#41621 [NEW]: Simple snippet of code consistently crashes FastCGI engines

Thu, 07 Jun 2007 02:17:01 -0700 

From:             php at mike2k dot com
Operating system: Ubuntu Edgy and CentOS Linux 2.6
PHP version:      5.2.3
PHP Bug Type:     Scripting Engine problem
Bug description:  Simple snippet of code consistently crashes FastCGI engines

Description:
------------
The simple code below somehow magically triggers a segfault.

PHP is compiled with

'./configure' '--enable-fastcgi' '--enable-discard-path'
'--enable-force-cgi-redirect' '--enable-cli'
 '--with-mysql' '--with-mysqli=/usr/bin/mysql_config' '--with-curl'
'--enable-mbstring' '--with-zlib' '--with-gd' '--enable
-track-vars' '--enable-inline-optimization' '--disable-rpath'
'--disable-ipv6' '--disable-debug' '--with-jpeg-dir=/usr' '--
with-png-dir=/usr' '--with-freetype-dir' '--enable-gd-native-ttf'
'--enable-shmop' '--with-xsl' '--enable-sockets' '--enabl
e-pcntl' '--with-mcrypt' '--with-bz2' '--enable-sqlite-utf8' '--with-tidy'
'--with-pcre-dir' '--enable-exif'

NO bytecode caches or optimizers currently running either.

Reproduce code:
---------------
<?
$uri = ereg_replace('^/bootstrap.php', '', $_SERVER['PATH_INFO']).'/';    
   

function uri_check($uri, $level) {
    global $config;    
    $uri = substr($uri, 0, strrpos($uri, '/'));    
    if(file_exists($config['base_dir'].$uri.'.php') ||
file_exists($config['base_dir'].$uri.'/index.php')) {    

    }
     uri_check($uri, $level+1);   
}

uri_check($uri, 1);
?>

Expected result:
----------------
Webserver returns a bad gateway 502 error.

This shows up in dmesg/system logs, one per request:

php-cgi[10541]: segfault at 0000007fbf3ffd48 rip 00000000006d7055 rsp
0000007fbf3ffd50 error 6
php-cgi[10546]: segfault at 0000007fbf3ffd48 rip 00000000006d7055 rsp
0000007fbf3ffd50 error 6
php-cgi[10548]: segfault at 0000007fbf3ffd48 rip 00000000006d7055 rsp
0000007fbf3ffd50 error 6
php-cgi[10535]: segfault at 0000007fbf3ffd48 rip 00000000006d7055 rsp
0000007fbf3ffd50 error 6
php-cgi[10596]: segfault at 0000007fbf3fff98 rip 00000000006d7055 rsp
0000007fbf3fffa0 error 6


Actual result:
--------------
it's a pretty simple recursive function. no classes, nothing. putting that
code by itself in a file without any other code (includes, anything)
consistently crashes. hopefully it does for someone else who is more
skilled with the debugging process.


-- 
Edit bug report at http://bugs.php.net/?id=41621&edit=1
-- 
Try a CVS snapshot (PHP 4.4): 
http://bugs.php.net/fix.php?id=41621&r=trysnapshot44
Try a CVS snapshot (PHP 5.2): 
http://bugs.php.net/fix.php?id=41621&r=trysnapshot52
Try a CVS snapshot (PHP 6.0): 
http://bugs.php.net/fix.php?id=41621&r=trysnapshot60
Fixed in CVS:                 http://bugs.php.net/fix.php?id=41621&r=fixedcvs
Fixed in release:             
http://bugs.php.net/fix.php?id=41621&r=alreadyfixed
Need backtrace:               http://bugs.php.net/fix.php?id=41621&r=needtrace
Need Reproduce Script:        http://bugs.php.net/fix.php?id=41621&r=needscript
Try newer version:            http://bugs.php.net/fix.php?id=41621&r=oldversion
Not developer issue:          http://bugs.php.net/fix.php?id=41621&r=support
Expected behavior:            http://bugs.php.net/fix.php?id=41621&r=notwrong
Not enough info:              
http://bugs.php.net/fix.php?id=41621&r=notenoughinfo
Submitted twice:              
http://bugs.php.net/fix.php?id=41621&r=submittedtwice
register_globals:             http://bugs.php.net/fix.php?id=41621&r=globals
PHP 3 support discontinued:   http://bugs.php.net/fix.php?id=41621&r=php3
Daylight Savings:             http://bugs.php.net/fix.php?id=41621&r=dst
IIS Stability:                http://bugs.php.net/fix.php?id=41621&r=isapi
Install GNU Sed:              http://bugs.php.net/fix.php?id=41621&r=gnused
Floating point limitations:   http://bugs.php.net/fix.php?id=41621&r=float
No Zend Extensions:           http://bugs.php.net/fix.php?id=41621&r=nozend
MySQL Configuration Error:    http://bugs.php.net/fix.php?id=41621&r=mysqlcfg

Reply via email to