[PHP-DEV] PHP 4.0 Bug #9940: php cgi crashes when using ob_start callback function

Thu, 22 Mar 2001 12:34:22 -0800 

From:             [EMAIL PROTECTED]
Operating system: linux 2.2.16
PHP version:      4.0 Latest CVS (22/03/2001)
PHP Bug Type:     Reproduceable crash
Bug description:  php cgi crashes when using ob_start callback function

The following script causes php to segfault when run in CGI mode.  The segfaults do 
not happen if you remove the output callback function parameter of ob_start().  Please 
note that this does not happen when using php4.0.4pl1.

#!/usr/local/bin/php -qe
<?

  function compress_output ($output) {
    return($output);
  }

  ob_start("compress_output");

  echo "test\n";

?>


Here is a backtrace of the core file.  

GNU gdb 4.18
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-redhat-linux"...

warning: core file may not match specified executable file.
Core was generated by `php4 -qe ./test.php'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /lib/libpam.so.0...done.
Reading symbols from /lib/libdl.so.2...done.
Reading symbols from /usr/lib/libz.so.1...done.
Reading symbols from /usr/lib/mysql/libmysqlclient.so.10...done.
Reading symbols from /usr/local/lib/libpng.so.2...done.
Reading symbols from /usr/lib/libbz2.so.1.0...done.
Reading symbols from /lib/libresolv.so.2...done.
Reading symbols from /lib/libm.so.6...done.
Reading symbols from /lib/libcrypt.so.1...done.
Reading symbols from /lib/libnsl.so.1...done.
Reading symbols from /lib/libc.so.6...done.
Reading symbols from /lib/ld-linux.so.2...done.
Reading symbols from /lib/libnss_files.so.2...done.
#0  chunk_free (ar_ptr=0x819ebd0, p=0x81d6020) at malloc.c:2985
2985    malloc.c: No such file or directory.
(gdb) bt
#0  chunk_free (ar_ptr=0x819ebd0, p=0x81d6020) at malloc.c:2985
#1  0x40156d75 in __libc_free (mem=0x81d6028) at malloc.c:2959
#2  0x80e31f0 in _efree (ptr=0x81d604c, __zend_filename=0x814612f "output.c", 
__zend_lineno=227, 
    __zend_orig_filename=0x0, __zend_orig_lineno=0) at zend_alloc.c:238
#3  0x80cdacc in php_end_ob_buffer (send_buffer=1 '\001', just_flush=0 '\000') at 
output.c:227
#4  0x80cdb5f in php_end_ob_buffers (send_buffer=1 '\001') at output.c:250
#5  0x8060db7 in php_request_shutdown (dummy=0x0) at main.c:643
#6  0x805fc01 in main (argc=3, argv=0xbffffb24) at cgi_main.c:763



-- 
Edit Bug report at: http://bugs.php.net/?id=9940&edit=1



-- 
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to