php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #32751 Segfault after code execution (destructor calls,persistent links,shared module)
Submitted: 2005-04-18 21:49 UTC Modified: 2005-05-07 01:00 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: prism at pld-linux dot org Assigned:
Status: No Feedback Package: Scripting Engine problem
PHP Version: 5.0.4 OS: PLD Linux Distribution
Private report: No CVE-ID: None
View Add Comment Developer Edit
Have you experienced this issue?
Rate the importance of this bug to you:

 [2005-04-18 21:49 UTC] prism at pld-linux dot org 
Description:
------------
Zend engine or all modules which use persistent_list. 
persistent_list is destroyed after modules are unloaded. 
But some modules register own destructors for elements put 
on 
persistent_list. When Zend destroys such entry from 
persistent_list, 
it tries to call destructor from unloaded module and 
segfaults. 

Reproduce code:
---------------
Look here: http://comments.gmane.org/gmane.linux.pld.devel.english/785 and start reading from post written at 16 Apr 17:33 by Michal Lukaszek, and below from that.

Expected result:
----------------
No segfault. 

Actual result:
--------------
> (gdb) bt 
> #0  0xb78a6978 in ?? () 
> #1  0xb7f557da in plist_entry_destructor (ptr=0x81e11b8) 
>     
at /home/comp/rpm/BUILD/php-5.0.4/Zend/zend_list.c:204 
> #2  0xb7f5385f in zend_hash_apply_deleter (ht=0x8052c50, 
p=0x81ec1a0) 
>     
at /home/comp/rpm/BUILD/php-5.0.4/Zend/zend_hash.c:574 
> #3  0xb7f53ab0 in zend_hash_graceful_reverse_destroy 
(ht=0x8052c50) 
>     
at /home/comp/rpm/BUILD/php-5.0.4/Zend/zend_hash.c:640 
> #4  0xb7f558f6 in zend_destroy_rsrc_list (ht=0x8052c50, 
tsrm_ls=0x804f0a0) 
>     
at /home/comp/rpm/BUILD/php-5.0.4/Zend/zend_list.c:234 
> #5  0xb7f49c20 in zend_shutdown (tsrm_ls=0x804f0a0) 
>     at /home/comp/rpm/BUILD/php-5.0.4/Zend/zend.c:714 
> #6  0xb7ef42d5 in php_module_shutdown 
(tsrm_ls=0x804f0a0) 
>     at /home/comp/rpm/BUILD/php-5.0.4/main/main.c:1518 
> #7  0x0804be1e in main (argc=2, argv=0xbffff174) 
>     
at /home/comp/rpm/BUILD/php-5.0.4/sapi/cli/php_cli.c:1055 
> (gdb) f 1 
> #1  0xb7f557da in plist_entry_destructor (ptr=0x81e11b8) 
>     
at /home/comp/rpm/BUILD/php-5.0.4/Zend/zend_list.c:204 
> 204                                             
ld->plist_dtor_ex(le TSRMLS_CC); 
> (gdb) p ld->plist_dtor_ex 
> $1 = 0xb78a6978 
> (gdb) x ld->plist_dtor_ex 
> 0xb78a6978:     Cannot access memory at address 
0xb78a6978 
 
it's in (unloaded) php-mysql module 
 
> The list here is "persistent_list", which is used by 
php-mysql for 
> persistent connection - so it's probably bug in 
php-mysql module or php 
> engine itself.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-04-19 22:23 UTC] tony2001@php.net 
Are you able to reproduce it under a different OS?
Or at least with different glibc?
Is it reproducible only with Apache2 or with CLI too?
As far as I can see, mysql is built as shared module or am I wrong?
 [2005-04-19 22:37 UTC] prism at pld-linux dot org 
I did't try in other OS. Later, I'll see in Windows - but 
I have to set up the environment first. 
Yes. I used glibc 2.3.4 before, and switched to 2.3.5 to 
see if it helps. 
It also happened earlier, when I had some older glibc, but 
I ignored it. 
The code also fails in CLI. Actually, we test it in CLI 
because Apache doesn't get any output from PHP module 
since it dies - proxy says that zero-sized reply comes. 
And finally: Yes, we build as much we can as modules to 
package it into separate packages.
 [2005-04-20 01:17 UTC] tony2001@php.net 
Works fine on SuSE 9.2/glibc 2.3.3. 
I'm 100% sure it also works on other systems I have around here, but I'll check it tomorrow.
 [2005-04-22 14:39 UTC] sniper@php.net 
Using this code, from the url you posted:

<?php
  $link = mysql_pconnect('localhost', 'aaa', 'bbb');
  mysql_select_db('ccc', $link);
  if($link) mysql_close($link);
  echo 'I am still alive';
?>

And I can not reproduce this. Not with PHP 4.3.12-dev, PHP 5.1-dev..and I have glibc 2.3.4 (FC2)

What is the configure line you are using with PHP?
 [2005-04-23 01:00 UTC] prism at pld-linux dot org 
Our Configure Command: 
'./configure' 'LDFLAGS=' 'CFLAGS=-O2 -march=i686 -DEAPI=1 
-I/usr/X11R6/include -I/usr/include/apr 
-I/usr/include/apr-util -I/usr/include' 'CXXFLAGS=-O2 
-march=i686' 'FFLAGS=-O2 -march=i686' 'CPPFLAGS=' 
'CC=i686-pld-linux-gcc' 'CXX=i686-pld-linux-g++' 
'--build=i686-pld-linux' '--prefix=/usr' 
'--exec-prefix=/usr' '--bindir=/usr/bin' 
'--sbindir=/usr/sbin' '--sysconfdir=/etc/php' 
'--datadir=/usr/share' '--includedir=/usr/include' 
'--libdir=/usr/lib' '--libexecdir=/usr/lib' 
'--localstatedir=/var' '--sharedstatedir=/var/lib' 
'--mandir=/usr/share/man' '--infodir=/usr/share/info' 
'--x-libraries=/usr/X11R6/lib' 
'--with-apxs2=/usr/sbin/apxs' '--enable-maintainer-zts' 
'--with-config-file-path=/etc/php' 
'--with-exec-dir=/usr/bin' '--disable-debug' 
'--enable-memory-limit' '--enable-bcmath=shared' 
'--enable-calendar=shared' '--enable-ctype=shared' 
'--enable-dba=shared' '--enable-dbx=shared' 
'--enable-dio=shared' '--enable-dom=shared' 
'--enable-exif=shared' '--enable-filepro=shared' 
'--enable-ftp=shared' '--enable-gd-native-ttf' 
'--enable-gd-jus-conf' '--enable-magic-quotes' 
'--enable-mbstring=shared,all' '--enable-mbregex' 
'--enable-pcntl=shared' '--enable-posix=shared' 
'--enable-session' '--enable-shared' 
'--enable-shmop=shared' '--enable-sysvmsg=shared' 
'--enable-sysvsem=shared' '--enable-sysvshm=shared' 
'--enable-track-vars' '--enable-trans-sid' 
'--enable-safe-mode' '--enable-sockets=shared' 
'--enable-ucd-snmp-hack' '--enable-wddx=shared' 
'--enable-xml=shared' '--enable-yp=shared' 
'--enable-soap=shared' '--with-bz2=shared' 
'--with-cpdflib=shared' '--with-curl=shared' '--with-db4' 
'--with-dbase=shared' '--with-expat-dir=shared,/usr' 
'--with-iconv=shared' '--with-fam=shared' 
'--with-filepro=shared' '--with-freetype-dir=shared' 
'--with-gettext=shared' '--with-gd=shared,/usr' 
'--with-gdbm' '--with-gmp=shared' '--with-imap=shared' 
'--with-imap-ssl' '--with-interbase=shared,/usr' 
'--with-jpeg-dir=/usr' '--with-ldap=shared' 
'--with-mcrypt=shared' '--with-mhash=shared' 
'--with-mime-magic=shared,/usr/share/file/magic.mime' 
'--with-ming=shared' '--with-mnogosearch=shared,/usr' 
'--with-msession=shared' '--with-mssql=shared' 
'--with-mysql=shared,/usr' 
'--with-mysql-sock=/var/lib/mysql/mysql.sock' 
'--with-mysqli=shared' '--with-ncurses=shared' 
'--with-openssl=shared' '--with-pcre-regex=shared' 
'--with-pear=/usr/share/pear' '--with-pgsql=shared,/usr' 
'--with-png-dir=/usr' '--with-pspell=shared' 
'--with-readline=shared' '--with-recode=shared' 
'--with-regex=php' '--without-sablot-js' 
'--with-snmp=shared' '--with-sybase=shared,/usr' 
'--with-sybase-ct=shared,/usr' '--with-sqlite=shared,/usr' 
'--with-t1lib=shared' '--with-tidy=shared' 
'--with-tiff-dir=/usr' '--with-unixODBC=shared' 
'--with-xmlrpc=shared,/usr' '--with-xsl=shared' 
'--with-zlib=shared' '--with-zlib-dir=shared,/usr'
 [2005-04-23 19:17 UTC] sniper@php.net 
If you load only and ONLY the mysql extension in your php.ini, can you reproduce this?
 [2005-04-28 01:45 UTC] prism at pld-linux dot org 
I can't really test it at the moment. My colleague also 
encountered the same problem after upgrade to glibc 2.3.5 
and PHP 5.0.4 - when he downgraded to PHP 5.0.3 everything 
was working fine. 
I searched the php bugs database for 
"plist_entry_destructor" and I found that one user had 
similar problem in PHP 4.3.x some time ago, and it makes 
me think that this is not only mysql-module related. 
I suggest you to try the new glibc and see if PHP works 
without any problems. If there is anything else I can do, 
just ask. Tomorrow, we will be trying to find the bug in 
the PHP code, so I might have some more information in a 
day or two.
 [2005-05-07 01:00 UTC] php-bugs at lists dot php dot net 
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 [2005-07-06 04:07 UTC] david dot tulloh at infaze dot com dot au 
Successful reproduction.

Running through the CLI,
the following works fine:
<?php
    $conn = pg_connect('dbname=lod user=lod');
?>

the following will segfault on termination:
<?php
    $conn = pg_pconnect('dbname=lod user=lod');
?>

Running Debian Sarge.
libc-2.3.2
Fresh cvs version of PHP
php -v:
PHP 5.1.0-dev (cli) (built: Jul  6 2005 10:55:39)
Copyright (c) 1997-2005 The PHP Group
Zend Engine v2.1.0-dev, Copyright (c) 1998-2004 Zend Technologies

stack trace:
#0  0xb7c4d900 in ?? ()
#1  0x0816af31 in plist_entry_destructor (ptr=0x8337578)
    at /home/lod/Downloads/php-cvs/Zend/zend_list.c:210
#2  0x081699d8 in zend_hash_apply_deleter (ht=0x826cd18, p=0x833d260)
    at /home/lod/Downloads/php-cvs/Zend/zend_hash.c:574
#3  0x08169a7c in zend_hash_graceful_reverse_destroy (ht=0x826cd18)
    at /home/lod/Downloads/php-cvs/Zend/zend_hash.c:640
#4  0x08161bef in zend_shutdown (tsrm_ls=0x0) at /home/lod/Downloads/php-cvs/Zend/zend.c:713
#5  0x081229fe in php_module_shutdown (tsrm_ls=0x8268018)
    at /home/lod/Downloads/php-cvs/main/main.c:1558
#6  0x081dc959 in main (argc=1, argv=0xbffffba4) at /home/lod/Downloads/php-cvs/sapi/cli/php_cli.c:1148
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sat May 04 02:01:29 2024 UTC