When a custom error page has been defined for 404 and/or 403 errors, but the page does not exist in the site, drupal_not_found and drupal_access_denied will be re-called over and over, inserting rows to the watchdog each time, until PHP segfaults.

This applies to both DRUPAL-4-6 and HEAD branches.

The patches I'm attaching add a check for the value of the 404/403 path setting not being the same as the url that triggered the 404/403 request in the first place.

if ($path && $path != $_GET['q]) ...

We have just implemented this patch in production on all SRI websites (e.g. www.cfrb.com) and it's fixed the behaviour as intended.

CommentFileSizeAuthor
#2 common_inc_4-7HEAD.patch819 bytesrkerr
#1 common_inc_4-6.patch835 bytesrkerr
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

rkerr’s picture

rkerr CreditAttribution: rkerr commented
FileSize
common_inc_4-6.patch835 bytes

Attatching patch for DRUPAL-4-6 CVS branch.

rkerr’s picture

rkerr CreditAttribution: rkerr commented
FileSize
common_inc_4-7HEAD.patch819 bytes

Attaching patch for HEAD CVS branch (4.7).

moshe weitzman’s picture

moshe weitzman CreditAttribution: moshe weitzman commented

i can't reproduce this infinite loop in HEAD. anyone else?

dopry’s picture

dopry CreditAttribution: dopry commented

I can reproduce against 4.7-beta3.
the patch fixes the issue.
normal 404 and 403 pages work if they exist after patch.

I cannot reproduce against 4.6.5.

Dries’s picture

Dries CreditAttribution: Dries commented
Status: Needs review » Reviewed & tested by the community

Committed the patch against HEAD. Will commit against the DRUPAL-4-6 branch later today. Not marking 'fixed' yet.

rkerr’s picture

rkerr CreditAttribution: rkerr commented

Thanks, Dries.

To reproduce... set 403 and/or 404 to "node/{some number that does not exist as nid in node table}"
then try to addess a restricted page, or a path that will generate a 404.

At least, that is what will create the problem for me.

killes@www.drop.org’s picture

killes@www.drop.org CreditAttribution: killes@www.drop.org commented
Version: x.y.z » 4.6.5
Priority: Critical » Normal

changing version and priority.

Dries’s picture

Dries CreditAttribution: Dries commented
Status: Reviewed & tested by the community » Fixed

Committed to DRUPAL-4-6. Thanks.

Anonymous’s picture

(not verified) CreditAttribution: commented
Status: Fixed » Closed (fixed)