View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0000787XdebugUncategorizedpublic2012-03-02 02:532012-03-07 19:33
Reporternbruno Assigned Toderick  
PrioritynormalSeveritycrashReproducibilityalways
Status closedResolutionfixed 
PlatformLinuxOSUbuntuOS Version11.10
Summary0000787: Segmentation Fault with PHP header_remove()
Description

A call to header_remove() causes XDebug to seg fault and crash. I am not sure, but it seems the backtrace is leading to the xdstrdup() call inside the xdebug_return_trace_stack_retval() function.

Steps To Reproduce

Here is the relevant PHP source code.

<?php
class Utils
{
public static function redirect( $url)
{
exit( 'Before header_remove()');
header_remove();
exit( 'After header_remove()');
}
}
Utils::redirect('');

Running the above code as-is will print the 'Before header_remove()'. Removing that line causes XDebug to seg fault.

Printing all headers prior to header_remove() with header_list() yields:
array
0 => string 'X-Powered-By: PHP/5.3.6-13ubuntu3.6' (length=35)
1 => string 'P3P: CP="CAO PSA OUR"' (length=21)
2 => string 'Content-Type: text/html; charset=utf-8' (length=38)
3 => string 'Expires: Thu, 19 Nov 1981 08:52:00 GMT' (length=38)
4 => string 'Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0' (length=77)
5 => string 'Pragma: no-cache' (length=16)
6 => string 'Set-Cookie: site=full; expires=Sat, 31-Mar-2012 23:25:41 GMT; path=/' (length=68)

Additional Information

GDB Backtrace:
#0 0x00007ffff720a721 in ?? () from /lib/x86_64-linux-gnu/libc.so.6
#1 0x00007ffff720a436 in strdup () from /lib/x86_64-linux-gnu/libc.so.6
0000002 0x00007ffff132cbc7 in xdebug_header_handler (h=0x7fffffffb500, op=SAPI_HEADER_DELETE_ALL, s=0x7ffff4ac3930)
at /tmp/pear/temp/xdebug/xdebug.c:1436
0000003 0x00007ffff43401e3 in sapi_header_op () from /usr/lib/apache2/modules/libphp5.so
0000004 0x00007ffff42d482e in ?? () from /usr/lib/apache2/modules/libphp5.so
0000005 0x00007ffff132c947 in xdebug_execute_internal (current_execute_data=0x7fffed020188, return_value_used=0)
at /tmp/pear/temp/xdebug/xdebug.c:1368
0000006 0x00007ffff43ff004 in ?? () from /usr/lib/apache2/modules/libphp5.so
0000007 0x00007ffff43b00db in execute () from /usr/lib/apache2/modules/libphp5.so
0000008 0x00007ffff132c51a in xdebug_execute (op_array=0x7fffed004dd0) at /tmp/pear/temp/xdebug/xdebug.c:1280
0000009 0x00007ffff43fecec in ?? () from /usr/lib/apache2/modules/libphp5.so
0000010 0x00007ffff43b00db in execute () from /usr/lib/apache2/modules/libphp5.so
0000011 0x00007ffff132c51a in xdebug_execute (op_array=0x555555a15d50) at /tmp/pear/temp/xdebug/xdebug.c:1280
0000012 0x00007ffff438b730 in zend_execute_scripts () from /usr/lib/apache2/modules/libphp5.so
0000013 0x00007ffff43384d3 in php_execute_script () from /usr/lib/apache2/modules/libphp5.so
0000014 0x00007ffff441ff2d in ?? () from /usr/lib/apache2/modules/libphp5.so
0000015 0x0000555555595368 in ap_run_handler (r=0x7ffff10f9ac8) at /build/buildd/apache2-2.2.20/server/config.c:159
0000016 0x00005555555957de in ap_invoke_handler (r=0x7ffff10f9ac8) at /build/buildd/apache2-2.2.20/server/config.c:377
0000017 0x00005555555a49cc in ap_internal_redirect (new_uri=<optimized out>, r=<optimized out>)
at /build/buildd/apache2-2.2.20/modules/http/http_request.c:554
0000018 0x00007ffff28de5b5 in ?? () from /usr/lib/apache2/modules/mod_rewrite.so
0000019 0x0000555555595368 in ap_run_handler (r=0x7ffff10fb028) at /build/buildd/apache2-2.2.20/server/config.c:159
0000020 0x00005555555957de in ap_invoke_handler (r=0x7ffff10fb028) at /build/buildd/apache2-2.2.20/server/config.c:377
0000021 0x00005555555a49cc in ap_internal_redirect (new_uri=<optimized out>, r=<optimized out>)
at /build/buildd/apache2-2.2.20/modules/http/http_request.c:554
0000022 0x00007ffff28de5b5 in ?? () from /usr/lib/apache2/modules/mod_rewrite.so
0000023 0x0000555555595368 in ap_run_handler (r=0x7ffff7e370a0) at /build/buildd/apache2-2.2.20/server/config.c:159
0000024 0x00005555555957de in ap_invoke_handler (r=0x7ffff7e370a0) at /build/buildd/apache2-2.2.20/server/config.c:377
0000025 0x00005555555a5360 in ap_process_request (r=0x7ffff7e370a0)
at /build/buildd/apache2-2.2.20/modules/http/http_request.c:282
0000026 0x00005555555a21d8 in ap_process_http_connection (c=0x7ffff7e3d290)
at /build/buildd/apache2-2.2.20/modules/http/http_core.c:190
0000027 0x000055555559be08 in ap_run_process_connection (c=0x7ffff7e3d290)
at /build/buildd/apache2-2.2.20/server/connection.c:43
0000028 0x00005555555a9f60 in child_main (child_num_arg=<optimized out>)
at /build/buildd/apache2-2.2.20/server/mpm/prefork/prefork.c:667
0000029 0x00005555555aa686 in make_child (s=0x7ffff7feb7f8, slot=0)
at /build/buildd/apache2-2.2.20/server/mpm/prefork/prefork.c:712
0000030 0x00005555555aae53 in ap_mpm_run (_pconf=<optimized out>, plog=<optimized out>, s=<optimized out>)
at /build/buildd/apache2-2.2.20/server/mpm/prefork/prefork.c:988
0000031 0x00005555555803ca in main (argc=2, argv=0x7fffffffe558) at /build/buildd/apache2-2.2.20/server/main.c:741

Full backtrace:
#0 0x00007ffff720a721 in ?? () from /lib/x86_64-linux-gnu/libc.so.6
No symbol table info available.
#1 0x00007ffff720a436 in strdup () from /lib/x86_64-linux-gnu/libc.so.6
No symbol table info available.
0000002 0x00007ffff132cbc7 in xdebug_header_handler (h=0x7fffffffb500, op=SAPI_HEADER_DELETE_ALL, s=0x7ffff4ac3930)
at /tmp/pear/temp/xdebug/xdebug.c:1436
No locals.
0000003 0x00007ffff43401e3 in sapi_header_op () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
0000004 0x00007ffff42d482e in ?? () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
0000005 0x00007ffff132c947 in xdebug_execute_internal (current_execute_data=0x7fffed020188, return_value_used=0)
at /tmp/pear/temp/xdebug/xdebug.c:1368
edata = 0x7fffed020188
fse = 0x555555d445b0
cur_opcode = 0x7fffed020188
do_return = 0
function_nr = 538
restore_error_handler_situation = 0
tmp_error_cb = 0x7fffffffb620
0000006 0x00007ffff43ff004 in ?? () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
0000007 0x00007ffff43b00db in execute () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
0000008 0x00007ffff132c51a in xdebug_execute (op_array=0x7fffed004dd0) at /tmp/pear/temp/xdebug/xdebug.c:1280
dummy = 0x7fffed004c98
edata = 0x7fffed01b068
fse = 0x555555d43520
xfse = 0x7fffecd90f70
magic_cookie = 0x0
do_return = 0
function_nr = 537
le = 0xc
eval_id = 0
0000009 0x00007ffff43fecec in ?? () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
0000010 0x00007ffff43b00db in execute () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
0000011 0x00007ffff132c51a in xdebug_execute (op_array=0x555555a15d50) at /tmp/pear/temp/xdebug/xdebug.c:1280
dummy = 0x44b569b533b7da5f
edata = 0x0
fse = 0x555555a419e0
xfse = 0x7ffff43a9ec6
magic_cookie = 0x0
do_return = 0
function_nr = 0
le = 0x0
eval_id = 0
0000012 0x00007ffff438b730 in zend_execute_scripts () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
0000013 0x00007ffff43384d3 in php_execute_script () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
0000014 0x00007ffff441ff2d in ?? () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
0000015 0x0000555555595368 in ap_run_handler (r=0x7ffff10f9ac8) at /build/buildd/apache2-2.2.20/server/config.c:159
pHook = <optimized out>
n = <optimized out>
rv = <optimized out>
0000016 0x00005555555957de in ap_invoke_handler (r=0x7ffff10f9ac8) at /build/buildd/apache2-2.2.20/server/config.c:377
handler = <optimized out>
p = <optimized out>
result = <optimized out>
old_handler = 0x7ffff7fd1c40 "application/x-httpd-php"
ignore = <optimized out>
0000017 0x00005555555a49cc in ap_internal_redirect (new_uri=<optimized out>, r=<optimized out>)
at /build/buildd/apache2-2.2.20/modules/http/http_request.c:554
new = 0x7ffff10f9ac8
access_status = <optimized out>
0000018 0x00007ffff28de5b5 in ?? () from /usr/lib/apache2/modules/mod_rewrite.so
No symbol table info available.
0000019 0x0000555555595368 in ap_run_handler (r=0x7ffff10fb028) at /build/buildd/apache2-2.2.20/server/config.c:159
pHook = <optimized out>
n = <optimized out>
rv = <optimized out>
0000020 0x00005555555957de in ap_invoke_handler (r=0x7ffff10fb028) at /build/buildd/apache2-2.2.20/server/config.c:377
handler = <optimized out>
p = <optimized out>
result = <optimized out>
old_handler = 0x7ffff28e474f "redirect-handler"
ignore = <optimized out>
0000021 0x00005555555a49cc in ap_internal_redirect (new_uri=<optimized out>, r=<optimized out>)
at /build/buildd/apache2-2.2.20/modules/http/http_request.c:554
new = 0x7ffff10fb028
access_status = <optimized out>
0000022 0x00007ffff28de5b5 in ?? () from /usr/lib/apache2/modules/mod_rewrite.so
No symbol table info available.
0000023 0x0000555555595368 in ap_run_handler (r=0x7ffff7e370a0) at /build/buildd/apache2-2.2.20/server/config.c:159
pHook = <optimized out>
n = <optimized out>
rv = <optimized out>
0000024 0x00005555555957de in ap_invoke_handler (r=0x7ffff7e370a0) at /build/buildd/apache2-2.2.20/server/config.c:377
handler = <optimized out>
p = <optimized out>
result = <optimized out>
old_handler = 0x7ffff28e474f "redirect-handler"
ignore = <optimized out>
0000025 0x00005555555a5360 in ap_process_request (r=0x7ffff7e370a0)
at /build/buildd/apache2-2.2.20/modules/http/http_request.c:282
access_status = <optimized out>
0000026 0x00005555555a21d8 in ap_process_http_connection (c=0x7ffff7e3d290)
at /build/buildd/apache2-2.2.20/modules/http/http_core.c:190
r = 0x7ffff7e370a0
csd = 0x0
0000027 0x000055555559be08 in ap_run_process_connection (c=0x7ffff7e3d290)
at /build/buildd/apache2-2.2.20/server/connection.c:43
pHook = <optimized out>
n = <optimized out>
rv = <optimized out>
0000028 0x00005555555a9f60 in child_main (child_num_arg=<optimized out>)
at /build/buildd/apache2-2.2.20/server/mpm/prefork/prefork.c:667
current_conn = 0x7ffff7e3d290
csd = 0x7ffff7e3d0a0
ptrans = 0x7ffff7e3d028
allocator = 0x555555a37830
status = <optimized out>
i = <optimized out>
lr = <optimized out>
pollset = 0x7ffff7e3f130
sbh = 0x7ffff7e3f128
bucket_alloc = 0x7ffff7e39028
last_poll_idx = 0
0000029 0x00005555555aa686 in make_child (s=0x7ffff7feb7f8, slot=0)
at /build/buildd/apache2-2.2.20/server/mpm/prefork/prefork.c:712
No locals.
0000030 0x00005555555aae53 in ap_mpm_run (_pconf=<optimized out>, plog=<optimized out>, s=<optimized out>)
at /build/buildd/apache2-2.2.20/server/mpm/prefork/prefork.c:988
index = <optimized out>
remaining_children_to_start = <optimized out>
rv = <optimized out>
0000031 0x00005555555803ca in main (argc=2, argv=0x7fffffffe558) at /build/buildd/apache2-2.2.20/server/main.c:741
c = 88 'X'
configtestonly = <optimized out>
confname = 0x5555555acceb "apache2.conf"
def_server_root = 0x5555555accde "/etc/apache2"
temp_error_log = 0x0
error = <optimized out>
process = 0x7ffff7ff3118
server_conf = 0x7ffff7feb7f8
pglobal = <optimized out>
pconf = 0x7ffff7ff1028
plog = 0x7ffff7fb7028
ptemp = 0x7ffff7fe9028
pcommands = 0x7ffff7fef028
opt = 0x7ffff7fef118
rv = 0
mod = <optimized out>
optarg = 0x0
signal_server = <optimized out>

TagsNo tags attached.
Operating SystemUbuntu 11.10
PHP Version5.3.6

Activities

derick

2012-03-07 19:33

administrator   ~0001948

Fixed for 2.1.3 and 2.2.0. Thanks for your detailed report!

Issue History

Date Modified Username Field Change
2012-03-02 02:53 nbruno New Issue
2012-03-07 19:33 derick Note Added: 0001948
2012-03-07 19:33 derick Status new => closed
2012-03-07 19:33 derick Assigned To => derick
2012-03-07 19:33 derick Resolution open => fixed
2016-07-31 12:36 derick Category Usage problems => Usage problems (Crashes)
2016-07-31 12:38 derick Category Usage problems (Crashes) => Usage problems (Wrong Results)
2020-03-12 16:35 derick Category Usage problems (Wrong Results) => Variable Display
2020-03-12 16:38 derick Category Variable Display => Uncategorized