[php-maint] Bug#577784: backtrace for php5-cgi segfault
Andy Wettstein
ajw1980 at gmail.com
Thu Apr 22 19:40:25 UTC 2010
On Wed, Apr 21, 2010 at 08:11:09PM -0500, Raphael Geissert wrote:
> Hi everyone,
>
> On 21 April 2010 03:09, sean finney <seanius at debian.org> wrote:
> > hi andy,
> >
> > interesting... ?? it's not clear to me whether this is the same problem, but
> > as we haven't received any other follow up i'm happy to run with this
> > backtrace and close the bug when we fix any segfault :)
> >
> > On Tue, Apr 20, 2010 at 08:58:29PM -0500, Andy Wettstein wrote:
> >> I'm seeing segfault when attempting to authenticate to gallery2.
> >> I'm running with lighttpd and was able generate a core file and backtrace:
> >>
> >> #0 ??0x00007f521b85c7c1 in strlen () from /lib/libc.so.6
> >> #1 ??0x00007f52188dc2cd in my_strdup () from /usr/lib/libmysqlclient_r.so.16
> >> #2 ??0x00007f52189071ab in mysql_options () from /usr/lib/libmysqlclient_r.so.16
> >> #3 ??0x00007f521866cfae in zif_mysqli_options (ht=0, return_value=0x2383808,
> >> ?? ?? return_value_ptr=0x0, this_ptr=0xffffffff, return_value_used=0)
>
> This is strange. The only call I can see to mysqli_options is in
> AdoDB's mysqli driver right before connecting to the server.
> This would mean that any page you try to open that connects to the
> mysql server should lead to the segfault. Is that so?
No. This only happens when trying to authenticate. The rest of the
site is working fine.
>
> Everything AdoDB does is:
> mysqli_options($this->_connectionID,$arr[0],$arr[1]);
>
> Where $arr comes from:
> var $optionFlags = array(array(MYSQLI_READ_DEFAULT_GROUP,0));
Indeed commenting out the single mysqli_options line the gallery2 makes
it not segfault.
>
> But:
> $ php -r '$l = mysqli_init();
> var_dump(mysqli_options($l,MYSQLI_READ_DEFAULT_GROUP,0)); '
> bool(true)
>
> Even on an clean sid chroot, i686. Andy, what happens when you try to run that?
This runs without error.
>
> From there mysqli_options all it does is find out that the expected
> value should be a string and converts the 0 to one. libmysqlcient's
> mysql_options is then called:
>
> ret = mysql_options(mysql->mysql, mysql_option, Z_STRVAL_PP(&mysql_value));
>
> mysql_option's relevant code (just executed code, actually) is:
>
> case MYSQL_READ_DEFAULT_GROUP:
> my_free(mysql->options.my_cnf_group,MYF(MY_ALLOW_ZERO_PTR));
> mysql->options.my_cnf_group=my_strdup(arg,MYF(MY_WME));
> break;
>
> And that's all. Like I said, I can't reproduce it.
>
> But there's something interesting from the recently reported (besides
> from the 'at something/file.c' not matching the real file for
> zif_mysqli_options) http://bugs.php.net/51624 (which is also from a
> lighttpd/gallery2 combination.)
>
> Since the variables holding the arguments passed to the function (from
> php space) are not yet initialized they indicate php is segfaulting
> during zend_parse_method_parameters.
Looking around I see more interesting discussion here:
http://gallery.menalto.com/node/95444
http://gallery.menalto.com/node/95244
I tried some of the fixes suggested there, but it didn't seem to matter.
More information about the pkg-php-maint
mailing list