Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 159592 - segmentation fault httpd 2 executing php 4 script
Summary: segmentation fault httpd 2 executing php 4 script
Keywords:
Status: CLOSED CANTFIX
Alias: None
Product: Fedora
Classification: Fedora
Component: php
Version: 3
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Joe Orton
QA Contact: David Lawrence
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-06-05 13:37 UTC by Gerd
Modified: 2007-11-30 22:11 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2007-03-10 19:11:04 UTC


Attachments (Terms of Use)

Description Gerd 2005-06-05 13:37:16 UTC
Description of problem:
apache2 produces segmentation fault after accessing php scriptfile.

Version-Release number of selected component (if applicable):
httpd-2.0.52-3.1 (FC3-rpm)
php-4.3.11-2.5 (FC3-rpm)

How reproducible:
Call php script "<?php phpinfo(); ?>" - apache will crash. I tried httpd -X with
same result, error message (in error logfile): 
"[Sun Jun 05 15:34:06 2005] [notice] child pid 10959 exit signal Segmentation
fault (11)"

Steps to Reproduce:
1. httpd 2.0.52 with PHP4 module "LoadModule php4_module modules/libphp4.so"
running.
2. Call any PHP-file and see segmentation fault (no reply from server)
3. Uncommenting "LoadModule" above, normal replies from apache.
  
Actual results:
empty reply from server

Expected results:
phpinfo Output

Additional info:
Last messages (strace'd) are:
=============================
gettimeofday({1117978176, 551645}, NULL) = 0
umask(077)                              = 022
umask(022)                              = 077
getcwd("/root", 4095)                   = 6
chdir("/var/www")                       = 0
lstat64("/var", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
lstat64("/var/www", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
lstat64("/var/www/phpinfo.php", {st_mode=S_IFREG|0664, st_size=24, ...}) = 0
setitimer(ITIMER_PROF, {it_interval={0, 0}, it_value={30, 0}}, NULL) = 0
rt_sigaction(SIGPROF, {0xf6763bde, [PROF], SA_RESTORER|SA_RESTART, 0xf6ca4a48},
{0xf6763bde, [PROF], SA_RESTORER|SA_RESTART, 0xf6ca4a48}, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [PROF], NULL, 8) = 0
getcwd("/var/www", 4096)                = 9
lstat64("/var", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
lstat64("/var/www", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
lstat64("/var/www/phpinfo.php", {st_mode=S_IFREG|0664, st_size=24, ...}) = 0
open("/var/www/phpinfo.php", O_RDONLY)  = 23
fstat64(23, {st_mode=S_IFREG|0664, st_size=24, ...}) = 0
fstat64(23, {st_mode=S_IFREG|0664, st_size=24, ...}) = 0
lseek(23, 0, SEEK_CUR)                  = 0
lseek(23, 0, SEEK_SET)                  = 0
read(23, "<?php\r\n\tphpinfo();\r\n?>\r\n", 8192) = 24
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
+++ killed by SIGSEGV +++

Comment 1 Joe Orton 2005-06-05 21:39:00 UTC
What's the output of:

rpm -V httpd php

Please obtain a backtrace; run

 # echo "CoreDumpDirectory /tmp" > /etc/httpd/conf.d/coredump.conf

and then restart the server, and trigger the crash.  Then run:

 # gdb /usr/sbin/httpd /tmp/core.<pid>
 ...
 (gdb) bt full



Comment 2 John Thacker 2007-03-10 19:11:04 UTC
Closing because bug has remained in NEEDINFO state without reply for a long
period of time.

Note that FC3 and FC4 are supported by Fedora Legacy for security
fixes only.  Please install a still supported version and retest.  If
it still occurs on FC5 or FC6, please reopen and assign to the correct
version.  Otherwise, if this a security issue, please change the
product to Fedora Legacy.  Thanks, and we are sorry that we did not
get to this bug earlier.

This bug was originally filed against a much earlier version of Fedora
Core, and significant changes have taken place since the last version
for which this bug is confirmed.


Note You need to log in before you can comment on or make changes to this bug.