Bug 485088 - it seems the issue is that something is causing either apache or php to die (Segfault) on some POST variables when it's trying to pass them across to other pages.
Summary: it seems the issue is that something is causing either apache or php to die (...
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: php
Version: 5.3
Hardware: x86_64
OS: Linux
low
medium
Target Milestone: rc
: ---
Assignee: Joe Orton
QA Contact: BaseOS QE
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-02-11 15:18 UTC by James Chenvert
Modified: 2009-02-11 15:48 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-02-11 15:48:10 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)

Description James Chenvert 2009-02-11 15:18:51 UTC
Description of problem:

Apache + Php httpd child process segfaults under certain conditions (POST)
it seems the issue is that something is causing either apache or php to die (Segfault) on some POST variables when it's trying to pass them across to other pages.


Version-Release number of selected component (if applicable):
httpd-2.2.3-22.el5
php-common-5.1.6-23.el5
php-mysql-5.1.6-23.el5
php-pdo-5.1.6-23.el5
php-5.1.6-23.el5
php-cli-5.1.6-23.el5


How reproducible:
Easily

Steps to Reproduce:
1. Start apache
2. Logon to php based website (Mantis bug tracker)
3. Use any submit button
  
Actual results:
httpd child process segfaults, resulting in blank page displayed for website user.


Expected results:
No segfault of httpd child process, user moves on to the expecting result page after hitting submit (post).


Additional info:
stack trace from gdb
#20064 0x00002b4aa5db46c1 in pcre_exec () from /lib64/libpcre.so.0
#20065 0x00002b4aac7dad8d in ?? () from /etc/httpd/modules/libphp5.so
#20066 0x00002b4aac943862 in ?? () from /etc/httpd/modules/libphp5.so
#20067 0x00002b4aac9339cc in execute () from /etc/httpd/modules/libphp5.so
#20068 0x00002b4aac9432c2 in ?? () from /etc/httpd/modules/libphp5.so
#20069 0x00002b4aac9339cc in execute () from /etc/httpd/modules/libphp5.so
#20070 0x00002b4aac9432c2 in ?? () from /etc/httpd/modules/libphp5.so
#20071 0x00002b4aac9339cc in execute () from /etc/httpd/modules/libphp5.so
#20072 0x00002b4aac9432c2 in ?? () from /etc/httpd/modules/libphp5.so
#20073 0x00002b4aac9339cc in execute () from /etc/httpd/modules/libphp5.so
#20074 0x00002b4aac9432c2 in ?? () from /etc/httpd/modules/libphp5.so
#20075 0x00002b4aac9339cc in execute () from /etc/httpd/modules/libphp5.so
#20076 0x00002b4aac9432c2 in ?? () from /etc/httpd/modules/libphp5.so
#20077 0x00002b4aac9339cc in execute () from /etc/httpd/modules/libphp5.so
#20078 0x00002b4aac90cf21 in zend_call_function () from /etc/httpd/modules/libphp5.so
#20079 0x00002b4aac90e026 in call_user_function_ex () from /etc/httpd/modules/libphp5.so
#20080 0x00002b4aac87585a in zif_call_user_func_array () from /etc/httpd/modules/libphp5.so
#20081 0x00002b4aac943862 in ?? () from /etc/httpd/modules/libphp5.so
#20082 0x00002b4aac9339cc in execute () from /etc/httpd/modules/libphp5.so
#20083 0x00002b4aac9432c2 in ?? () from /etc/httpd/modules/libphp5.so
#20084 0x00002b4aac9339cc in execute () from /etc/httpd/modules/libphp5.so
#20085 0x00002b4aac9432c2 in ?? () from /etc/httpd/modules/libphp5.so
#20086 0x00002b4aac9339cc in execute () from /etc/httpd/modules/libphp5.so
#20087 0x00002b4aac9432c2 in ?? () from /etc/httpd/modules/libphp5.so
#20088 0x00002b4aac9339cc in execute () from /etc/httpd/modules/libphp5.so
#20089 0x00002b4aac9432c2 in ?? () from /etc/httpd/modules/libphp5.so
#20090 0x00002b4aac9339cc in execute () from /etc/httpd/modules/libphp5.so
#20091 0x00002b4aac9432c2 in ?? () from /etc/httpd/modules/libphp5.so
#20092 0x00002b4aac9339cc in execute () from /etc/httpd/modules/libphp5.so
#20093 0x00002b4aac9432c2 in ?? () from /etc/httpd/modules/libphp5.so
#20094 0x00002b4aac9339cc in execute () from /etc/httpd/modules/libphp5.so
#20095 0x00002b4aac916a8e in zend_execute_scripts () from /etc/httpd/modules/libphp5.so
#20096 0x00002b4aac8dbbb7 in php_execute_script () from /etc/httpd/modules/libphp5.so
#20097 0x00002b4aac993f86 in ?? () from /etc/httpd/modules/libphp5.so
#20098 0x00002b4aa56d99aa in ap_run_handler () from /usr/sbin/httpd
#20099 0x00002b4aa56dce22 in ap_invoke_handler () from /usr/sbin/httpd
#20100 0x00002b4aa56e78b8 in ap_process_request () from /usr/sbin/httpd
#20101 0x00002b4aa56e4af0 in ?? () from /usr/sbin/httpd
#20102 0x00002b4aa56e0c12 in ap_run_process_connection () from /usr/sbin/httpd
#20103 0x00002b4aa56eb7f9 in ?? () from /usr/sbin/httpd
#20104 0x00002b4aa56eb9f9 in ?? () from /usr/sbin/httpd
#20105 0x00002b4aa56ec517 in ap_mpm_run () from /usr/sbin/httpd
#20106 0x00002b4aa56c6e48 in main () from /usr/sbin/httpd

Comment 1 Joe Orton 2009-02-11 15:48:10 UTC
This is indicative of a bug in the PHP script causing a recursive function call, which will crash the PHP interpreter:

#20086 0x00002b4aac9339cc in execute () from /etc/httpd/modules/libphp5.so
#20087 0x00002b4aac9432c2 in ?? () from /etc/httpd/modules/libphp5.so

if you install php-debuginfo and httpd-debuginfo (try "debuginfo-install httpd php") then printing r->filename from an ap_* stack frame can help identify the script in question.


Note You need to log in before you can comment on or make changes to this bug.