php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #53243 Segfault on _zend_is_inconsistent
Submitted: 2010-11-05 00:04 UTC Modified: 2010-11-05 10:47 UTC
From: beber at meleeweb dot net Assigned:
Status: Not a bug Package: Scripting Engine problem
PHP Version: 5.3.3 OS: Gentoo GNU/Linux x86_64
Private report: No CVE-ID: None
View Developer Edit
 [2010-11-05 00:04 UTC] beber at meleeweb dot net 
Description:
------------
I'm getting segfault on function _zend_is_inconsistent while using a specific module that call zend_alter_ini_entry.

A check in _zend_is_inconsistent is done badly :

static void _zend_is_inconsistent(const HashTable *ht, const char *file, int line)
{
        if (ht->inconsistent==HT_OK) {
                return;
        }

ht here in 0x0, so segfault

A simple fix could be :

static void _zend_is_inconsistent(const HashTable *ht, const char *file, int line)
{
        if (!ht || ht->inconsistent==HT_OK) {
                return;
        }

Here is backtrace :
#0  0x00007ffff0bcb44c in _zend_is_inconsistent (ht=0x0, file=0x7ffff10e5168 "/var/tmp/portage/dev-lang/php-5.3.3-r3/work/sapis-build/apache2/Zend/zend_hash.c", line=875)
    at /var/tmp/portage/dev-lang/php-5.3.3-r3/work/sapis-build/apache2/Zend/zend_hash.c:53
#1  0x00007ffff0bce368 in zend_hash_find (ht=0x0, arKey=0x7ffff83362c0 "open_basedir", nKeyLength=13, pData=0x7fffffffdce8)
    at /var/tmp/portage/dev-lang/php-5.3.3-r3/work/sapis-build/apache2/Zend/zend_hash.c:875
#2  0x00007ffff0bd86de in zend_alter_ini_entry_ex (name=0x7ffff83362c0 "open_basedir", name_length=13, new_value=0x7ffff83a1b80 "/var/www:/var/www/otis.scabb:/var/tmp:/usr/share/php", 
    new_value_length=52, modify_type=4, stage=16, force_change=0) at /var/tmp/portage/dev-lang/php-5.3.3-r3/work/sapis-build/apache2/Zend/zend_ini.c:260
#3  0x00007ffff0bd866b in zend_alter_ini_entry (name=0x7ffff83362c0 "open_basedir", name_length=13, new_value=0x7ffff83a1b80 "/var/www:/var/www/otis.scabb:/var/tmp:/usr/share/php", 
    new_value_length=52, modify_type=4, stage=16) at /var/tmp/portage/dev-lang/php-5.3.3-r3/work/sapis-build/apache2/Zend/zend_ini.c:249
#4  0x00007ffff1401425 in vv_php_alter_ini (argc=<value optimized out>, argv=0x7ffff8252970, r=<value optimized out>) at mod_virtualvalue.c:347
#5  0x00007ffff140032d in vv_translate (r=0x7ffff83a5f30) at mod_virtualvalue.c:453
#6  0x00007ffff7fc6a2a in ap_run_translate_name (r=0x7ffff83a5f30) at request.c:74
#7  0x00007ffff7fc7ca3 in ap_process_request_internal (r=0x7ffff83a5f30) at request.c:150
#8  0x00007ffff7fe35fc in ap_process_request (r=0x7ffff83a5f30) at http_request.c:280
#9  0x00007ffff7fdfe63 in ap_process_http_connection (c=0x7ffff839fde0) at http_core.c:190
#10 0x00007ffff7fd9e0a in ap_run_process_connection (c=0x7ffff839fde0) at connection.c:43
#11 0x00007ffff7fda383 in ap_process_connection (c=0x7ffff839fde0, csd=0x7ffff839fbf0) at connection.c:178
#12 0x00007ffff7feadfc in child_main (child_num_arg=0) at prefork.c:662
#13 0x00007ffff7feaf1e in make_child (s=0x7ffff8213838, slot=0) at prefork.c:702
#14 0x00007ffff7feb601 in ap_mpm_run (_pconf=0x7ffff820e138, plog=0x7ffff82402c8, s=0x7ffff8213838) at prefork.c:978
#15 0x00007ffff7fb1254 in main (argc=4, argv=0x7fffffffe2e8) at main.c:740

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2010-11-05 00:09 UTC] [email protected]
-Status: Open +Status: Feedback
 [2010-11-05 00:09 UTC] [email protected] 
it should not reach this point if ht is not set. Do you have a script to reproduce this crash?
 [2010-11-05 00:09 UTC] [email protected]
-Package: Apache2 related +Package: Scripting Engine problem
 [2010-11-05 00:12 UTC] beber at meleeweb dot net 
I don't have. Job in done is an apache module which simply does :

zend_alter_ini_entry("open_basedir", 13, "/var/www:/var/www/otis.scabb:/var/tmp:/usr/share/php", 52, PHP_INI_SYSTEM, PHP_INI_STAGE_RUNTIME);
 [2010-11-05 00:39 UTC] [email protected] 
Looks like it is done wrongly then. It should not happen or not be called when ht is not set. Run your code through valgrind.

Btw, I suppose you meant a php extension, not an apache module :)
 [2010-11-05 09:55 UTC] beber at meleeweb dot net 
No, this is an apache module.

I have no hand on "ht". 

zend_alter_ini_entry("open_basedir", 13, 
"/var/www:/var/www/otis.scabb:/var/tmp:/usr/share/php", 52, PHP_INI_SYSTEM, 
PHP_INI_STAGE_RUNTIME); is the only function I call.
 [2010-11-05 10:47 UTC] [email protected]
-Status: Feedback +Status: Bogus
 [2010-11-05 10:47 UTC] [email protected] 
Anyway, as I said earlier this code is correct, but the code calling this function is not as it should never reach this point if the ht is not set or consistent. Report a bug to the author of this module instead.
 [2010-11-05 12:15 UTC] beber at meleeweb dot net 
I am the autor of the module and as I don't have hand on ht, I report the bug.

How could I known ht is zero ?
 
PHP Copyright © 2001-2026 The PHP Group
All rights reserved. 		Last updated: Thu Jan 01 08:00:01 2026 UTC