Bug 485088

Summary: it seems the issue is that something is causing either apache or php to die (Segfault) on some POST variables when it's trying to pass them across to other pages.
Product: Red Hat Enterprise Linux 5 Reporter: James Chenvert <james_chenvert>
Component: phpAssignee: Joe Orton <jorton>
Status: CLOSED NOTABUG QA Contact: BaseOS QE <qe-baseos-auto>
Severity: medium Docs Contact:
Priority: low    
Version: 5.3   
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-02-11 15:48:10 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description James Chenvert 2009-02-11 15:18:51 UTC 
Description of problem:

Apache + Php httpd child process segfaults under certain conditions (POST)
it seems the issue is that something is causing either apache or php to die (Segfault) on some POST variables when it's trying to pass them across to other pages.


Version-Release number of selected component (if applicable):
httpd-2.2.3-22.el5
php-common-5.1.6-23.el5
php-mysql-5.1.6-23.el5
php-pdo-5.1.6-23.el5
php-5.1.6-23.el5
php-cli-5.1.6-23.el5


How reproducible:
Easily

Steps to Reproduce:
1. Start apache
2. Logon to php based website (Mantis bug tracker)
3. Use any submit button
  
Actual results:
httpd child process segfaults, resulting in blank page displayed for website user.


Expected results:
No segfault of httpd child process, user moves on to the expecting result page after hitting submit (post).


Additional info:
stack trace from gdb
#20064 0x00002b4aa5db46c1 in pcre_exec () from /lib64/libpcre.so.0
#20065 0x00002b4aac7dad8d in ?? () from /etc/httpd/modules/libphp5.so
#20066 0x00002b4aac943862 in ?? () from /etc/httpd/modules/libphp5.so
#20067 0x00002b4aac9339cc in execute () from /etc/httpd/modules/libphp5.so
#20068 0x00002b4aac9432c2 in ?? () from /etc/httpd/modules/libphp5.so
#20069 0x00002b4aac9339cc in execute () from /etc/httpd/modules/libphp5.so
#20070 0x00002b4aac9432c2 in ?? () from /etc/httpd/modules/libphp5.so
#20071 0x00002b4aac9339cc in execute () from /etc/httpd/modules/libphp5.so
#20072 0x00002b4aac9432c2 in ?? () from /etc/httpd/modules/libphp5.so
#20073 0x00002b4aac9339cc in execute () from /etc/httpd/modules/libphp5.so
#20074 0x00002b4aac9432c2 in ?? () from /etc/httpd/modules/libphp5.so
#20075 0x00002b4aac9339cc in execute () from /etc/httpd/modules/libphp5.so
#20076 0x00002b4aac9432c2 in ?? () from /etc/httpd/modules/libphp5.so
#20077 0x00002b4aac9339cc in execute () from /etc/httpd/modules/libphp5.so
#20078 0x00002b4aac90cf21 in zend_call_function () from /etc/httpd/modules/libphp5.so
#20079 0x00002b4aac90e026 in call_user_function_ex () from /etc/httpd/modules/libphp5.so
#20080 0x00002b4aac87585a in zif_call_user_func_array () from /etc/httpd/modules/libphp5.so
#20081 0x00002b4aac943862 in ?? () from /etc/httpd/modules/libphp5.so
#20082 0x00002b4aac9339cc in execute () from /etc/httpd/modules/libphp5.so
#20083 0x00002b4aac9432c2 in ?? () from /etc/httpd/modules/libphp5.so
#20084 0x00002b4aac9339cc in execute () from /etc/httpd/modules/libphp5.so
#20085 0x00002b4aac9432c2 in ?? () from /etc/httpd/modules/libphp5.so
#20086 0x00002b4aac9339cc in execute () from /etc/httpd/modules/libphp5.so
#20087 0x00002b4aac9432c2 in ?? () from /etc/httpd/modules/libphp5.so
#20088 0x00002b4aac9339cc in execute () from /etc/httpd/modules/libphp5.so
#20089 0x00002b4aac9432c2 in ?? () from /etc/httpd/modules/libphp5.so
#20090 0x00002b4aac9339cc in execute () from /etc/httpd/modules/libphp5.so
#20091 0x00002b4aac9432c2 in ?? () from /etc/httpd/modules/libphp5.so
#20092 0x00002b4aac9339cc in execute () from /etc/httpd/modules/libphp5.so
#20093 0x00002b4aac9432c2 in ?? () from /etc/httpd/modules/libphp5.so
#20094 0x00002b4aac9339cc in execute () from /etc/httpd/modules/libphp5.so
#20095 0x00002b4aac916a8e in zend_execute_scripts () from /etc/httpd/modules/libphp5.so
#20096 0x00002b4aac8dbbb7 in php_execute_script () from /etc/httpd/modules/libphp5.so
#20097 0x00002b4aac993f86 in ?? () from /etc/httpd/modules/libphp5.so
#20098 0x00002b4aa56d99aa in ap_run_handler () from /usr/sbin/httpd
#20099 0x00002b4aa56dce22 in ap_invoke_handler () from /usr/sbin/httpd
#20100 0x00002b4aa56e78b8 in ap_process_request () from /usr/sbin/httpd
#20101 0x00002b4aa56e4af0 in ?? () from /usr/sbin/httpd
#20102 0x00002b4aa56e0c12 in ap_run_process_connection () from /usr/sbin/httpd
#20103 0x00002b4aa56eb7f9 in ?? () from /usr/sbin/httpd
#20104 0x00002b4aa56eb9f9 in ?? () from /usr/sbin/httpd
#20105 0x00002b4aa56ec517 in ap_mpm_run () from /usr/sbin/httpd
#20106 0x00002b4aa56c6e48 in main () from /usr/sbin/httpd
Comment 1 Joe Orton 2009-02-11 15:48:10 UTC 
This is indicative of a bug in the PHP script causing a recursive function call, which will crash the PHP interpreter:

#20086 0x00002b4aac9339cc in execute () from /etc/httpd/modules/libphp5.so
#20087 0x00002b4aac9432c2 in ?? () from /etc/httpd/modules/libphp5.so

if you install php-debuginfo and httpd-debuginfo (try "debuginfo-install httpd php") then printing r->filename from an ap_* stack frame can help identify the script in question.