Bug 205714 - metaphone() function causing Apache segfaults
metaphone() function causing Apache segfaults
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: php (Show other bugs)
3.8
i386 Linux
medium Severity high
: ---
: ---
Assigned To: Joe Orton
David Lawrence
:
Depends On:
Blocks: 206935
  Show dependency treegraph
 
Reported: 2006-09-08 00:41 EDT by William Yardley
Modified: 2007-11-16 20:14 EST (History)
1 user (show)

See Also:
Fixed In Version: RHSA-2006-0669
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-09-21 06:55:20 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
PHP code - example of code causing segfaults (342 bytes, text/plain)
2006-09-08 00:41 EDT, William Yardley
no flags Details
specfile (30.35 KB, text/plain)
2006-09-08 00:43 EDT, William Yardley
no flags Details
fix for metaphone() memory corruption (635 bytes, patch)
2006-09-12 10:40 EDT, Joe Orton
no flags Details | Diff

  None (edit)
Description William Yardley 2006-09-08 00:41:34 EDT
Description of problem:

Not sure whether to file this under PHP or Apache. We're having some annoying
PHP segfaults which we think we've narrowed down to a problem with the
metaphone() function. I've attached a simple test example that shows an example
of this. I can provide a backtrace, corefile (not sure if that will be helpful
without our exact PHP binary) or other info from the core file if it's helpful.

Switching to soundex() seems to resolve the problem.

It's not 100% of the time, but semi-reliably causes a crash.

Version-Release number of selected component (if applicable):
httpd-2.0.46-57.ent
php-4.4.4-07pg.33.ent
php-mysql-4.4.4-07pg.33.ent

(PHP has been built locally, but I believe it's pretty much from the stock RHEL
specfile... if it's a really big deal, I can see if we can test with stock PHP)

I imagine you'll need some more information; let me know what you need, and I'll
do my best to get it to you.
Comment 1 William Yardley 2006-09-08 00:41:36 EDT
Created attachment 135828 [details]
PHP code - example of code causing segfaults
Comment 2 William Yardley 2006-09-08 00:43:04 EDT
Created attachment 135829 [details]
specfile
Comment 3 Christopher McCrory 2006-09-08 10:14:46 EDT
This should happen with the default RHEL3 i386

aparently RHEL4 x86_64 works ok

RHEL5 i386 breaks also.


/]# cat /etc/redhat-release 
Red Hat Enterprise Linux Server release 4.91 (Tikanga)

/]# rpm -q php
php-5.1.4-8.1


/]# php /tmp/crash.php
ASSFKS<br>ASFKS<br>EKSFKSBK<br>*** glibc detected *** php: corrupted
double-linked list: 0x087f1bb0 ***
======= Backtrace: =========
/lib/libc.so.6[0x8485cb]
/lib/libc.so.6[0x849f0e]
/lib/libc.so.6(cfree+0x90)[0x84a360]
/usr/lib/libaspell.so.15[0xa4062d]
/usr/lib/libaspell.so.15(_ZN7acommon15GlobalCacheBase7releaseEPNS_9CacheableE+0x4b)[0xa1407b]
/usr/lib/libaspell.so.15(_ZN7acommon18release_cache_dataEPNS_15GlobalCacheBaseEPKNS_9CacheableE+0x24)[0xa14104]
/usr/lib/libaspell.so.15(_ZN8aspeller11SpellerImplD0Ev+0x4a)[0xa60b8a]
/usr/lib/libaspell.so.15(delete_aspell_speller+0x15)[0xa95df5]
php(list_entry_destructor+0x82)[0x81d6fa2]
php[0x81d4467]
php(zend_hash_graceful_reverse_destroy+0x18)[0x81d46f8]
php(zend_deactivate+0x109)[0x81cb7e9]
php(php_request_shutdown+0x1e0)[0x818ef10]
php(main+0x3e2)[0x8241902]
/lib/libc.so.6(__libc_start_main+0xdc)[0x7fa23c]
php[0x80756a1]
======= Memory map: ========
00111000-0011b000 r-xp 00000000 fd:00 9522711    /usr/lib/php/modules/ldap.so
0011b000-0011c000 rwxp 00009000 fd:00 9522711    /usr/lib/php/modules/ldap.so
0011c000-00155000 r-xp 00000000 fd:00 9527927    /usr/lib/libldap-2.3.so.0.2.12
00155000-00156000 rwxp 00039000 fd:00 9527927    /usr/lib/libldap-2.3.so.0.2.12
00156000-0015f000 r-xp 00000000 fd:00 11960361   /lib/libnss_files-2.4.90.so
0015f000-00160000 r-xp 00008000 fd:00 11960361   /lib/libnss_files-2.4.90.so
00160000-00161000 rwxp 00009000 fd:00 11960361   /lib/libnss_files-2.4.90.so
0016e000-0019e000 r-xp 00000000 fd:00 9527897    /usr/lib/libidn.so.11.5.19
0019e000-0019f000 rwxp 0002f000 fd:00 9527897    /usr/lib/libidn.so.11.5.19
001e2000-00266000 r-xp 00000000 fd:00 9527900    /usr/lib/libkrb5.so.3.2
00266000-00268000 rwxp 00084000 fd:00 9527900    /usr/lib/libkrb5.so.3.2
0026a000-00386000 r-xp 00000000 fd:00 11961217   /lib/libcrypto.so.0.9.8b
00386000-00399000 rwxp 0011b000 fd:00 11961217   /lib/libcrypto.so.0.9.8b
00399000-0039c000 rwxp 00399000 00:00 0 
003b3000-003dd000 r-xp 00000000 fd:00 9527901    /usr/lib/libgssapi_krb5.so.2.2
003dd000-003de000 rwxp 00029000 fd:00 9527901    /usr/lib/libgssapi_krb5.so.2.2
003e0000-00421000 r-xp 00000000 fd:00 11961218   /lib/libssl.so.0.9.8b
00421000-00425000 rwxp 00040000 fd:00 11961218   /lib/libssl.so.0.9.8b
00431000-0055d000 r-xp 00000000 fd:00 9514359    /usr/lib/libxml2.so.2.6.26
0055d000-00562000 rwxp 0012b000 fd:00 9514359    /usr/lib/libxml2.so.2.6.26
00562000-00563000 rwxp 00562000 00:00 0 
00565000-00581000 r-xp 00000000 fd:00 11961213   /lib/libpcre.so.0.0.1
00581000-00582000 rwxp 0001b000 fd:00 11961213   /lib/libpcre.so.0.0.1
00584000-005b1000 r-xp 00000000 fd:00 21594113   /usr/lib/sse2/libgmp.so.3.3.3
005b1000-005b2000 rwxp 0002c000 fd:00 21594113   /usr/lib/sse2/libgmp.so.3.3.3
007bf000-007d8000 r-xp 00000000 fd:00 11961200   /lib/ld-2.4.90.so
007d8000-007d9000 r-xp 00018000 fd:00 11961200   /lib/ld-2.4.90.so
007d9000-007da000 rwxp 00019000 fd:00 11961200   /lib/ld-2.4.90.so
007dc000-007dd000 r-xp 00000000 fd:00 9514630    /usr/lib/libpspell.so.15.1.3
007dd000-007de000 rwxp 00000000 fd:00 9514630    /usr/lib/libpspell.so.15.1.3
007e1000-00918000 r-xp 00000000 fd:00 11961201   /lib/libc-2.4.90.so
00918000-0091a000 r-xp 00137000 fd:00 11961201   /lib/libc-2.4.90.so
0091a000-0091b000 rwxp 00139000 fd:00 11961201   /lib/libc-2.4.90.so
0091b000-0091e000 rwxp 0091b000 00:00 0 
00920000-00945000 r-xp 00000000 fd:00 11961206   /lib/libm-2.4.90.so
00945000-00946000 r-xp 00024000 fd:00 11961206   /lib/libm-2.4.90.so
00946000-00947000 rwxp 00025000 fd:00 11961206   /lib/libm-2.4.90.so
00949000-0094b000 r-xp 00000000 fd:00 11961202   /lib/libdl-2.4.90.so
0094b000-0094c000 r-xp 00001000 fd:00 11961202   /lib/libdl-2.4.90.so
0094c000-0094d000 rwxp 00002000 fd:00 11961202   /lib/libdl-2.4.90.so
0094f000-00961000 r-xp 00000000 fd:00 9527878    /usr/lib/libz.so.1.2.3
00961000-00962000 rwxp 00011000 fd:00 9527878    /usr/lib/libz.so.1.2.3
00964000-00977000 r-xp 00000000 fd:00 11961208   /lib/libpthread-2.4.90.so
00977000-00978000 r-xp 00012000 fd:00 11961208   /lib/libpthread-2.4.90.so
00978000-00979000 rwxp 00013000 fd:00 11961208   /lib/libpthread-2.4.90.so
00979000-0097b000 rwxp 00979000 00:00 0 
0097d000-00995000 r-xp 00000000 fd:00 9508002    /usr/lib/libsasl2.so.2.0.22
00995000-00996000 rwxp 00017000 fd:00 9508002    /usr/lib/libsasl2.so.2.0.22
00998000-009a5000 r-xp 00000000 fd:00 9508611    /usr/lib/liblber-2.3.so.0.2.12
009a5000-009a6000 rwxp 0000c000 fd:00 9508611    /usr/lib/liblber-2.3.so.0.2.12
009b5000-009ef000 r-xp 00000000 fd:00 21430329   /usr/lib/libcurl.so.3.0.0
009ef000-009f0000 rwxp 0003a000 fd:00 21430329   /usr/lib/libcurl.so.3.0.0
009f2000-00aab000 r-xp 00000000 fd:00 21430351   /usr/lib/libaspell.so.15.1.3
00aab000-00aaf000 rwxp 000b8000 fd:00 21430351   /usr/lib/libaspell.so.15.1.3
00aaf000-00ab3000 rwxp 00aaf000 00:00 0 
00abe000-00ac9000 r-xp 00000000 fd:00 11961209   /lib/libgcc_s-4.1.1-20060818.so.1
00ac9000-00aca000 rwxp 0000a000 fd:00 11961209   /lib/libgcc_s-4.1.1-20060818.so.1
00b4e000-00c31000 r-xp 00000000 fd:00 9513789    /usr/lib/libstdc++.so.6.0.8
00c31000-00c35000 r-xp 000e2000 fd:00 9513789    /usr/lib/libstdc++.so.6.0.8
00c35000-00c36000 rwxp 000e6000 fd:00 9513789    /usr/lib/libstdc++.so.6.0.8
00c36000-00c3c000 rwxp 00c36000 00:00 0 
00d4b000-00d5d000 r-xp 00000000 fd:00 11961214   /lib/libnsl-2.4.90.so
00d5d000-00d5e000 r-xp 00011000 fd:00 11961214   /lib/libnsl-2.4.90.so
00d5e000-00d5f000 rwxp 00012000 fd:00 11961214   /lib/libnsl-2.4.90.so
00d5f000-00d61000 rwxp 00d5f000 00:00 0 
00da8000-00db7000 r-xp 00000000 fd:00 11961215   /lib/libresolv-2.4.90.so
00db7000-00db8000 r-xp 0000e000 fd:00 11961215   /lib/libresolv-2.4.90.so
00db8000-00db9000 rwxp 0000f000 fd:00 11961215   /lib/libresolv-2.4.90.so
00db9000-00dbb000 rwxp 00db9000 00:00 0 
00dbd000-00dbf000 r-xp 00000000 fd:00 11961216   /lib/libcom_err.so.2.1
00dbf000-00dc0000 rwxp 00001000 fd:00 11961216   /lib/libcom_err.so.2.1
00dc2000-00de7000 r-xp 00000000 fd:00 9527899    /usr/lib/libk5crypto.so.3.0
00de7000-00de8000 rwxp 00025000 fd:00 9527899    /usr/lib/libk5crypto.so.3.0
00dea000-00df1000 r-xp 00000000 fd:00 9524439    /usr/lib/libkrb5support.so.0.1
00df1000-00df2000 rwxp 00006000 fd:00 9524439    /usr/lib/libkrb5support.so.0.1
038ad000-038b2000 r-xp 00000000 fd:00 11960404   /lib/libcrypt-2.4.90.so
038b2000-038b3000 r-xp 00004000 fd:00 11960404   /lib/libcrypt-2.4.90.so
038b3000-038b4000 rwxp 00005000 fd:00 11960404   /lib/libcrypt-2.4.90.so
038b4000-038db000 rwxp 038b4000 00:00 0 
03cb0000-03cc0000 r-xp 00000000 fd:00 9514430    /usr/lib/libbz2.so.1.0.3
03cc0000-03cc1000 rwxp 0000f000 fd:00 9514430    /usr/lib/libbz2.so.1.0.3
03d2b000-03e1f000 r-xp 00000000 fd:00 11960405   /lib/libdb-4.3.so
03e1f000-03e22000 rwxp 000f4000 fd:00 11960405   /lib/libdb-4.3.so
08047000-082c2000 r-xp 00000000 fd:00 9507930    /usr/bin/php
082c2000-08313000 rwxp 0027b000 fd:00 9507930    /usr/bin/php
08313000-0831a000 rwxp 08313000 00:00 0 
0873f000-0885b000 rwxp 0873f000 00:00 0 
b7e00000-b7e21000 rwxp b7e00000 00:00 0 
b7e21000-b7f00000 --xp b7e21000 00:00 0 
b7fbe000-b7fc5000 rwxp b7fbe000 00:00 0 
b7fda000-b7fdb000 rwxp b7fda000 00:00 0 
b7fdb000-b7fdc000 r-xp b7fdb000 00:00 0          [vdso]
bfd5f000-bfd74000 rw-p bfd5f000 00:00 0          [stack]
Aborted
Comment 4 Christopher McCrory 2006-09-08 11:59:18 EDT
FWIW, this is the segfault I mentioned in
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=205627



same happens on FC5

[chrismcc@fc5 ~]$ rpm -q php
php-5.1.4-1

[chrismcc@fc5 ~]$ php /tmp/crash.php 
ASSFKS<br>ASFKS<br>EKSFKSBK<br>*** glibc detected *** php: free(): invalid
pointer: 0x091bb958 ***
======= Backtrace: =========
/lib/libc.so.6[0x5d8a68]
/lib/libc.so.6(__libc_free+0x78)[0x5dbf4f]
/usr/lib/libstdc++.so.6(_ZdlPv+0x21)[0x75d6c1]
/usr/lib/libaspell.so.15(_ZN8aspeller11SpellerImplD0Ev+0x89)[0x51cf79]
/usr/lib/libaspell.so.15(delete_aspell_speller+0x15)[0x553115]
php(list_entry_destructor+0x82)[0x81d6c62]
php[0x81d4137]
php(zend_hash_graceful_reverse_destroy+0x18)[0x81d43c8]
php(zend_deactivate+0x109)[0x81cb4d9]
php(php_request_shutdown+0x1e0)[0x818ec80]
php(main+0x3e2)[0x8241a92]
/lib/libc.so.6(__libc_start_main+0xdc)[0x58a4e4]
php[0x8075111]
======= Memory map: ========
00111000-00129000 r-xp 00000000 08:03 80788      /usr/lib/libgssapi_krb5.so.2.2
00129000-0012a000 rwxp 00017000 08:03 80788      /usr/lib/libgssapi_krb5.so.2.2
0012a000-0019d000 r-xp 00000000 08:03 80787      /usr/lib/libkrb5.so.3.2
0019d000-0019f000 rwxp 00073000 08:03 80787      /usr/lib/libkrb5.so.3.2
0019f000-001c3000 r-xp 00000000 08:03 80786      /usr/lib/libk5crypto.so.3.0
001c3000-001c4000 rwxp 00024000 08:03 80786      /usr/lib/libk5crypto.so.3.0
001c4000-001c7000 r-xp 00000000 08:03 70869      /usr/lib/libkrb5support.so.0.0
001c7000-001c8000 rwxp 00002000 08:03 70869      /usr/lib/libkrb5support.so.0.0
001c8000-001d2000 r-xp 00000000 08:03 619560     /usr/lib/php/modules/ldap.so
001d2000-001d3000 rwxp 00009000 08:03 619560     /usr/lib/php/modules/ldap.so
001d4000-0020f000 r-xp 00000000 08:03 77970      /usr/lib/libcurl.so.3.0.0
0020f000-00210000 rwxp 0003b000 08:03 77970      /usr/lib/libcurl.so.3.0.0
00210000-0032f000 r-xp 00000000 08:03 3686463    /lib/libcrypto.so.0.9.8a
0032f000-00342000 rwxp 0011e000 08:03 3686463    /lib/libcrypto.so.0.9.8a
00342000-00345000 rwxp 00342000 00:00 0 
00345000-00350000 r-xp 00000000 08:03 619557     /usr/lib/php/modules/mysql.so
00350000-00351000 rwxp 0000b000 08:03 619557     /usr/lib/php/modules/mysql.so
00351000-00357000 r-xp 00000000 08:03 619559     /usr/lib/php/modules/pdo_mysql.so
00357000-00358000 rwxp 00005000 08:03 619559     /usr/lib/php/modules/pdo_mysql.so
00358000-0035d000 r-xp 00000000 08:03 619556     /usr/lib/php/modules/pdo_sqlite.so
0035d000-0035e000 rwxp 00004000 08:03 619556     /usr/lib/php/modules/pdo_sqlite.so
00360000-00454000 r-xp 00000000 08:03 3684867    /lib/libdb-4.3.so
00454000-00457000 rwxp 000f4000 08:03 3684867    /lib/libdb-4.3.so
00457000-0047e000 r-xp 00000000 08:03 619563    
/usr/lib/php/modules/eaccelerator.so
0047e000-0047f000 rwxp 00027000 08:03 619563    
/usr/lib/php/modules/eaccelerator.so
0047f000-00498000 r-xp 00000000 08:03 619558     /usr/lib/php/modules/mysqli.so
00498000-0049a000 rwxp 00018000 08:03 619558     /usr/lib/php/modules/mysqli.so
0049a000-004a3000 r-xp 00000000 08:03 3686458    /lib/libnss_files-2.4.so
004a3000-004a4000 r-xp 00008000 08:03 3686458    /lib/libnss_files-2.4.so
004a4000-004a5000 rwxp 00009000 08:03 3686458    /lib/libnss_files-2.4.so
004a6000-00568000 r-xp 00000000 08:03 74522      /usr/lib/libaspell.so.15.1.3
00568000-0056d000 rwxp 000c1000 08:03 74522      /usr/lib/libaspell.so.15.1.3
0056d000-00571000 rwxp 0056d000 00:00 0 
00573000-00574000 r-xp 00000000 08:03 73330      /usr/lib/libpspell.so.15.1.3
00574000-00575000 rwxp 00000000 08:03 73330      /usr/lib/libpspell.so.15.1.3
00575000-006a2000 r-xp 00000000 08:03 3684727    /lib/libc-2.4.so
006a2000-006a4000 r-xp 0012d000 08:03 3684727    /lib/libc-2.4.so
006a4000-006a5000 rwxp 0012f000 08:03 3684727    /lib/libc-2.4.so
006a5000-006a8000 rwxp 006a5000 00:00 0 
006a8000-0078a000 r-xp 00000000 08:03 73187      /usr/lib/libstdc++.so.6.0.8
0078a000-0078e000 r-xp 000e1000 08:03 73187      /usr/lib/libstdc++.so.6.0.8
0078e000-0078f000 rwxp 000e5000 08:03 73187      /usr/lib/libstdc++.so.6.0.8
0078f000-00795000 rwxp 0078f000 00:00 0 
00795000-007ce000 r-xp 00000000 08:03 80797      /usr/lib/libldap-2.3.so.0.2.7
007ce000-007cf000 rwxp 00039000 08:03 80797      /usr/lib/libldap-2.3.so.0.2.7
007cf000-007e2000 r-xp 00000000 08:03 619555     /usr/lib/php/modules/pdo.so
007e2000-007e4000 rwxp 00013000 08:03 619555     /usr/lib/php/modules/pdo.so
007e4000-00840000 r-xp 00000000 08:03 70893      /usr/lib/libsqlite3.so.0.8.6
00840000-00842000 rwxp 0005b000 08:03 70893      /usr/lib/libsqlite3.so.0.8.6
00888000-0088a000 r-xp 00000000 08:03 3686454    /lib/libdl-2.4.so
0088a000-0088b000 r-xp 00001000 08:03 3686454    /lib/libdl-2.4.so
0088b000-0088c000 rwxp 00002000 08:03 3686454    /lib/libdl-2.4.so
0088c000-009ab000 r-xp 00000000 08:03 230638    
/usr/lib/mysql/libmysqlclient.so.15.0.0
009ab000-009ed000 rwxp 0011e000 08:03 230638    
/usr/lib/mysql/libmysqlclient.so.15.0.0
009ed000-009ee000 rwxp 009ed000 00:00 0 
009f0000-009ff000 r-xp 00000000 08:03 3686460    /lib/libresolv-2.4.so
009ff000-00a00000 r-xp 0000e000 08:03 3686460    /lib/libresolv-2.4.so
00a00000-00a01000 rwxp 0000f000 08:03 3686460    /lib/libresolv-2.4.so
00a01000-00a03000 rwxp 00a01000 00:00 0 
00a08000-00a18000 r-xp 00000000 08:03 3684751    /lib/libpthread-2.4.so
00a18000-00a19000 r-xp 0000f000 08:03 3684751    /lib/libpthread-2.4.so
00a19000-00a1a000 rwxp 00010000 08:03 3684751    /lib/libpthread-2.4.so
00a1a000-00a1c000 rwxp 00a1a000 00:00 0 
00a38000-00a4a000 r-xp 00000000 08:03 3686456    /lib/libnsl-2.4.so
00a4a000-00a4b000 r-xp 00011000 08:03 3686456    /lib/libnsl-2.4.so
00a4b000-00a4c000 rwxp 00012000 08:03 3686456    /lib/libnsl-2.4.so
00a4c000-00a4e000 rwxp 00a4c000 00:00 0 
00aaf000-00ab0000 r-xp 00aaf000 00:00 0          [vdso]
00ab0000-00ac9000 r-xp 00000000 08:03 3684720    /lib/ld-2.4.so
00ac9000-00aca000 r-xp 00018000 08:03 3684720    /lib/ld-2.4.so
00aca000-00acb000 rwxp 00019000 08:03 3684720    /lib/ld-2.4.so
00ba0000-00bc3000 r-xp 00000000 08:03 3686455    /lib/libm-2.4.so
00bc3000-00bc4000 r-xp 00022000 08:03 3686455    /lib/libm-2.4.so
00bc4000-00bc5000 rwxp 00023000 08:03 3686455    /lib/libm-2.4.so
00c78000-00c7d000 r-xp 00000000 08:03 3684731    /lib/libcrypt-2.4.so
00c7d000-00c7e000 r-xp 00004000 08:03 3684731    /lib/libcrypt-2.4.so
00c7e000-00c7f000 rwxp 00005000 08:03 3684731    /lib/libcrypt-2.4.so
00c7f000-00ca6000 rwxp 00c7f000 00:00 0 
00ca6000-00e37000 r-xp 00000000 08:03 619649     /usr/lib/php/modules/mbstring.so
00e37000-00e4a000 rwxp 00191000 08:03 619649     /usr/lib/php/modules/mbstring.so
00ea0000-00ee1000 r-xp 00000000 08:03 3684865    /lib/libssl.so.0.9.8a
00ee1000-00ee5000 rwxp 00040000 08:03 3684865    /lib/libssl.so.0.9.8a
08047000-082c2000 r-xp 00000000 08:03 69974      /usr/bin/php
082c2000-08313000 rwxp 0027b000 08:03 69974      /usr/bin/php
08313000-0831a000 rwxp 08313000 00:00 0 
09099000-091da000 rwxp 09099000 00:00 0          [heap]
4cb98000-4cba3000 r-xp 00000000 08:03 3684733    /lib/libgcc_s-4.1.1-20060525.so.1
4cba3000-4cba4000 rwxp 0000a000 08:03 3684733    /lib/libgcc_s-4.1.1-20060525.so.1
4cddb000-4cdea000 r-xp 00000000 08:03 70870      /usr/lib/libbz2.so.1.0.3
4cdea000-4cdeb000 rwxp 0000f000 08:03 70870      /usr/lib/libbz2.so.1.0.3
4d934000-4d94b000 r-xp 00000000 08:03 3684874    /lib/libpcre.so.0.0.1
4d94b000-4d962000 rwxp 00017000 08:03 3684874    /lib/libpcre.so.0.0.1
4d963000-4d970000 r-xp 00000000 08:03 71007      /usr/lib/liblber-2.3.so.0.2.7
4d970000-4d971000 rwxp 0000c000 08:03 71007      /usr/lib/liblber-2.3.so.0.2.7
4d991000-4d9a3000 r-xp 00000000 08:03 70745      /usr/lib/libz.so.1.2.3
4d9a3000-4d9a4000 rwxp 00011000 08:03 70745      /usr/lib/libz.so.1.2.3
4da27000-4da29000 r-xp 00000000 08:03 3684864    /lib/libcom_err.so.2.1
4da29000-4da2a000 rwxp 00001000 08:03 3684864    /lib/libcom_err.so.2.1
4da4f000-4da66000 r-xp 00000000 08:03 77667      /usr/lib/libsasl2.so.2.0.21
4da66000-4da67000 rwxp 00016000 08:03 77667      /usr/lib/libsasl2.so.2.0.21
4dd7e000-4dea2000 r-xp 00000000 08:03 71390      /usr/lib/libxml2.so.2.6.23
4dea2000-4deaa000 rwxp 00124000 08:03 71390      /usr/lib/libxml2.so.2.6.23
4deaa000-4deab000 rwxp 4deaa000 00:00 0 
4dfa6000-4dfd5000 r-xp 00000000 08:03 71250      /usr/lib/libidn.so.11.5.16
4dfd5000-4dfd6000 rwxp 0002f000 08:03 71250      /usr/lib/libidn.so.11.5.16
4e0df000-4e10c000 r-xp 00000000 08:03 262361     /usr/lib/sse2/libgmp.so.3.3.3
4e10c000-4e10d000 rwxp 0002c000 08:03 262361     /usr/lib/sse2/libgmp.so.3.3.3
b7c00000-b7c21000 rw-p b7c00000 00:00 0 
b7c21000-b7d00000 ---p b7c21000 00:00 0 
b7d71000-b7f71000 r--p 00000000 08:03 80804      /usr/lib/locale/locale-archive
b7f71000-b7f78000 rw-p b7f71000 00:00 0 
b7f81000-b7f82000 rw-p b7f81000 00:00 0 
bfb64000-bfb79000 rw-p bfb64000 00:00 0          [stack]
Aborted

Comment 5 William Yardley 2006-09-08 13:22:30 EDT
Just to clarify, it seems to be the combination of pspell and metaphone() is
causing the problem. We haven't been able to reproduce the problem with just
metaphone().
Comment 6 Joe Orton 2006-09-12 10:28:55 EDT
Thanks for the report.

I can reproduce this and am investigating.
Comment 7 Joe Orton 2006-09-12 10:40:53 EDT
Created attachment 136075 [details]
fix for metaphone() memory corruption

This patch should fix the problem, though I'm yet to fix the problem in a
pspell-enabled build.
Comment 8 Joe Orton 2006-09-12 10:41:21 EDT
s/fix/test
Comment 9 Christopher McCrory 2006-09-12 11:52:25 EDT
compiling now and testing today


FWIW, the crash code worked fine on FreeBSD 4.11 w/ php 4.4.4

Comment 10 Joe Orton 2006-09-12 11:55:50 EDT
It's just writing a NUL byte too far in some cases; it's pot luck what gets
overwritten and whether or not the process segfaults.  With glibc setting the
"MALLOC_CHECK_=2" env var is a good way to debug this kind of thing, it makes
malloc more paranoid.
Comment 11 Christopher McCrory 2006-09-12 12:25:02 EDT
Seems to work so far.  adding to our internal QA

you 'da man!
Comment 12 Christopher McCrory 2006-09-14 12:44:42 EDT
update:

seems to work well in our QA testing.

We are pushing out to our production servers
Comment 13 Joe Orton 2006-09-15 11:50:46 EDT
Thanks for the feedback.
Comment 17 Red Hat Bugzilla 2006-09-21 06:55:20 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2006-0669.html

Note You need to log in before you can comment on or make changes to this bug.