MantisBT

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0000787XdebugUsage problems (Wrong Results)public2012-03-02 02:532012-03-07 19:33
Reporternbruno 
Assigned Toderick 
PrioritynormalSeveritycrashReproducibilityalways
StatusclosedResolutionfixed 
PlatformLinuxOSUbuntuOS Version11.10
Product Version 
Target VersionFixed in Version 
Summary0000787: Segmentation Fault with PHP header_remove()
DescriptionA call to header_remove() causes XDebug to seg fault and crash. I am not sure, but it seems the backtrace is leading to the xdstrdup() call inside the xdebug_return_trace_stack_retval() function.
Steps To ReproduceHere is the relevant PHP source code.

<?php
class Utils
{
    public static function redirect( $url)
    {
        exit( 'Before header_remove()');
        header_remove();
        exit( 'After header_remove()');
    }
}
Utils::redirect('');

Running the above code as-is will print the 'Before header_remove()'. Removing that line causes XDebug to seg fault.

Printing all headers prior to header_remove() with header_list() yields:
array
  0 => string 'X-Powered-By: PHP/5.3.6-13ubuntu3.6' (length=35)
  1 => string 'P3P: CP="CAO PSA OUR"' (length=21)
  2 => string 'Content-Type: text/html; charset=utf-8' (length=38)
  3 => string 'Expires: Thu, 19 Nov 1981 08:52:00 GMT' (length=38)
  4 => string 'Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0' (length=77)
  5 => string 'Pragma: no-cache' (length=16)
  6 => string 'Set-Cookie: site=full; expires=Sat, 31-Mar-2012 23:25:41 GMT; path=/' (length=68)
Additional InformationGDB Backtrace:
#0 0x00007ffff720a721 in ?? () from /lib/x86_64-linux-gnu/libc.so.6
#1 0x00007ffff720a436 in strdup () from /lib/x86_64-linux-gnu/libc.so.6
0000002 0x00007ffff132cbc7 in xdebug_header_handler (h=0x7fffffffb500, op=SAPI_HEADER_DELETE_ALL, s=0x7ffff4ac3930)
    at /tmp/pear/temp/xdebug/xdebug.c:1436
0000003 0x00007ffff43401e3 in sapi_header_op () from /usr/lib/apache2/modules/libphp5.so
0000004 0x00007ffff42d482e in ?? () from /usr/lib/apache2/modules/libphp5.so
0000005 0x00007ffff132c947 in xdebug_execute_internal (current_execute_data=0x7fffed020188, return_value_used=0)
    at /tmp/pear/temp/xdebug/xdebug.c:1368
0000006 0x00007ffff43ff004 in ?? () from /usr/lib/apache2/modules/libphp5.so
0000007 0x00007ffff43b00db in execute () from /usr/lib/apache2/modules/libphp5.so
0000008 0x00007ffff132c51a in xdebug_execute (op_array=0x7fffed004dd0) at /tmp/pear/temp/xdebug/xdebug.c:1280
0000009 0x00007ffff43fecec in ?? () from /usr/lib/apache2/modules/libphp5.so
0000010 0x00007ffff43b00db in execute () from /usr/lib/apache2/modules/libphp5.so
0000011 0x00007ffff132c51a in xdebug_execute (op_array=0x555555a15d50) at /tmp/pear/temp/xdebug/xdebug.c:1280
0000012 0x00007ffff438b730 in zend_execute_scripts () from /usr/lib/apache2/modules/libphp5.so
0000013 0x00007ffff43384d3 in php_execute_script () from /usr/lib/apache2/modules/libphp5.so
0000014 0x00007ffff441ff2d in ?? () from /usr/lib/apache2/modules/libphp5.so
0000015 0x0000555555595368 in ap_run_handler (r=0x7ffff10f9ac8) at /build/buildd/apache2-2.2.20/server/config.c:159
0000016 0x00005555555957de in ap_invoke_handler (r=0x7ffff10f9ac8) at /build/buildd/apache2-2.2.20/server/config.c:377
0000017 0x00005555555a49cc in ap_internal_redirect (new_uri=<optimized out>, r=<optimized out>)
    at /build/buildd/apache2-2.2.20/modules/http/http_request.c:554
0000018 0x00007ffff28de5b5 in ?? () from /usr/lib/apache2/modules/mod_rewrite.so
0000019 0x0000555555595368 in ap_run_handler (r=0x7ffff10fb028) at /build/buildd/apache2-2.2.20/server/config.c:159
0000020 0x00005555555957de in ap_invoke_handler (r=0x7ffff10fb028) at /build/buildd/apache2-2.2.20/server/config.c:377
0000021 0x00005555555a49cc in ap_internal_redirect (new_uri=<optimized out>, r=<optimized out>)
    at /build/buildd/apache2-2.2.20/modules/http/http_request.c:554
0000022 0x00007ffff28de5b5 in ?? () from /usr/lib/apache2/modules/mod_rewrite.so
0000023 0x0000555555595368 in ap_run_handler (r=0x7ffff7e370a0) at /build/buildd/apache2-2.2.20/server/config.c:159
0000024 0x00005555555957de in ap_invoke_handler (r=0x7ffff7e370a0) at /build/buildd/apache2-2.2.20/server/config.c:377
0000025 0x00005555555a5360 in ap_process_request (r=0x7ffff7e370a0)
    at /build/buildd/apache2-2.2.20/modules/http/http_request.c:282
0000026 0x00005555555a21d8 in ap_process_http_connection (c=0x7ffff7e3d290)
    at /build/buildd/apache2-2.2.20/modules/http/http_core.c:190
0000027 0x000055555559be08 in ap_run_process_connection (c=0x7ffff7e3d290)
    at /build/buildd/apache2-2.2.20/server/connection.c:43
0000028 0x00005555555a9f60 in child_main (child_num_arg=<optimized out>)
    at /build/buildd/apache2-2.2.20/server/mpm/prefork/prefork.c:667
0000029 0x00005555555aa686 in make_child (s=0x7ffff7feb7f8, slot=0)
    at /build/buildd/apache2-2.2.20/server/mpm/prefork/prefork.c:712
0000030 0x00005555555aae53 in ap_mpm_run (_pconf=<optimized out>, plog=<optimized out>, s=<optimized out>)
    at /build/buildd/apache2-2.2.20/server/mpm/prefork/prefork.c:988
0000031 0x00005555555803ca in main (argc=2, argv=0x7fffffffe558) at /build/buildd/apache2-2.2.20/server/main.c:741

Full backtrace:
#0 0x00007ffff720a721 in ?? () from /lib/x86_64-linux-gnu/libc.so.6
No symbol table info available.
#1 0x00007ffff720a436 in strdup () from /lib/x86_64-linux-gnu/libc.so.6
No symbol table info available.
0000002 0x00007ffff132cbc7 in xdebug_header_handler (h=0x7fffffffb500, op=SAPI_HEADER_DELETE_ALL, s=0x7ffff4ac3930)
    at /tmp/pear/temp/xdebug/xdebug.c:1436
No locals.
0000003 0x00007ffff43401e3 in sapi_header_op () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
0000004 0x00007ffff42d482e in ?? () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
0000005 0x00007ffff132c947 in xdebug_execute_internal (current_execute_data=0x7fffed020188, return_value_used=0)
    at /tmp/pear/temp/xdebug/xdebug.c:1368
        edata = 0x7fffed020188
        fse = 0x555555d445b0
        cur_opcode = 0x7fffed020188
        do_return = 0
        function_nr = 538
        restore_error_handler_situation = 0
        tmp_error_cb = 0x7fffffffb620
0000006 0x00007ffff43ff004 in ?? () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
0000007 0x00007ffff43b00db in execute () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
0000008 0x00007ffff132c51a in xdebug_execute (op_array=0x7fffed004dd0) at /tmp/pear/temp/xdebug/xdebug.c:1280
        dummy = 0x7fffed004c98
        edata = 0x7fffed01b068
        fse = 0x555555d43520
        xfse = 0x7fffecd90f70
        magic_cookie = 0x0
        do_return = 0
        function_nr = 537
        le = 0xc
        eval_id = 0
0000009 0x00007ffff43fecec in ?? () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
0000010 0x00007ffff43b00db in execute () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
0000011 0x00007ffff132c51a in xdebug_execute (op_array=0x555555a15d50) at /tmp/pear/temp/xdebug/xdebug.c:1280
        dummy = 0x44b569b533b7da5f
        edata = 0x0
        fse = 0x555555a419e0
        xfse = 0x7ffff43a9ec6
        magic_cookie = 0x0
        do_return = 0
        function_nr = 0
        le = 0x0
        eval_id = 0
0000012 0x00007ffff438b730 in zend_execute_scripts () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
0000013 0x00007ffff43384d3 in php_execute_script () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
0000014 0x00007ffff441ff2d in ?? () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
0000015 0x0000555555595368 in ap_run_handler (r=0x7ffff10f9ac8) at /build/buildd/apache2-2.2.20/server/config.c:159
        pHook = <optimized out>
        n = <optimized out>
        rv = <optimized out>
0000016 0x00005555555957de in ap_invoke_handler (r=0x7ffff10f9ac8) at /build/buildd/apache2-2.2.20/server/config.c:377
        handler = <optimized out>
        p = <optimized out>
        result = <optimized out>
        old_handler = 0x7ffff7fd1c40 "application/x-httpd-php"
        ignore = <optimized out>
0000017 0x00005555555a49cc in ap_internal_redirect (new_uri=<optimized out>, r=<optimized out>)
    at /build/buildd/apache2-2.2.20/modules/http/http_request.c:554
        new = 0x7ffff10f9ac8
        access_status = <optimized out>
0000018 0x00007ffff28de5b5 in ?? () from /usr/lib/apache2/modules/mod_rewrite.so
No symbol table info available.
0000019 0x0000555555595368 in ap_run_handler (r=0x7ffff10fb028) at /build/buildd/apache2-2.2.20/server/config.c:159
        pHook = <optimized out>
        n = <optimized out>
        rv = <optimized out>
0000020 0x00005555555957de in ap_invoke_handler (r=0x7ffff10fb028) at /build/buildd/apache2-2.2.20/server/config.c:377
        handler = <optimized out>
        p = <optimized out>
        result = <optimized out>
        old_handler = 0x7ffff28e474f "redirect-handler"
        ignore = <optimized out>
0000021 0x00005555555a49cc in ap_internal_redirect (new_uri=<optimized out>, r=<optimized out>)
    at /build/buildd/apache2-2.2.20/modules/http/http_request.c:554
        new = 0x7ffff10fb028
        access_status = <optimized out>
0000022 0x00007ffff28de5b5 in ?? () from /usr/lib/apache2/modules/mod_rewrite.so
No symbol table info available.
0000023 0x0000555555595368 in ap_run_handler (r=0x7ffff7e370a0) at /build/buildd/apache2-2.2.20/server/config.c:159
        pHook = <optimized out>
        n = <optimized out>
        rv = <optimized out>
0000024 0x00005555555957de in ap_invoke_handler (r=0x7ffff7e370a0) at /build/buildd/apache2-2.2.20/server/config.c:377
        handler = <optimized out>
        p = <optimized out>
        result = <optimized out>
        old_handler = 0x7ffff28e474f "redirect-handler"
        ignore = <optimized out>
0000025 0x00005555555a5360 in ap_process_request (r=0x7ffff7e370a0)
    at /build/buildd/apache2-2.2.20/modules/http/http_request.c:282
        access_status = <optimized out>
0000026 0x00005555555a21d8 in ap_process_http_connection (c=0x7ffff7e3d290)
    at /build/buildd/apache2-2.2.20/modules/http/http_core.c:190
        r = 0x7ffff7e370a0
        csd = 0x0
0000027 0x000055555559be08 in ap_run_process_connection (c=0x7ffff7e3d290)
    at /build/buildd/apache2-2.2.20/server/connection.c:43
        pHook = <optimized out>
        n = <optimized out>
        rv = <optimized out>
0000028 0x00005555555a9f60 in child_main (child_num_arg=<optimized out>)
    at /build/buildd/apache2-2.2.20/server/mpm/prefork/prefork.c:667
        current_conn = 0x7ffff7e3d290
        csd = 0x7ffff7e3d0a0
        ptrans = 0x7ffff7e3d028
        allocator = 0x555555a37830
        status = <optimized out>
        i = <optimized out>
        lr = <optimized out>
        pollset = 0x7ffff7e3f130
        sbh = 0x7ffff7e3f128
        bucket_alloc = 0x7ffff7e39028
        last_poll_idx = 0
0000029 0x00005555555aa686 in make_child (s=0x7ffff7feb7f8, slot=0)
    at /build/buildd/apache2-2.2.20/server/mpm/prefork/prefork.c:712
No locals.
0000030 0x00005555555aae53 in ap_mpm_run (_pconf=<optimized out>, plog=<optimized out>, s=<optimized out>)
    at /build/buildd/apache2-2.2.20/server/mpm/prefork/prefork.c:988
        index = <optimized out>
        remaining_children_to_start = <optimized out>
        rv = <optimized out>
0000031 0x00005555555803ca in main (argc=2, argv=0x7fffffffe558) at /build/buildd/apache2-2.2.20/server/main.c:741
        c = 88 'X'
        configtestonly = <optimized out>
        confname = 0x5555555acceb "apache2.conf"
        def_server_root = 0x5555555accde "/etc/apache2"
        temp_error_log = 0x0
        error = <optimized out>
        process = 0x7ffff7ff3118
        server_conf = 0x7ffff7feb7f8
        pglobal = <optimized out>
        pconf = 0x7ffff7ff1028
        plog = 0x7ffff7fb7028
        ptemp = 0x7ffff7fe9028
        pcommands = 0x7ffff7fef028
        opt = 0x7ffff7fef118
        rv = 0
        mod = <optimized out>
        optarg = 0x0
        signal_server = <optimized out>
TagsNo tags attached.
Operating SystemUbuntu 11.10
PHP Version5.3.6
Attached Files

- Relationships

-  Notes
(0001948)
derick (administrator)
2012-03-07 19:33

Fixed for 2.1.3 and 2.2.0. Thanks for your detailed report!

- Issue History
Date Modified Username Field Change
2012-03-02 02:53 nbruno New Issue
2012-03-07 19:33 derick Note Added: 0001948
2012-03-07 19:33 derick Status new => closed
2012-03-07 19:33 derick Assigned To => derick
2012-03-07 19:33 derick Resolution open => fixed
2016-07-31 13:36 derick Category Usage problems => Usage problems (Crashes)
2016-07-31 13:38 derick Category Usage problems (Crashes) => Usage problems (Wrong Results)


Copyright © 2000 - 2017 MantisBT Team
Powered by Mantis Bugtracker