php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Thank you for your help! If the status of the bug report you submitted changes, you will be notified. You may return here and check the status or update your report at any time.
The URL for your bug report is: https://bugs.php.net/bug.php?id=32751.
Bug #32751 Segfault after code execution (destructor calls,persistent links,shared module)
Submitted: 2005-04-18 21:49 UTC Modified: 2005-05-07 01:00 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: prism at pld-linux dot org Assigned:
Status: No Feedback Package: Scripting Engine problem
PHP Version: 5.0.4 OS: PLD Linux Distribution
Private report: No CVE-ID: None
View Add Comment Developer Edit
 [2005-04-18 21:49 UTC] prism at pld-linux dot org 
Description:
------------
Zend engine or all modules which use persistent_list. 
persistent_list is destroyed after modules are unloaded. 
But some modules register own destructors for elements put 
on 
persistent_list. When Zend destroys such entry from 
persistent_list, 
it tries to call destructor from unloaded module and 
segfaults. 

Reproduce code:
---------------
Look here: http://comments.gmane.org/gmane.linux.pld.devel.english/785 and start reading from post written at 16 Apr 17:33 by Michal Lukaszek, and below from that.

Expected result:
----------------
No segfault. 

Actual result:
--------------
> (gdb) bt 
> #0  0xb78a6978 in ?? () 
> #1  0xb7f557da in plist_entry_destructor (ptr=0x81e11b8) 
>     
at /home/comp/rpm/BUILD/php-5.0.4/Zend/zend_list.c:204 
> #2  0xb7f5385f in zend_hash_apply_deleter (ht=0x8052c50, 
p=0x81ec1a0) 
>     
at /home/comp/rpm/BUILD/php-5.0.4/Zend/zend_hash.c:574 
> #3  0xb7f53ab0 in zend_hash_graceful_reverse_destroy 
(ht=0x8052c50) 
>     
at /home/comp/rpm/BUILD/php-5.0.4/Zend/zend_hash.c:640 
> #4  0xb7f558f6 in zend_destroy_rsrc_list (ht=0x8052c50, 
tsrm_ls=0x804f0a0) 
>     
at /home/comp/rpm/BUILD/php-5.0.4/Zend/zend_list.c:234 
> #5  0xb7f49c20 in zend_shutdown (tsrm_ls=0x804f0a0) 
>     at /home/comp/rpm/BUILD/php-5.0.4/Zend/zend.c:714 
> #6  0xb7ef42d5 in php_module_shutdown 
(tsrm_ls=0x804f0a0) 
>     at /home/comp/rpm/BUILD/php-5.0.4/main/main.c:1518 
> #7  0x0804be1e in main (argc=2, argv=0xbffff174) 
>     
at /home/comp/rpm/BUILD/php-5.0.4/sapi/cli/php_cli.c:1055 
> (gdb) f 1 
> #1  0xb7f557da in plist_entry_destructor (ptr=0x81e11b8) 
>     
at /home/comp/rpm/BUILD/php-5.0.4/Zend/zend_list.c:204 
> 204                                             
ld->plist_dtor_ex(le TSRMLS_CC); 
> (gdb) p ld->plist_dtor_ex 
> $1 = 0xb78a6978 
> (gdb) x ld->plist_dtor_ex 
> 0xb78a6978:     Cannot access memory at address 
0xb78a6978 
 
it's in (unloaded) php-mysql module 
 
> The list here is "persistent_list", which is used by 
php-mysql for 
> persistent connection - so it's probably bug in 
php-mysql module or php 
> engine itself.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-04-19 22:23 UTC] tony2001@php.net 
Are you able to reproduce it under a different OS?
Or at least with different glibc?
Is it reproducible only with Apache2 or with CLI too?
As far as I can see, mysql is built as shared module or am I wrong?
 [2005-04-19 22:37 UTC] prism at pld-linux dot org 
I did't try in other OS. Later, I'll see in Windows - but 
I have to set up the environment first. 
Yes. I used glibc 2.3.4 before, and switched to 2.3.5 to 
see if it helps. 
It also happened earlier, when I had some older glibc, but 
I ignored it. 
The code also fails in CLI. Actually, we test it in CLI 
because Apache doesn't get any output from PHP module 
since it dies - proxy says that zero-sized reply comes. 
And finally: Yes, we build as much we can as modules to 
package it into separate packages.
 [2005-04-20 01:17 UTC] tony2001@php.net 
Works fine on SuSE 9.2/glibc 2.3.3. 
I'm 100% sure it also works on other systems I have around here, but I'll check it tomorrow.
 [2005-04-22 14:39 UTC] sniper@php.net 
Using this code, from the url you posted:

<?php
  $link = mysql_pconnect('localhost', 'aaa', 'bbb');
  mysql_select_db('ccc', $link);
  if($link) mysql_close($link);
  echo 'I am still alive';
?>

And I can not reproduce this. Not with PHP 4.3.12-dev, PHP 5.1-dev..and I have glibc 2.3.4 (FC2)

What is the configure line you are using with PHP?
 [2005-04-23 01:00 UTC] prism at pld-linux dot org 
Our Configure Command: 
'./configure' 'LDFLAGS=' 'CFLAGS=-O2 -march=i686 -DEAPI=1 
-I/usr/X11R6/include -I/usr/include/apr 
-I/usr/include/apr-util -I/usr/include' 'CXXFLAGS=-O2 
-march=i686' 'FFLAGS=-O2 -march=i686' 'CPPFLAGS=' 
'CC=i686-pld-linux-gcc' 'CXX=i686-pld-linux-g++' 
'--build=i686-pld-linux' '--prefix=/usr' 
'--exec-prefix=/usr' '--bindir=/usr/bin' 
'--sbindir=/usr/sbin' '--sysconfdir=/etc/php' 
'--datadir=/usr/share' '--includedir=/usr/include' 
'--libdir=/usr/lib' '--libexecdir=/usr/lib' 
'--localstatedir=/var' '--sharedstatedir=/var/lib' 
'--mandir=/usr/share/man' '--infodir=/usr/share/info' 
'--x-libraries=/usr/X11R6/lib' 
'--with-apxs2=/usr/sbin/apxs' '--enable-maintainer-zts' 
'--with-config-file-path=/etc/php' 
'--with-exec-dir=/usr/bin' '--disable-debug' 
'--enable-memory-limit' '--enable-bcmath=shared' 
'--enable-calendar=shared' '--enable-ctype=shared' 
'--enable-dba=shared' '--enable-dbx=shared' 
'--enable-dio=shared' '--enable-dom=shared' 
'--enable-exif=shared' '--enable-filepro=shared' 
'--enable-ftp=shared' '--enable-gd-native-ttf' 
'--enable-gd-jus-conf' '--enable-magic-quotes' 
'--enable-mbstring=shared,all' '--enable-mbregex' 
'--enable-pcntl=shared' '--enable-posix=shared' 
'--enable-session' '--enable-shared' 
'--enable-shmop=shared' '--enable-sysvmsg=shared' 
'--enable-sysvsem=shared' '--enable-sysvshm=shared' 
'--enable-track-vars' '--enable-trans-sid' 
'--enable-safe-mode' '--enable-sockets=shared' 
'--enable-ucd-snmp-hack' '--enable-wddx=shared' 
'--enable-xml=shared' '--enable-yp=shared' 
'--enable-soap=shared' '--with-bz2=shared' 
'--with-cpdflib=shared' '--with-curl=shared' '--with-db4' 
'--with-dbase=shared' '--with-expat-dir=shared,/usr' 
'--with-iconv=shared' '--with-fam=shared' 
'--with-filepro=shared' '--with-freetype-dir=shared' 
'--with-gettext=shared' '--with-gd=shared,/usr' 
'--with-gdbm' '--with-gmp=shared' '--with-imap=shared' 
'--with-imap-ssl' '--with-interbase=shared,/usr' 
'--with-jpeg-dir=/usr' '--with-ldap=shared' 
'--with-mcrypt=shared' '--with-mhash=shared' 
'--with-mime-magic=shared,/usr/share/file/magic.mime' 
'--with-ming=shared' '--with-mnogosearch=shared,/usr' 
'--with-msession=shared' '--with-mssql=shared' 
'--with-mysql=shared,/usr' 
'--with-mysql-sock=/var/lib/mysql/mysql.sock' 
'--with-mysqli=shared' '--with-ncurses=shared' 
'--with-openssl=shared' '--with-pcre-regex=shared' 
'--with-pear=/usr/share/pear' '--with-pgsql=shared,/usr' 
'--with-png-dir=/usr' '--with-pspell=shared' 
'--with-readline=shared' '--with-recode=shared' 
'--with-regex=php' '--without-sablot-js' 
'--with-snmp=shared' '--with-sybase=shared,/usr' 
'--with-sybase-ct=shared,/usr' '--with-sqlite=shared,/usr' 
'--with-t1lib=shared' '--with-tidy=shared' 
'--with-tiff-dir=/usr' '--with-unixODBC=shared' 
'--with-xmlrpc=shared,/usr' '--with-xsl=shared' 
'--with-zlib=shared' '--with-zlib-dir=shared,/usr'
 [2005-04-23 19:17 UTC] sniper@php.net 
If you load only and ONLY the mysql extension in your php.ini, can you reproduce this?
 [2005-04-28 01:45 UTC] prism at pld-linux dot org 
I can't really test it at the moment. My colleague also 
encountered the same problem after upgrade to glibc 2.3.5 
and PHP 5.0.4 - when he downgraded to PHP 5.0.3 everything 
was working fine. 
I searched the php bugs database for 
"plist_entry_destructor" and I found that one user had 
similar problem in PHP 4.3.x some time ago, and it makes 
me think that this is not only mysql-module related. 
I suggest you to try the new glibc and see if PHP works 
without any problems. If there is anything else I can do, 
just ask. Tomorrow, we will be trying to find the bug in 
the PHP code, so I might have some more information in a 
day or two.
 [2005-05-07 01:00 UTC] php-bugs at lists dot php dot net 
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 [2005-07-06 04:07 UTC] david dot tulloh at infaze dot com dot au 
Successful reproduction.

Running through the CLI,
the following works fine:
<?php
    $conn = pg_connect('dbname=lod user=lod');
?>

the following will segfault on termination:
<?php
    $conn = pg_pconnect('dbname=lod user=lod');
?>

Running Debian Sarge.
libc-2.3.2
Fresh cvs version of PHP
php -v:
PHP 5.1.0-dev (cli) (built: Jul  6 2005 10:55:39)
Copyright (c) 1997-2005 The PHP Group
Zend Engine v2.1.0-dev, Copyright (c) 1998-2004 Zend Technologies

stack trace:
#0  0xb7c4d900 in ?? ()
#1  0x0816af31 in plist_entry_destructor (ptr=0x8337578)
    at /home/lod/Downloads/php-cvs/Zend/zend_list.c:210
#2  0x081699d8 in zend_hash_apply_deleter (ht=0x826cd18, p=0x833d260)
    at /home/lod/Downloads/php-cvs/Zend/zend_hash.c:574
#3  0x08169a7c in zend_hash_graceful_reverse_destroy (ht=0x826cd18)
    at /home/lod/Downloads/php-cvs/Zend/zend_hash.c:640
#4  0x08161bef in zend_shutdown (tsrm_ls=0x0) at /home/lod/Downloads/php-cvs/Zend/zend.c:713
#5  0x081229fe in php_module_shutdown (tsrm_ls=0x8268018)
    at /home/lod/Downloads/php-cvs/main/main.c:1558
#6  0x081dc959 in main (argc=1, argv=0xbffffba4) at /home/lod/Downloads/php-cvs/sapi/cli/php_cli.c:1148
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sun May 05 22:01:29 2024 UTC