[php-maint] Bug#543177: php5 segfault in php_realpath
Raoul Bhatia [IPAX]
r.bhatia at ipax.at
Fri Sep 18 08:51:25 UTC 2009
hi,
i can confirm this bug and too see segfaults using php5-cli:
a sample backtrace. 3 of 4 segfaults that occoured in the last 16 hours
have been within php_realpath. the remaining one was in T1_CloseLib ()
from /usr/lib/libt1.so.5 while calling the zm_shutdown_gd at
/tmp/buildd/php5-5.2.6.dfsg.1/ext/gd/gd.c:1225
(i do not know if the "gd segfault" is related, so i post this info in
here anyways).
> (gdb) thread apply all bt full
>
> Thread 1 (process 5301):
> #0 php_realpath (path=0x7fff0777f8e0 "/data/www/k000535/web/animationsplanet.com/typo3conf", resolved=Cannot access memory at address 0x7fff07774688
> ) at /tmp/buildd/php5-5.2.6.dfsg.1/TSRM/tsrm_virtual_cwd.c:278
> sb = {st_dev = 0, st_ino = 0, st_nlink = 0, st_mode = 0, st_uid = 0, st_gid = 0, pad0 = 0, st_rdev = 0, st_size = 0, st_blksize = 0, st_blocks = 0, st_atim = {tv_sec = 0, tv_nsec = 0}, st_mtim = {
> tv_sec = 0, tv_nsec = 0}, st_ctim = {tv_sec = 0, tv_nsec = 0}, __unused = {0, 0, 0}}
> s = 0x0
> left_len = 125303008
> resolved_len = 125282368
> symlinks = Cannot access memory at address 0x7fff0777469c
> (gdb) bt
> #0 php_realpath (path=0x7fff0777f8e0 "/data/www/k000535/web/animationsplanet.com/typo3conf", resolved=Cannot access memory at address 0x7fff07774688
> ) at /tmp/buildd/php5-5.2.6.dfsg.1/TSRM/tsrm_virtual_cwd.c:278
> #1 0x0000000000621158 in virtual_file_ex (state=0x7fff0777a840, path=0x7fff0777f8e0 "/data/www/k000535/web/animationsplanet.com/typo3conf", verify_path=0x100000000, use_realpath=0)
> at /tmp/buildd/php5-5.2.6.dfsg.1/TSRM/tsrm_virtual_cwd.c:732
> #2 0x00000000006293f3 in expand_filepath (filepath=0x7fff0777f8e0 "/data/www/k000535/web/animationsplanet.com/typo3conf", real_path=0x7fff0777e890 "")
> at /tmp/buildd/php5-5.2.6.dfsg.1/main/fopen_wrappers.c:667
> #3 0x0000000000629a58 in php_check_specific_open_basedir (basedir=0x1b4ba80 "/usr/share/php/", path=0x7fff0777f8e0 "/data/www/k000535/web/animationsplanet.com/typo3conf")
> at /tmp/buildd/php5-5.2.6.dfsg.1/main/fopen_wrappers.c:112
> #4 0x0000000000629dc9 in php_check_open_basedir_ex (path=0x7fff0777f8e0 "/data/www/k000535/web/animationsplanet.com/typo3conf", warn=32767) at /tmp/buildd/php5-5.2.6.dfsg.1/main/fopen_wrappers.c:261
> #5 0x00000000005b7b7d in php_stat (filename=0x1b4c098 "/data/www/k000535/web/animationsplanet.com/typo3conf/", filename_length=125270000, type=13, return_value=0x1b540a0)
> at /tmp/buildd/php5-5.2.6.dfsg.1/ext/standard/filestat.c:753
> #6 0x00000000005b8884 in zif_is_dir (ht=125303008, return_value=0x1b540a0, return_value_ptr=0xfefefeff656d6e62, this_ptr=0x0, return_value_used=0)
> at /tmp/buildd/php5-5.2.6.dfsg.1/ext/standard/filestat.c:1073
> #7 0x00000000006a0f4d in zend_do_fcall_common_helper_SPEC (execute_data=0x7fff07788f60) at /tmp/buildd/php5-5.2.6.dfsg.1/Zend/zend_vm_execute.h:200
> #8 0x000000000068c484 in execute (op_array=0x1b4cc98) at /tmp/buildd/php5-5.2.6.dfsg.1/Zend/zend_vm_execute.h:92
> #9 0x0000000000691a2b in ZEND_INCLUDE_OR_EVAL_SPEC_TMP_HANDLER (execute_data=0x7fff07789b40) at /tmp/buildd/php5-5.2.6.dfsg.1/Zend/zend_vm_execute.h:4612
> #10 0x000000000068c484 in execute (op_array=0x1b4bb90) at /tmp/buildd/php5-5.2.6.dfsg.1/Zend/zend_vm_execute.h:92
> #11 0x00000000006682c8 in zend_execute_scripts (type=32767, retval=0x0, file_count=125344872) at /tmp/buildd/php5-5.2.6.dfsg.1/Zend/zend.c:1215
> #12 0x0000000000622b88 in php_execute_script (primary_file=Cannot access memory at address 0x800007788bd0
> ) at /tmp/buildd/php5-5.2.6.dfsg.1/main/main.c:2028
> #13 0x00000000006e04bd in main (argc=125363208, argv=0x7fff0778c000) at /tmp/buildd/php5-5.2.6.dfsg.1/sapi/cgi/cgi_main.c:1954
> (gdb) quit
i run apache2 + suphp + safemode off:
> ii apache2 2.2.9-10+lenny4 Apache HTTP Server metapackage
> ii apache2-mpm-worker 2.2.9-10+lenny4 Apache HTTP Server - high speed threaded mod
> ii apache2-utils 2.2.9-10+lenny4 utility programs for webservers
> ii apache2.2-common 2.2.9-10+lenny4 Apache HTTP Server common files
> ii libapache2-mod-auth-mysql 4.3.9-11 Apache 2 module for MySQL authentication
> ii libapache2-mod-rpaf 0.5-3 module for Apache2 which takes the last IP f
> ii libapache2-mod-suphp 0.6.2-3 Apache2 module to run php scripts with the o
> ii php-pear 5.2.6.dfsg.1-1+lenny3 PEAR - PHP Extension and Application Reposit
> ii php5-adodb 5.04-3 Extension optimising ADOdb database abstract
> ii php5-cgi 5.2.6.dfsg.1-1+lenny3 server-side, HTML-embedded scripting languag
> ii php5-cli 5.2.6.dfsg.1-1+lenny3 command-line interpreter for the php5 script
> ii php5-common 5.2.6.dfsg.1-1+lenny3 Common files for packages built from the php
> ii php5-curl 5.2.6.dfsg.1-1+lenny3 CURL module for php5
> ii php5-dbg 5.2.6.dfsg.1-1+lenny3 Debug symbols for PHP5
> ii php5-gd 5.2.6.dfsg.1-1+lenny3 GD module for php5
> ii php5-imagick 2.1.1RC1-1 ImageMagick module for php5
> ii php5-imap 5.2.6.dfsg.1-1+lenny3 IMAP module for php5
> ii php5-mcrypt 5.2.6.dfsg.1-1+lenny3 MCrypt module for php5
> ii php5-mysql 5.2.6.dfsg.1-1+lenny3 MySQL module for php5
> ii php5-sqlite 5.2.6.dfsg.1-1+lenny3 SQLite module for php5
> ii suphp-common 0.6.2-3 Common files for mod suphp
php.ini changes i made:
> --- php.ini.old 2009-03-05 15:47:06.000000000 +0100
> +++ php.ini 2009-08-18 16:38:04.000000000 +0200
> @@ -1,4 +1,5 @@
> [PHP]
> +; IPAX
>
> ;;;;;;;;;;;
> ; WARNING ;
> @@ -215,7 +216,7 @@
> ;
>
> ;open_basedir =
> -open_basedir =
> +open_basedir = /usr/share/php/:/data/www/k000535/tmp/:/data/www/k000535/:/usr/bin/:/bin:/usr/local/bin:/usr/share/fonts/truetype/
>
> ; This directive allows you to disable certain functions for security reasons.
> ; It receives a comma-delimited list of function names. This directive is
> @@ -268,7 +269,7 @@
> max_execution_time = 30 ; Maximum execution time of each script, in seconds
> max_input_time = 60 ; Maximum amount of time each script may spend parsing request data
> ;max_input_nesting_level = 64 ; Maximum input variable nesting level
> -memory_limit = 32M ; Maximum amount of memory a script may consume (32MB)
> +memory_limit = 48M ; Maximum amount of memory a script may consume (48MB)
>
>
> ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
> @@ -561,6 +562,7 @@
> ; Temporary directory for HTTP uploaded files (will use system default if not
> ; specified).
> ;upload_tmp_dir =
> +upload_tmp_dir = /data/www/k000535/tmp/
>
> ; Maximum allowed size for uploaded files.
> upload_max_filesize = 64M
> @@ -956,6 +958,7 @@
> ; where MODE is the octal representation of the mode. Note that this
> ; does not overwrite the process's umask.
> ;session.save_path = /var/lib/php5
> +session.save_path = /data/www/k000535/tmp/
>
> ; Whether to use cookies.
> session.use_cookies = 1
> @@ -1244,7 +1247,7 @@
> ; Enables or disables WSDL caching feature.
> soap.wsdl_cache_enabled=1
> ; Sets the directory name where SOAP extension will put cache files.
> -soap.wsdl_cache_dir="/tmp"
> +soap.wsdl_cache_dir="/data/www/k000535/tmp/"
> ; (time to live) Sets the number of second while cached file will be used
> ; instead of original one.
> soap.wsdl_cache_ttl=86400
cheers,
raoul
--
____________________________________________________________________
DI (FH) Raoul Bhatia M.Sc. email. r.bhatia at ipax.at
Technischer Leiter
IPAX - Aloy Bhatia Hava OEG web. http://www.ipax.at
Barawitzkagasse 10/2/2/11 email. office at ipax.at
1190 Wien tel. +43 1 3670030
FN 277995t HG Wien fax. +43 1 3670030 15
____________________________________________________________________
More information about the pkg-php-maint
mailing list