Segfault in PHP 5.2.1

18 years ago by Chris Malton — view source

unread

Here's what I get with PHP 5.2.1 archives from your website, after it
builds OK, it segfaults while running. Can anyone explain this?

chrism@SERVER:/srv/www/org/dyndns/cjsoftuk/domain_public$ php -v
PHP 5.2.1 (cgi) (built: Apr 24 2007 07:00:45)
Copyright (c) 1997-2007 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2007 Zend Technologies
chrism@SERVER:/srv/www/org/dyndns/cjsoftuk/domain_public$ php index.php
Status: 302
X-Powered-By: PHP/5.2.1
Location: /modx/
Content-type: text/html

chrism@SERVER:/srv/www/org/dyndns/cjsoftuk/domain_public$ php modx/index.php
Segmentation fault
chrism@SERVER:/srv/www/org/dyndns/cjsoftuk/domain_public$ gdb php
GNU gdb 6.6-debian
Copyright (C) 2006 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i486-linux-gnu"...
Using host libthread_db library "/lib/tls/i686/cmov/libthread_db.so.1".
(gdb) run modx/index.php
Starting program: /usr/local/bin/php modx/index.php
[Thread debugging using libthread_db enabled]
[New Thread -1213458752 (LWP 27138)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1213458752 (LWP 27138)]
0x0823a1cf in strx_printv (ccp=0xbf1221c4, buf=0xbf122208 "", len=100,
format=0x8373688 "%.8F %ld", ap=0xbf1221dc "\212[\0051е�?P�-F")
at /home/chrism/php-5.2.1/main/snprintf.c:1136
1136 {
(gdb) bt
#0 0x0823a1cf in strx_printv (ccp=0xbf1221c4, buf=0xbf122208 "",
len=100, format=0x8373688 "%.8F %ld", ap=0xbf1221dc "\212[\0051е�?P�-F")
at /home/chrism/php-5.2.1/main/snprintf.c:1136
#1 0x0823afe4 in ap_php_snprintf (buf=0xbf122208 "", len=100,
format=0x8373688 "%.8F %ld") at /home/chrism/php-5.2.1/main/snprintf.c:1170
#2 0x081f2a45 in _php_gettimeofday (ht=<value optimized out>,
return_value=0x906b4b0, return_value_ptr=<value optimized out>,
this_ptr=0x0,
return_value_used=1, mode=0) at
/home/chrism/php-5.2.1/ext/standard/microtime.c:87
#3 0x08295bd8 in zend_do_fcall_common_helper_SPEC
(execute_data=0xbf12243c) at
/home/chrism/php-5.2.1/Zend/zend_vm_execute.h:200
#4 0x08294d49 in execute (op_array=0x849dd90) at
/home/chrism/php-5.2.1/Zend/zend_vm_execute.h:92
#5 0x0829564c in zend_do_fcall_common_helper_SPEC
(execute_data=0xbf12298c) at
/home/chrism/php-5.2.1/Zend/zend_vm_execute.h:234
#6 0x08294d49 in execute (op_array=0x856d240) at
/home/chrism/php-5.2.1/Zend/zend_vm_execute.h:92
#7 0x0829564c in zend_do_fcall_common_helper_SPEC
(execute_data=0xbf122e4c) at
/home/chrism/php-5.2.1/Zend/zend_vm_execute.h:234
#8 0x08294d49 in execute (op_array=0x8570ac8) at
/home/chrism/php-5.2.1/Zend/zend_vm_execute.h:92
#9 0x0829564c in zend_do_fcall_common_helper_SPEC
(execute_data=0xbf122fdc) at
/home/chrism/php-5.2.1/Zend/zend_vm_execute.h:234
#10 0x08294d49 in execute (op_array=0x84a467c) at
/home/chrism/php-5.2.1/Zend/zend_vm_execute.h:92
#11 0x0829564c in zend_do_fcall_common_helper_SPEC
(execute_data=0xbf12338c) at
/home/chrism/php-5.2.1/Zend/zend_vm_execute.h:234
#12 0x08294d49 in execute (op_array=0x84da584) at
/home/chrism/php-5.2.1/Zend/zend_vm_execute.h:92
#13 0x0829564c in zend_do_fcall_common_helper_SPEC
(execute_data=0xbf123bac) at
/home/chrism/php-5.2.1/Zend/zend_vm_execute.h:234
#14 0x08294d49 in execute (op_array=0x85538ac) at
/home/chrism/php-5.2.1/Zend/zend_vm_execute.h:92
#15 0x0829564c in zend_do_fcall_common_helper_SPEC
(execute_data=0xbf1240fc) at
/home/chrism/php-5.2.1/Zend/zend_vm_execute.h:234
#16 0x08294d49 in execute (op_array=0x856d240) at
/home/chrism/php-5.2.1/Zend/zend_vm_execute.h:92
#17 0x0829564c in zend_do_fcall_common_helper_SPEC
(execute_data=0xbf1245bc) at
/home/chrism/php-5.2.1/Zend/zend_vm_execute.h:234
#18 0x08294d49 in execute (op_array=0x8570ac8) at
/home/chrism/php-5.2.1/Zend/zend_vm_execute.h:92
#19 0x0829564c in zend_do_fcall_common_helper_SPEC
(execute_data=0xbf12474c) at
/home/chrism/php-5.2.1/Zend/zend_vm_execute.h:234
#20 0x08294d49 in execute (op_array=0x84a467c) at
/home/chrism/php-5.2.1/Zend/zend_vm_execute.h:92
#21 0x0829564c in zend_do_fcall_common_helper_SPEC
(execute_data=0xbf124afc) at
/home/chrism/php-5.2.1/Zend/zend_vm_execute.h:234
#22 0x08294d49 in execute (op_array=0x84da584) at
/home/chrism/php-5.2.1/Zend/zend_vm_execute.h:92
#23 0x0829564c in zend_do_fcall_common_helper_SPEC
(execute_data=0xbf12531c) at
/home/chrism/php-5.2.1/Zend/zend_vm_execute.h:234
#24 0x08294d49 in execute (op_array=0x85538ac) at
/home/chrism/php-5.2.1/Zend/zend_vm_execute.h:92
#25 0x0829564c in zend_do_fcall_common_helper_SPEC
(execute_data=0xbf12586c) at
/home/chrism/php-5.2.1/Zend/zend_vm_execute.h:234
#26 0x08294d49 in execute (op_array=0x856d240) at
/home/chrism/php-5.2.1/Zend/zend_vm_execute.h:92
#27 0x0829564c in zend_do_fcall_common_helper_SPEC
(execute_data=0xbf125d2c) at
/home/chrism/php-5.2.1/Zend/zend_vm_execute.h:234
#28 0x08294d49 in execute (op_array=0x8570ac8) at
/home/chrism/php-5.2.1/Zend/zend_vm_execute.h:92
#29 0x0829564c in zend_do_fcall_common_helper_SPEC
(execute_data=0xbf125ebc) at
/home/chrism/php-5.2.1/Zend/zend_vm_execute.h:234
#30 0x08294d49 in execute (op_array=0x84a467c) at
/home/chrism/php-5.2.1/Zend/zend_vm_execute.h:92
#31 0x0829564c in zend_do_fcall_common_helper_SPEC
(execute_data=0xbf12626c) at
/home/chrism/php-5.2.1/Zend/zend_vm_execute.h:234
#32 0x08294d49 in execute (op_array=0x84da584) at
/home/chrism/php-5.2.1/Zend/zend_vm_execute.h:92
#33 0x0829564c in zend_do_fcall_common_helper_SPEC
(execute_data=0xbf126a8c) at
/home/chrism/php-5.2.1/Zend/zend_vm_execute.h:234
#34 0x08294d49 in execute (op_array=0x85538ac) at
/home/chrism/php-5.2.1/Zend/zend_vm_execute.h:92
#35 0x0829564c in zend_do_fcall_common_helper_SPEC
(execute_data=0xbf126fdc) at
/home/chrism/php-5.2.1/Zend/zend_vm_execute.h:234
#36 0x08294d49 in execute (op_array=0x856d240) at
/home/chrism/php-5.2.1/Zend/zend_vm_execute.h:92
#37 0x0829564c in zend_do_fcall_common_helper_SPEC
(execute_data=0xbf12749c) at
/home/chrism/php-5.2.1/Zend/zend_vm_execute.h:234
#38 0x08294d49 in execute (op_array=0x8570ac8) at
/home/chrism/php-5.2.1/Zend/zend_vm_execute.h:92
#39 0x0829564c in zend_do_fcall_common_helper_SPEC
(execute_data=0xbf12762c) at
/home/chrism/php-5.2.1/Zend/zend_vm_execute.h:234
#40 0x08294d49 in execute (op_array=0x84a467c) at
/home/chrism/php-5.2.1/Zend/zend_vm_execute.h:92
#41 0x0829564c in zend_do_fcall_common_helper_SPEC
(execute_data=0xbf1279dc) at
/home/chrism/php-5.2.1/Zend/zend_vm_execute.h:234
#42 0x08294d49 in execute (op_array=0x84da584) at
/home/chrism/php-5.2.1/Zend/zend_vm_execute.h:92
#43 0x0829564c in zend_do_fcall_common_helper_SPEC
(execute_data=0xbf1281fc) at
/home/chrism/php-5.2.1/Zend/zend_vm_execute.h:234
#44 0x08294d49 in execute (op_array=0x85538ac) at
/home/chrism/php-5.2.1/Zend/zend_vm_execute.h:92
#45 0x0829564c in zend_do_fcall_common_helper_SPEC
(execute_data=0xbf12874c) at
/home/chrism/php-5.2.1/Zend/zend_vm_execute.h:234
#46 0x08294d49 in execute (op_array=0x856d240) at
/home/chrism/php-5.2.1/Zend/zend_vm_execute.h:92
#47 0x0829564c in zend_do_fcall_common_helper_SPEC
(execute_data=0xbf128c0c) at
/home/chrism/php-5.2.1/Zend/zend_vm_execute.h:234
#48 0x08294d49 in execute (op_array=0x8570ac8) at
/home/chrism/php-5.2.1/Zend/zend_vm_execute.h:92
#49 0x0829564c in zend_do_fcall_common_helper_SPEC
(execute_data=0xbf128d9c) at
/home/chrism/php-5.2.1/Zend/zend_vm_execute.h:234
#50 0x08294d49 in execute (op_array=0x84a467c) at
/home/chrism/php-5.2.1/Zend/zend_vm_execute.h:92
---Type <return> to continue, or q <return> to quit---q
Quit
(gdb)

Should I start using PHP6?

Chris

18 years ago by Antony Dovgal — view source

unread

Here's what I get with PHP 5.2.1 archives from your website, after it
builds OK, it segfaults while running. Can anyone explain this?

chrism@SERVER:/srv/www/org/dyndns/cjsoftuk/domain_public$ php modx/index.php
Segmentation fault

What's in modx/index.php ?
Looking at the backtrace, I'd say there is an infinite loop.

--
Wbr,
Antony Dovgal

18 years ago by Chris Malton — view source

unread

Antony Dovgal wrote:

Here's what I get with PHP 5.2.1 archives from your website, after it
builds OK, it segfaults while running. Can anyone explain this?

chrism@SERVER:/srv/www/org/dyndns/cjsoftuk/domain_public$ php
modx/index.php
Segmentation fault

What's in modx/index.php ?
Looking at the backtrace, I'd say there is an infinite loop.

Answer: It's just the default modx index file.

Here's the odd bit: I corrected a broken password in MySQL, and it fixed
this issue.

Does that help?

I still think that there IS a bug.

Chris

18 years ago by Antony Dovgal — view source

unread

Antony Dovgal wrote:

Here's what I get with PHP 5.2.1 archives from your website, after it
builds OK, it segfaults while running. Can anyone explain this?

chrism@SERVER:/srv/www/org/dyndns/cjsoftuk/domain_public$ php
modx/index.php
Segmentation fault

What's in modx/index.php ?
Looking at the backtrace, I'd say there is an infinite loop.

Answer: It's just the default modx index file.

"the default modx index file" does not have any meaning for me.

Here's the odd bit: I corrected a broken password in MySQL, and it fixed
this issue.

Does that help?

No.

I still think that there IS a bug.

Maybe.
It's hard to say something having so little information.

--
Wbr,
Antony Dovgal

18 years ago by Chris Malton — view source

unread

Antony Dovgal wrote:

What's in modx/index.php ?
Looking at the backtrace, I'd say there is an infinite loop.

<?php
/*

    MODx Content Management System and PHP Application Framework
    Managed and maintained by Raymond Irving, Ryan Thrash and the
    MODx community

    MODx is an opensource PHP/MySQL content management system and

content
management framework that is flexible, adaptable, supports XHTML/CSS
layouts, and works with most web browsers, including Safari.

    MODx is distributed under the GNU General Public License

    MODx CMS and Application Framework ("MODx")
    Copyright 2005 and forever thereafter by Raymond Irving & Ryan

Thrash.
All rights reserved.

    This file and all related or dependant files distributed with

this filie
are considered as a whole to make up MODx.

    MODx is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 2 of the License, or
    (at your option) any later version.

    MODx is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with MODx (located in "/assets/docs/"); if not, write to

the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
02111-1307 USA

    For more information on MODx please visit http://modxcms.com/

Originall based on Etomite by Alex Butter

/**

Initialize Document Parsing

// get start time
$mtime = microtime(); $mtime = explode(" ",$mtime); $mtime = $mtime[1] +
$mtime[0]; $tstart = $mtime;

// secure variables from outside
$modxtags = array('@<script[^>]?>.?</script>@si',
'@&#(\d+);@e',
'@[[(.?)]]@si',
'@[!(.?)!]@si',
'@[~(.?)~]@si',
'@[((.?))]@si',
'@{{(.?)}}@si',
'@[*(.?)*]@si');
foreach($_POST as $key => $value) {
$_POST[$key] = preg_replace($modxtags,"", $value);
}
foreach($_GET as $key => $value) {
$_GET[$key] = preg_replace($modxtags,"", $value);
}

$_SERVER['HTTP_USER_AGENT'] = isset($SERVER['HTTP_USER_AGENT']) ?
preg_replace("/[^A-Za-z0-9-,./\s]/", "",
$_SERVER['HTTP_USER_AGENT']): '';
$_SERVER['HTTP_REFERER'] = isset($_SERVER['HTTP_REFERER']) ?
preg_replace($modxtags,"", $_SERVER['HTTP_REFERER']) : '';
if(strlen($_SERVER['HTTP_USER_AGENT'])>255) $_SERVER['HTTP_USER_AGENT']
= substr(0,255,$_SERVER['HTTP_USER_AGENT']);
if(isset($_GET['q'])) $GET['q'] = preg_replace("/[^A-Za-z0-9-./]/",
"", $_GET['q']);

// first, set some settings, and address some IE issues
@ini_set('url_rewriter.tags', '');
@ini_set('session.use_trans_sid', 0);
@ini_set('session.use_only_cookies',1);
session_cache_limiter('');
header('P3P: CP="NOI NID ADMa OUR IND UNI COM NAV"'); // header for
weird cookie stuff. Blame IE.
header('Cache-Control: private, must-revalidate');
ob_start();
error_reporting(E_ALL & ~E_NOTICE);

/**

```
 Filename: index.php
```

 Function: This file loads and executes the parser. *

define("IN_ETOMITE_PARSER", "true"); // provides compatibility with
etomite 0.6 and maybe later versions
define("IN_PARSER_MODE", "true");
define("IN_MANAGER_MODE", "false");

// initialize the variables prior to grabbing the config file
$database_type = '';
$database_server = '';
$database_user = '';
$database_password = '';
$dbase = '';
$table_prefix = '';
$base_url = '';
$base_path = '';

// get the required includes
if($database_user=="") {
$rt = @include_once "manager/includes/config.inc.php";
// Be sure config.inc.php is there and that it contains some
important values
if(!$rt || !$database_type || !$database_server ||
!$database_user || !$dbase) {
echo "

// start session
startCMSSession();

// initiate a new document parser
include_once($base_path."manager/includes/document.parser.class.inc.php");
$modx = new DocumentParser;
$etomite = &$modx; // for backward compatibility

// set some parser options
$modx->minParserPasses = 1; // min number of parser recursive loops or
passes
$modx->maxParserPasses = 10; // max number of parser recursive loops or
passes
$modx->dumpSQL = false;
$modx->dumpSnippets = false; // feed the parser the execution start time
$modx->tstart = $tstart;

// Debugging mode:
$modx->stopOnNotice = false;

// Don't show PHP errors to the public
if(!isset($_SESSION['mgrValidated']) || !$_SESSION['mgrValidated'])
@ini_set("display_errors","0");

// execute the parser
$modx->executeParser();
?>

I have pasted the modx/index.php file above, but it includes so many
files, you might want to download it from http://www.modxcms.com

Chris

18 years ago by Rasmus Lerdorf — view source

unread

Chris Malton wrote:

// secure variables from outside
$modxtags = array('@<script[^>]?>.?</script>@si',
'@&#(\d+);@e',
'@[[(.?)]]@si',
'@[!(.?)!]@si',
'@[~(.?)~]@si',
'@[((.?))]@si',
'@{{(.?)}}@si',
'@[*(.?)*]@si');
foreach($_POST as $key => $value) {
$_POST[$key] = preg_replace($modxtags,"", $value);
}
foreach($_GET as $key => $value) {
$_GET[$key] = preg_replace($modxtags,"", $value);
}

I find this part funny. I wonder what they think this is securing.

-Rasmus

18 years ago by Richard Lynch — view source

unread

Chris Malton wrote:

// secure variables from outside
$modxtags = array('@<script[^>]?>.?</script>@si',
'@&#(\d+);@e',
'@[[(.?)]]@si',
'@[!(.?)!]@si',
'@[~(.?)~]@si',
'@[((.?))]@si',
'@{{(.?)}}@si',
'@[*(.?)*]@si');
foreach($_POST as $key => $value) {
$_POST[$key] = preg_replace($modxtags,"", $value);
}
foreach($_GET as $key => $value) {
$_GET[$key] = preg_replace($modxtags,"", $value);
}

I find this part funny. I wonder what they think this is securing.

I was also amused by their setting of error_reporting to not have
E_NOTICE, which immediately disqualifies it for my use.

And then setting the display_errors as the second to last line in the
file...

If you're relying on the PHP script to change that kind of stuff, it
ought to be much much sooner in the file.

Like at the very top.

[shrug]

At any rate, an infinite loop attempting to re-connect to the
database, or, possibly, a CMS with so MANY queries that it looks like
an infinite loop of connecting to the database...

Still, it probably shouldn't segfault, eh?

--
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some indie artist.
http://cdbaby.com/browse/from/lynch
Yeah, I get a buck. So?

18 years ago by Antony Dovgal — view source

unread

Antony Dovgal wrote:

What's in modx/index.php ?
Looking at the backtrace, I'd say there is an infinite loop.

<skip> > I have pasted the modx/index.php file above, but it includes so many > files, you might want to download it from http://www.modxcms.com

Please try the latest snapshot available at http://snaps.php.net.
If you're still able to reproduce the problem using the snap, please provide
a short (max 20-30 lines long) but complete reproduce script.
Thanks in advance.

--
Wbr,
Antony Dovgal

18 years ago by Chris Malton — view source

unread

Antony Dovgal wrote:

Please try the latest snapshot available at http://snaps.php.net.
If you're still able to reproduce the problem using the snap, please
provide a short (max 20-30 lines long) but complete reproduce script.
Thanks in advance.

Can reproduce on 200704241430 snapshot (today 14:30).

Seems to be more of a modx bug, rather than PHP bug. Reporting to modx.

Chris

18 years ago by David Lindstrom — view source

unread

Still, PHP should never segfault?

"Chris Malton" chrism@cjsoftuk.dyndns.org skrev i meddelandet
news:77.E3.60955.5604E264@pb1.pair.com...

Antony Dovgal wrote:

Please try the latest snapshot available at http://snaps.php.net.
If you're still able to reproduce the problem using the snap, please
provide a short (max 20-30 lines long) but complete reproduce script.
Thanks in advance.

Can reproduce on 200704241430 snapshot (today 14:30).

Seems to be more of a modx bug, rather than PHP bug. Reporting to modx.

Chris

18 years ago by Derick Rethans — view source

unread

Still, PHP should never segfault?

Almost never... stack overflows are "okay".

regards,
Derick

--
Derick Rethans
http://derickrethans.nl | http://ez.no | http://xdebug.org

18 years ago by pstradomski@gmail.com — view source

unread

Derick Rethans wrote:

Still, PHP should never segfault?

Almost never... stack overflows are "okay".

regards,
Derick

I' ve run into PHP segfaulting (infinte loop of two constructors) recently and
I think it should not happen in any case - no matter if the PHP script
running is buggy or not. I makes debugging difficult and brings unpredicatble
results.

Besides - it is not documented at all.

--
Paweł Stradomski

18 years ago by Derick Rethans — view source

unread

Derick Rethans wrote:

Still, PHP should never segfault?

Almost never... stack overflows are "okay".

I' ve run into PHP segfaulting (infinte loop of two constructors) recently and
I think it should not happen in any case - no matter if the PHP script
running is buggy or not. I makes debugging difficult and brings unpredicatble
results.

For debugging you install a debugger... which correctly warns you when
this happens. See: http://xdebug.org/docs-settings.php#max_nesting_level

regards,
Derick

--
Derick Rethans
http://derickrethans.nl | http://ez.no | http://xdebug.org

18 years ago by Richard Lynch — view source

unread

Derick Rethans wrote:

Still, PHP should never segfault?

Almost never... stack overflows are "okay".

I' ve run into PHP segfaulting (infinte loop of two constructors)
recently and
I think it should not happen in any case - no matter if the PHP
script
running is buggy or not. I makes debugging difficult and brings
unpredicatble
results.

For debugging you install a debugger... which correctly warns you when
this happens. See:
http://xdebug.org/docs-settings.php#max_nesting_level

While this is certainly good advice, it seems to me that expecting
every QA process to get complete code coverage and detect every
possible combination of inputs that might overflow stack is just not
realistic...

Or am I missing something here?

--
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some indie artist.
http://cdbaby.com/browse/from/lynch
Yeah, I get a buck. So?