From: Operating system: Ubuntu/Linux PHP version: 5.3.2 Package: Reproducible crash Bug Type: Bug Bug description:Gallery2 causing segfault when trying to update.
Description: ------------ Hi, This bug was recently reported on launchpad at http://bugs.launchpad.net/bugs/567043. I have included the gdb backtrace with this bug report. Regards chuck Expected result: ---------------- Not to crash. Actual result: -------------- #0 0x00007fe478493d02 in memcpy () from /lib/libc.so.6 No symbol table info available. #1 0x0000000000677ff8 in _estrndup (s=0x4d00000050 <Address 0x4d00000050 out of bounds>, length=90) at /usr/include/bits/string3.h:52 No locals. #2 0x000000000069459b in _zval_copy_ctor_func (zvalue=0x1f84ca8) at /build/buildd/php5-5.3.2/Zend/zend_variables.c:126 tmp = 0x1ecb470 original_ht = 0x1ecb470 #3 0x00007fe4752b0f68 in zif_mysqli_options (ht=33049848, return_value=0x1f84c58, return_value_ptr=0x5a, this_ptr=0x4d00000050, return_value_used=17) at /build/buildd/php5-5.3.2/Zend/zend_variables.h:45 mysql_link = 0x1f84ca8 mysql_value = 0x5 mysql_option = 33049648 l_value = 0 expected_type = 33049848 #4 0x00000000006e598a in zend_do_fcall_common_helper_SPEC (execute_data=0x142a390) at /build/buildd/php5-5.3.2/Zend/zend_vm_execute.h:313 opline = 0x15c7698 should_change_scope = 0 '\000' #5 0x00000000006bcc70 in execute (op_array=0x11d7080) at /build/buildd/php5-5.3.2/Zend/zend_vm_execute.h:104 ret = 33049848 execute_data = 0x142a390 nested = 0 '\000' original_in_execution = 1 '\001' #6 0x000000000068ab94 in zend_call_function (fci=0x7fff6ab02fd0, fci_cache=0x141f840) at /build/buildd/php5-5.3.2/Zend/zend_execute_API.c:947 i = 17 original_return_value = 0x141f6f0 calling_symbol_table = 0x1938398 original_op_array = 0x19cf630 original_opline_ptr = <incomplete type> current_scope = 0x1db96c0 current_called_scope = 0x1938398 calling_scope = 0x0 called_scope = 0x141f6f0 current_this = 0x0 execute_data = {opline = 0x0, function_state = {function = 0x0, arguments = 0x1949408}, fbc = 0x141fe68, called_scope = 0x0, op_array = 0x0, object = 0x0, Ts = 0x1956490, CVs = 0x141f938, symbol_table = 0x141f8d8, prev_execute_data = 0x0, old_error_reporting = 0x141f840, nested = 0 '\000', original_return_value = 0x1, current_scope = 0x141e228, current_called_scope = 0x1938398, current_this = 0x1938398, current_object = 0x1db92d0, call_opline = 0x0} #7 0x00000000005cd107 in zif_call_user_func_array (ht=33049848, return_value=0x1db8eb8, return_value_ptr=0x5a, this_ptr=0x1, return_value_used=17) at /build/buildd/php5-5.3.2/ext/standard/basic_functions.c:4782 params = 0x0 retval_ptr = 0x141f840 fci = {size = 6082823, function_table = 0x48, function_name = 0x1927c28, symbol_table = 0x1a58120, retval_ptr_ptr = 0x0, param_count = 1789931600, params = 0x3, object_ptr = 0x1da2868, no_separation = 144 '\220'} fci_cache = {initialized = 176 '\260', function_handler = 0x1, calling_scope = 0x1949408, called_scope = 0x1927bf8, object_ptr = 0x1927bf8} #8 0x00000000006e598a in zend_do_fcall_common_helper_SPEC (execute_data=0x141f840) at /build/buildd/php5-5.3.2/Zend/zend_vm_execute.h:313 opline = 0x19d4418 should_change_scope = 0 '\000' #9 0x00000000006bcc70 in execute (op_array=0x19cf630) at /build/buildd/php5-5.3.2/Zend/zend_vm_execute.h:104 ret = 33049848 execute_data = 0x141f840 nested = 0 '\000' original_in_execution = 0 '\000' #10 0x000000000069499d in zend_execute_scripts (type=0, retval=0x7fff6ab03210, file_count=3) at /build/buildd/php5-5.3.2/Zend/zend.c:1266 files = 0x7fff6ab031e8 i = 1 file_handle = 0x7fff6ab05810 orig_op_array = 0x0 orig_retval_ptr_ptr = 0xd8fd30 #11 0x0000000000640608 in php_execute_script (primary_file=0x1888) at /build/buildd/php5-5.3.2/main/main.c:2288 __orig_bailout = 0x0 __bailout = {{__jmpbuf = {0, 0, 0, 0, 2, 0, 6040, 0}, __mask_was_saved = 0, __saved_mask = {__val = {0, 0, 1, 0, 27843312, 0, 12, 0, 11235408, 0, 1789928576, 32767, 24063528, 0, 0, 0}}}} prepend_file_p = 0x0 append_file_p = 0x0 prepend_file = {type = 1789930876, filename = 0x7fff6ab027b0 "\367\002\033\003\060", opened_path = 0x0, handle = {fd = 0, fp = 0x0, stream = {handle = 0x0, isatty = 1789928092, mmap = {len = 1789928096, pos = 1789928624, map = 0x7fff6ab02270, buf = 0x7fff6ab02294 "\004", old_handle = 0x0, old_closer = 0x7fff6ab02298}, reader = 0x7fff6ab022b1, fsizer = 0xffffffffffffffff, closer = 0}}, free_filename = 0 '\000'} append_file = {type = 32270416, filename = 0x81 <Address 0x81 out of bounds>, opened_path = 0x0, handle = {fd = 11259128, fp = 0xabccf8, stream = {handle = 0xabccf8, isatty = 1789928704, mmap = {len = 77, pos = 0, map = 0x4e, buf = 0x20 <Address 0x20 out of bounds>, old_handle = 0x645b9f, old_closer = 0x7fff6ab02218}, reader = 0x7fff6ab02231, fsizer = 0x7fe47558bc00, closer = 0}}, free_filename = 58 ':'} retval = 0 #12 0x0000000000722534 in main (argc=32767, argv=0x0) at /build/buildd/php5-5.3.2/sapi/cgi/cgi_main.c:2110 __bailout = {{__jmpbuf = {0, 0, 0, 0, 3519450402, 4092175345, 14222272, 0}, __mask_was_saved = -175993566, __saved_mask = {__val = {0 <repeats 16 times>}}}} free_query_string = 16777216 exit_status = 0 cgi = 0 c = 33049848 i = 14218272 len = 14218272 file_handle = {type = 2005125391, filename = 0x4 <Address 0x4 out of bounds>, opened_path = 0x13d64e8 "/var/www/www.tetramid.net/html/audrey/main.php", handle = {fd = 0, fp = 0x0, stream = {handle = 0x0, isatty = 20886816, mmap = {len = 0, pos = 22978, map = 0x0, buf = 0x7fe47ad09000 <Address 0x7fe47ad09000 out of bounds>, old_handle = 0x7fe47ad09000, old_closer = 0x17c5f70}, reader = 0x6aa4c0 <zend_stream_stdio_closer>, fsizer = 0x6aab00 <zend_stream_stdio_reader>, closer = 0x6aa580 <zend_stream_stdio_fsizer>}}, free_filename = 128 '\200'} s = 0x13d5248 "/var/www/www.tetramid.net/html/audrey/main.php" behavior = 0 no_headers = 0 orig_optind = 0 orig_optarg = 0x0 script_file = 0x100000000 <Address 0x100000000 out of bounds> max_requests = 1 requests = 0 fastcgi = 1 bindpath = 0x100000001 <Address 0x100000001 out of bounds> fcgi_fd = 14218272 request = {listen_socket = 0, fd = 0, id = 0, keep = 3, closed = 1, in_len = 0, in_pad = 0, out_hdr = 0x0, out_pos = 0x0, out_buf = "\360X\260j\377\177\000\000\001\006\000\001\005\n\006\000X-Powered-By: PHP/5.3.2-1ubuntu4\r\nCache-Control: no-cache\r\nPragma: no-cache\r\nContent-type: text/javascript; charset=UTF-8\r\nLast-Modified: Tue, 20 Apr 2010 04:31:55 GMT\r\nExpires: Thu, 20 M"..., reserved = "drey/vid\000\000\000\000\000\000\000", env = 0x0} repeats = 0 benchmark = 0 start = {tv_sec = 0, tv_usec = 0} end = {tv_sec = 0, tv_usec = 0} status = 0 -- Edit bug report at http://bugs.php.net/bug.php?id=51624&edit=1 -- Try a snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=51624&r=trysnapshot52 Try a snapshot (PHP 5.3): http://bugs.php.net/fix.php?id=51624&r=trysnapshot53 Try a snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=51624&r=trysnapshot60 Fixed in SVN: http://bugs.php.net/fix.php?id=51624&r=fixed Fixed in SVN and need be documented: http://bugs.php.net/fix.php?id=51624&r=needdocs Fixed in release: http://bugs.php.net/fix.php?id=51624&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=51624&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=51624&r=needscript Try newer version: http://bugs.php.net/fix.php?id=51624&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=51624&r=support Expected behavior: http://bugs.php.net/fix.php?id=51624&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=51624&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=51624&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=51624&r=globals PHP 4 support discontinued: http://bugs.php.net/fix.php?id=51624&r=php4 Daylight Savings: http://bugs.php.net/fix.php?id=51624&r=dst IIS Stability: http://bugs.php.net/fix.php?id=51624&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=51624&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=51624&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=51624&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=51624&r=mysqlcfg
