Bug #53243 [Com]: Segfault on _zend_is_inconsistent

Fri, 05 Nov 2010 01:56:00 -0700 

Edit report at http://bugs.php.net/bug.php?id=53243&edit=1

 ID:                 53243
 Comment by:         beber at meleeweb dot net
 Reported by:        beber at meleeweb dot net
 Summary:            Segfault on _zend_is_inconsistent
 Status:             Feedback
 Type:               Bug
 Package:            Scripting Engine problem
 Operating System:   Gentoo GNU/Linux x86_64
 PHP Version:        5.3.3
 Block user comment: N

 New Comment:

No, this is an apache module.



I have no hand on "ht". 



zend_alter_ini_entry("open_basedir", 13, 

"/var/www:/var/www/otis.scabb:/var/tmp:/usr/share/php", 52,
PHP_INI_SYSTEM, 

PHP_INI_STAGE_RUNTIME); is the only function I call.


Previous Comments:
------------------------------------------------------------------------
[2010-11-05 00:39:58] [email protected]

Looks like it is done wrongly then. It should not happen or not be
called when ht is not set. Run your code through valgrind.



Btw, I suppose you meant a php extension, not an apache module :)

------------------------------------------------------------------------
[2010-11-05 00:12:20] beber at meleeweb dot net

I don't have. Job in done is an apache module which simply does :



zend_alter_ini_entry("open_basedir", 13,
"/var/www:/var/www/otis.scabb:/var/tmp:/usr/share/php", 52,
PHP_INI_SYSTEM, PHP_INI_STAGE_RUNTIME);

------------------------------------------------------------------------
[2010-11-05 00:09:16] [email protected]

it should not reach this point if ht is not set. Do you have a script to
reproduce this crash?

------------------------------------------------------------------------
[2010-11-05 00:04:01] beber at meleeweb dot net

Description:
------------
I'm getting segfault on function _zend_is_inconsistent while using a
specific module that call zend_alter_ini_entry.



A check in _zend_is_inconsistent is done badly :



static void _zend_is_inconsistent(const HashTable *ht, const char *file,
int line)

{

        if (ht->inconsistent==HT_OK) {

                return;

        }



ht here in 0x0, so segfault



A simple fix could be :



static void _zend_is_inconsistent(const HashTable *ht, const char *file,
int line)

{

        if (!ht || ht->inconsistent==HT_OK) {

                return;

        }



Here is backtrace :

#0  0x00007ffff0bcb44c in _zend_is_inconsistent (ht=0x0,
file=0x7ffff10e5168
"/var/tmp/portage/dev-lang/php-5.3.3-r3/work/sapis-build/apache2/Zend/zend_hash.c",
line=875)

    at
/var/tmp/portage/dev-lang/php-5.3.3-r3/work/sapis-build/apache2/Zend/zend_hash.c:53

#1  0x00007ffff0bce368 in zend_hash_find (ht=0x0, arKey=0x7ffff83362c0
"open_basedir", nKeyLength=13, pData=0x7fffffffdce8)

    at
/var/tmp/portage/dev-lang/php-5.3.3-r3/work/sapis-build/apache2/Zend/zend_hash.c:875

#2  0x00007ffff0bd86de in zend_alter_ini_entry_ex (name=0x7ffff83362c0
"open_basedir", name_length=13, new_value=0x7ffff83a1b80
"/var/www:/var/www/otis.scabb:/var/tmp:/usr/share/php", 

    new_value_length=52, modify_type=4, stage=16, force_change=0) at
/var/tmp/portage/dev-lang/php-5.3.3-r3/work/sapis-build/apache2/Zend/zend_ini.c:260

#3  0x00007ffff0bd866b in zend_alter_ini_entry (name=0x7ffff83362c0
"open_basedir", name_length=13, new_value=0x7ffff83a1b80
"/var/www:/var/www/otis.scabb:/var/tmp:/usr/share/php", 

    new_value_length=52, modify_type=4, stage=16) at
/var/tmp/portage/dev-lang/php-5.3.3-r3/work/sapis-build/apache2/Zend/zend_ini.c:249

#4  0x00007ffff1401425 in vv_php_alter_ini (argc=<value optimized out>,
argv=0x7ffff8252970, r=<value optimized out>) at mod_virtualvalue.c:347

#5  0x00007ffff140032d in vv_translate (r=0x7ffff83a5f30) at
mod_virtualvalue.c:453

#6  0x00007ffff7fc6a2a in ap_run_translate_name (r=0x7ffff83a5f30) at
request.c:74

#7  0x00007ffff7fc7ca3 in ap_process_request_internal (r=0x7ffff83a5f30)
at request.c:150

#8  0x00007ffff7fe35fc in ap_process_request (r=0x7ffff83a5f30) at
http_request.c:280

#9  0x00007ffff7fdfe63 in ap_process_http_connection (c=0x7ffff839fde0)
at http_core.c:190

#10 0x00007ffff7fd9e0a in ap_run_process_connection (c=0x7ffff839fde0)
at connection.c:43

#11 0x00007ffff7fda383 in ap_process_connection (c=0x7ffff839fde0,
csd=0x7ffff839fbf0) at connection.c:178

#12 0x00007ffff7feadfc in child_main (child_num_arg=0) at prefork.c:662

#13 0x00007ffff7feaf1e in make_child (s=0x7ffff8213838, slot=0) at
prefork.c:702

#14 0x00007ffff7feb601 in ap_mpm_run (_pconf=0x7ffff820e138,
plog=0x7ffff82402c8, s=0x7ffff8213838) at prefork.c:978

#15 0x00007ffff7fb1254 in main (argc=4, argv=0x7fffffffe2e8) at
main.c:740









------------------------------------------------------------------------



-- 
Edit this bug report at http://bugs.php.net/bug.php?id=53243&edit=1

Reply via email to