08, return_value_ptr=0x0, this_ptr=0x0, return_value_used=1, is_callable_replace=1 '\001') at /usr/local/src/php5.2-200704221230/ext/pcre/php_pcre.c:1328 #2 0x01062942 in zif_preg_replace_callback (ht=5, return_value=0x81be6f08, return_value_ptr=0x0, this_ptr=0x0, return_value_used=1) at /usr/local/src/php5.2-200704221230/ext/pcre/php_pcre.c:1347 #3 0x0138a4ae in zend_do_fcall_common_helper_SPEC (execute_data=0xbf9c41b0) at /usr/local/src/php5.2-200704221230/Zend/zend_vm_execute.h:200 #4 0x013906bc in ZEND_DO_FCALL_SPEC_CONST_HANDLER (execute_data=0xbf9c41b0) at /usr/local/src/php5.2-200704221230/Zend/zend_vm_execute.h:1681 #5 0x01389fa9 in execute (op_array=0x81bd3fd4) at /usr/local/src/php5.2-200704221230/Zend/zend_vm_execute.h:92 #6 0x0138a674 in zend_do_fcall_common_helper_SPEC (execute_data=0xbf9c4380) at /usr/local/src/php5.2-200704221230/Zend/zend_vm_execute.h:234 #7 0x0138b297 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0xbf9c4380) at /usr/local/src/php5.2-200704221230/Zend/zend_vm_execute.h:322 #8 0x01389fa9 in execute (op_array=0x81bd3ca4) at /usr/local/src/php5.2-200704221230/Zend/zend_vm_execute.h:92 #9 0x01353d58 in zend_call_function (fci=0xbf9c4560, fci_cache=0x0) at /usr/local/src/php5.2-200704221230/Zend/zend_execute_API.c:970 #10 0x013525ed in call_user_function_ex (function_table=0x8192ef00, object_pp=0x0, function_name=0x81be5fb4, retval_ptr_ptr=0xbf9c45c4, param_count=1, params=0xbf9c45c0, no_separation=0, symbol_table=0x0) at /usr/local/src/php5.2-200704221230/Zend/zend_execute_API.c:602 #11 0x010606ab in preg_do_repl_func (function=0x81be5fb4, subject=0x81be60e8 "{{{header}}}\r\n\t\t<!--{{{block:inner}}}-->\r\n\r\n\t\t\t{{{topic}}}\r\n\t\t\t<!--{{{block:innermost}}}-->\r\n\t\t\t<!--{{{/block:innermost}}}-->\r\n\t\t<!--{{{/block:inner}}}-->\r\n\r\n\t", offsets=0x81be5df0, count=3, result=0xbf9c4620) at /usr/local/src/php5.2-200704221230/ext/pcre/php_pcre.c:808 #12 0x01061432 in php_pcre_replace_impl (pce=0x81ca5648, subject=0x81be60e8 "{{{header}}}\r\n\t\t<!--{{{block:inner}}}-->\r\n\r\n\t\t\t{{{topic}}}\r\n\t\t\t<!--{{{block:innermost}}}-->\r\n\t\t\t<!--{{{/block:innermost}}}-->\r\n\t\t<!--{{{/block:inner}}}-->\r\n\r\n\t", subject_len=159, replace_val=0x81be5fb4, is_callable_replace=1, result_len=0xbf9c47c0, limit=-1, replace_count=0xbf9c47b0) at /usr/local/src/php5.2-200704221230/ext/pcre/php_pcre.c:1031 #13 0x010610bb in php_pcre_replace ( regex=0x81be5ee0 "/<!--\\{\\{\\{block\\:\\s*([a-z_][a-z0-9_\\.]*)\\s*\\}\\}\\}-->\\s*((?R)|.*)\\s*<!--\\{\\{\\{\\/block\\:\\s*\\1\\s*\\}\\}\\}-->/is", regex_len=107, subject=0x81be60e8 "{{{header}}}\r\n\t\t<!--{{{block:inner}}}-->\r\n\r\n\t\t\t{{{topic}}}\r\n\t\t\t<!--{{{block:innermost}}}-->\r\n\t\t\t<!--{{{/block:innermost}}}-->\r\n\t\t<!--{{{/block:inner}}}-->\r\n\r\n\t", subject_len=159, replace_val=0x81be5fb4, is_callable_replace=1, result_len=0xbf9c47c0, limit=-1, replace_count=0xbf9c47b0) at /usr/local/src/php5.2-200704221230/ext/pcre/php_pcre.c:930 #14 0x01061f04 in php_replace_in_subject (regex=0x81be5d10, replace=0x81be5fb4, subject=0x81baf1b8, result_len=0xbf9c47c0, limit=-1, is_callable_replace=1 '\001', replace_count=0xbf9c47b0) at /usr/local/src/php5.2-200704221230/ext/pcre/php_pcre.c:1225 #15 0x01062866 in preg_replace_impl (ht=5, return_value=0x81be602c, return_value_ptr=0x0, this_ptr=0x0, return_value_used=1, is_callable_replace=1 '\001') at /usr/local/src/php5.2-200704221230/ext/pcre/php_pcre.c:1323 #16 0x01062942 in zif_preg_replace_callback (ht=5, return_value=0x81be602c, return_value_ptr=0x0, this_ptr=0x0, return_value_used=1) at /usr/local/src/php5.2-200704221230/ext/pcre/php_pcre.c:1347 #17 0x0138a4ae in zend_do_fcall_common_helper_SPEC (execute_data=0xbf9c4c60) at /usr/local/src/php5.2-200704221230/Zend/zend_vm_execute.h:200 #18 0x013906bc in ZEND_DO_FCALL_SPEC_CONST_HANDLER (execute_data=0xbf9c4c60) at /usr/local/src/php5.2-200704221230/Zend/zend_vm_execute.h:1681 #19 0x01389fa9 in execute (op_array=0x81bd3fd4) at /usr/local/src/php5.2-200704221230/Zend/zend_vm_execute.h:92 #20 0x0138a674 in zend_do_fcall_common_helper_SPEC (execute_data=0xbf9c4e30) at /usr/local/src/php5.2-200704221230/Zend/zend_vm_execute.h:234 #21 0x0138b297 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0xbf9c4e30) at /usr/local/src/php5.2-200704221230/Zend/zend_vm_execute.h:322 #22 0x01389fa9 in execute (op_array=0x81bd3ca4) at /usr/local/src/php5.2-200704221230/Zend/zend_vm_execute.h:92 #23 0x01353d58 in zend_call_function (fci=0xbf9c5010, fci_cache=0x0) at /usr/local/src/php5.2-200704221230/Zend/zend_execute_API.c:970 #24 0x013525ed in call_user_function_ex (function_table=0x8192ef00, object_pp=0x0, function_name=0x81be4fbc, retval_ptr_ptr=0xbf9c5074, param_count=1, params=0xbf9c5070, no_separation=0, symbol_table=0x0) at /usr/local/src/php5.2-200704221230/Zend/zend_execute_API.c:602 #25 0x010606ab in preg_do_repl_func (function=0x81be4fbc, subject=0x81be50f0 "<!--{{{block:outer}}}-->\r\n\t\t{{{header}}}\r\n\t\t<!--{{{block:inner}}}-->\r\n\r\n\t\t\t{{{topic}}}\r\n\t\t\t<!--{{{block:innermost}}}-->\r\n\t\t\t<!--{{{/block:innermost}}}-->\r\n\t\t<!--{{{/block:inner}}}-->\r\n\r\n\t<!--{{{/block"..., offsets=0x81bbdfe4, count=3, result=0xbf9c50d0) at /usr/local/src/php5.2-200704221230/ext/pcre/php_pcre.c:808 #26 0x01061432 in php_pcre_replace_impl (pce=0x81ca5648, subject=0x81be50f0 "<!--{{{block:outer}}}-->\r\n\t\t{{{header}}}\r\n\t\t<!--{{{block:inner}}}-->\r\n\r\n\t\t\t{{{topic}}}\r\n\t\t\t<!--{{{block:innermost}}}-->\r\n\t\t\t<!--{{{/block:innermost}}}-->\r\n\t\t<!--{{{/block:inner}}}-->\r\n\r\n\t<!--{{{/block"..., subject_len=212, replace_val=0x81be4fbc, is_callable_replace=1, result_len=0xbf9c5270, limit=-1, replace_count=0xbf9c5260) at /usr/local/src/php5.2-200704221230/ext/pcre/php_pcre.c:1031 #27 0x010610bb in php_pcre_replace ( regex=0x81be4eac "/<!--\\{\\{\\{block\\:\\s*([a-z_][a-z0-9_\\.]*)\\s*\\}\\}\\}-->\\s*((?R)|.*)\\s*<!--\\{\\{\\{\\/block\\:\\s*\\1\\s*\\}\\}\\}-->/is", regex_len=107, subject=0x81be50f0 "<!--{{{block:outer}}}-->\r\n\t\t{{{header}}}\r\n\t\t<!--{{{block:inner}}}-->\r\n\r\n\t\t\t{{{topic}}}\r\n\t\t\t<!--{{{block:innermost}}}-->\r\n\t\t\t<!--{{{/block:innermost}}}-->\r\n\t\t<!--{{{/block:inner}}}-->\r\n\r\n\t<!--{{{/block"..., subject_len=212, replace_val=0x81be4fbc, is_callable_replace=1, result_len=0xbf9c5270, limit=-1, replace_count=0xbf9c5260) at /usr/local/src/php5.2-200704221230/ext/pcre/php_pcre.c:930 #28 0x01061f04 in php_replace_in_subject (regex=0x81be4d24, replace=0x81be4fbc, subject=0x81baf188, result_len=0xbf9c5270, limit=-1, is_callable_replace=1 '\001', replace_count=0xbf9c5260) at /usr/local/src/php5.2-200704221230/ext/pcre/php_pcre.c:1225 #29 0x01062866 in preg_replace_impl (ht=5, return_value=0x81be5034, return_value_ptr=0x0, this_ptr=0x0, return_value_used=1, is_callable_replace=1 '\001') at /usr/local/src/php5.2-200704221230/ext/pcre/php_pcre.c:1323 #30 0x01062942 in zif_preg_replace_callback (ht=5, return_value=0x81be5034, return_value_ptr=0x0, this_ptr=0x0, return_value_used=1) at /usr/local/src/php5.2-200704221230/ext/pcre/php_pcre.c:1347 #31 0x0138a4ae in zend_do_fcall_common_helper_SPEC (execute_data=0xbf9c5710) at /usr/local/src/php5.2-200704221230/Zend/zend_vm_execute.h:200 #32 0x013906bc in ZEND_DO_FCALL_SPEC_CONST_HANDLER (execute_data=0xbf9c5710) at /usr/local/src/php5.2-200704221230/Zend/zend_vm_execute.h:1681 #33 0x01389fa9 in execute (op_array=0x81bd3fd4) at /usr/local/src/php5.2-200704221230/Zend/zend_vm_execute.h:92 #34 0x0138a674 in zend_do_fcall_common_helper_SPEC (execute_data=0xbf9c58e0) at /usr/local/src/php5.2-200704221230/Zend/zend_vm_execute.h:234 #35 0x0138b297 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0xbf9c58e0) at /usr/local/src/php5.2-200704221230/Zend/zend_vm_execute.h:322 #36 0x01389fa9 in execute (op_array=0x81bd3ca4) at /usr/local/src/php5.2-200704221230/Zend/zend_vm_execute.h:92 #37 0x01353d58 in zend_call_function (fci=0xbf9c5ac0, fci_cache=0x0) at /usr/local/src/php5.2-200704221230/Zend/zend_execute_API.c:970 #38 0x013525ed in call_user_function_ex (function_table=0x8192ef00, object_pp=0x0, function_name=0x81be3f10, retval_ptr_ptr=0xbf9c5b24, param_count=1, params=0xbf9c5b20, no_separation=0, symbol_table=0x0) at /usr/local/src/php5.2-200704221230/Zend/zend_execute_API.c:602 #39 0x010606ab in preg_do_repl_func (function=0x81be3f10, subject=0x81be4044 "<!--{{{block:outermost}}}-->\r\n\t<!--{{{block:outer}}}-->\r\n\t\t{{{header}}}\r\n\t\t<!--{{{block:inner}}}-->\r\n\r\n\t\t\t{{{topic}}}\r\n\t\t\t<!--{{{block:innermost}}}-->\r\n\t\t\t<!--{{{/block:innermost}}}-->\r\n\t\t<!--{{{/bloc"..., offsets=0x81bbe1c4, count=3, result=0xbf9c5b80) at /usr/local/src/php5.2-200704221230/ext/pcre/php_pcre.c:808 #40 0x01061432 in php_pcre_replace_impl (pce=0x81ca5648, subject=0x81be4044 "<!--{{{block:outermost}}}-->\r\n\t<!--{{{block:outer}}}-->\r\n\t\t{{{header}}}\r\n\t\t<!--{{{block:inner}}}-->\r\n\r\n\t\t\t{{{topic}}}\r\n\t\t\t<!--{{{block:innermost}}}-->\r\n\t\t\t<!--{{{/block:innermost}}}-->\r\n\t\t<!--{{{/bloc"..., subject_len=278, replace_val=0x81be3f10, is_callable_replace=1, result_len=0xbf9c5d20, limit=-1, replace_count=0xbf9c5d10) at /usr/local/src/php5.2-200704221230/ext/pcre/php_pcre.c:1031 #41 0x010610bb in php_pcre_replace ( regex=0x81bbd670 "/<!--\\{\\{\\{block\\:\\s*([a-z_][a-z0-9_\\.]*)\\s*\\}\\}\\}-->\\s*((?R)|.*)\\s*<!--\\{\\{\\{\\/block\\:\\s*\\1\\s*\\}\\}\\}-->/is", regex_len=107, subject=0x81be4044 "<!--{{{block:outermost}}}-->\r\n\t<!--{{{block:outer}}}-->\r\n\t\t{{{header}}}\r\n\t\t<!--{{{block:inner}}}-->\r\n\r\n\t\t\t{{{topic}}}\r\n\t\t\t<!--{{{block:innermost}}}-->\r\n\t\t\t<!--{{{/block:innermost}}}-->\r\n\t\t<!--{{{/bloc"..., subject_len=278, replace_val=0x81be3f10, is_callable_replace=1, result_len=0xbf9c5d20, limit=-1, replace_count=0xbf9c5d10) at /usr/local/src/php5.2-200704221230/ext/pcre/php_pcre.c:930 #42 0x01061f04 in php_replace_in_subject (regex=0x81be3cd4, replace=0x81be3f10, subject=0x81baf158, result_len=0xbf9c5d20, limit=-1, is_callable_replace=1 '\001', replace_count=0xbf9c5d10) at /usr/local/src/php5.2-200704221230/ext/pcre/php_pcre.c:1225 #43 0x01062866 in preg_replace_impl (ht=5, return_value=0x81be3f88, return_value_ptr=0x0, this_ptr=0x0, return_value_used=1, is_callable_replace=1 '\001') at /usr/local/src/php5.2-200704221230/ext/pcre/php_pcre.c:1323 #44 0x01062942 in zif_preg_replace_callback (ht=5, return_value=0x81be3f88, return_value_ptr=0x0, this_ptr=0x0, return_value_used=1) at /usr/local/src/php5.2-200704221230/ext/pcre/php_pcre.c:1347 #45 0x0138a4ae in zend_do_fcall_common_helper_SPEC (execute_data=0xbf9c61c0) at /usr/local/src/php5.2-200704221230/Zend/zend_vm_execute.h:200 #46 0x013906bc in ZEND_DO_FCALL_SPEC_CONST_HANDLER (execute_data=0xbf9c61c0) at /usr/local/src/php5.2-200704221230/Zend/zend_vm_execute.h:1681 #47 0x01389fa9 in execute (op_array=0x81bd3fd4) at /usr/local/src/php5.2-200704221230/Zend/zend_vm_execute.h:92 #48 0x0138a674 in zend_do_fcall_common_helper_SPEC (execute_data=0xbf9c6340) at /usr/local/src/php5.2-200704221230/Zend/zend_vm_execute.h:234 #49 0x0138b297 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0xbf9c6340) at /usr/local/src/php5.2-200704221230/Zend/zend_vm_execute.h:322 #50 0x01389fa9 in execute (op_array=0x81bd5570) at /usr/local/src/php5.2-200704221230/Zend/zend_vm_execute.h:92 #51 0x0138a674 in zend_do_fcall_common_helper_SPEC (execute_data=0xbf9c6c70) at /usr/local/src/php5.2-200704221230/Zend/zend_vm_execute.h:234 #52 0x0138b297 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0xbf9c6c70) at /usr/local/src/php5.2-200704221230/Zend/zend_vm_execute.h:322 #53 0x01389fa9 in execute (op_array=0x81bbb350) at /usr/local/src/php5.2-200704221230/Zend/zend_vm_execute.h:92 #54 0x01362499 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /usr/local/src/php5.2-200704221230/Zend/zend.c:1134 #55 0x01306b18 in php_execute_script (primary_file=0xbf9c8fb0) at /usr/local/src/php5.2-200704221230/main/main.c:1794 #56 0x013e4b0c in php_handler (r=0x81cccd50) at /usr/local/src/php5.2-200704221230/sapi/apache2handler/sapi_apache2.c:623 #57 0x8002494d in ap_run_handler () from /usr/sbin/httpd #58 0x800282f8 in ap_invoke_handler () from /usr/sbin/httpd #59 0x800342ee in ap_process_request () from /usr/sbin/httpd #60 0x800310df in ap_register_input_filter () from /usr/sbin/httpd #61 0x8002c80d in ap_run_process_connection () from /usr/sbin/httpd #62 0x8002c90c in ap_process_connection () from /usr/sbin/httpd #63 0x800388a2 in ap_graceful_stop_signalled () from /usr/sbin/httpd #64 0x80038b14 in ap_graceful_stop_signalled () from /usr/sbin/httpd #65 0x80039a29 in ap_mpm_run () from /usr/sbin/httpd #66 0x800101b7 in main () from /usr/sbin/httpd -- Edit bug report at http://bugs.php.net/?id=41165&edit=1 -- Try a CVS snapshot (PHP 4.4): http://bugs.php.net/fix.php?id=41165&r=trysnapshot44 Try a CVS snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=41165&r=trysnapshot52 Try a CVS snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=41165&r=trysnapshot60 Fixed in CVS: http://bugs.php.net/fix.php?id=41165&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=41165&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=41165&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=41165&r=needscript Try newer version: http://bugs.php.net/fix.php?id=41165&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=41165&r=support Expected behavior: http://bugs.php.net/fix.php?id=41165&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=41165&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=41165&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=41165&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=41165&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=41165&r=dst IIS Stability: http://bugs.php.net/fix.php?id=41165&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=41165&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=41165&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=41165&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=41165&r=mysqlcfg
