[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Fwd: Bug #28528 [Opn->Bgs]: glob() causes apache to segfault



I don't suppose someone could help me troubleshoot this?  PHP has a glob()
function to get directory contents.  It's segfaulting in our linux build.  They
suggest that it's not a PHP problem, but a problem w/ libc..

Liam





----- Forwarded message from PHP Bug Database <php-bugs@xxxxxxxxxxxxx> -----
    Date: Wed, 26 May 2004 19:22:49 +0200
    From: PHP Bug Database <php-bugs@xxxxxxxxxxxxx>
Reply-To: PHP Bug Database <php-bugs@xxxxxxxxxxxxx>
 Subject: Bug #28528 [Opn->Bgs]: glob() causes apache to segfault
      To: liamr@xxxxxxxxx

ATTENTION! Do NOT reply to this email!
To reply, use the web interface found at
http://bugs.php.net/?id=28528&edit=2


 ID:               28528
 Updated by:       iliaa@xxxxxxx
 Reported By:      liamr at umich dot edu
-Status:           Open
+Status:           Bogus
 Bug Type:         Directory function related
 Operating System: linux 2.4.24
 PHP Version:      4.3.6
 New Comment:

Sorry, but your problem does not imply a bug in PHP itself.  For a
list of more appropriate places to ask for help using PHP, please
visit http://www.php.net/support.php as this bug system is not the
appropriate forum for asking support questions.

Thank you for your interest in PHP.

The problems seems to a memory corruption elsewhere as the
libc function glob() does not return a valid pointer to a
list of matching entries. In this case PHP has no way of
determining whether or not the data returned is valid.


Previous Comments:
------------------------------------------------------------------------

[2004-05-26 18:50:11] liamr at umich dot edu

(gdb) p globbuf.gl_pathv
$1 = (char **) 0x304
(gdb) p globbuf.gl_pathv[0]
Cannot access memory at address 0x304

------------------------------------------------------------------------

[2004-05-26 18:31:28] iliaa@xxxxxxx

Can you please print the value of globbuf.gl_pathv and
globbuf.gl_pathv[0]

------------------------------------------------------------------------

[2004-05-26 18:27:37] liamr at umich dot edu

New backtrace ( php rebuilt w/ --with-debug ):

gdb httpd core
GNU gdb 5.3
Copyright 2002 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public
License, and you are
welcome to change it and/or distribute copies of it
under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show
warranty" for details.
This GDB was configured as "i686-pc-linux-gnu"...
Core was generated by `/usr/bin/httpd -f /etc/apache/
httpd.conf'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /lib/libm.so.6...done.
Loaded symbols for /lib/libm.so.6
Reading symbols from /lib/libcrypt.so.1...done.
Loaded symbols for /lib/libcrypt.so.1
Reading symbols from /usr/lib/libssl.so.0.9.7...done.
Loaded symbols for /usr/lib/libssl.so.0.9.7
Reading symbols from /usr/lib/libcrypto.so.0.9.7...done.
Loaded symbols for /usr/lib/libcrypto.so.0.9.7
Reading symbols from /lib/libdl.so.2...done.
Loaded symbols for /lib/libdl.so.2
Reading symbols from /lib/libc.so.6...done.
Loaded symbols for /lib/libc.so.6
Reading symbols from /lib/ld-linux.so.2...done.
Loaded symbols for /lib/ld-linux.so.2
Reading symbols from /lib/libnss_files.so.2...done.
Loaded symbols for /lib/libnss_files.so.2
Reading symbols from /lib/libresolv.so.2...done.
Loaded symbols for /lib/libresolv.so.2
Reading symbols from /lib/libnss_dns.so.2...done.
Loaded symbols for /lib/libnss_dns.so.2
Reading symbols from /usr/libexec/mod_cosign.so...done.
Loaded symbols for /usr/libexec/mod_cosign.so
Reading symbols from /usr/local/krb5/lib/
libkrb4.so.2...done.
Loaded symbols for /usr/local/krb5/lib/libkrb4.so.2
Reading symbols from /usr/local/krb5/lib/
libkrb5.so.3...done.
Loaded symbols for /usr/local/krb5/lib/libkrb5.so.3
Reading symbols from /usr/local/krb5/lib/
libk5crypto.so.3...done.
Loaded symbols for /usr/local/krb5/lib/libk5crypto.so.3
---Type <return> to continue, or q <return> to quit---
Reading symbols from /usr/local/krb5/lib/
libcom_err.so.3...done.
Loaded symbols for /usr/local/krb5/lib/libcom_err.so.3
Reading symbols from /usr/local/krb5/lib/
libgssapi_krb5.so.2...done.
Loaded symbols for /usr/local/krb5/lib/
libgssapi_krb5.so.2
Reading symbols from /usr/local/krb5/lib/
libdes425.so.3...done.
Loaded symbols for /usr/local/krb5/lib/libdes425.so.3
Reading symbols from /usr/libexec/
mod_cronolog.so...done.
Loaded symbols for /usr/libexec/mod_cronolog.so
Reading symbols from /usr/libexec/libphp4-
debug.so...done.
Loaded symbols for /usr/libexec/libphp4-debug.so
Reading symbols from /lib/libnsl.so.1...done.
Loaded symbols for /lib/libnsl.so.1
#0  0x4285b274 in zif_glob (ht=1,
return_value=0x8644ef4, this_ptr=0x0,
    return_value_used=1) at /usr/src/php-4.3.6/ext/
standard/dir.c:407
407             strncpy(cwd, globbuf.gl_pathv[0],
MAXPATHLEN);
(gdb)
(gdb) bt
#0  0x4285b274 in zif_glob (ht=1,
return_value=0x8644ef4, this_ptr=0x0,
    return_value_used=1) at /usr/src/php-4.3.6/ext/
standard/dir.c:407
#1  0x4292932f in execute (op_array=0x86408ac)
    at /usr/src/php-4.3.6/Zend/zend_execute.c:1635
#2  0x42915b2c in zend_execute_scripts (type=8,
retval=0x0, file_count=3)
    at /usr/src/php-4.3.6/Zend/zend.c:886
#3  0x428dac5e in php_execute_script
(primary_file=0xbffff680)
    at /usr/src/php-4.3.6/main/main.c:1731
#4  0x4292eb86 in apache_php_module_main (r=0x8189f68,
display_source_mode=0)
    at /usr/src/php-4.3.6/sapi/apache/sapi_apache.c:54
#5  0x4292fc11 in send_php (r=0x8189f68,
display_source_mode=0,
    filename=0x818bb08 "/home/liamr/Public/html/
glob.php")
    at /usr/src/php-4.3.6/sapi/apache/mod_php4.c:620
#6  0x4292fc96 in send_parsed_php (r=0x8189f68)
    at /usr/src/php-4.3.6/sapi/apache/mod_php4.c:635
#7  0x0808b1a6 in ap_invoke_handler ()
#8  0x080a1b53 in process_request_internal ()
#9  0x080a1bb0 in ap_process_request ()
#10 0x08098407 in child_main ()
#11 0x080986b6 in make_child ()
#12 0x0809875f in startup_children ()
#13 0x08098e74 in standalone_main ()
#14 0x0809973a in main ()
#15 0x401a08be in __libc_start_main (main=0x809939f
<main>, argc=3,
    ubp_av=0xbffffb24, init=0x80d2700 <__libc_csu_init>,
    fini=0x80d2730 <__libc_csu_fini>,
rtld_fini=0x40015060 <_rtld_local>,
    stack_end=0x0) at ../sysdeps/generic/libc-start.c:
152
(gdb)

------------------------------------------------------------------------

[2004-05-26 16:37:27] wez@xxxxxxx

Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read
http://bugs.php.net/bugs-generating-backtrace.php

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.

please build a debug build and submit a new backtrace.

------------------------------------------------------------------------

[2004-05-26 16:23:03] liamr at umich dot edu

Description:
------------
glob() causes apache to segfault consistantly..

LFS (linux from scratch) install based on 2.4.24
php 4.3.6
apache 1.3.31
gcc 3.3.1
libc 2.3.2

Reproduce code:
---------------
<?php

    $files = glob( '*' );
    print_r( $files );

?>


Expected result:
----------------
When I run this code on solaris, I get output like..

Array
(
    [0] => replacements.html
    [1] => add.php
    [2] => file.php
    [3] => docs
    [4] => gd.php
    [5] => glob.php
)

Actual result:
--------------
It dumps core everytime.

(gdb) bt
#0  0x429def6c in zif_glob () from /usr/libexec/libphp4.so
#1  0x42a96093 in execute () from /usr/libexec/libphp4.so
#2  0x42a857b1 in zend_execute_scripts () from /usr/libexec/libphp4.so
#3  0x42a51b19 in php_execute_script () from /usr/libexec/libphp4.so
#4  0x42a9ae61 in apache_php_module_main () from
/usr/libexec/libphp4.so
#5  0x42a9be27 in send_php () from /usr/libexec/libphp4.so
#6  0x42a9beac in send_parsed_php () from /usr/libexec/libphp4.so
#7  0x0808b1a6 in ap_invoke_handler ()
#8  0x080a1b53 in process_request_internal ()
#9  0x080a1bb0 in ap_process_request ()
#10 0x08098407 in child_main ()
#11 0x080986b6 in make_child ()
#12 0x0809875f in startup_children ()
#13 0x08098e74 in standalone_main ()
#14 0x0809973a in main ()
#15 0x401a08be in __libc_start_main (main=0x809939f <main>, argc=3,
    ubp_av=0xbfffeab4, init=0x80d2700 <__libc_csu_init>,
    fini=0x80d2730 <__libc_csu_fini>, rtld_fini=0x40015060
<_rtld_local>,
    stack_end=0x0) at ../sysdeps/generic/libc-start.c:152



------------------------------------------------------------------------




!DSPAM:40b4d26d6678192014484!

----- End forwarded message -----