Bug 112742

Summary:	apache segfaults when using GD::Graph under embperl
Product:	Red Hat Enterprise Linux 3	Reporter:	Alexander Hartmaier <alexander.hartmaier>
Component:	php	Assignee:	Joe Orton <jorton>
Status:	CLOSED DUPLICATE	QA Contact:
Severity:	high	Docs Contact:
Priority:	medium
Version:	3.0
Target Milestone:	---
Target Release:	---
Hardware:	i686
OS:	Linux
Whiteboard:
Fixed In Version:		Doc Type:	Bug Fix
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2006-02-21 19:00:31 UTC	Type:	---
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description Alexander Hartmaier 2003-12-30 14:52:51 UTC

From Bugzilla Helper:
User-Agent: Opera/7.23 (Windows NT 5.1; U)  [en]

Description of problem:
When I access a embedded perl (http://perl.apache.org/embperl/) page 
which uses the perl modules GD::Graph the apache child which serves 
my request dies with a segmentation fault.

Version-Release number of selected component (if applicable):
httpd-2.0.46-25.ent

How reproducible:
Always

Steps to Reproduce:
1. start apache
2. view a embperl page which uses GD::Graph

Actual Results:  segfault of the apache child

Expected Results:  page shown in browser with generated graphs

Additional info:

gd-2.0.17
GD-2.11
GD::Graph-1.43
mod_perl-1.99_09-10.ent as well as mod_perl-1.99_12 (self compiled)
embperl-20031230051505 (cvs snapshot) as well as embperl-2.0b9

Comment 1 Alexander Hartmaier 2004-01-02 08:47:02 UTC

- exists also under Fedora Core 1
- doesn't exist under debian 3.0 with the same apache, mod_perl, perl 
und embperl version!
- maybe kernel specific??? NTPL or something like that?

Comment 2 Alexander Hartmaier 2004-01-02 13:11:45 UTC

- exists also with kernel-2.6.1-rc1...so not kernel specific

Comment 3 Joe Orton 2004-01-03 18:51:19 UTC

Can you get a backtrace or a core dump out of the server?

(add "CoreDumpDirectory /tmp" to httpd.conf somewhere to get core
dumps enabled)

Can you also give attach minimal configuration and a page for
reproduction?

Comment 4 Joe Orton 2004-01-05 15:53:12 UTC

(a backtrace was sent by mail)

The stack looked corrupted in the backtrace: this could just as well
be a problem in the GD or Embperl modules you've compiled, as httpd or
mod_perl.

Comment 5 Alexander Hartmaier 2004-01-05 16:56:01 UTC

This is the backtrace from 'gdb /usr/sbin/httpd /tmp/core.1189':

(gdb) backtrace
#0  0x4040ec73 in free () from /lib/tls/libc.so.6
#1  0x41e3476f in gdFree (ptr=0x92f029c) at gdhelpers.c:100
#2  0x41e044fe in XS_GD__Image_png (my_perl=0x87e8f08, cv=0x8ed65bc) 
at GD.xs:815
#3  0x406c00c5 in Perl_pp_entersub (my_perl=0x87e8f08) at pp_hot.c:
2781
#4  0x406a384a in Perl_runops_debug (my_perl=0x87e8f08) at dump.c:
1414
#5  0x40658779 in S_call_body (my_perl=0x87e8f08, myop=0xbffff1a0, 
is_eval=0) at perl.c:2069
#6  0x40658403 in Perl_call_sv (my_perl=0x87e8f08, sv=0x0, flags=4) 
at perl.c:1987
#7  0x40e1db74 in EMBPERL2_CallStoredCV (r=0x8ac383c, sArg=0x0, 
pSub=0x0, numArgs=1, pArgs=0xbffff260, flags=0, pRet=0xbffff26c)
    at epeval.c:735
#8  0x40e39527 in embperl_Execute2 (r=0x8ac383c, xSrcDomTree=3, 
pCV=0x91021dc, pResultDomTree=0x0) at epcomp.c:1834
#9  0x40e396aa in embperl_Execute (r=0x8ac383c, xSrcDomTree=0, 
pCV=0x0, pResultDomTree=0x8ac39a4) at epcomp.c:1944
#10 0x40e3ce0e in ProviderEpRun_GetContentIndex (r=0x8ac383c, 
pProvider=0x9168f90, pData=0x8ac39a4, bUseCache=0 '\0')
    at epprovider.c:1777
#11 0x40e3b532 in Cache_GetContentIndex (r=0x8ac383c, 
pItem=0x9179890, pData=0x8ac39a4, bUseCache=0 '\0') at epcache.c:1017
#12 0x40e164a4 in ProcessFile (r=0x8ac383c, nFileSize=0) at epmain.c:
1260
#13 0x40e1705d in embperl_RunComponent (c=0x8ac38a8) at epmain.c:1462
#14 0x40e1730d in embperl_ExecuteComponent (r=0x0, pPerlParam=0x0) at 
epmain.c:1516
#15 0x40e5f05c in XS_Embperl__Req_execute_component 
(my_perl=0x87e8f08, cv=0x85d9370) at Req.xs:198
#16 0x406c00c5 in Perl_pp_entersub (my_perl=0x87e8f08) at pp_hot.c:
2781
#17 0x406a384a in Perl_runops_debug (my_perl=0x87e8f08) at dump.c:
1414
#18 0x40658779 in S_call_body (my_perl=0x87e8f08, myop=0xbffff600, 
is_eval=0) at perl.c:2069
#19 0x40658403 in Perl_call_sv (my_perl=0x87e8f08, sv=0x0, flags=4) 
at perl.c:1987
#20 0x40e1db74 in EMBPERL2_CallStoredCV (r=0x8ac383c, sArg=0x0, 
pSub=0x0, numArgs=1, pArgs=0xbffff6c0, flags=0, pRet=0xbffff6cc)
    at epeval.c:735
#21 0x40e39527 in embperl_Execute2 (r=0x8ac383c, xSrcDomTree=7, 
pCV=0x902c6b4, pResultDomTree=0x0) at epcomp.c:1834
#22 0x40e396aa in embperl_Execute (r=0x8ac383c, xSrcDomTree=0, 
pCV=0x0, pResultDomTree=0x8ac39a4) at epcomp.c:1944
#23 0x40e3ce0e in ProviderEpRun_GetContentIndex (r=0x8ac383c, 
pProvider=0x8560138, pData=0x8ac39a4, bUseCache=0 '\0')
    at epprovider.c:1777
#24 0x40e3b532 in Cache_GetContentIndex (r=0x8ac383c, 
pItem=0x9163c78, pData=0x8ac39a4, bUseCache=0 '\0') at epcache.c:1017
#25 0x40e164a4 in ProcessFile (r=0x8ac383c, nFileSize=0) at epmain.c:
1260
#26 0x40e16e3e in embperl_RunRequest (r=0x8ac383c) at epmain.c:1340
#27 0x40e16fac in embperl_ExecuteRequest (my_perl=0x0, 
pApacheReqSV=0x0, pPerlParam=0x0) at epmain.c:1420
#28 0x40e0c24c in XS_Embperl__Req_ExecuteRequest (my_perl=0x87e8f08, 
cv=0x85ddae0) at Embperl.xs:85
#29 0x406c00c5 in Perl_pp_entersub (my_perl=0x87e8f08) at pp_hot.c:
2781
#30 0x406a384a in Perl_runops_debug (my_perl=0x87e8f08) at dump.c:
1414
#31 0x40658779 in S_call_body (my_perl=0x87e8f08, myop=0xbffffa80, 
is_eval=0) at perl.c:2069
#32 0x40658403 in Perl_call_sv (my_perl=0x87e8f08, sv=0x0, flags=4) 
at perl.c:1987
#33 0x4061c646 in modperl_callback () from 
/etc/httpd/modules/mod_perl.so
#34 0x4061cbf4 in modperl_callback_run_handlers () from 
/etc/httpd/modules/mod_perl.so
#35 0x4061ce35 in modperl_callback_per_dir () from 
/etc/httpd/modules/mod_perl.so
#36 0x40618215 in modperl_response_finish () from 
/etc/httpd/modules/mod_perl.so
#37 0x40618435 in modperl_response_handler_cgi () from 
/etc/httpd/modules/mod_perl.so
#38 0x08068685 in ap_run_handler ()
#39 0x08068c9f in ap_invoke_handler ()
#40 0x08065326 in ap_process_request ()
#41 0x0806095c in _start ()
---Type <return> to continue, or q <return> to quit---
#42 0x089ed500 in ?? ()
#43 0x00000004 in ?? ()
#44 0x089ed500 in ?? ()
#45 0x4062b2f7 in modperl_process_connection_handler () from 
/etc/httpd/modules/mod_perl.so
#46 0x08072145 in ap_run_process_connection ()
#47 0x08066ba1 in ap_graceful_stop_signalled ()
#48 0x08066cf4 in ap_graceful_stop_signalled ()
#49 0x08066e16 in ap_graceful_stop_signalled ()
#50 0x0806763d in ap_mpm_run ()
#51 0x0806dacf in main ()
(gdb)

Comment 6 Joe Orton 2004-01-05 17:09:00 UTC

Try and generate a few new core dumps: if all the core dumps have
similar segfaults inside XS_GD__Image_png or gdFree, this is probably
a bug in the GD bindings for Perl, or maybe in gd or embperl.  Contact
the authors of the Perl bindings, or try the embperl mailing list, etc.

(Also try reproducing the bug outside of mod_perl/embperl)

Please reopen this bug report if you find evidence of a bug in httpd
or mod_perl.

Comment 7 Joe Orton 2004-05-28 12:51:33 UTC

This bug was reported again: it turns out this issue is due to a
symbol conflict between the PHP module (which includes a copy of the
gd library) and the system gd library.

Comment 8 Joe Orton 2004-05-28 12:52:16 UTC


*** This bug has been marked as a duplicate of 123530 ***

Comment 9 Joe Orton 2004-05-28 12:54:49 UTC

Bad dup, apologies for the noise, Alexander (and for the original
misdiagnosis).

Comment 10 Joe Orton 2004-05-28 12:55:14 UTC


*** This bug has been marked as a duplicate of 124530 ***

Comment 11 Alexander Hartmaier 2004-06-15 08:14:44 UTC

I'm using debian unstable now which runs flawless since beginning of 
the year and is FREE!

Comment 12 Red Hat Bugzilla 2006-02-21 19:00:31 UTC

Changed to 'CLOSED' state since 'RESOLVED' has been deprecated.