PHP :: Bug #28602 :: Segmentation fault in _zval_ptr

Bug #28602

Segmentation fault in _zval_ptr_dtor()

Submitted:

2004-06-01 12:49 UTC

Modified:

2004-12-13 01:15 UTC

Votes:	3
Avg. Score:	5.0 ± 0.0
Reproduced:	3 of 3 (100.0%)
Same Version:	1 (33.3%)
Same OS:	3 (100.0%)

From:

arkadi at mebius dot lv

Assigned:

Status:

Closed

Package:

Scripting Engine problem

PHP Version:

4.3.6

OS:

FreeBSD

Private report:

CVE-ID:

None

View Developer Edit

[2004-06-01 12:49 UTC] arkadi at mebius dot lv

Description:
------------
Apache 1.3.31, DSO mod_php4, FreeBSD 4.9, compiled with -O -g.
I have apache core files with a segmentation fault error on the same line inside the PHP:

#0  0x2842f72d in _zval_ptr_dtor (zval_ptr=0x8ff1158) at /usr/home/arkadi/build/php-4.3.6/Zend/zend_execute_API.c:289
289             (*zval_ptr)->refcount--;
(gdb) bt
#0  0x2842f72d in _zval_ptr_dtor (zval_ptr=0x8ff1158) at /usr/home/arkadi/build/php-4.3.6/Zend/zend_execute_API.c:289
#1  0x2843c839 in zend_hash_destroy (ht=0x83a5e0c) at /usr/home/arkadi/build/php-4.3.6/Zend/zend_hash.c:553
#2  0x2842f37e in shutdown_executor () at /usr/home/arkadi/build/php-4.3.6/Zend/zend_execute_API.c:180
#3  0x28437f80 in zend_deactivate () at /usr/home/arkadi/build/php-4.3.6/Zend/zend.c:667
#4  0x2840ea6e in php_request_shutdown (dummy=0x0) at /usr/home/arkadi/build/php-4.3.6/main/main.c:996
#5  0x28451667 in php_apache_request_shutdown (dummy=0x0) at /usr/home/arkadi/build/php-4.3.6/sapi/apache/mod_php4.c:302
#6  0x8050bfa in run_cleanups (c=0x838a80c) at alloc.c:1936
#7  0x804fbfb in ap_clear_pool (a=0x836400c) at alloc.c:650
#8  0x804fc5c in ap_destroy_pool (a=0x836400c) at alloc.c:680
#9  0x804fbe7 in ap_clear_pool (a=0x80d600c) at alloc.c:643
#10 0x805c2ae in child_main (child_num_arg=23) at http_main.c:4548
#11 0x805c8cd in make_child (s=0x8099034, slot=23, now=1086039560) at http_main.c:5051
#12 0x805cfe8 in standalone_main (argc=2, argv=0xbfbffbec) at http_main.c:5451
#13 0x805d597 in main (argc=2, argv=0xbfbffbec) at http_main.c:5757
(gdb) p zval_ptr
$1 = (zval **) 0x8ff1158
(gdb) p **zval_ptr
Cannot access memory at address 0x3.
(gdb) p *zval_ptr
$2 = (zval *) 0x3

The error happens approximatelly every 100,000 requests. MaxRequestPerChild is set to 10,000. There are malloc() errors in error_log that may be related:

httpd in free(): warning: chunk is already free
httpd in malloc(): warning: recursive call
FATAL:  emalloc():  Unable to allocate 1617 bytes

or just malloc() w/o free():

httpd in malloc(): warning: recursive call
FATAL:  emalloc():  Unable to allocate 1851 bytes

Since last httpd restart there are 300,000 requests, three core files, four free() errors and five malloc() errors in error_log. They happens at different times though.

Similar problem was reported in bug #14239.

Patches

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2004-07-11 21:38 UTC] sniper@php.net

Please try using this CVS snapshot:

  http://snaps.php.net/php4-STABLE-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php4-win32-STABLE-latest.zip

[2004-07-26 13:16 UTC] arkadi at mebius dot lv

Looks like the problem is resolved by php4-STABLE-200407120630. Over a week w/o a single SEGFAULT.

[2004-12-13 01:15 UTC] sniper@php.net

Solved -> closed..

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sun Aug 18 18:01:28 2024 UTC