php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #43918 Segmentation fault in garbage collector
Submitted: 2008-01-23 08:14 UTC Modified: 2008-01-29 10:03 UTC
From: s dot masugata at digicom dot dnp dot co dot jp Assigned: dmitry (profile)
Status: Closed Package: Scripting Engine problem
PHP Version: 5.3CVS-2008-01-23 (snap) OS: Debian GNU/Linux 2.6.18-5-686
Private report: No CVE-ID: None
View Add Comment Developer Edit
 [2008-01-23 08:14 UTC] s dot masugata at digicom dot dnp dot co dot jp 
Description:
------------
% bin/php -v
PHP 5.3.0-dev (cli) (built: Jan 23 2008 11:27:40) (DEBUG)
Copyright (c) 1997-2008 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2008 Zend Technologies
% gdb bin/php
GNU gdb 6.4.90-debian
Copyright (C) 2006 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i486-linux-gnu"...Using host libthread_db library "/lib/tls/i686/cmov/libthread_db.so.1".

(gdb) run ./xml.php
Starting program: /path/to/php-5.3/bin/php ./xml.php
Failed to read a valid object file image from memory.
[Thread debugging using libthread_db enabled]
[New Thread -1236347200 (LWP 25889)]
done!!
done!!
done!!



Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1236347200 (LWP 25889)]
0x0846d096 in zval_mark_grey (pz=0xb11ab198) at /usr/local/src/php5.3-200801230130/Zend/zend_gc.c:287
287                             obj->refcount--;
(gdb) bnt
Undefined command: "bnt".  Try "help".
(gdb) bt
#0  0x0846d096 in zval_mark_grey (pz=0xb11ab198) at /usr/local/src/php5.3-200801230130/Zend/zend_gc.c:287
#1  0x0846d104 in children_mark_grey (pz=0xb11ab510) at /usr/local/src/php5.3-200801230130/Zend/zend_gc.c:302
#2  0x08458936 in zend_hash_apply (ht=0xb11ab460, apply_func=0x846d0e9 <children_mark_grey>)
    at /usr/local/src/php5.3-200801230130/Zend/zend_hash.c:673
#3  0x0846d0e7 in zval_mark_grey (pz=0xb11ab420) at /usr/local/src/php5.3-200801230130/Zend/zend_gc.c:293
#4  0x0846d1f4 in gc_mark_roots () at /usr/local/src/php5.3-200801230130/Zend/zend_gc.c:327
#5  0x0846d601 in gc_collect_cycles () at /usr/local/src/php5.3-200801230130/Zend/zend_gc.c:476
#6  0x0844b12d in zend_deactivate () at /usr/local/src/php5.3-200801230130/Zend/zend.c:890
#7  0x083f2a31 in php_request_shutdown (dummy=0x0) at /usr/local/src/php5.3-200801230130/main/main.c:1490
#8  0x084d29e2 in main (argc=2, argv=0xbfe20ec4) at /usr/local/src/php5.3-200801230130/sapi/cli/php_cli.c:1321

Reproduce code:
---------------
<?php
$xmlstr = <<<XML
<?xml version='1.0' standalone='yes'?>
<movies>
 <movie>
  <title>TEST</title>
 </movie>
 <movie>
  <title>TEST</title>
 </movie>
 <movie>
  <title>TEST</title>
 </movie>
 <movie>
  <title>TEST</title>
 </movie>
 <movie>
  <title>TEST</title>
 </movie>
 <movie>
  <title>TEST</title>
 </movie>
 <movie>
  <title>TEST</title>
 </movie>
</movies>
XML;

$Array = array( );
for( $XX = 0; $XX < 2000; ++$XX )
{
 $Array[] = $xml = new SimpleXMLElement($xmlstr);
}

echo "done!!\n";
sleep(5);
gc_collect_cycles( );
echo "done!!\n";

sleep(5);
echo "done!!\n";
?>


Expected result:
----------------
done!!
done!!
done!!


Actual result:
--------------
done!!
done!!
done!!


Segmentation fault

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2008-01-29 10:03 UTC] dmitry@php.net 
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Fri Apr 19 04:01:28 2024 UTC