PHP :: Bug #33114 :: SIGSEGV in zend

Bug #33114	SIGSEGV in zend_shutdown/memory leak
Submitted:	2005-05-24 01:27 UTC	Modified:	2005-06-09 01:59 UTC
From:	K dot Kaczkowski at eisp dot pl	Assigned:	derick (profile)
Status:	Closed	Package:	Reproducible crash
PHP Version:	5CVS, 4CVS (2005-05-26)	OS:	Linux 2.4.30
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

Quick Fix:	(description)
	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	K dot Kaczkowski at eisp dot pl
New email:
PHP Version:		OS:

New/Additional Comment:

[2005-05-24 01:27 UTC] K dot Kaczkowski at eisp dot pl

Description:
------------
I have a problem with reproducible crashes during zend_shutdown when PHP is compiled with --disable-debug.
When the same script is run under --enable-debug, it only reports memory leaks.
Unfortunately I wasn't able to isolate simple test case for  php crash, but I have script causing memory leak and I'm pretty sure it's the same bug and fixing leak will also fix crashes.
This bug was introduced in 4.3.10 version, all versions above behave similar with small difference: in 4.3.10/4.3.11 bad free happens in shutdown_memory_manager called from php_request_shutdown instead of zend_shutdown from php_module_shutdown in latest snapshot.
4.3.9 works without any problems.

Backtrace for crash case:
Program received signal SIGSEGV, Segmentation fault.
0x400fdd43 in free () from /lib/libc.so.6
(gdb) bt
#0  0x400fdd43 in free () from /lib/libc.so.6
#1  0x400fdaa3 in free () from /lib/libc.so.6
#2  0x08101670 in zend_hash_destroy (ht=0x8157de0) at /usr/src/php4-STABLE-200505232041/Zend/zend_hash.c:561
#3  0x080fd6d6 in zend_shutdown () at /usr/src/php4-STABLE-200505232041/Zend/zend.c:581
#4  0x080d91d2 in php_module_shutdown () at /usr/src/php4-STABLE-200505232041/main/main.c:1294
#5  0x08115b3c in main (argc=2, argv=0xbfffd724) at /usr/src/php4-STABLE-200505232041/sapi/cli/php_cli.c:885

Output for crash case when compiled with --enable-debug:
/usr/src/php4-STABLE-200505232041/Zend/zend_execute.c(1749) :  Freeing 0x081FD6EC (5 bytes), script=test1.php
/usr/src/php4-STABLE-200505232041/Zend/zend_variables.c(111) : Actual location (location was relayed)
Last leak repeated 3 times

Details for "memory leak only" case are below.

Reproduce code:
---------------
<?
function &test1($arg)
{
   return(test2($arg));
}
function &test2($arg)
{
   return(test3($arg));
}
function &test3($arg)
{
   return($arg);
}
test1("test");
?>


Expected result:
----------------
nothing/no memory leak

Actual result:
--------------
/usr/src/php4-STABLE-200505232041/Zend/zend_execute.c(1749) :  Freeing 0x081D1014 (5 bytes), script=test2.php
/usr/src/php4-STABLE-200505232041/Zend/zend_variables.c(111) : Actual location (location was relayed)
Last leak repeated 1 time

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2005-05-24 09:34 UTC] sniper@php.net

Derick: This is interesting: works with PHP 4.3.9 ?

[2005-05-24 10:00 UTC] sniper@php.net

HEAD gives this valgrind output:

==25325== Conditional jump or move depends on uninitialised value(s)
==25325==    at 0x839BB4E: ZEND_RETURN_SPEC_CV_HANDLER (zend_vm_execute.h:18606)
==25325==    by 0x836907A: execute (zend_vm_execute.h:78)
==25325==    by 0x83694AF: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:204)
==25325==    by 0x8369B4D: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:290)
==25325==

[2005-05-24 10:51 UTC] K dot Kaczkowski at eisp dot pl

> Derick: This is interesting: works with PHP 4.3.9 ?
Yes, 4.3.9 and below are ok, it seems that this bug came in as a side effect of bugfixes in 4.3.10
I'm currently forced to use 4.3.9 on one of my webservers because of that.

[2005-06-07 15:50 UTC] derick@php.net

Please try using this CVS snapshot:

  http://snaps.php.net/php4-STABLE-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php4-win32-STABLE-latest.zip

[2005-06-09 01:59 UTC] K dot Kaczkowski at eisp dot pl

Ok, that fixed it.
Thanks!

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Sun Jul 27 09:00:03 2025 UTC