php5-fpm segfaults with error 4 in libc-2.15.so

Thank you for taking the time to report this bug and helping to make Ubuntu better. It seems that your bug report is not filed about a specific source package though, rather it is just filed against Ubuntu in general. It is important that bug reports be filed about source packages so that people interested in the package can find the bugs about it. You can find some hints about determining what package your bug might be about at https://wiki.ubuntu.com/Bugs/FindRightPackage. You might also ask for help in the #ubuntu-bugs irc channel on Freenode.

To change the source package that this bug is filed about visit https://bugs.launchpad.net/ubuntu/+bug/1006738/+editstatus and add the package name in the text box next to the word Package.

[This is an automated message. I apologize if it reached you inappropriately; please just reply to this message indicating so.]

Hi,
  Are you able to reproduce this on other hardware?
  from your stack trace, it seems you're segfaulting in strstr of libc. Which would just be a very unlikely path to segfault in.
  You may want to run memcheck or some cpu burn in cycle.

Hello.
The issue is reproducible on two different servers (however, hardware
configuration is the same).

On 05/31/2012 17:50, Scott Moser wrote:
> Hi,
> Are you able to reproduce this on other hardware?
> from your stack trace, it seems you're segfaulting in strstr of libc. Which would just be a very unlikely path to segfault in.
> You may want to run memcheck or some cpu burn in cycle.

--
Best regards,
Alexander Pyhalov,
system administrator of Computer Center of Southern Federal University

It seems that strstr gets NULL as its first argument
(SG(request_info).query_string)
It seems that the following is incorrect in sapi/fpm/fpm/fpm_status.c:

  /* full status ? */
full = SG(request_info).request_uri &&
strstr(SG(request_info).query_string, "full");
short_syntax = short_post = NULL;
full_separator = full_pre = full_syntax = full_post = NULL;
encode = 0;

it should be
  /* full status ? */
full = SG(request_info).query_string &&
strstr(SG(request_info).query_string, "full");
short_syntax = short_post = NULL;
full_separator = full_pre = full_syntax = full_post = NULL;
encode = 0;

The bug is present also in upstream php git. Attached patch should
solve the problem.

On 05/31/2012 20:10, Scott Moser wrote:
> ** Changed in: php5 (Ubuntu)
> Status: Incomplete => New
>

--
Best regards,
Alexander Pyhalov,
system administrator of Computer Center of Southern Federal University

Upstream bug report: https://bugs.php.net/bug.php?id=62205

--
Best regards,
Alexander Pyhalov,
system administrator of Computer Center of Southern Federal University

The issue was fixed upstream. Attached patch (from upstream fix -
http://git.php.net/?p=php-src.git;a=patch;h=4fc989fbbd0405d200872219b409f685a495f3aa;hp=487e2fc0d50aca979864b59ff01450cf5e381874)
applies clearly to current Ubuntu php version and fixes the issue.

--
Best regards,
Alexander Pyhalov,
system administrator of Computer Center of Southern Federal University

The issue was fixed upstream month ago. Will be upstream fix applied it in Ubuntu?

It was only released a few days ago. The patch looks simple enough, so we'll try and incorporate it in the next upload to quantal. I think this one is probably worth fixing in precise as well.

(1) Matching importance level to the Quantal bug. (Precise: Undecided -> High)

(2) Changing to "In progress", and assigning bug to myself for debdiff generation, and SRU-ing

The debdiff for both this bug (LP Bug 1006738), and LP Bug 1014044 for Precise is attached to LP Bug 1014044.

This was generated based off of the package in precise-security and precise-updates, php5 5.3.10-1ubuntu3.2.

This debdiff includes patches based upstream for both bugs, and includes a new changelog entry stating the patches were applied. It does not give extremely detailed information about every change done by those patches.

*** The patch used for this bug originated upstream. This patch was already applied upstream, and will be included in Quantal after the version of php5 shows up in Debian (php 5.4.x chain). ***

Attached is a Quantal debdiff, based off of Quantal package php5_5.4.4-3ubuntu1.

The attachment "Quantal debdiff with Upstream Patch for LP #1006738" of this bug report has been identified as being a patch in the form of a debdiff. The ubuntu-sponsors team has been subscribed to the bug report so that they can review and hopefully sponsor the debdiff. In the event that this is in fact not a patch you can resolve this situation by removing the tag 'patch' from the bug report and editing the attachment so that it is not flagged as a patch. Additionally, if you are member of the ubuntu-sponsors team please also unsubscribe the team from this bug report.

[This is an automated message performed by a Launchpad user owned by Brian Murray. Please contact him regarding any issues with the action taken in this bug report.]

Better would be to pull 5.4.4-4 which already includes more complete fix from upstream git.

This bug was fixed in the package php5 - 5.4.6-1ubuntu1

---------------
php5 (5.4.6-1ubuntu1) quantal; urgency=low

  * Merge from Debian experimental (LP: #1006738 , LP: #1040212)
    Remaining changes:
    - d/rules: Simplify apache config settings since we never build
      interbase or firebird.
    - debian/rules: export DEB_HOST_MULTIARCH properly.
    - Add build-dependency on lemon, which we now need.
    - Dropped firebird2.1-dev, libc-client-dev, libmcrypt-dev as it is
      in universe.
    - Dropped libcurl-dev not in the archive.
    - debian/control: replace build-depends on mysql-server with
      mysql-server-core-5.5 and mysql-client-5.5 to avoid upstart and
      mysql-server-5.5 postinst confusion with starting up multiple
      mysqlds listening on the same port.
    - Dropped php5-imap, php5-interbase, php5-mcrypt since we have
      versions already in universe.
    - Dropped libonig-dev and libqgdbm since its in universe. (libonig
      MIR has been declined due to an inactive upstream. So this is
      probably a permanent change).
    - modulelist: Drop imap, interbase, sybase, and mcrypt.
    - debian/rules:
      - Dropped building of mcrypt, imap, and interbase.
      - Install apport hook for php5.
      - stop mysql instance on clean just in case we failed in tests
    - debian/control, debian/rules: Re-enable libedit-dev.
  * Dropped Changes:
    - debian/rules: change memory limits on example .ini files.

php5 (5.4.6-1) experimental; urgency=low

  * Imported Upstream version 5.4.6
  * Apply another fix to compile --without-system-tzdata
    (Courtesy of Michael Heimpold)
  * Get rid of empty examples directory (Closes: #684108), but
    keep parent directory to store test-results.txt among others
  * Provide sensible default configuration for PHP-CGI files
    (Closes: #685340)
  * Add NEWS text about default extension configuration
  * Update NEWS and README.Debian based on debian-l10n-english review
    (Courtesy of Justing B Rye)

php5 (5.4.5-1) experimental; urgency=low

  * Imported Upstream version 5.4.5
  * Update patches for PHP 5.4.5 release
  * Compile with system libzip (upstream has added support for that)

php5 (5.4.4-4) unstable; urgency=low

  * Fix php5-fpm segfault (PHP#62205)
  * CVE-2012-2688: potential overflow in _php_stream_scandir
    (Closes: #683274)
  * Improve security in CGI section in README.Debian (Closes: #674205)
 -- Clint Byrum <email address hidden> Wed, 22 Aug 2012 13:40:18 -0700

Hello Alexander, or anyone else affected,

Accepted php5 into precise-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.3 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please change the bug tag from verification-needed to verification-done. If it does not, change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

The suggested package from proposed repository fixes the problem for me.
Thank you for work.

The verification of this Stable Release Update has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regresssions.

This bug was fixed in the package php5 - 5.3.10-1ubuntu3.3

---------------
php5 (5.3.10-1ubuntu3.3) precise-proposed; urgency=low

  * Applies upstream bug fixes for several issues and bugs:
    * php5-fpm segfaults with error 4 in libc-2.15.so
        (LP: #1006738. Bug Priority: High)
    * PHP5-FPM not reporting errors to web server (nginx)
        (LP: #1014044. Bug Priority: Medium)
 -- Thomas Ward <email address hidden> Tue, 31 Jul 2012 21:15:08 -0400