Bug 203151 - php segmentation fault on setlocale function
php segmentation fault on setlocale function
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: php (Show other bugs)
4.4
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Joe Orton
David Lawrence
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-08-18 13:06 EDT by Dominik Gehl
Modified: 2009-05-18 16:32 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-05-18 16:32:26 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
test case to reproduce the bug (927 bytes, text/plain)
2006-08-28 13:33 EDT, Dominik Gehl
no flags Details
patch (352 bytes, patch)
2006-08-29 09:37 EDT, Dominik Gehl
no flags Details | Diff
RPM spec (35.56 KB, text/plain)
2006-08-29 09:39 EDT, Dominik Gehl
no flags Details


External Trackers
Tracker ID Priority Status Summary Last Updated
PHP Bug Tracker 38534 None None None Never

  None (edit)
Description Dominik Gehl 2006-08-18 13:06:15 EDT
Description of problem:


Version-Release number of selected component (if applicable):

# httpd -V
Server version: Apache/2.0.52
Server built:   Aug  2 2006 05:21:10
Server's Module Magic Number: 20020903:9
Architecture:   32-bit
Server compiled with....
 -D APACHE_MPM_DIR="server/mpm/prefork"
 -D APR_HAS_SENDFILE
 -D APR_HAS_MMAP
 -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
 -D APR_USE_SYSVSEM_SERIALIZE
 -D APR_USE_PTHREAD_SERIALIZE
 -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
 -D APR_HAS_OTHER_CHILD
 -D AP_HAVE_RELIABLE_PIPED_LOGS
 -D HTTPD_ROOT="/etc/httpd"
 -D SUEXEC_BIN="/usr/sbin/suexec"
 -D DEFAULT_PIDLOG="logs/httpd.pid"
 -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
 -D DEFAULT_LOCKFILE="logs/accept.lock"
 -D DEFAULT_ERRORLOG="logs/error_log"
 -D AP_TYPES_CONFIG_FILE="conf/mime.types"
 -D SERVER_CONFIG_FILE="conf/httpd.conf"

# php -v
PHP 4.3.9 (cgi) (built: Aug 18 2006 10:44:31) (DEBUG)
Copyright (c) 1997-2004 The PHP Group
Zend Engine v1.3.0, Copyright (c) 1998-2004 Zend Technologies
    with Advanced PHP Debugger (APD) v0.9.1, , by George Schlossnagle


Steps to Reproduce:
1. Install Horde 3.1.3, IMP 4.1.3 (http://www.horde.org)
2. Configure horde with
$conf['log']['priority'] = PEAR_LOG_DEBUG
$conf['sessionhandler']['type'] = 'pgsql';
3. Open the Horde login page in a browser
  
Actual results:
httpd segfault

Expected results:
No segmentation fault

Additional info:
Segmentation fault can be prevented by changed the horde sessionhandler type to
'none' or, changed the log level to 'PEAR_LOG_INFO'

Here's the information from the httpd core dump and gdb:

#0  0x00ad1a2c in memcpy () from /lib/tls/libc.so.6
(gdb) bt
#0  0x00ad1a2c in memcpy () from /lib/tls/libc.so.6
#1  0x00e9534b in _mem_block_check (ptr=0x9a08b84, silent=0,
__zend_filename=0xed9970
"/usr/src/redhat/BUILD/php-4.3.9/ext/standard/string.c", __zend_lineno=3127,
    __zend_orig_filename=0x0, __zend_orig_lineno=0) at
/usr/src/redhat/BUILD/php-4.3.9/Zend/zend_alloc.c:675
#2  0x00e9530d in _mem_block_check (ptr=0x9a08b84, silent=1,
__zend_filename=0xed9970
"/usr/src/redhat/BUILD/php-4.3.9/ext/standard/string.c", __zend_lineno=3127,
    __zend_orig_filename=0x0, __zend_orig_lineno=0) at
/usr/src/redhat/BUILD/php-4.3.9/Zend/zend_alloc.c:667
#3  0x00e944cb in _efree (ptr=0x9a08b84, __zend_filename=0xed9970
"/usr/src/redhat/BUILD/php-4.3.9/ext/standard/string.c", __zend_lineno=3127,
    __zend_orig_filename=0x0, __zend_orig_lineno=0) at
/usr/src/redhat/BUILD/php-4.3.9/Zend/zend_alloc.c:243
#4  0x00e41b24 in zif_setlocale (ht=2, return_value=0x9a18344, this_ptr=0x0,
return_value_used=0) at /usr/src/redhat/BUILD/php-4.3.9/ext/standard/string.c:3127
#5  0x00ebd4f6 in execute (op_array=0x91657cc) at
/usr/src/redhat/BUILD/php-4.3.9/Zend/zend_execute.c:1640
#6  0x00ebd771 in execute (op_array=0x93210ac) at
/usr/src/redhat/BUILD/php-4.3.9/Zend/zend_execute.c:1684
#7  0x00e9e977 in call_user_function_ex (function_table=0x9332000,
object_pp=0x932a768, function_name=0x932178c, retval_ptr_ptr=0xbfe9ebe4,
param_count=2,
    params=0x9723fac, no_separation=1, symbol_table=0x0) at
/usr/src/redhat/BUILD/php-4.3.9/Zend/zend_execute_API.c:567
#8  0x00e9df81 in call_user_function (function_table=0x901ab18, object_pp=0x0,
function_name=0x932a844, retval_ptr=0x9a1bccc, param_count=2, params=0xbfe9ec68)
    at /usr/src/redhat/BUILD/php-4.3.9/Zend/zend_execute_API.c:409
#9  0x00dde06e in ps_call_handler (func=0x932a844, argc=2, argv=0xbfe9ec68) at
/usr/src/redhat/BUILD/php-4.3.9/ext/session/mod_user.c:60
#10 0x00dde695 in ps_write_user (mod_data=0xf07310, key=0x92d698c
"555d66f42dd88768d0c97638a5a2c821",
    val=0x9a64164
"imp|a:29:{s:5:\"cache\";a:0:{}s:4:\"pass\";s:7:\"v\036\032?207\rN\";s:11:\"_logintasks\";i:0;s:4:\"user\";s:11:\"xxxxxxxxxxx\";s:8:\"uniquser\";s:23:\"xxxxxxxxxxxxxxxxxxxxxxx\";s:6:\"server\";s:9:\"localhost\";s:3:\"acl\";b:0;s:5:\""...,
vallen=80476) at /usr/src/redhat/BUILD/php-4.3.9/ext/session/mod_user.c:148
#11 0x00dd9d27 in php_session_save_current_state () at
/usr/src/redhat/BUILD/php-4.3.9/ext/session/session.c:696
#12 0x00ddd123 in php_session_flush () at
/usr/src/redhat/BUILD/php-4.3.9/ext/session/session.c:1605
#13 0x00ddd14e in zm_deactivate_session (type=1, module_number=8) at
/usr/src/redhat/BUILD/php-4.3.9/ext/session/session.c:1619
#14 0x00eaccea in module_registry_cleanup (module=0x90b7df8) at
/usr/src/redhat/BUILD/php-4.3.9/Zend/zend_API.c:1167
#15 0x00eafea3 in zend_hash_apply (ht=0xf0b720, apply_func=0xeacca7
<module_registry_cleanup>) at /usr/src/redhat/BUILD/php-4.3.9/Zend/zend_hash.c:703
#16 0x00ea8954 in zend_deactivate_modules () at
/usr/src/redhat/BUILD/php-4.3.9/Zend/zend.c:652
#17 0x00e6b6c2 in php_request_shutdown (dummy=0x0) at
/usr/src/redhat/BUILD/php-4.3.9/main/main.c:993
#18 0x00ec3079 in php_apache_request_dtor (r=0x911c948) at
/usr/src/redhat/BUILD/php-4.3.9/sapi/apache2handler/sapi_apache2.c:461
#19 0x00ec384c in php_handler (r=0x911c948) at
/usr/src/redhat/BUILD/php-4.3.9/sapi/apache2handler/sapi_apache2.c:595
#20 0x002839d7 in ap_run_handler () from /usr/sbin/httpd
#21 0x00283e43 in ap_invoke_handler () from /usr/sbin/httpd
#22 0x002808c5 in ap_process_request () from /usr/sbin/httpd
#23 0x0027b63f in _start () from /usr/sbin/httpd
#24 0x0911c948 in ?? ()
#25 0x00000004 in ?? ()
#26 0x0911c948 in ?? ()
#27 0x09110450 in ?? ()
#28 0x091108ff in ?? ()
#29 0x00000000 in ?? ()
(gdb) frame 5
#5  0x00ebd4f6 in execute (op_array=0x91657cc) at
/usr/src/redhat/BUILD/php-4.3.9/Zend/zend_execute.c:1640
1640                                                           
((zend_internal_function *)
EX(function_state).function)->handler(EX(opline)->extended_value,
EX(Ts)[EX(opline)->result.u.var].var.ptr, EX(object).ptr, return_value_used
TSRMLS_CC);
(gdb) print (char
*)(executor_globals.function_state_ptr->function)->common.function_name
$1 = 0xed1dfd "setlocale"
(gdb) print (char *)executor_globals.active_op_array->function_name
$2 = 0x9163cfc "logmessage"
(gdb) print (char *)executor_globals.active_op_array->filename
$3 = 0x9164544 "/var/www/html/horde-3.1.3/lib/Horde.php"
Comment 1 Dominik Gehl 2006-08-28 13:33:40 EDT
Created attachment 135063 [details]
test case to reproduce the bug

Allows to reproduce the bug
Comment 2 Dominik Gehl 2006-08-29 09:37:38 EDT
Created attachment 135130 [details]
patch

patch in the php cvs (4.4.4), applied to php-4.3.9
Comment 3 Dominik Gehl 2006-08-29 09:39:47 EDT
Created attachment 135131 [details]
RPM spec

new spec file for php-4.3.9 rpm (includes the patch)
Comment 5 RHEL Product and Program Management 2008-02-01 14:12:39 EST
This request was evaluated by Red Hat Product Management for
inclusion, but this component is not scheduled to be updated in
the current Red Hat Enterprise Linux release. If you would like
this request to be reviewed for the next minor release, ask your
support representative to set the next rhel-x.y flag to "?".
Comment 6 RHEL Product and Program Management 2008-09-05 13:11:32 EDT
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.
Comment 11 errata-xmlrpc 2009-05-18 16:32:26 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2009-1013.html

Note You need to log in before you can comment on or make changes to this bug.