php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #38585 Memory (including temporary) allocation errors in Zend
Submitted: 2006-08-24 19:10 UTC Modified: 2006-09-01 01:00 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: t dot stobbe at blackdogdev dot com Assigned:
Status: No Feedback Package: Scripting Engine problem
PHP Version: 5.1.5 OS: Linux 2.4.27-2-386(Debian sarge)
Private report: No CVE-ID: None
View Add Comment Developer Edit
Have you experienced this issue?
Rate the importance of this bug to you:

 [2006-08-24 19:10 UTC] t dot stobbe at blackdogdev dot com 
Description:
------------
This bug applies to at least PHP 5.1.2 (cli) and 5.1.5 (cli), but probably more.  I'm not sure if it's a cli only issue, but I doubt it.

At a certain point, after large numbers of classes are allocated, and quite a few iterations of function and method calls are made (a minute or two of running), temporary internal memory allocation in the Zend engine seems to start faultering.  This first signs appear via FALSE errors like:

Warning: preg_replace(): Empty regular expression in /home/cr/blkbx/lib/Strings.class.php on line 65

...for a call of (on line 65):

$s = preg_replace("/ +/", " ", $s);

or, this one might happen...

Warning: preg_replace(): Delimiter must not be alphanumeric or backslash in /home/cr/blkbx/lib/Strings.class.php on line 36

I thought it was a PCRE issue (like pcre_cache getting corrupted or something), but modified php_pcre.c to printf the regular expression pattern before anything else and it displays "/ +/" 99% of the time and then all of a sudden it becomes "".  Additionally, I've seen the pattern become "1".  The next call might then become "/ +/" again.  Most likely this means that the problem is with the zend hash management engine.

A short time after these warnings start appearing (the script will continue running for a bit), PHP dies with a Segment fault.  This seems to occur just as I'm unsetting an object, although I can't confirm that this is the only time it happens.

Further more, I've done a bit of searching on the internet and found that other people have received the exact same random warnings under similar conditions, although no one seems to know how to fix it.  I'm sure this is a duplicate bug report, but after hours of searching the bug database, I couldn't come up with this report.

A backtrace is provided below.


Reproduce code:
---------------
This is a serious issue which I've managed to confirm is an engine problem, but not been able to find a place to patch it myself.  Nor have I been able to reproduce it using simple examples.  It only appears to happen when large numbers of classes are allocated, and therefore (sadly) I can't seem to reproduce the underlying issue without my entire (and it is very large and complex) application running.

I'm sorry about this, but hopefully I've done enough of the initial leg work already for you guys to be able to track it down.

Expected result:
----------------
No warnings or segment faults to occur (I know, I know... bad expected result.  Please read the bug description).

Actual result:
--------------
The following warnings are all false as they concern 100% valid, hard-coded regular expression patterns such as "/ +/" and "/[a-z]+\\.0/i".  They start randomly occuring just before the crash.

Warning: preg_replace(): Empty regular expression in /home/cr/blkbx/lib/Strings.class.php on line 36

Warning: preg_replace(): No ending delimiter '.' found in /home/cr/blkbx/lib/Strings.class.php on line 70

Warning: preg_replace(): Delimiter must not be alphanumeric or backslash in /home/cr/blkbx/lib/Strings.class.php on line 36



Segment fault backtrace

#0  0x0829ce56 in _efree (ptr=0x89855a4) at /usr/local/src/php-5.1.5/Zend/zend_alloc.c:303
#1  0x082b9e38 in zend_hash_destroy (ht=0x8956304) at /usr/local/src/php-5.1.5/Zend/zend_hash.c:528
#2  0x082c6508 in zend_object_std_dtor (object=0x88e7abc) at /usr/local/src/php-5.1.5/Zend/zend_objects.c:40
#3  0x082c66d4 in zend_objects_free_object_storage (object=0x88e7abc) at /usr/local/src/php-5.1.5/Zend/zend_objects.c:111
#4  0x082c910d in zend_objects_store_del_ref (zobject=0x82c66c0) at /usr/local/src/php-5.1.5/Zend/zend_objects_API.c:172
#5  0x082b08ee in _zval_dtor_func (zvalue=0x897feac) at /usr/local/src/php-5.1.5/Zend/zend_variables.c:52
#6  0x082a75e8 in _zval_ptr_dtor (zval_ptr=0x8973cb0) at zend_variables.h:35
#7  0x082b9e48 in zend_hash_destroy (ht=0x89a8e64) at /usr/local/src/php-5.1.5/Zend/zend_hash.c:521
#8  0x082b0915 in _zval_dtor_func (zvalue=0x8881d64) at /usr/local/src/php-5.1.5/Zend/zend_variables.c:43
#9  0x082a75e8 in _zval_ptr_dtor (zval_ptr=0x899daf0) at zend_variables.h:35
#10 0x082b978b in _zend_hash_quick_add_or_update (ht=0x88e93d4, arKey=0x8572bb4 "", nKeyLength=24, h=2431529124, pData=0xbfffba78, nDataSize=4, pDest=0xbfffba34,
    flag=1) at /usr/local/src/php-5.1.5/Zend/zend_hash.c:294
#11 0x082c7559 in zend_std_write_property (object=0x8956844, member=0x88816d4, value=0x88816d4) at /usr/local/src/php-5.1.5/Zend/zend_object_handlers.c:419
#12 0x08314999 in zend_assign_to_object (result=0x8581594, object_ptr=0x845035c, op2=0x74696877, value_op=0x85815f4, Ts=0xbfffbb3c, opcode=136)
    at /usr/local/src/php-5.1.5/Zend/zend_execute.c:617
#13 0x082efaf9 in ZEND_ASSIGN_OBJ_SPEC_UNUSED_CONST_HANDLER (execute_data=0xbfffbc20) at zend_vm_execute.h:14703
#14 0x082ca9b8 in execute (op_array=0x864b68c) at zend_vm_execute.h:92
#15 0x082caed1 in zend_do_fcall_common_helper_SPEC (execute_data=0xbfffbd10) at zend_vm_execute.h:234
#16 0x082ca9b8 in execute (op_array=0x864b72c) at zend_vm_execute.h:92
#17 0x082caed1 in zend_do_fcall_common_helper_SPEC (execute_data=0xbfffc6a0) at zend_vm_execute.h:234
#18 0x082ca9b8 in execute (op_array=0x8625484) at zend_vm_execute.h:92
#19 0x082caed1 in zend_do_fcall_common_helper_SPEC (execute_data=0xbfffd260) at zend_vm_execute.h:234
#20 0x082ca9b8 in execute (op_array=0x8625634) at zend_vm_execute.h:92
#21 0x082caed1 in zend_do_fcall_common_helper_SPEC (execute_data=0xbfffd600) at zend_vm_execute.h:234
#22 0x082ca9b8 in execute (op_array=0x855aeac) at zend_vm_execute.h:92
#23 0x082b23a0 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /usr/local/src/php-5.1.5/Zend/zend.c:1109
#24 0x08278ea6 in php_execute_script (primary_file=0xbffffa30) at /usr/local/src/php-5.1.5/main/main.c:1737
#25 0x0832090f in main (argc=4, argv=0xbffffad4) at /usr/local/src/php-5.1.5/sapi/cli/php_cli.c:1093

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-08-24 19:13 UTC] tony2001@php.net 
Please try using this CVS snapshot:

  http://snaps.php.net/php5.2-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5.2-win32-latest.zip
 [2006-08-24 19:18 UTC] t dot stobbe at blackdogdev dot com 
Oh yeah, I forgot to mention that I've done some checking for memory leaks in my scripts and such and know that it has nothing to do with memory/resources not being freed.  The application, while running takes about 14m of vm which is only about 2% of our total ram/swap, so it's not a full memory issue or anything like that.
 [2006-08-24 19:24 UTC] tony2001@php.net 
Please try the latest 5.2 snapshot and if you're still able to reproduce it - please provide a short and complete reproduce script.
Thank you.
 [2006-08-24 20:09 UTC] t dot stobbe at blackdogdev dot com 
I installed 5.2-200608241830 and now I can't even get to that bug because of an entirely new bug (yes a real bug that this time I can reproduce easily), but my boss is going to kill me over all of this and I don't have time to submit that report right now.  I will over the next couple of days.  

Again, I can't seem to reproduce the bug with a short script (I've been trying to for two days).  You'll have to go off of the detailed description I gave.  Sorry again about that, but it can't be helped.  Additionally, the bug is pretty random, and although the warnings start appearing, the script still runs for a bit, making it harder to reproduce.

I'm about to install my app on another server (RedHat based instead of Debian) and see if it happens there.

I'll keep you guys posted.
 [2006-08-24 20:17 UTC] tony2001@php.net 
Let's keep as awaiting for feedback until you get some more information. At the moment I can only say that something somewhere goes wrong.
 [2006-08-24 21:10 UTC] t dot stobbe at blackdogdev dot com 
I've installed and ran my application now on a RedHat box with 5.1.5 installed.  The exact same issue occurs.  I'm going to start taking apart the entire application piece-by-piece and seeing where it stops being reproducable.  This may take several days, so don't expect another update until either I find something, or I've finished and still can't figure it out.  Arrgh.

Thanks for PHP5 guys... the new object engine is great.
 [2006-09-01 01:00 UTC] php-bugs at lists dot php dot net 
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Mon May 06 18:01:35 2024 UTC