Bug 91279
| Summary: | Segfault using PHP with mod_negotiation | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Product: | [Retired] Red Hat Linux | Reporter: | Chris Ricker <chris.ricker> | ||||||||
| Component: | php | Assignee: | Joe Orton <jorton> | ||||||||
| Status: | CLOSED ERRATA | QA Contact: | David Lawrence <dkl> | ||||||||
| Severity: | medium | Docs Contact: | |||||||||
| Priority: | medium | ||||||||||
| Version: | 9 | CC: | stu | ||||||||
| Target Milestone: | --- | ||||||||||
| Target Release: | --- | ||||||||||
| Hardware: | All | ||||||||||
| OS: | Linux | ||||||||||
| Whiteboard: | |||||||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||||||
| Doc Text: | Story Points: | --- | |||||||||
| Clone Of: | Environment: | ||||||||||
| Last Closed: | 2003-07-03 11:46:48 UTC | Type: | --- | ||||||||
| Regression: | --- | Mount Type: | --- | ||||||||
| Documentation: | --- | CRM: | |||||||||
| Verified Versions: | Category: | --- | |||||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||||
| Embargoed: | |||||||||||
| Attachments: |
|
||||||||||
Created attachment 91836 [details]
strace of segfaulting httpd
I've attached a complete strace of the segfaulting process, just in case that's useful. In a sec, I'll attach /etc/httpd/conf.d/php.conf.... Created attachment 91837 [details]
php.conf
Hmm, after poking this some more, it looks like what was actually blowing up was the whole /var/www/error/*.var -> /var/www/error/include/*.html custom error response generation stuff. If the /var/www/error/*.html file gets parsed by the PHP interpreter, then everything blows up. If the /var/www/error/*.html file doesn't hit the PHP interpreter, everything's fine. I modified php.conf to parse /var/www/error/*.html as HTML, and it solved the problem. It does seem broken that httpd ever segfaulted from the original configuration, though. Created attachment 91845 [details]
working php.conf
Out of curiosity, I poked this a bit more to see where exactly the problem lies.
It looks like its the MultiViews error responses that are blowing up if they get
parsed by the PHP interpreter.
I changed /etc/httpd/conf/httpd.conf to
ErrorDocument 404 /error/HTTP_NOT_FOUND.html
copied just the english portion of /var/www/error/HTTP_NOT_FOUND.html.var to
/var/www/error/HTTP_NOT_FOUND.html, changed php.conf to interpret all .html
through the PHP interpreter, and everything still worked (including custom error
response using the SSI-type directives in HTTP_NOT_FOUND.html and
/var/www/error/include/*.html)
Something about the .var files (or the HTML output from them) running through
PHP appears to be why this died?
That's very interesting. Thanks a lot for narrowing down the failure case. It looks like this is a collision with a quirk of how mod_include handles subrequests. I'm testing a fix for the next erratum - thanks a lot for tracking this down so precisely. The fix for this is integrated for forthcoming erratum. An errata has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2003-204.html *** Bug 86409 has been marked as a duplicate of this bug. *** |
I see this both with httpd-2.0.40-21.1 php-4.2.2-17 on fully updated RHL 9, and on the same box after revving to httpd-2.0.45-5 php-4.3.1-3 from rawhide This box was running RHL 7.x using Apache httpd 1.3. All the web content on here was written in PHP in files saved as foo.html. Since all the html files have PHP content, when upgraded to RHL 9, the /etc/httpd/conf.d/php.conf was changed to: <Files *.html> SetOutputFilter PHP SetInputFilter PHP LimitRequestBody 524288 </Files> DirectoryIndex index.html (which seemed reasonable -- in theory, all the HTML files are PHP-parseable) However, that causes httpd to segfault whenever non-existant URLs are requested. From /var/log/httpd/error_log: [Tue May 20 12:51:36 2003] [error] [client 127.0.0.1] File does not exist: /var/www/html/foo [Tue May 20 12:51:36 2003] [notice] child pid 3904 exit signal Segmentation fault (11) The strace of process 3904 shows that it apparently dies trying to parse the raw HTML files in /var/www/error/include: 3904 read(13, "GET /foo HTTP/1.1\r\nHost: localho"..., 8000) = 430 3904 gettimeofday({1053456696, 545119}, NULL) = 0 3904 stat64("/var/www/html/foo", 0xbffff3e0) = -1 ENOENT (No such file or directory) 3904 lstat64("/var", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 3904 lstat64("/var/www", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 3904 lstat64("/var/www/html", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 3904 lstat64("/var/www/html/foo", 0xbffff3c0) = -1 ENOENT (No such file or directory) 3904 gettimeofday({1053456696, 545682}, NULL) = 0 3904 write(7, "[Tue May 20 12:51:36 2003] [erro"..., 93) = 93 3904 brk(0) = 0x828d000 3904 brk(0x828f000) = 0x828f000 3904 stat64("/var/www/error/HTTP_NOT_FOUND.html.var", {st_mode=S_IFREG|0644, st_size=3829, ...}) = 0 3904 lstat64("/var/www/error/HTTP_NOT_FOUND.html.var", {st_mode=S_IFREG|0644, st_size=3829, ...}) = 0 3904 brk(0) = 0x828f000 3904 brk(0x8291000) = 0x8291000 3904 brk(0) = 0x8291000 3904 brk(0x8293000) = 0x8293000 3904 open("/var/www/error/HTTP_NOT_FOUND.html.var", O_RDONLY) = 14 3904 read(14, "Content-language: de\nContent-typ"..., 4096) = 3829 3904 read(14, "", 4096) = 0 3904 read(14, "", 4096) = 0 3904 read(14, "", 4096) = 0 3904 read(14, "", 4096) = 0 3904 read(14, "", 4096) = 0 3904 read(14, "", 4096) = 0 3904 brk(0) = 0x8293000 3904 brk(0x8295000) = 0x8295000 3904 brk(0) = 0x8295000 3904 brk(0x8297000) = 0x8297000 3904 stat64("/var/www/error/include/top.html", {st_mode=S_IFREG|0644, st_size=608, ...}) = 0 3904 lstat64("/var/www/error/include", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 3904 lstat64("/var/www/error/include/top.html", {st_mode=S_IFREG|0644, st_size=608, ...}) = 0 3904 open("/var/www/error/include/top.html", O_RDONLY) = 15 3904 mmap2(NULL, 608, PROT_READ, MAP_SHARED, 15, 0) = 0x40812000 3904 brk(0) = 0x8297000 3904 brk(0x8299000) = 0x8299000 3904 close(15) = 0 3904 stat64("/var/www/error/include/bottom.html", {st_mode=S_IFREG|0644, st_size=454, ...}) = 0 3904 lstat64("/var/www/error/include", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 3904 lstat64("/var/www/error/include/bottom.html", {st_mode=S_IFREG|0644, st_size=454, ...}) = 0 3904 open("/var/www/error/include/bottom.html", O_RDONLY) = 15 3904 mmap2(NULL, 454, PROT_READ, MAP_SHARED, 15, 0) = 0x40813000 3904 --- SIGSEGV (Segmentation fault) @ 0 (0) --- 3904 chdir("/etc/httpd") = 0 3904 rt_sigaction(SIGSEGV, {SIG_DFL}, {SIG_DFL}, 8) = 0 3904 getpid() = 3904 3904 kill(3904, SIGSEGV) = 0 3904 sigreturn() = ? (mask now []) 3904 --- SIGSEGV (Segmentation fault) @ 0 (0) --- To some extent, this is perhaps a case of "Don't do that, then" ;-). At the same time, though, I don't think that reading those files should cause PHP / httpd to segfault.... The files in /var/www/error/include are the stock ones distributed with httpd. I think this is a problem with php, and not just httpd, because it only happens with the mentioned change to php.conf, and it only happens if php is included in the httpd. Without php parsing those HTML files in /var/www/error/, there is no segfault....