ID: 14365
User updated by: [EMAIL PROTECTED]
Reported By: [EMAIL PROTECTED]
Old Status: Feedback
Status: Open
Bug Type: Scripting Engine problem
Operating System: RedHat Linux 7.2
PHP Version: 4.0.6
New Comment:
Also in 4.1.0. I haven't been able to write a simple script to reproduce the crash.
I've stepped through the code (at least through the 4.0.6 code) and require_once()
works over 300 times (a few times requiring ../src/load_prefs.php) before consistently
crashing at the same point. Aolserver is multithreaded -- could it a thread issue?
4.1.0 backtrace:
#0 0x40247244 in php_fopen_with_path (
filename=0x8553084 "../src/load_prefs.php", mode=0x402e0114 "rb",
path=0x402e1432 ".:/usr/local/lib/php", opened_path=0x404bc7d8,
tsrm_ls=0x85787e0) at fopen_wrappers.c:374
pathbuf = 0x0
ptr = 0x8553084 "../src/load_prefs.php"
end = 0x0
exec_fname = 0x0
trypath = '\000' <repeats 124 times>,
">�\023@4U\031@D\200K@\224\220K@|�\n@\003\000\000\000�\177K@\034\220K@\000\000\000\000/usr/local/aolserver-3.4.2/servers/webmail/pages/squirrelmail-1.2.0-rc3/plugins/filters/filters.php",
'\000' <repeats 745 times>,
">�\023@4U\031@�\203K@\004\224K@|�\n@\003\000\000\000\\\203K@\214\223K@\000\000\000\000/usr/loca"...
trydir = '\000' <repeats 4094 times>
safe_mode_include_dir = '\000' <repeats 4094 times>
sb = {st_dev = 0, __pad1 = 0, st_ino = 0, st_mode = 0, st_nlink = 0,
st_uid = 0, st_gid = 0, st_rdev = 0, __pad2 = 0, st_size = 0,
st_blksize = 0, st_blocks = 0, st_atime = 0, __unused1 = 0, st_mtime = 0,
__unused2 = 0, st_ctime = 0, __unused3 = 0, __unused4 = 0, __unused5 = 0}
fp = (FILE *) 0x8553084
path_length = 0
safe_mode_include_dir_length = 0
exec_fname_length = 0
#1 0x402477ef in php_fopen_url_wrapper (
path=0x8553084 "../src/load_prefs.php", mode=0x402e0114 "rb", options=1,
issock=0x404b8fd0, socketd=0x404b8fd4, opened_path=0x404bc7d8,
tsrm_ls=0x85787e0) at fopen_wrappers.c:556
path = 0x8553084 "../src/load_prefs.php"
fp = (FILE *) 0x9
p = 0x85787e0 "�K0\b\024"
protocol = 0x0
n = 0
#2 0x402440be in php_fopen_wrapper_for_zend (
filename=0x8553084 "../src/load_prefs.php", opened_path=0x404bc7d8)
at main.c:524
issock = 0
socketd = 0
old_chunk_size = 8192
retval = (FILE *) 0x85787e0
tsrm_ls = (void ***) 0x85787e0
#3 0x4022a64d in execute (op_array=0x82e8ec0, tsrm_ls=0x85787e0)
at ./zend_execute.c:2082
opened_path = 0x0
dummy = 1
file_handle = {type = 0 '\000', filename = 0x85232fc "s!z�\016",
opened_path = 0x0, handle = {fd = 1076156521, fp = 0x4024d869},
free_filename = 216 '�'}
new_op_array = (zend_op_array *) 0x0
original_return_value = (zval **) 0x404bd0ec
return_value_used = 0
inc_filename = (zval *) 0x8612050
tmp_inc_filename = {value = {lval = 1073933696,
dval = 6.306641578844733, str = {
val = 0x4002ed80 "U\211�S\203�\004�����\201�L�", len = 1075395072},
ht = 0x4002ed80, obj = {ce = 0x4002ed80, properties = 0x40193a00}},
type = 164 '�', is_ref = 199 '�', refcount = 16459}
failure_retval = 0 '\000'
opline = (zend_op *) 0x8612038
function_state = {function_symbol_table = 0x83700c8,
function = 0x82e8ec0, reserved = {0x404bc844, 0x0, 0x404bd094, 0x856f000}}
fbc = (zend_function *) 0x0
object = {ptr = 0x0}
Ts = (temp_variable (*)[0]) 0x404b8ffc
original_in_execution = 1 '\001'
#4 0x40227f5b in execute (op_array=0x85cdb20, tsrm_ls=0x85787e0)
at ./zend_execute.c:1630
calling_symbol_table = (HashTable *) 0x83b161c
original_return_value = (zval **) 0x404be9ec
return_value_used = 1
opline = (zend_op *) 0x86823c8
function_state = {function_symbol_table = 0x83b16ac,
function = 0x82e8ec0, reserved = {0x38, 0x3, 0x402f641c, 0x84c0e30}}
fbc = (zend_function *) 0x0
object = {ptr = 0x0}
Ts = (temp_variable (*)[0]) 0x404bc87c
original_in_execution = 1 '\001'
#5 0x40227f5b in execute (op_array=0x85cb9d0, tsrm_ls=0x85787e0)
at ./zend_execute.c:1630
calling_symbol_table = (HashTable *) 0x838c8fc
original_return_value = (zval **) 0x404c32e8
return_value_used = 0
opline = (zend_op *) 0x867a614
function_state = {function_symbol_table = 0x83b161c,
function = 0x85cdb20, reserved = {0x404bfbe4, 0x3, 0x827b5c4, 0x838abb8}}
fbc = (zend_function *) 0x85cdb20
object = {ptr = 0x0}
Ts = (temp_variable (*)[0]) 0x404bdf4c
original_in_execution = 1 '\001'
#6 0x40227f5b in execute (op_array=0x83ed340, tsrm_ls=0x85787e0)
at ./zend_execute.c:1630
calling_symbol_table = (HashTable *) 0x838bec4
original_return_value = (zval **) 0x404c4240
return_value_used = 0
opline = (zend_op *) 0x8677db0
function_state = {function_symbol_table = 0x838c8fc,
function = 0x85cb9d0, reserved = {0x404c3494, 0x3, 0x402f641c, 0x8400b58}}
fbc = (zend_function *) 0x85cb9d0
object = {ptr = 0x0}
Ts = (temp_variable (*)[0]) 0x404bfbfc
original_in_execution = 1 '\001'
#7 0x40227f5b in execute (op_array=0x84718d4, tsrm_ls=0x85787e0)
at ./zend_execute.c:1630
calling_symbol_table = (HashTable *) 0x8370190
original_return_value = (zval **) 0x404c4594
return_value_used = 0
opline = (zend_op *) 0x83fb244
function_state = {function_symbol_table = 0x838bec4,
function = 0x83ed340, reserved = {0x402cbad8, 0x4022fe9e, 0x0, 0x0}}
fbc = (zend_function *) 0x83ed340
object = {ptr = 0x0}
Ts = (temp_variable (*)[0]) 0x404c34ac
original_in_execution = 0 '\000'
#8 0x40237eba in zend_execute_scripts (type=8, tsrm_ls=0x85787e0, retval=0x0,
file_count=3) at zend.c:814
tsrm_ls = (void ***) 0x85787e0
files = 0x404c45c4
i = 1
file_handle = (zend_file_handle *) 0x404c56dc
orig_op_array = (zend_op_array *) 0x837cce0
local_retval = (zval *) 0x0
#9 0x40246146 in php_execute_script (primary_file=0x404c56dc,
tsrm_ls=0x85787e0) at main.c:1309
orig_bailout = {{__jmpbuf = {138098040, 1075395192, 8, 1112493127, 24,
32}, __mask_was_saved = 137826256, __saved_mask = {__val = {137822744,
10, 1601662834, 1853189987, 1935999092, 56, 32, 137826256, 137827744,
6, 1869377379, 6488178, 1852795252, 88, 32, 137822664, 137822808, 13,
1634890337, 1818451833, 1702256997, 144, 24, 137874656, 137822832, 2,
97, 168, 24, 137874656, 137822856, 2}}}}
orig_bailout_set = 204 '�'
prepend_file_p = (zend_file_handle *) 0x85787e0
append_file_p = (zend_file_handle *) 0x8283c88
prepend_file = {type = 224 '�',
filename = 0x8370288 "�\216.\b(�+\b�!H\bx\0037\b\016",
opened_path = 0x2 <Address 0x2 out of bounds>, handle = {fd = 1076114600,
fp = 0x402434a8}, free_filename = 40 '('}
append_file = {type = 144 '\220',
filename = 0x18 <Address 0x18 out of bounds>, opened_path = 0x837cce0 "",
handle = {fd = 137822832, fp = 0x8370270}, free_filename = 2 '\002'}
old_cwd = 0x404c45cc "/usr/local/aolserver-3.4.2"
#10 0x402431cb in php_ns_module_main (tsrm_ls=0x85787e0) at aolserver.c:418
tsrm_ls = (void ***) 0x85787e0
file_handle = {type = 2 '\002',
filename = 0x846da28
"/usr/local/aolserver/servers/webmail/pages/squirrelmail-1.2.0-rc3/src/right_main.php",
opened_path = 0x8471c74 "es.php", handle = {
fd = 138877432, fp = 0x84719f8}, free_filename = 0 '\000'}
#11 0x40243500 in php_ns_request_handler (context=0x817d980, conn=0x819bb88)
at aolserver.c:502
conn = (Ns_Conn *) 0x819bb88
status = 135904136
tsrm_ls = (void ***) 0x85787e0
#12 0x08077bb7 in Ns_ConnRunRequest (conn=0x819bb88) at op.c:196
reqPtr = (Req *) 0x8184ff8
status = 0
server = 0x8155628 "webmail"
#13 0x0807e2c2 in ConnRun (connPtr=0x819bb88) at serv.c:882
conn = (Ns_Conn *) 0x819bb88
ds = {
string = 0x404c5798 "GET /squirrelmail-1.2.0-rc3/src/right_main.php HTTP/1.1",
length = 55, spaceAvl = 512,
staticSpace = "GET /squirrelmail-1.2.0-rc3/src/right_main.php
HTTP/1.1\000\000�,\b'\177-\b\234L\020\bPa+\bH�\023\b\004XL@\027J\020\b>@\022\bh9W\b\004\000\000\000Pa+\b>@\022\bH�\023\b\024XL@\a�\r\b?@\022\bH�\023\b$XL@V�\016\bh9W\bH�\023\bTXL@��\016\b\030H$\b8�\023\b�XL@��\016\b\231Y\017\b\000\000\000\000(I$\b\034�\016\bh9W\bH�\023\btXL@\203�\016\b\030H$\b"...,
addr = 0x0}
n = 550
status = 0
#14 0x0807dc10 in NsConnThread (arg=0x82c0e90) at serv.c:671
connPtr = (Conn *) 0x819bb88
connPtrPtr = (Conn **) 0x82c0e90
wait = {sec = 1008108885, usec = 915534}
ewait = {sec = 1078745684, usec = 0}
eopen = {sec = 1078746080, usec = 1}
eclosed = {sec = 1078745668, usec = 135376647}
now = {sec = 135522280, usec = 135511880}
timePtr = (Ns_Time *) 0x404c5a3c
next = 5
id = 4
thrname =
"-conn4-\000\024ZL@��\002@��\023\b\004\000\000\000\000\000\000\000\214�\002@"
new = 1073985496
status = 0
p = 0x813e800 ""
headers = (Ns_Set *) 0x8243ee8
outputheaders = (Ns_Set *) 0x8244448
joinThread = 0x8244368
statsPtr = (Stats *) 0x0
entry = (Ns_Entry *) 0x0
#15 0x0811833b in NsThreadMain (arg=0x8243fd8) at thread.c:228
thrPtr = (Thread *) 0x8243fd8
name = "-thread8201-", '\000' <repeats 16 times>, "4U\031@"
#16 0x4002dc6f in pthread_start_thread (arg=0x404c5be0) at manager.c:284
self = 0x404c5be0
request = {req_thread = 0x0, req_kind = REQ_CREATE, req_args = {
create = {attr = 0x0, fn = 0, arg = 0x0, mask = {__val = {
0 <repeats 18 times>, 1073985496, 1073958736, 0, 1078746020,
1073945068, 1078746080, 0, 0, 1073945214, 0, 0, 0, 0, 0}}}, free = {
thread_id = 0}, exit = {code = 0}, post = 0x0}}
outcome = (void *) 0x8283c88
#17 0x4002dd5f in pthread_start_thread_event (arg=0x404c5be0) at manager.c:308
arg = (void *) 0x404c5be0
ldt_entry = {entry_number = 9, base_addr = 1078746080, limit = 1056,
seg_32bit = 1, contents = 0, read_exec_only = 0, limit_in_pages = 0,
seg_not_present = 0, useable = 1, empty = 0}
Previous Comments:
------------------------------------------------------------------------
[2001-12-11 16:34:44] [EMAIL PROTECTED]
Can you try newly release 4.1.0?
And please try to provide small, self-containing reproduceable script.
What does a full backtrace give ? (bt full).
Feedback.
------------------------------------------------------------------------
[2001-12-10 11:25:56] [EMAIL PROTECTED]
It does happen with 4.1.0RC5:
#0 0x40247210 in php_fopen_with_path (
filename=0x83e3aa4 "../src/load_prefs.php", mode=0x402e0094 "rb",
path=0x402e13b2 ".:/usr/local/lib/php", opened_path=0x404ab7d8,
tsrm_ls=0x8384fe8) at fopen_wrappers.c:374
#1 0x402477bb in php_fopen_url_wrapper (
path=0x83e3aa4 "../src/load_prefs.php", mode=0x402e0094 "rb", options=1,
issock=0x404a7fd0, socketd=0x404a7fd4, opened_path=0x404ab7d8,
tsrm_ls=0x8384fe8) at fopen_wrappers.c:556
#2 0x4024408a in php_fopen_wrapper_for_zend (
filename=0x83e3aa4 "../src/load_prefs.php", opened_path=0x404ab7d8)
at main.c:524
#3 0x4022a64d in execute (op_array=0x84d3210, tsrm_ls=0x8384fe8)
at ./zend_execute.c:2082
#4 0x40227f5b in execute (op_array=0x8271208, tsrm_ls=0x8384fe8)
at ./zend_execute.c:1630
#5 0x40227f5b in execute (op_array=0x8259708, tsrm_ls=0x8384fe8)
at ./zend_execute.c:1630
#6 0x40227f5b in execute (op_array=0x832d460, tsrm_ls=0x8384fe8)
at ./zend_execute.c:1630
#7 0x40227f5b in execute (op_array=0x829abdc, tsrm_ls=0x8384fe8)
at ./zend_execute.c:1630
#8 0x40237eba in zend_execute_scripts (type=8, tsrm_ls=0x8384fe8, retval=0x0,
file_count=3) at zend.c:814
#9 0x40246112 in php_execute_script (primary_file=0x404b46dc,
tsrm_ls=0x8384fe8) at main.c:1309
#10 0x40243197 in php_ns_module_main (tsrm_ls=0x8384fe8) at aolserver.c:418
#11 0x402434cc in php_ns_request_handler (context=0x817d980, conn=0x819bb88)
at aolserver.c:502
#12 0x08077bb7 in Ns_ConnRunRequest (conn=0x819bb88) at op.c:196
#13 0x0807e2c2 in ConnRun (connPtr=0x819bb88) at serv.c:882
#14 0x0807dc10 in NsConnThread (arg=0x81d7488) at serv.c:671
#15 0x0811833b in NsThreadMain (arg=0x82ba0d8) at thread.c:228
#16 0x4002dc6f in pthread_start_thread (arg=0x404b4be0) at manager.c:284
#17 0x4002dd5f in pthread_start_thread_event (arg=0x404b4be0) at manager.c:308
------------------------------------------------------------------------
[2001-12-06 19:10:25] [EMAIL PROTECTED]
Does this happen with PHP 4.1.0RC5:
http://download.php.net/~zeev/php-4.1.0RC5.tar.gz
------------------------------------------------------------------------
[2001-12-06 14:46:30] [EMAIL PROTECTED]
I have an old server running RedHat 6.2, Aolserver 3.0, PHP 4.0.6 (compiled as a
module) and SquirrelMail (a webmail application written in PHP) 1.0.6 just fine.
I'm trying to setup a new server with RedHat 7.2, Aolserver 3.4.2, PHP 4.0.6, and
SquirrelMail 1.2.0-rc3 but I run into a consistent segfault. I haven't been able to
write a script that abstracts the problem but it always happens at the same point in
SquirrelMail: after you login, in the function squimap_mailbox_list (in
functions/imap_mailbox.php). The offending line is functions/imap_mailbox.php:217:
require_once('../src/load_prefs.php');
This file exists and is fine, and is require_once'd several times before this
invocation (and I've stepped through other invocations of virtual_file_ex to see that
it works)
but this line always segfaults:
backtrace:
#0 0x400aedd3 in canonicalize (
name=0x82f9c38
"/usr/local/aolserver-3.4.2/servers/webmail/pages/squirrelmail-1.2.0-rc3/src/../src/load_prefs.php",
resolved=0x40522edc "")
at canonicalize.c:88
#1 0x402bde61 in virtual_file_ex (state=0x40523f0c,
path=0x82c00dc "../src/load_prefs.php", verify_path=0)
at tsrm_virtual_cwd.c:299
#2 0x402be427 in virtual_fopen (path=0x82c00dc "../src/load_prefs.php",
mode=0x402d1e07 "rb") at tsrm_virtual_cwd.c:497
#3 0x40240a84 in php_fopen_and_set_opened_path (
path=0x82c00dc "../src/load_prefs.php", mode=0x402d1e07 "rb",
opened_path=0x40528880) at fopen_wrappers.c:235
#4 0x402410b9 in php_fopen_with_path (
filename=0x82c00dc "../src/load_prefs.php", mode=0x402d1e07 "rb",
path=0x402d35fb ".:/usr/local/lib/php", opened_path=0x40528880)
at fopen_wrappers.c:391
#5 0x402412e8 in php_fopen_url_wrapper (
path=0x82c00dc "../src/load_prefs.php", mode=0x402d1e07 "rb", options=1,
issock=0x40525050, socketd=0x40525054, opened_path=0x40528880)
at fopen_wrappers.c:470
#6 0x4023ece1 in php_fopen_wrapper_for_zend (
filename=0x82c00dc "../src/load_prefs.php", opened_path=0x40528880)
at main.c:477
#7 0x40222f06 in execute (op_array=0x84668d0, executor_globals=0x82282f8)
at ./zend_execute.c:1999
#8 0x40220e03 in execute (op_array=0x821b2d0, executor_globals=0x82282f8)
at ./zend_execute.c:1544
#9 0x40220e03 in execute (op_array=0x83cf358, executor_globals=0x82282f8)
at ./zend_execute.c:1544
#10 0x40220e03 in execute (op_array=0x834c908, executor_globals=0x82282f8)
at ./zend_execute.c:1544
#11 0x40220e03 in execute (op_array=0x83df304, executor_globals=0x82282f8)
at ./zend_execute.c:1544
#12 0x4022f1cd in zend_execute_scripts (type=8, compiler_globals=0x839f938,
executor_globals=0x82282f8, file_count=3) at zend.c:752
#13 0x402401c7 in php_execute_script (primary_file=0x405316cc,
compiler_globals=0x839f938, executor_globals=0x82282f8,
core_globals=0x839b6f0) at main.c:1206
#14 0x4023df92 in php_ns_module_main (ns_context=0x81ed510,
sapi_globals=0x8276c50) at aolserver.c:434
#15 0x4023e1df in php_ns_request_handler (context=0x8184658, conn=0x819a8d0)
at aolserver.c:519
#16 0x08077bb7 in Ns_ConnRunRequest (conn=0x819a8d0) at op.c:196
#17 0x0807e2c2 in ConnRun (connPtr=0x819a8d0) at serv.c:882
#18 0x0807dc10 in NsConnThread (arg=0x81f5178) at serv.c:671
#19 0x0811833b in NsThreadMain (arg=0x81f6590) at thread.c:228
#20 0x4002dc6f in pthread_start_thread (arg=0x40531be0) at manager.c:284
#21 0x4002dd5f in pthread_start_thread_event (arg=0x40531be0) at manager.c:308
and some extra gdb output:
[right before the segfault]
Breakpoint 9, canonicalize (
name=0x82f9c38
"/usr/local/aolserver-3.4.2/servers/webmail/pages/squirrelmail-1.2.0-rc3/src/../src/load_prefs.php",
resolved=0x40522edc "")
at canonicalize.c:88
88 rpath[0] = '/';
(gdb) print rpath[0]
$94 = 0 '\000'
(gdb) step
Program received signal SIGSEGV, Segmentation fault.
0x400aedd3 in canonicalize (
name=0x82f9c38
"/usr/local/aolserver-3.4.2/servers/webmail/pages/squirrelmail-1.2.0-rc3/src/../src/load_prefs.php",
resolved=0x40522edc "")
at canonicalize.c:88
88 rpath[0] = '/';
(gdb) info local
name = 0x82f9c38
"/usr/local/aolserver-3.4.2/servers/webmail/pages/squirrelmail-1.2.0-rc3/src/../src/load_prefs.php"
rpath = 0x40521dec ""
dest = 0x0
extra_buf = 0x0
start = 0x0
end = 0x0
rpath_limit = 0x40522deb "@"
num_links = 0
rpath = 0x40521dec ""
dest = 0x0
extra_buf = 0x0
end = 0x0
rpath_limit = 0x40522deb "@"
num_links = 0
php config:
./configure --with-aolserver=/usr/local/aolserver --without-mysql --with-openssl
--with-gettext
I've tried this on whatever other platforms I have handy. The same segfault occurs
with any combination of RedHat 7.0/7.2, Aolserver 3.0/3.4.2, SquirrelMail
1.0.6/1.2.0-rc2/1.2.0-rc3.
Thanks
------------------------------------------------------------------------
Edit this bug report at http://bugs.php.net/?id=14365&edit=1
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
