|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
[2008-06-23 18:49 UTC] willh at metavera dot com
Description: ------------ PHP crashes in ZEND_MM_CHECK_TREE. The problem is reproducible with our source code but I have been unable to create a short script that duplicates the issue. The crash happens with with the CVS version of PHP, and the same crash happens with 5.2.6. I have a core file if needed. If PHP is configured with --enable-debug the crash does not happen. On crash, we also get: ---- /usr/src/t/php-5.2.6/Zend/zend_execute.c(403) : Freeing 0xB1272E30 (16 bytes), script=[redacted]/training/code/lmember/index.php Last leak repeated 2 times ---- in the error logs PHP 5.2 snap configured like ... './configure' '--prefix=/usr/local/php5' '--with-apxs2=/usr/bin/apxs2' '--with-libxml-dir' '--with-openssl' '--with-zlib' '--enable-bcmath' '--enable-calendar' '--with-curl' '--with-curlwrappers' '--enable- exif' '--enable-ftp' '--with-gd' '--enable-gd-native-ttf' '--with- gettext' '--with-gmp' '--with-imap' '--enable-mbstring' '--with-pdo- pgsql' '--with-pgsql' '--enable-soap' '--with-tidy' '--enable-zip' '-- with-xsl' '--with-imap-ssl' '--with-jpeg-dir=/usr/lib' '--with-png- dir=/usr/lib' '--with-ttf=/usr/lib' '--enable-zip' '--with-freetype- dir=/usr/lib' '--with-bz2' '--enable-sockets' '--with-kerberos' '-- with-mcrypt' '--enable-sysvshm' '--enable-sysvsem' Actual result: -------------- Program received signal SIGSEGV, Segmentation fault. [Switching to Thread -1215793472 (LWP 16822)] 0xb73c0298 in _zend_mm_free_int (heap=0x8230fe8, p=<value optimized out>) at /usr/src/php-5.2.6/Zend/zend_alloc.c:817 817 ZEND_MM_CHECK_TREE(mm_block); (gdb) bt #0 0xb73c0298 in _zend_mm_free_int (heap=0x8230fe8, p=<value optimized out>) at /usr/src/php-5.2.6/Zend/zend_alloc.c:817 #1 0xb73f2482 in zend_objects_free_object_storage (object=0xa2edd24c) at /usr/src/php-5.2.6/Zend/zend_objects.c:122 #2 0xb73f532f in zend_objects_store_free_object_storage (objects=0xb76e2b28) at /usr/src/php-5.2.6/Zend/zend_objects_API.c:89 #3 0xb73cdce9 in shutdown_executor () at /usr/src/php-5.2.6/Zend/zend_execute_API.c:299 #4 0xb73d98dd in zend_deactivate () at /usr/src/php- 5.2.6/Zend/zend.c:860 #5 0xb739a569 in php_request_shutdown (dummy=0x0) at /usr/src/php-5.2.6/main/main.c:1486 #6 0xb745471d in php_handler (r=0x8355578) at /usr/src/php-5.2.6/sapi/apache2handler/sapi_apache2.c:469 #7 0x08074607 in ap_run_handler () #8 0x080777b1 in ap_invoke_handler () #9 0x0808471a in ap_internal_redirect () ... PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
|
|||||||||||||||||||||||||||||||||||||
Copyright © 2001-2026 The PHP GroupAll rights reserved. |
Last updated: Thu Apr 02 08:00:01 2026 UTC |
I have managed to isolate the PHP code that appeared to be triggering this issue on our production server and have crafted a relativity short, 71 lines, script that crashes PHP on our development servers. These servers run a different distribution of Linux but PHP is configured and compiled similarly. Unfortunately this script does not crash on our development server. The development server has php5.2-200806191230 configured in the following manner... './configure' '--prefix=/usr/local/' '--with-apxs2' '--with-libxml- dir' '--with-openssl' '--with-zlib' '--enable-bcmath' '--enable- calendar' '--with-curl' '--with-curlwrappers' '--enable-exif' '-- enable-ftp' '--with-gd' '--enable-gd-native-ttf' '--with-gettext' '-- with-gmp' '--enable-mbstring' '--with-pdo-pgsql' '--with-pgsql' '-- enable-soap' '--with-tidy' '--enable-zip' '--with-xsl' '--with-jpeg- dir=/usr/lib' '--with-png-dir=/usr/lib' '--with-ttf=/usr/lib' '-- enable-zip' '--with-freetype-dir=/usr/lib' '--with-bz2' '--enable- sockets' '--with-kerberos' '--with-mcrypt' '--enable-sysvshm' '-- enable-sysvsem' '--with-config-file-path=/etc' The following script is expected to exit normally but it crashes when USE_ZEND_ALLOC=1 . The following script does not crash when USE_ZEND_ALLOC=0. I apologize for the length of the script, it is a short as I was able to make it and still manage to get it to crash. _____________________ <?php class MVCallback { protected $key; protected $object; /*The object to call the method on*/ protected $method; /*the method name */ protected $arguments = array(); static public function initialize($object,$method,$arguments = array()){ $callback = new self(); $callback->object = $object; $callback->method = $method; $callback->arguments = $arguments; return $callback; } } class callback_db_column { protected $callback = null; protected $format_function; public function __construct($name,$column_name=_U ){ $this->set_format_func('sprintf'); } public function callback(){ return $this->callback; } public function set_callback($aMVCallback){ $this->callback = $aMVCallback; return $this; } protected function & set_format_func($aString){ $this->format_function = &$aString; } } class foo { protected $columns = array(); function & add_column(&$col){ $this->columns[] = &$col; } public function add_column_for_date($column_name,$value_name,$format_function){ $col = new callback_db_column($column_name,$value_name); $col->set_callback( MVCallback::initialize($this, 'value_with_timezone', array($format_function,$value_name)) ); $this->add_column(&$col); } function __construct($base_table=_U) { $this->add_column_for_date(COL_RES_START,RES_START, 'stamp_to_string'); $this->add_column_for_date(COL_RES_END, RES_END, 'stamp_to_string'); $this->add_column_for_date(COL_RES_START_SHORT, RES_START, 'stamp_to_input_string'); $this->add_column_for_date(COL_RES_END_SHORT, RES_END, 'stamp_to_input_string'); } } for($i=1; $i<=5000; ++$i){ $foo = &new foo($u='foo'); }