[Bug 776642] Re: segfaults from 5.2.4-2ubuntu5.15
Hi I just ran into this bug. In hindsight a serious issue that started 3 days ago with one of our web apps seems to also be caused by this. Just tested Steve's patched packages (5.2.4-2ubuntu5.17~lp776642) on our dev server and I can confirm they fix the problems for us. Eagerly awaiting official updates Thanks!! -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in Ubuntu. https://bugs.launchpad.net/bugs/776642 Title: segfaults from 5.2.4-2ubuntu5.15 -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 776642] Re: segfaults from 5.2.4-2ubuntu5.15
Hi I just hit this regression with an instance of prestashop (segfault in zend_object_store_get_object). I'm currently testing the updated packages in security-proposed PPA and they seem to work fine for me as well. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in Ubuntu. https://bugs.launchpad.net/bugs/776642 Title: segfaults from 5.2.4-2ubuntu5.15 -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 776642] Re: segfaults from 5.2.4-2ubuntu5.15
We installed the php5 from the PPA above on a test server, and I can confirm the segfault is no longer triggered by either of the test cases above, nor by the original code where we saw the error. test server info: # uname -a Linux web-41 2.6.24-10-xen #1 SMP Tue Sep 8 18:30:05 UTC 2009 x86_64 GNU/Linux # php -v PHP 5.2.4-2ubuntu5.17~lp776642 with Suhosin-Patch 0.9.6.2 (cli) (built: May 4 2011 09:21:29) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in Ubuntu. https://bugs.launchpad.net/bugs/776642 Title: segfaults from 5.2.4-2ubuntu5.15 -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 776642] Re: segfaults from 5.2.4-2ubuntu5.15
I just went back the the previous version. Since I remove packages from /var/cache/apt after update, I had to dig them up online, from: https://launchpad.net/~ubuntu-security/+archive/ppa/+buildjob/2165886 I downloaded these and installed them manually with dpkg: https://launchpad.net/~ubuntu-security/+archive/ppa/+buildjob/2165886/+files/php5-common_5.2.4-2ubuntu5.14_i386.deb https://launchpad.net/~ubuntu-security/+archive/ppa/+buildjob/2165886/+files/libapache2-mod-php5_5.2.4-2ubuntu5.14_i386.deb At the moment apt has dependency problem because I did not download everything (php modules etc). But I just postpone updating until the definitive fix is out. I know that this is not the best way, but I did not know what exactly would happen if I install the proposed packages now, and then later want to remove them again... -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in Ubuntu. https://bugs.launchpad.net/bugs/776642 Title: segfaults from 5.2.4-2ubuntu5.15 -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 776642] Re: segfaults from 5.2.4-2ubuntu5.15
Is there an ETA of an official release of this fix? Within 24 hours? Within a week? We are trying to make plans as to whether or not to configure a temporary work around. Thanks for the help, Joey -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in Ubuntu. https://bugs.launchpad.net/bugs/776642 Title: segfaults from 5.2.4-2ubuntu5.15 -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 776642] Re: segfaults from 5.2.4-2ubuntu5.15
Joey: yes, I expect to release updated packages within the next 24 hours. Thanks. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in Ubuntu. https://bugs.launchpad.net/bugs/776642 Title: segfaults from 5.2.4-2ubuntu5.15 -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 776642] Re: segfaults from 5.2.4-2ubuntu5.15
** Tags added: patch -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in Ubuntu. https://bugs.launchpad.net/bugs/776642 Title: segfaults from 5.2.4-2ubuntu5.15 -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 776642] Re: segfaults from 5.2.4-2ubuntu5.15
This bug was fixed in the package php5 - 5.2.4-2ubuntu5.17 --- php5 (5.2.4-2ubuntu5.17) hardy-security; urgency=low * debian/patches/php5-pear-CVE-2011-1144-regression.patch: fix mkdir parenthesis issue and PEAR::raiseErro typo (LP: #774452) * debian/patches/php5-CVE-2010-4697-regression.patch: fix regression in reference counting added by fix for CVE-2010-4697 (LP: #776642) -- Steve Beattie sbeat...@ubuntu.com Wed, 04 May 2011 01:45:03 -0700 ** Changed in: php5 (Ubuntu) Status: In Progress = Fix Released ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2011-1144 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in Ubuntu. https://bugs.launchpad.net/bugs/776642 Title: segfaults from 5.2.4-2ubuntu5.15 -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 776642] Re: segfaults from 5.2.4-2ubuntu5.15
** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2010-4697 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in Ubuntu. https://bugs.launchpad.net/bugs/776642 Title: segfaults from 5.2.4-2ubuntu5.15 -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 776642] Re: segfaults from 5.2.4-2ubuntu5.15
Attached is a reasonably minimal test file. You also need to have the Document.php file in the same directory: svn export http://solr-php- client.googlecode.com/svn/trunk/Apache/Solr/Document.php@22 running test.php is sufficient to cause a segfault. # php --version PHP 5.2.4-2ubuntu5.15 with Suhosin-Patch 0.9.6.2 (cli) (built: Apr 28 2011 14:41:00) Copyright (c) 1997-2007 The PHP Group Zend Engine v2.2.0, Copyright (c) 1998-2007 Zend Technologies # php test.php Segmentation fault # tail /var/log/syslog: 2011-05-03T19:43:55+00:00 kern.info web-50 kernel: [49000.621496] php[13034]: segfault at 29c200e1 rip 675326 rsp 7fff0ad7c9a0 error 4 ** Attachment added: PHP file to demonstrate the bug https://bugs.launchpad.net/ubuntu/+source/php5/+bug/776642/+attachment/2110223/+files/test.php -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in Ubuntu. https://bugs.launchpad.net/bugs/776642 Title: segfaults from 5.2.4-2ubuntu5.15 -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 776642] Re: segfaults from 5.2.4-2ubuntu5.15
I reduced this to a much smaller test case. The output of the attached script is: # php test.php 18 20 32 Segmentation fault This suggests the segfault is happening during the return from function add_taxonomy_to_document(). # uname -a Linux web-98.bjaspan.hosting.acquia.com 2.6.24-10-xen #1 SMP Tue Sep 8 19:06:53 UTC 2009 i686 GNU/Linux # php -v PHP 5.2.4-2ubuntu5.15 with Suhosin-Patch 0.9.6.2 (cli) (built: Apr 28 2011 14:43:25) Copyright (c) 1997-2007 The PHP Group Zend Engine v2.2.0, Copyright (c) 1998-2007 Zend Technologies ** Attachment added: PHP script that segfaults 5.2.4-2ubuntu5.15 https://bugs.launchpad.net/ubuntu/+source/php5/+bug/776642/+attachment/2110326/+files/test.php -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in Ubuntu. https://bugs.launchpad.net/bugs/776642 Title: segfaults from 5.2.4-2ubuntu5.15 -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 776642] Re: segfaults from 5.2.4-2ubuntu5.15
We've confirmed this on a 32- and 64-bit Ubuntu 8.04 EC2 instance. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in Ubuntu. https://bugs.launchpad.net/bugs/776642 Title: segfaults from 5.2.4-2ubuntu5.15 -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 776642] Re: segfaults from 5.2.4-2ubuntu5.15
valgrind confirms the error and provides a stack trace: # valgrind php test.php ... lots of uninitialized memory references reported here ... 18 20 32 ==29381== ==29381== Invalid read of size 1 ==29381==at 0x82E5B81: zend_objects_store_del_ref_by_handle (in /usr/bin/php5) ==29381==by 0x82E5D57: zend_objects_store_del_ref (in /usr/bin/php5) ==29381==by 0x82C6120: _zval_dtor_func (in /usr/bin/php5) ==29381==by 0x82B8FC7: _zval_ptr_dtor (in /usr/bin/php5) ==29381==by 0x82D1943: zend_hash_clean (in /usr/bin/php5) ==29381==by 0x82F69FE: (within /usr/bin/php5) ==29381==by 0x82E7957: execute (in /usr/bin/php5) ==29381==by 0x82C6522: zend_execute_scripts (in /usr/bin/php5) ==29381==by 0x827C20F: php_execute_script (in /usr/bin/php5) ==29381==by 0x8358D19: main (in /usr/bin/php5) ==29381== Address 0x739195d9 is not stack'd, malloc'd or (recently) free'd ==29381== ==29381== Process terminating with default action of signal 11 (SIGSEGV) ==29381== Access not within mapped region at address 0x739195D9 ==29381==at 0x82E5B81: zend_objects_store_del_ref_by_handle (in /usr/bin/php5) ==29381==by 0x82E5D57: zend_objects_store_del_ref (in /usr/bin/php5) ==29381==by 0x82C6120: _zval_dtor_func (in /usr/bin/php5) ==29381==by 0x82B8FC7: _zval_ptr_dtor (in /usr/bin/php5) ==29381==by 0x82D1943: zend_hash_clean (in /usr/bin/php5) ==29381==by 0x82F69FE: (within /usr/bin/php5) ==29381==by 0x82E7957: execute (in /usr/bin/php5) ==29381==by 0x82C6522: zend_execute_scripts (in /usr/bin/php5) ==29381==by 0x827C20F: php_execute_script (in /usr/bin/php5) ==29381==by 0x8358D19: main (in /usr/bin/php5) ==29381== -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in Ubuntu. https://bugs.launchpad.net/bugs/776642 Title: segfaults from 5.2.4-2ubuntu5.15 -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs