From: kameshj at fastmail dot fm Operating system: Any Operating System PHP version: Irrelevant PHP Bug Type: Zend Engine 2 problem Bug description: Segmentation fault in php_printf
Description: ------------ Startup errors causes the segmentation fault if display_startup_errors is enabled. Reproduce code: --------------- display_startup_errors=On extension=kamesh.so(Any nonexistent module) start apache Segmentation fault will happen inside php_printf. Expected result: ---------------- It should log in a error log that non existent module. But should not seg fault. Actual result: -------------- I could see php_output_activate(TSRMLS_C) getting called from php_module_startup immedeately after php_output_startup. Why is this needed? As each SAPI modules call php_output_activate(TSRMLS_C) explicitly as a part of request startup. Why am I concerned about this? Ans: php_output_activate(TSRMLS_C) sets OG(php_body_write) = php_ub_body_write; which causes calls to php_printf to use php_ub_body_write which depends on SG(request_info) which is null while php_printf is invoked as part of apache startup error(Like Invalid extension/ Non existent extension) logging. This causes segmentation fault. This change seems to have been introduced in version 1.371 of main/main.c by Zeev(3 years and 3 months ago). The comment says, Fix a major thread safety bug in the output mechanism @- Fixed a major memory corruption bug in the thread safe version (Zeev) Can I remove a call to php_output_activate(TSRMLS_C) from php_module_startup? PS:What is the use of display_startup_errors? What does display mean with respect to startup as it might not have any associated request context? -- Edit bug report at http://bugs.php.net/?id=30397&edit=1 -- Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=30397&r=trysnapshot4 Try a CVS snapshot (php5.0): http://bugs.php.net/fix.php?id=30397&r=trysnapshot50 Try a CVS snapshot (php5.1): http://bugs.php.net/fix.php?id=30397&r=trysnapshot51 Fixed in CVS: http://bugs.php.net/fix.php?id=30397&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=30397&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=30397&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=30397&r=needscript Try newer version: http://bugs.php.net/fix.php?id=30397&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=30397&r=support Expected behavior: http://bugs.php.net/fix.php?id=30397&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=30397&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=30397&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=30397&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=30397&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=30397&r=dst IIS Stability: http://bugs.php.net/fix.php?id=30397&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=30397&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=30397&r=float MySQL Configuration Error: http://bugs.php.net/fix.php?id=30397&r=mysqlcfg
