View Issue Details

IDProjectCategoryView StatusLast Update
0000921XdebugUsage problems (Wrong Results)public2014-02-27 19:53
ReportermunziliAssigned Toderick 
PrioritynormalSeveritycrashReproducibilityalways
Status resolvedResolutionunable to reproduce 
Product Version 
Target VersionFixed in Version 
Summary0000921: xdebug crashes Apache2
DescriptionHallo!


I'm running Apache2.2 on a Windows and a Linux Ubuntu machine. On both Systems PHP 5.4.11 is installed with xdebug 2.2.1.

On both systems, xdebug crashes Apache when executing my code. If i unload xdebug from the php.ini, everything is ok. As soon i load it again, it causes to crash Apache. I'm not running a debug session, its just a normal request. You can reproduce it on both systems. It happen when i execute the stepts mentoned below
Steps To Reproducehttp://www.phptheatre.com/PHPTheatre.rar

1. Extract the files to your htdocs directpry
2. copy/rename bridge/default/global.config.php to local.config.php
3. modify the local.config.php and enter your mysql server data (user should have access to create DB)
4. run the php file tests/data/setup.php in the shell. This script will setup test datas
5. Open the follwoing file in the Browser: tests/HTML/index.php
6. Login with the username "visitor" and the password "password" on the top login form
7. Klick the "Program" Link in the top menu
8. Select on the Site a time to the right.
9. A "Room Plan" will apear. Click on an Seat in the image.
10. *Apache2 Crash*

The file/class that is handling this request, where the error happens is src/Core/Template/Site/ShowReservation.php, method "displayCinema"
Additional InformationSeams like its not in the PHP Core file, its a xdebug related problem

Thread 7 - System ID 7024
Entry point libhttpd!ap_regkey_value_remove+1060
Create time 22.01.2013 16:24:13
Time spent in user mode 0 Days 0:0:0.62
Time spent in kernel mode 0 Days 0:0:0.0






Full Call Stack



Function Arg 1 Arg 2 Arg 3 Arg 4 Source
ntdll!NtRaiseException+12 01eee9e4 01eeea34 00000000 c0000005
ntdll!KiUserExceptionDispatcher+29 01eee9e4 01eeea34 00000000
c0000005









Exception Information
PHP_XDEBUG!XDEBUG_INIT_OPARRAY+106D0WARNING - DebugDiag was not able to locate
debug symbols for php_xdebug.dll, so the information below may be incomplete.



In
httpd__PID__6644__Date__01_22_2013__Time_04_44_34PM__274__Second_Chance_Exceptio
n_C0000005.dmp the assembly instruction at php_xdebug!xdebug_init_oparray+106d0
in D:\xampp\php\ext\php_xdebug.dll from Derick Rethans has caused an access
violation exception (0xC0000005) when trying to read from memory location
0x00000000 on thread 7





Module Information
Image Name: D:\xampp\php\ext\php_xdebug.dll Symbol Type: Export
Base address: 0x00905a4d Time Stamp: Sat Jul 14 23:46:38 2012
Checksum: 0x00000000 Comments: Thanks to Derick Rethans, Ilia Alshanetsky,
Harald Radi
COM DLL: False Company Name: Derick Rethans
ISAPIExtension: False File Description: Xdebug
ISAPIFilter: False File Version: 2.2.1
Managed DLL: False Internal Name: php_xdebug.dll
VB DLL: False Legal Copyright: Copyright © 2002-2012 Derick Rethans
Loaded Image Name: php_xdebug.dll Legal Trademarks:
Mapped Image Name: Original filename: php_xdebug.dll
Module name: php_xdebug Private Build:
Single Threaded: False Product Name: Xdebug
Module Size: 172,00 KBytes Product Version: 2.2.1
Symbol File Name: php_xdebug.dll Special Build: &
TagsNo tags attached.
Operating SystemUbuntu Squezze and Win7 (XAMPP)
PHP Version5.4.10-5.4.14

Activities

munzili

2013-01-30 14:39

reporter   ~0002419

Ubuntu backtrace

root@UbuntuDevMachine:~/xdebug-2.2.1# gdb /usr/sbin/apache2 /tmp/apache2-gdb-dump/core
GNU gdb (GDB) 7.5-ubuntu
Copyright (C) 2012 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /usr/sbin/apache2...done.
[New LWP 4825]

warning: Can't read pathname for load map: Eingabe-/Ausgabefehler.
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `/usr/sbin/apache2 -k start'.
Program terminated with signal 11, Segmentation fault.
#0 0x00007f0a7ddea101 in ?? () from /lib/x86_64-linux-gnu/libc.so.6
(gdb) bt full
#0 0x00007f0a7ddea101 in ?? () from /lib/x86_64-linux-gnu/libc.so.6
No symbol table info available.
#1 0x00007f0a70bcab0f in xdebug_str_add (xs=0x7fffe31c0170, str=0x0, f=0) at /root/xdebug-2.2.1/xdebug_str.c:33
        l = 32522
0000002 0x00007f0a70bc8477 in xdebug_error_cb (type=1, error_filename=0x7f0a6e4196f8 "[no active file]", error_lineno=0, format=0x7f0a7b2e316a "Uncaught %s\n thrown",
    args=0x7fffe31c01d8) at /root/xdebug-2.2.1/xdebug_stack.c:635
        str = {l = 424, a = 1150,
          d = 0x7f0a7f561170 "
\n<font size='1'><table class='xdebug-error xe-uncaught-exception' dir='ltr' border='1' cellspacing='0' cellpadding='1'>\n<tr><th align='left' bgcolor='#f57900' colspan=\"5\"><span style='background"...}
        tmp_buf = 0x7f0a7f55ab60 "Uncaught exception 'Exception' with message 'Serialization of 'SimpleXMLElement' is not allowed'"
        p = 0x7f0a6e312c80 " in [no active file]:0\nStack trace:\n#0 {main}\n thrown"
        printable_stack = 0x7fffe31c01b0 "0\002\034\343\377\177"
        buffer = 0x7f0a6e312c20 "Uncaught exception 'Exception' with message 'Serialization of 'SimpleXMLElement' is not allowed' in [no active file]:0\nStack trace:\n#0 {main}\n thrown"
        error_type_str = 0x7f0a7f55a360 "Fatal error"
        buffer_len = 150
        extra_brk_info = 0x0
        error_handling = EH_NORMAL
        exception_class = 0x0
        tsrm_ls = 0x7f0a7f16dac0
0000003 0x00007f0a7ad35561 in zend_error_va (type=1, file=0x7f0a6e4196f8 "[no active file]", lineno=0, format=0x7f0a7b2e316a "Uncaught %s\n thrown")
    at /root/php-5.4.11/Zend/zend_exceptions.c:791
        args = {{gp_offset = 40, fp_offset = 48, overflow_arg_area = 0x7fffe31c02b0, reg_save_area = 0x7fffe31c01f0}}
0000004 0x00007f0a7ad35957 in zend_exception_error (exception=0x7f0a6e0b1228, severity=1, tsrm_ls=0x7f0a7f16dac0) at /root/php-5.4.11/Zend/zend_exceptions.c:831
        str = 0x7f0a6e3f2bc8
        file = 0x7f0a6e4184d0
        line = 0x7f0a6e418310
        ce_exception = 0x7f0a7f242b60
0000005 0x00007f0a7ad31d76 in zend_throw_exception_internal (exception=0x7f0a6e0b1228, tsrm_ls=0x7f0a7f16dac0) at /root/php-5.4.11/Zend/zend_exceptions.c:110
No locals.
0000006 0x00007f0a7ad35338 in zend_throw_exception (exception_ce=0x7f0a7f242b60, message=0x7f0a6e3d9170 "Serialization of 'SimpleXMLElement' is not allowed", code=0,
    tsrm_ls=0x7f0a7f16dac0) at /root/php-5.4.11/Zend/zend_exceptions.c:758
        ex = 0x7f0a6e0b1228
0000007 0x00007f0a7ad3540e in zend_throw_exception_ex (exception_ce=0x0, code=0, tsrm_ls=0x7f0a7f16dac0, format=0x7f0a7b2e2b38 "Serialization of '%s' is not allowed")
    at /root/php-5.4.11/Zend/zend_exceptions.c:772
        arg = {{gp_offset = 40, fp_offset = 48, overflow_arg_area = 0x7fffe31c04b0, reg_save_area = 0x7fffe31c03f0}}
        message = 0x7f0a6e3d9170 "Serialization of 'SimpleXMLElement' is not allowed"
        zexception = 0x7fffe31c0440
0000008 0x00007f0a7ad30d79 in zend_class_serialize_deny (object=0x7f0a6e31ca28, buffer=0x7fffe31c0588, buf_len=0x7fffe31c0578, data=0x7f0a6e349428, tsrm_ls=0x7f0a7f16dac0)
    at /root/php-5.4.11/Zend/zend_interfaces.c:487
        ce = 0x7f0a7f3b3af0
0000009 0x00007f0a7ab4907a in php_var_serialize_intern (buf=0x7fffe31c16f0, struc=0x7f0a6e31ca28, var_hash=0x7f0a6e349428, tsrm_ls=0x7f0a7f16dac0)
    at /root/php-5.4.11/ext/standard/var.c:777
        serialized_data = 0x0
        serialized_length = 4670
        retval_ptr = 0x0
        fname = {value = {lval = 140737003656944, dval = 6.9533318605529914e-310, str = {val = 0x7fffe31c16f0 "\350\026Bn\n\177", len = -484698384}, ht = 0x7fffe31c16f0, obj = {
              handle = 3810268912, handlers = 0x4b0e31c16f0}}, refcount__gc = 2066618040, type = 10 '\n', is_ref__gc = 127 '\177'}
        res = 0
        ce = 0x7f0a7f3b3af0
        i = 0
        var_already = 0x7f0a6e305788
        myht = 0x7fffe31c0670
0000010 0x00007f0a7ab4afbf in php_var_serialize_intern (buf=0x7fffe31c16f0, struc=0x7f0a6e31ed68, var_hash=0x7f0a6e349428, tsrm_ls=0x7f0a7f16dac0)
    at /root/php-5.4.11/ext/standard/var.c:880
        key = 0x7f0a6e31f040 ":minutes"
        data = 0x7f0a6e31f010
        key_len = 9
        index = 139683051119520
        pos = 0x7f0a6e31eff8
---Type <return> to continue, or q <return> to quit---
        incomplete_class = 0 '\000'
        i = 1
        var_already = 0xb
        myht = 0x7f0a6e3930a0
0000011 0x00007f0a7ab4afbf in php_var_serialize_intern (buf=0x7fffe31c16f0, struc=0x7f0a6e31eaf8, var_hash=0x7f0a6e349428, tsrm_ls=0x7f0a7f16dac0)
    at /root/php-5.4.11/ext/standard/var.c:880
        key = 0x7f0a7b2b47f0 "/root/php-5.4.11/ext/standard/var.c"
        data = 0x7f0a6e318668
        key_len = 3864
        index = 1
        pos = 0x7f0a6e318650
        incomplete_class = 0 '\000'
        i = 2
        var_already = 0x2580000000b
        myht = 0x7f0a6e392da0
0000012 0x00007f0a7ab4afbf in php_var_serialize_intern (buf=0x7fffe31c16f0, struc=0x7f0a6e31e748, var_hash=0x7f0a6e349428, tsrm_ls=0x7f0a7f16dac0)
    at /root/php-5.4.11/ext/standard/var.c:880
        key = 0x7f0a6e31f250 "args"
        data = 0x7f0a6e31f220
        key_len = 5
        index = 139683051119520
        pos = 0x7f0a6e31f208
        incomplete_class = 0 '\000'
        i = 1
        var_already = 0x25800000000
        myht = 0x7f0a6e394f68
0000013 0x00007f0a7ab4afbf in php_var_serialize_intern (buf=0x7fffe31c16f0, struc=0x7f0a6e319d00, var_hash=0x7f0a6e349428, tsrm_ls=0x7f0a7f16dac0)
    at /root/php-5.4.11/ext/standard/var.c:880
        key = 0x7f0a6e322e88 "calling_file"
        data = 0x7f0a6e322e58
        key_len = 13
        index = 4294967296
        pos = 0x7f0a6e322e40
        incomplete_class = 0 '\000'
        i = 1
        var_already = 0x7f0a7f189dd0
        myht = 0x7f0a6e320ea8
0000014 0x00007f0a7ab4afbf in php_var_serialize_intern (buf=0x7fffe31c16f0, struc=0x7f0a6e3f2d98, var_hash=0x7f0a6e349428, tsrm_ls=0x7f0a7f16dac0)
    at /root/php-5.4.11/ext/standard/var.c:880
        key = 0x7f0a6e31d140 "\373\247\n\177"
        data = 0x7f0a6e321958
        key_len = 1849561000
        index = 3
        pos = 0x7f0a6e321940
        incomplete_class = 0 '\000'
        i = 2
        var_already = 0x0
        myht = 0x7f0a6e3f9c18
0000015 0x00007f0a7ab4b2b6 in php_var_serialize (buf=0x7fffe31c16f0, struc=0x7f0a6e3dfb10, var_hash=0x7fffe31c16b0, tsrm_ls=0x7f0a7f16dac0) at /root/php-5.4.11/ext/standard/var.c:899
No locals.
0000016 0x00007f0a7aa00069 in ps_srlzr_encode_php (newstr=0x7fffe31c1748, newlen=0x7fffe31c1770, tsrm_ls=0x7f0a7f16dac0) at /root/php-5.4.11/ext/session/session.c:857
        _ht = 0x7f0a6e3f7a18
        key_type = 1
        buf = {
          c = 0x7f0a6e4216e8 "PHPTHEATRE_DATABASE_DEBUG|a:6:{i:0;a:10:{s:18:\"prepare_start_time\";d:1359556551.645427;s:5:\"query\";s:216:\"SELECT l.*\r\n", ' ' <repeats 20 times>, "FROM phptheatre_location l\r\n", ' ' <repeats 20 times>, "INNER JOIN php"..., len = 4629, a = 4669}
        var_hash = 0x7f0a6e349428
        key = 0x7f0a6e3dfb40 "PHPTHEATRE_DATABASE_DEBUG"
        key_length = 25
        num_key = 140737003657088
---Type <return> to continue, or q <return> to quit---
        struc = 0x7f0a6e3dfb10
0000017 0x00007f0a7a9fcfe6 in php_session_encode (newlen=0x7fffe31c1770, tsrm_ls=0x7f0a7f16dac0) at /root/php-5.4.11/ext/session/session.c:203
        ret = 0x0
0000018 0x00007f0a7a9fe13c in php_session_save_current_state (tsrm_ls=0x7f0a7f16dac0) at /root/php-5.4.11/ext/session/session.c:487
        val = 0x7f0a7f187800 "0\253\237~\n\177"
        vallen = 2132320352
        ret = -1
0000019 0x00007f0a7aa03edd in php_session_flush (tsrm_ls=0x7f0a7f16dac0) at /root/php-5.4.11/ext/session/session.c:1453
No locals.
0000020 0x00007f0a7aa068ae in zm_deactivate_session (type=1, module_number=37, tsrm_ls=0x7f0a7f16dac0) at /root/php-5.4.11/ext/session/session.c:2144
        __orig_bailout = 0x7fffe31c18e0
        __bailout = {{__jmpbuf = {139683058710528, 1019453305903428655, 139683050807456, 139683055460388, -4294967295, 0, 1019453306337539119, 1139094155948897327},
            __mask_was_saved = 0, __saved_mask = {__val = {7065221201920, 140737003657280, 139682982789748, 139683058604736, 4294967321, 140737003657376, 139682982725181,
                139683058604736, 139683060426784, 140737003657344, 139682982173497, 139683058604736, 139683060426784, 140737003657376, 139682982172923, 139683058604736}}}}
        i = 32522
0000021 0x00007f0a7ad17623 in zend_deactivate_modules (tsrm_ls=0x7f0a7f16dac0) at /root/php-5.4.11/Zend/zend_API.c:2335
        module = 0x7f0a7f1f9d50
        p = 0x7f0a7f444cf8
        __orig_bailout = 0x0
        __bailout = {{__jmpbuf = {139683058710528, 1019453305867777071, 139683050807456, 139683055460388, -4294967295, 0, 1019453305901331503, 1139095127513674799},
            __mask_was_saved = 0, __saved_mask = {__val = {6364398880, 0, 0, 8, 0, 0, 0, 0, 0, 0, 139682986817974, 0, 139683058604736, 0, 0, 0}}}}
0000022 0x00007f0a7ac4aaea in php_request_shutdown (dummy=0x0) at /root/php-5.4.11/main/main.c:1769
        report_memleaks = 1 '\001'
        tsrm_ls = 0x7f0a7f16dac0
0000023 0x00007f0a7ae951a9 in php_apache_request_dtor (r=0x7f0a7e9fe0a0, tsrm_ls=0x7f0a7f16dac0) at /root/php-5.4.11/sapi/apache2handler/sapi_apache2.c:507
No locals.
0000024 0x00007f0a7ae95d0b in php_handler (r=0x7f0a7e9fe0a0) at /root/php-5.4.11/sapi/apache2handler/sapi_apache2.c:679
        ctx = 0x7f0a7e9fab30
        conf = 0x7f0a7eb76518
        brigade = 0x7f0a7e9fb360
        bucket = 0x7f0a7e34f36a <apr_hash_get+45>
        rv = 32522
        parent_req = 0x0
        tsrm_ls = 0x7f0a7f16dac0
0000025 0x00007f0a7ec3d5f0 in ap_run_handler (r=0x7f0a7e9fe0a0) at config.c:159
        pHook = 0x7f0a7ebbb600
        n = 3
        rv = 0
0000026 0x00007f0a7ec3da3b in ap_invoke_handler (r=r@entry=0x7f0a7e9fe0a0) at config.c:377
        handler = <optimized out>
        p = <optimized out>
        result = <optimized out>
        old_handler = 0x7f0a7ebcc938 "application/x-httpd-php"
        ignore = <optimized out>
0000027 0x00007f0a7ec4db58 in ap_process_request (r=r@entry=0x7f0a7e9fe0a0) at http_request.c:282
        access_status = <optimized out>
0000028 0x00007f0a7ec4aa08 in ap_process_http_connection (c=0x7f0a7ea02290) at http_core.c:190
        r = 0x7f0a7e9fe0a0
        csd = 0x0
0000029 0x00007f0a7ec43fb0 in ap_run_process_connection (c=0x7f0a7ea02290) at connection.c:43
        pHook = 0x7f0a7ebbbb50
        n = 1
        rv = 0
0000030 0x00007f0a7ec44398 in ap_process_connection (c=c@entry=0x7f0a7ea02290, csd=<optimized out>) at connection.c:190
        rc = <optimized out>
0000031 0x00007f0a7ec52756 in child_main (child_num_arg=child_num_arg@entry=3) at prefork.c:667
        current_conn = 0x7f0a7ea02290
        csd = 0x7f0a7ea020a0
        ptrans = 0x7f0a7ea02028
        allocator = 0x7f0a7f558cc0
---Type <return> to continue, or q <return> to quit---
        status = <optimized out>
        i = <optimized out>
        lr = <optimized out>
        pollset = 0x7f0a7ea040c8
        sbh = 0x7f0a7ea040c0
        bucket_alloc = 0x7f0a7ea00028
        last_poll_idx = 0
0000032 0x00007f0a7ec52eb2 in make_child (slot=3, s=0x7f0a7ebe8818) at prefork.c:768
        pid = 0
0000033 make_child (s=0x7f0a7ebe8818, slot=3) at prefork.c:696
No locals.
0000034 0x00007f0a7ec52f56 in startup_children (number_to_start=2) at prefork.c:786
        i = <optimized out>
#35 0x00007f0a7ec53885 in ap_mpm_run (_pconf=_pconf@entry=0x7f0a7ebee028, plog=<optimized out>, s=s@entry=0x7f0a7ebe8818) at prefork.c:1007
        index = <optimized out>
        remaining_children_to_start = <optimized out>
        rv = <optimized out>
0000036 0x00007f0a7ec2820e in main (argc=3, argv=0x7fffe31c21b8) at main.c:755
        c = 0 '\000'
        configtestonly = <optimized out>
        confname = 0x7f0a7ec553ea "apache2.conf"
        def_server_root = 0x7f0a7ec553dd "/etc/apache2"
        temp_error_log = <optimized out>
        error = <optimized out>
        process = 0x7f0a7ebf0118
        server_conf = 0x7f0a7ebe8818
        pglobal = <optimized out>
        pconf = 0x7f0a7ebee028
        plog = 0x7f0a7ebb3028
        ptemp = 0x7f0a7ebe6028
        pcommands = 0x7f0a7ebec028
        opt = 0x7f0a7ebec118
        rv = 0
        mod = <optimized out>
        optarg = 0x7f0a7ebf0028 "(@\277~\n\177"
        signal_server = <optimized out>

munzili

2013-01-30 16:04

reporter   ~0002420

OK. I found the reason why this happen

I tried to store a SimpleXMLObject in the Session. If xdebug is not enabled, there will no error message show up except in the apache error log, that a serialization of SimpleXMLObject is not possible. But there is no Apache crash or error message showing up for the user -> Because it happens when the session will be saved on the server at the end of the request

But if you enable xdebug for it, it crashes apache when trying to handle a SimpleXMLObject from the session.

Actualy, it should not crash apache ins such a case but show a error dump.

Arjen

2013-06-06 11:36

reporter   ~0002493

Looks like https://bugs.php.net/bug.php?id=64168

<?php
session_start();
$_SESSION['test'] = function($name) { return strtoupper($name); };

Storing objects in $_SESSION causes XDEBUG to crash.

derick

2013-06-06 14:18

administrator   ~0002494

Which version of Xdebug are you using? I can't reproduce this with either 2.2.4dev or 2.3.0dev. Can you try at least 2.2.3?

derick

2014-02-27 19:53

administrator   ~0002717

Cannot reproduce, and no feedback provided.

Issue History

Date Modified Username Field Change
2013-01-30 14:04 munzili New Issue
2013-01-30 14:39 munzili Note Added: 0002419
2013-01-30 16:04 munzili Note Added: 0002420
2013-06-06 11:36 Arjen Note Added: 0002493
2013-06-06 14:18 derick Note Added: 0002494
2013-06-06 14:18 derick Assigned To => derick
2013-06-06 14:18 derick Status new => feedback
2014-02-27 19:53 derick Note Added: 0002717
2014-02-27 19:53 derick Status feedback => resolved
2014-02-27 19:53 derick Resolution open => unable to reproduce
2016-07-31 12:36 derick Category Usage problems => Usage problems (Crashes)
2016-07-31 12:38 derick Category Usage problems (Crashes) => Usage problems (Wrong Results)