[PHP-DEV] Segfault in HEAD & PHP_4_3 (and possible patch)

Wed, 24 Sep 2003 10:49:54 -0700 

Hi, all!

This script (you need to compile PHP with --enable-memory-limit first):
<?
ini_set("memory_limit",0);
phpinfo();
?>
produces for me segfault with last HEAD and PHP_4_3 branch.

Backtrace:

Program received signal SIGSEGV, Segmentation fault.
_efree (ptr=0x0) at /root/CVS/php-src/Zend/zend_alloc.c:257
257             CALCULATE_REAL_SIZE_AND_CACHE_INDEX(p->size);
(gdb) bt
#0  _efree (ptr=0x0) at /root/CVS/php-src/Zend/zend_alloc.c:257
#1  0x4035268b in php_end_ob_buffer (send_buffer=1 '\001', just_flush=0 '\0') at 
/root/CVS/php-src/main/output.c:315
#2  0x40352a80 in php_end_ob_buffers (send_buffer=0 '\0') at 
/root/CVS/php-src/main/output.c:339
#3  0x40345e77 in php_request_shutdown (dummy=0x0) at 
/root/CVS/php-src/main/main.c:1204
#4  0x403a0f7f in apache_php_module_main (r=0x8185cbc, display_source_mode=0)
    at /root/CVS/php-src/sapi/apache/sapi_apache.c:60
#5  0x403a1b0b in send_php (r=0x8185cbc, display_source_mode=0, filename=0x0)
    at /root/CVS/php-src/sapi/apache/mod_php5.c:621
#6  0x403a1cd5 in send_parsed_php (r=0x8185cbc) at 
/root/CVS/php-src/sapi/apache/mod_php5.c:636
#7  0x08068eee in ap_invoke_handler ()
#8  0x0807e83e in process_request_internal ()
#9  0x0807ec74 in ap_internal_redirect ()
#10 0x0805e39a in handle_dir ()
#11 0x08068eee in ap_invoke_handler ()
#12 0x0807e83e in process_request_internal ()
#13 0x0807e89b in ap_process_request ()
#14 0x0807535f in child_main ()
#15 0x08075511 in make_child ()
#16 0x08075690 in startup_children ()
#17 0x08075d00 in standalone_main ()
#18 0x0807659a in main ()
#19 0x400d1af7 in __libc_start_main () from /lib/i686/libc.so.6

I can propose a patch, see attachment.
Dunno is this patch optimal or not, but it works for me.

---
WBR,
Antony Dovgal aka tony2001
[EMAIL PROTECTED]

Index: output.c
===================================================================
RCS file: /repository/php-src/main/output.c,v
retrieving revision 1.142.2.15
diff -u -r1.142.2.15 output.c
--- output.c    8 Aug 2003 23:44:04 -0000       1.142.2.15
+++ output.c    24 Sep 2003 17:44:30 -0000
@@ -311,10 +311,11 @@
                zval_ptr_dtor(&alternate_buffer);
        }
 
-       if (status & PHP_OUTPUT_HANDLER_END) {
+       if (status & PHP_OUTPUT_HANDLER_END && to_be_destroyed_handler_name) {
                efree(to_be_destroyed_handler_name);
        }
-       if (!just_flush) {
+       if (!just_flush && to_be_destroyed_buffer) {
+               
                efree(to_be_destroyed_buffer);
        } else {
                OG(active_ob_buffer).text_length = 0;


-- 
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to