Hunting a PHP segfault

The segfault seems to be triggered on pages that have multiple mgd_auth_midgard() or mgd_unsetuid() calls. In most cases the crash happens only after Midgard request has completed, but before output has been sent to the browser, as reported by Torben.

In OpenPSA Personnel this happens when administrator modifies a user record. There we have worked around this by simply exiting the output with a flush() call. In the net.nemein.registrations component a workaround is still pending.

Piotras is looking at the issue, and has decided to delay the Midgard 1.6.0 release until a solution has been found.

He writes on the Midgard developer list:

The source of last reported segfaults (and more not reported yet) is zend_register_list_destructors_ex called in PHP_MINIT_FUNCTION.
static void _midgard_list_fetch_dtor(zend_rsrc_list_entry * rsrc)
{
midgard_res * res = (midgard_res*)rsrc->ptr;
// here we get random garbage from Zend (perk...e!)
if (res != NULL) mgd_release(res);
}
Looks like rscr struct passess some garbage which is not NULL so there is no easy way to check it in mgd_release or even earlier.

According to some Google findings, the same segfault is in both PHP4 and PHP5. Chat log about the issue from #midgard is also available.

Updated 2004-09-17: Piotras found a solution to the problem and committed the fix to Midgard CVS on September 6th.


Read more Midgard posts.