PHP :: Bug #56801 :: Memcache::addServer() call results in segfault

Bug #56801	Memcache::addServer() call results in segfault
Submitted:	2006-01-26 08:30 UTC	Modified:	2006-01-26 12:58 UTC
From:	alex at e-group dot org	Assigned:	mikl (profile)
Status:	Closed	Package:	memcache (PECL)
PHP Version:	4.4.0	OS:	Linux
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	alex at e-group dot org
New email:
PHP Version:		OS:

New/Additional Comment:

[2006-01-26 08:30 UTC] alex at e-group dot org

Description:
------------
Memcache version: 2.0.0 ($Revision: 1.35 $)

The attached script results reproducably in a PHP segfault.

The error was reproduced on the following distributions:
+ RHEL4 AS i386 (PHP 4.4.1 (cgi-fcgi))
+ Ubuntu 5.10 (i386) (PHP 4.4.0-3ubuntu1)

The following Glibc error is thrown:
*** glibc detected *** malloc(): memory corruption: 0x083a6da8 ***

Reproduce code:
---------------
<?php
$mc= new Memcache();
$mc->addServer('localhost', 11211, true, 50);
$mc->close();
?>


Actual result:
--------------
*** glibc detected *** malloc(): memory corruption: 0x0820e1a8 ***

Program received signal SIGABRT, Aborted.
0xffffe410 in __kernel_vsyscall ()
(gdb) bt
#0  0xffffe410 in __kernel_vsyscall ()
#1  0xb7e3f9b1 in raise () from /lib/tls/i686/cmov/libc.so.6
#2  0xb7e412c9 in abort () from /lib/tls/i686/cmov/libc.so.6
#3  0xb7e736ea in __fsetlocking () from /lib/tls/i686/cmov/libc.so.6
#4  0xb7e7a92c in free () from /lib/tls/i686/cmov/libc.so.6
#5  0xb7e7c391 in malloc () from /lib/tls/i686/cmov/libc.so.6
#6  0x0814c75b in _emalloc (size=6, __zend_filename=0x81abd18 "/home/alex/php4-4.4.0/Zend/zend_execute.c", __zend_lineno=1565,
    __zend_orig_filename=0x81aa780 "/home/alex/php4-4.4.0/Zend/zend_variables.c", __zend_orig_lineno=111)
    at /home/alex/php4-4.4.0/Zend/zend_alloc.c:164
#7  0x0814cddf in _estrndup (s=0x820ed5c "close", length=5, __zend_filename=0x81abd18 "/home/alex/php4-4.4.0/Zend/zend_execute.c",
    __zend_lineno=1565, __zend_orig_filename=0x81aa780 "/home/alex/php4-4.4.0/Zend/zend_variables.c", __zend_orig_lineno=111)
    at /home/alex/php4-4.4.0/Zend/zend_alloc.c:380
#8  0x0815ce23 in _zval_copy_ctor (zvalue=0xbf8e1770, __zend_filename=0x81abd18 "/home/alex/php4-4.4.0/Zend/zend_execute.c",
    __zend_lineno=1565) at /home/alex/php4-4.4.0/Zend/zend_variables.c:111
#9  0x081721b2 in execute (op_array=0x8209844) at /home/alex/php4-4.4.0/Zend/zend_execute.c:1565
#10 0x0815e5d6 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /home/alex/php4-4.4.0/Zend/zend.c:938
#11 0x0812bb14 in php_execute_script (primary_file=0xbf8e3bc8) at /home/alex/php4-4.4.0/main/main.c:1751
#12 0x08179109 in main (argc=3, argv=0xbf8e3cb4) at /home/alex/php4-4.4.0/sapi/cgi/cgi_main.c:1606

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2006-01-26 08:40 UTC] tony2001 at phpclub dot net

Please try with latest PHP snapshot available at http://snaps.php.net.

If you're still able to reproduce it, I'd appreciate if you compile PHP with --disable-zend-memory-manager option and run it through valgrind:

valgrind --tool=memcheck --num-callers=30 php script.php

Thanks.

[2006-01-26 09:11 UTC] alex at e-group dot org

Still reproducable.

PHP 4.4.3-dev (cgi) (built: Jan 26 2006 14:57:39) (DEBUG)

Stacktrace:
-----------
*** glibc detected *** malloc(): memory corruption: 0x08208758 ***

Program received signal SIGABRT, Aborted.
0xffffe410 in __kernel_vsyscall ()
(gdb) bt
#0  0xffffe410 in __kernel_vsyscall ()
#1  0xb7e0d9b1 in raise () from /lib/tls/i686/cmov/libc.so.6
#2  0xb7e0f2c9 in abort () from /lib/tls/i686/cmov/libc.so.6
#3  0xb7e416ea in __fsetlocking () from /lib/tls/i686/cmov/libc.so.6
#4  0xb7e4892c in free () from /lib/tls/i686/cmov/libc.so.6
#5  0xb7e4a391 in malloc () from /lib/tls/i686/cmov/libc.so.6
#6  0xb7e38f2f in fgets () from /lib/tls/i686/cmov/libc.so.6
#7  0xb7e38fed in fopen () from /lib/tls/i686/cmov/libc.so.6
#8  0xb7dfd09f in __gconv_get_alias_db () from /lib/tls/i686/cmov/libc.so.6
#9  0xb7dfc38b in __gconv_get_alias_db () from /lib/tls/i686/cmov/libc.so.6
#10 0xb7e60582 in wcsncasecmp_l () from /lib/tls/i686/cmov/libc.so.6
#11 0xb7e563a4 in mbsnrtowcs () from /lib/tls/i686/cmov/libc.so.6
#12 0xb7e231c5 in vfprintf () from /lib/tls/i686/cmov/libc.so.6
#13 0xb7e3b28b in vsprintf () from /lib/tls/i686/cmov/libc.so.6
#14 0xb7e2877b in sprintf () from /lib/tls/i686/cmov/libc.so.6
#15 0xb7e61172 in asctime_r () from /lib/tls/i686/cmov/libc.so.6
#16 0x0812a7cd in php_message_handler_for_zend (message=6, data=0x0) at /home/alex/php4-STABLE-200601261335/main/main.c:857
#17 0x0815cf45 in zend_message_dispatcher (message=6, data=0x0) at /home/alex/php4-STABLE-200601261335/Zend/zend.c:705
#18 0x0814cc44 in _mem_block_check (ptr=0x8208744, silent=0, __zend_filename=0xb7c9a16c "/tmp/tmpfMQR3H/memcache-2.0.0/memcache.c",
    __zend_lineno=274, __zend_orig_filename=0x0, __zend_orig_lineno=0) at /home/alex/php4-STABLE-200601261335/Zend/zend_alloc.c:629
#19 0x0814ce6c in _mem_block_check (ptr=0x8208744, silent=1, __zend_filename=0xb7c9a16c "/tmp/tmpfMQR3H/memcache-2.0.0/memcache.c",
    __zend_lineno=274, __zend_orig_filename=0x0, __zend_orig_lineno=0) at /home/alex/php4-STABLE-200601261335/Zend/zend_alloc.c:684
#20 0x0814c24a in _efree (ptr=0x8208744, __zend_filename=0xb7c9a16c "/tmp/tmpfMQR3H/memcache-2.0.0/memcache.c", __zend_lineno=274,
    __zend_orig_filename=0x0, __zend_orig_lineno=0) at /home/alex/php4-STABLE-200601261335/Zend/zend_alloc.c:244
#21 0xb7c96027 in _mmc_pool_list_dtor (rsrc=0x82040d0) at /tmp/tmpfMQR3H/memcache-2.0.0/memcache.c:274
#22 0x08163dee in list_entry_destructor (ptr=0x82040d0) at /home/alex/php4-STABLE-200601261335/Zend/zend_list.c:177
#23 0x08161f5b in zend_hash_del_key_or_index (ht=0x81d4d68, arKey=0x0, nKeyLength=0, h=1, flag=1)
    at /home/alex/php4-STABLE-200601261335/Zend/zend_hash.c:527
#24 0x08163b55 in _zend_list_delete (id=1) at /home/alex/php4-STABLE-200601261335/Zend/zend_list.c:56
#25 0x0815be03 in _zval_dtor (zvalue=0x8209268,
    __zend_filename=0x81a8334 "/home/alex/php4-STABLE-200601261335/Zend/zend_execute_API.c", __zend_lineno=289)
    at /home/alex/php4-STABLE-200601261335/Zend/zend_variables.c:69
#26 0x0815365f in _zval_ptr_dtor (zval_ptr=0x8208684,
    __zend_filename=0x81a8b80 "/home/alex/php4-STABLE-200601261335/Zend/zend_variables.c", __zend_lineno=171)
    at /home/alex/php4-STABLE-200601261335/Zend/zend_execute_API.c:289
#27 0x0815c04c in _zval_ptr_dtor_wrapper (zval_ptr=0x8208684) at /home/alex/php4-STABLE-200601261335/Zend/zend_variables.c:171
#28 0x08162032 in zend_hash_destroy (ht=0x8203f88) at /home/alex/php4-STABLE-200601261335/Zend/zend_hash.c:556
#29 0x0815bdde in _zval_dtor (zvalue=0x8203f78,
    __zend_filename=0x81a8334 "/home/alex/php4-STABLE-200601261335/Zend/zend_execute_API.c", __zend_lineno=289)
    at /home/alex/php4-STABLE-200601261335/Zend/zend_variables.c:60
#30 0x0815365f in _zval_ptr_dtor (zval_ptr=0x8203fc4,
    __zend_filename=0x81a8b80 "/home/alex/php4-STABLE-200601261335/Zend/zend_variables.c", __zend_lineno=171)
    at /home/alex/php4-STABLE-200601261335/Zend/zend_execute_API.c:289
#31 0x0815c04c in _zval_ptr_dtor_wrapper (zval_ptr=0x8203fc4) at /home/alex/php4-STABLE-200601261335/Zend/zend_variables.c:171
#32 0x08162032 in zend_hash_destroy (ht=0x81d4c4c) at /home/alex/php4-STABLE-200601261335/Zend/zend_hash.c:556
#33 0x081532e2 in shutdown_executor () at /home/alex/php4-STABLE-200601261335/Zend/zend_execute_API.c:184
#34 0x0815ce44 in zend_deactivate () at /home/alex/php4-STABLE-200601261335/Zend/zend.c:689
---Type <return> to continue, or q <return> to quit---
#35 0x0812ac4f in php_request_shutdown (dummy=0x0) at /home/alex/php4-STABLE-200601261335/main/main.c:999
#36 0x08177015 in main (argc=3, argv=0xbfbb2394) at /home/alex/php4-STABLE-200601261335/sapi/cgi/cgi_main.c:1656

Memcheck:
---------
==23594== Conditional jump or move depends on uninitialised value(s)
==23594==    at 0x1B8F4C7D: (within /lib/ld-2.3.5.so)
==23594==    by 0x1B8EA24D: (within /lib/ld-2.3.5.so)
==23594==    by 0x1B8E483C: (within /lib/ld-2.3.5.so)
==23594==    by 0x1B8EF105: (within /lib/ld-2.3.5.so)
==23594==    by 0x1B8E4908: (within /lib/ld-2.3.5.so)
==23594==    by 0x1B8E72F0: (within /lib/ld-2.3.5.so)
==23594==    by 0x1B8F254A: (within /lib/ld-2.3.5.so)
==23594==    by 0x1B8E4CE6: (within /lib/ld-2.3.5.so)
==23594==    by 0x1B8E4796: (within /lib/ld-2.3.5.so)
==23594== 
==23594== Conditional jump or move depends on uninitialised value(s)
==23594==    at 0x1B8F4C8C: (within /lib/ld-2.3.5.so)
==23594==    by 0x1B8EA24D: (within /lib/ld-2.3.5.so)
==23594==    by 0x1B8E483C: (within /lib/ld-2.3.5.so)
==23594==    by 0x1B8EF105: (within /lib/ld-2.3.5.so)
==23594==    by 0x1B8E4908: (within /lib/ld-2.3.5.so)
==23594==    by 0x1B8E72F0: (within /lib/ld-2.3.5.so)
==23594==    by 0x1B8F254A: (within /lib/ld-2.3.5.so)
==23594==    by 0x1B8E4CE6: (within /lib/ld-2.3.5.so)
==23594==    by 0x1B8E4796: (within /lib/ld-2.3.5.so)
==23594== 
==23594== Conditional jump or move depends on uninitialised value(s)
==23594==    at 0x1B8F4C9B: (within /lib/ld-2.3.5.so)
==23594==    by 0x1B8EA24D: (within /lib/ld-2.3.5.so)
==23594==    by 0x1B8E483C: (within /lib/ld-2.3.5.so)
==23594==    by 0x1B8EF105: (within /lib/ld-2.3.5.so)
==23594==    by 0x1B8E4908: (within /lib/ld-2.3.5.so)
==23594==    by 0x1B8E72F0: (within /lib/ld-2.3.5.so)
==23594==    by 0x1B8F254A: (within /lib/ld-2.3.5.so)
==23594==    by 0x1B8E4CE6: (within /lib/ld-2.3.5.so)
==23594==    by 0x1B8E4796: (within /lib/ld-2.3.5.so)
==23594== 
==23594== Conditional jump or move depends on uninitialised value(s)
==23594==    at 0x1B8EC82D: (within /lib/ld-2.3.5.so)
==23594==    by 0x1B8E6403: (within /lib/ld-2.3.5.so)
==23594==    by 0x1B8F254A: (within /lib/ld-2.3.5.so)
==23594==    by 0x1B8E4CE6: (within /lib/ld-2.3.5.so)
==23594==    by 0x1B8E4796: (within /lib/ld-2.3.5.so)
==23594== 
==23594== Conditional jump or move depends on uninitialised value(s)
==23594==    at 0x1B8EC852: (within /lib/ld-2.3.5.so)
==23594==    by 0x1B8E6403: (within /lib/ld-2.3.5.so)
==23594==    by 0x1B8F254A: (within /lib/ld-2.3.5.so)
==23594==    by 0x1B8E4CE6: (within /lib/ld-2.3.5.so)
==23594==    by 0x1B8E4796: (within /lib/ld-2.3.5.so)
==23594== 
==23594== Conditional jump or move depends on uninitialised value(s)
==23594==    at 0x1B8EC6F7: (within /lib/ld-2.3.5.so)
==23594==    by 0x1B8E6455: (within /lib/ld-2.3.5.so)
==23594==    by 0x1B8F254A: (within /lib/ld-2.3.5.so)
==23594==    by 0x1B8E4CE6: (within /lib/ld-2.3.5.so)
==23594==    by 0x1B8E4796: (within /lib/ld-2.3.5.so)
==23594== 
==23594== Conditional jump or move depends on uninitialised value(s)
==23594==    at 0x1B8EC700: (within /lib/ld-2.3.5.so)
==23594==    by 0x1B8E6455: (within /lib/ld-2.3.5.so)
==23594==    by 0x1B8F254A: (within /lib/ld-2.3.5.so)
==23594==    by 0x1B8E4CE6: (within /lib/ld-2.3.5.so)
==23594==    by 0x1B8E4796: (within /lib/ld-2.3.5.so)
==23594== 
==23594== Conditional jump or move depends on uninitialised value(s)
==23594==    at 0x1B8EC852: (within /lib/ld-2.3.5.so)
==23594==    by 0x1B8E6455: (within /lib/ld-2.3.5.so)
==23594==    by 0x1B8F254A: (within /lib/ld-2.3.5.so)
==23594==    by 0x1B8E4CE6: (within /lib/ld-2.3.5.so)
==23594==    by 0x1B8E4796: (within /lib/ld-2.3.5.so)
==23594== 
==23594== Conditional jump or move depends on uninitialised value(s)
==23594==    at 0x1B8EC82D: (within /lib/ld-2.3.5.so)
==23594==    by 0x1BA8ABE9: (within /lib/tls/i686/cmov/libc-2.3.5.so)
==23594==    by 0x1B8EF105: (within /lib/ld-2.3.5.so)
==23594==    by 0x1BA8B737: _dl_open (in /lib/tls/i686/cmov/libc-2.3.5.so)
==23594==    by 0x1BA8CCBC: (within /lib/tls/i686/cmov/libc-2.3.5.so)
==23594==    by 0x1B8EF105: (within /lib/ld-2.3.5.so)
==23594==    by 0x1BA8CD9D: __libc_dlopen_mode (in /lib/tls/i686/cmov/libc-2.3.5.so)
==23594==    by 0x1BA6780D: __nss_lookup_function (in /lib/tls/i686/cmov/libc-2.3.5.so)
==23594==    by 0x1BA679C6: (within /lib/tls/i686/cmov/libc-2.3.5.so)
==23594==    by 0x1BA69282: (within /lib/tls/i686/cmov/libc-2.3.5.so)
==23594==    by 0x1BA6D88C: getservbyname_r (in /lib/tls/i686/cmov/libc-2.3.5.so)
==23594==    by 0x1BA6D6A7: getservbyname (in /lib/tls/i686/cmov/libc-2.3.5.so)
==23594==    by 0x807F06E: OnMySQLPort (php_mysql.c:329)
==23594==    by 0x81684E6: zend_register_ini_entries (zend_ini.c:190)
==23594==    by 0x807F16F: zm_startup_mysql (php_mysql.c:383)
==23594==    by 0x815FA58: zend_startup_module (zend_API.c:1006)
==23594==    by 0x812AE67: php_startup_extensions (main.c:1051)
==23594==    by 0x8177598: php_startup_internal_extensions (internal_functions.c:61)
==23594==    by 0x812B343: php_module_startup (main.c:1226)
==23594==    by 0x81766B3: main (cgi_main.c:1087)
==23594== 
==23594== Conditional jump or move depends on uninitialised value(s)
==23594==    at 0x1B8EC852: (within /lib/ld-2.3.5.so)
==23594==    by 0x1BA8ABE9: (within /lib/tls/i686/cmov/libc-2.3.5.so)
==23594==    by 0x1B8EF105: (within /lib/ld-2.3.5.so)
==23594==    by 0x1BA8B737: _dl_open (in /lib/tls/i686/cmov/libc-2.3.5.so)
==23594==    by 0x1BA8CCBC: (within /lib/tls/i686/cmov/libc-2.3.5.so)
==23594==    by 0x1B8EF105: (within /lib/ld-2.3.5.so)
==23594==    by 0x1BA8CD9D: __libc_dlopen_mode (in /lib/tls/i686/cmov/libc-2.3.5.so)
==23594==    by 0x1BA6780D: __nss_lookup_function (in /lib/tls/i686/cmov/libc-2.3.5.so)
==23594==    by 0x1BA679C6: (within /lib/tls/i686/cmov/libc-2.3.5.so)
==23594==    by 0x1BA69282: (within /lib/tls/i686/cmov/libc-2.3.5.so)
==23594==    by 0x1BA6D88C: getservbyname_r (in /lib/tls/i686/cmov/libc-2.3.5.so)
==23594==    by 0x1BA6D6A7: getservbyname (in /lib/tls/i686/cmov/libc-2.3.5.so)
==23594==    by 0x807F06E: OnMySQLPort (php_mysql.c:329)
==23594==    by 0x81684E6: zend_register_ini_entries (zend_ini.c:190)
==23594==    by 0x807F16F: zm_startup_mysql (php_mysql.c:383)
==23594==    by 0x815FA58: zend_startup_module (zend_API.c:1006)
==23594==    by 0x812AE67: php_startup_extensions (main.c:1051)
==23594==    by 0x8177598: php_startup_internal_extensions (internal_functions.c:61)
==23594==    by 0x812B343: php_module_startup (main.c:1226)
==23594==    by 0x81766B3: main (cgi_main.c:1087)
==23594== 
==23594== Invalid read of size 4
==23594==    at 0x1B8F4C33: (within /lib/ld-2.3.5.so)
==23594==    by 0x1B8EA24D: (within /lib/ld-2.3.5.so)
==23594==    by 0x1BA8AA75: (within /lib/tls/i686/cmov/libc-2.3.5.so)
==23594==    by 0x1B8EF105: (within /lib/ld-2.3.5.so)
==23594==    by 0x1BA8B737: _dl_open (in /lib/tls/i686/cmov/libc-2.3.5.so)
==23594==    by 0x1B975CE7: (within /lib/tls/i686/cmov/libdl-2.3.5.so)
==23594==    by 0x1B8EF105: (within /lib/ld-2.3.5.so)
==23594==    by 0x1B9762EA: (within /lib/tls/i686/cmov/libdl-2.3.5.so)
==23594==    by 0x1B975D40: dlopen (in /lib/tls/i686/cmov/libdl-2.3.5.so)
==23594==    by 0x80BC20D: php_dl (dl.c:137)
==23594==    by 0x8130D24: php_load_function_extension_cb (php_ini.c:221)
==23594==    by 0x8155560: zend_llist_apply (zend_llist.c:189)
==23594==    by 0x81312F5: php_ini_delayed_modules_startup (php_ini.c:504)
==23594==    by 0x812B379: php_module_startup (main.c:1241)
==23594==    by 0x81766B3: main (cgi_main.c:1087)
==23594==  Address 0x1BB11F58 is 64 bytes inside a block of size 65 alloc'd
==23594==    at 0x1B9008A2: malloc (vg_replace_malloc.c:149)
==23594==    by 0x80BC18D: php_dl (dl.c:125)
==23594==    by 0x8130D24: php_load_function_extension_cb (php_ini.c:221)
==23594==    by 0x8155560: zend_llist_apply (zend_llist.c:189)
==23594==    by 0x81312F5: php_ini_delayed_modules_startup (php_ini.c:504)
==23594==    by 0x812B379: php_module_startup (main.c:1241)
==23594==    by 0x81766B3: main (cgi_main.c:1087)
==23594== 
==23594== Invalid write of size 4
==23594==    at 0x1BD071C3: mmc_pool_add (memcache.c:374)
==23594==    by 0x1BD0852C: zif_memcache_add_server (memcache.c:1567)
==23594==    by 0x8170A10: execute (zend_execute.c:1675)
==23594==    by 0x815D593: zend_execute_scripts (zend.c:934)
==23594==    by 0x812C3FB: php_execute_script (main.c:1753)
==23594==    by 0x8176EB8: main (cgi_main.c:1598)
==23594==  Address 0x1BB237C8 is 0 bytes after a block of size 48 alloc'd
==23594==    at 0x1B9008A2: malloc (vg_replace_malloc.c:149)
==23594==    by 0x814C002: _emalloc (zend_alloc.c:165)
==23594==    by 0x1BD07216: mmc_pool_add (memcache.c:370)
==23594==    by 0x1BD0852C: zif_memcache_add_server (memcache.c:1567)
==23594==    by 0x8170A10: execute (zend_execute.c:1675)
==23594==    by 0x815D593: zend_execute_scripts (zend.c:934)
==23594==    by 0x812C3FB: php_execute_script (main.c:1753)
==23594==    by 0x8176EB8: main (cgi_main.c:1598)
--23594-- INTERNAL ERROR: Valgrind received a signal 11 (SIGSEGV) - exiting
--23594-- si_code=1;  Faulting address: 0x37645C30;  sp: 0xB0B2AE5C

valgrind: the 'impossible' happened:
   Killed by fatal signal
==23594==    at 0xB0020C8A: vgPlain_arena_malloc (m_mallocfree.c:260)
==23594==    by 0xB00133D2: vgPlain_cli_malloc (replacemalloc_core.c:101)
==23594==    by 0xB7C1A52D: ???
==23594==    by 0xB0041D2C: do_client_request (scheduler.c:918)
==23594==    by 0xB00417B1: vgPlain_scheduler (scheduler.c:684)
==23594==    by 0xB0060EE5: vgModuleLocal_thread_wrapper (syswrap-linux.c:80)
==23594==    by 0xB005BE0B: run_a_thread_NORETURN (syswrap-x86-linux.c:150)

sched status:
  running_tid=1

Thread 1: status = VgTs_Runnable
==23594==    at 0x1B9008A2: malloc (vg_replace_malloc.c:149)
==23594==    by 0x814C6E9: zend_strndup (zend_alloc.c:397)
==23594==    by 0x815BECF: _zval_copy_ctor (zend_variables.c:111)
==23594==    by 0x8170275: execute (zend_execute.c:1568)
==23594==    by 0x815D593: zend_execute_scripts (zend.c:934)
==23594==    by 0x812C3FB: php_execute_script (main.c:1753)
==23594==    by 0x8176EB8: main (cgi_main.c:1598)

[2006-01-26 09:20 UTC] tony2001 at phpclub dot net

Thanks a lot, I can see it now.

Mikael, please take a look at it, there is definitely a memory corruption in the mmc_pool_add() function.

==23594== Invalid write of size 4
==23594==    at 0x1BD071C3: mmc_pool_add (memcache.c:374)
==23594==    by 0x1BD0852C: zif_memcache_add_server (memcache.c:1567)
==23594==    by 0x8170A10: execute (zend_execute.c:1675)
==23594==    by 0x815D593: zend_execute_scripts (zend.c:934)
==23594==    by 0x812C3FB: php_execute_script (main.c:1753)
==23594==    by 0x8176EB8: main (cgi_main.c:1598)

[2006-01-26 12:58 UTC] mikael at synd dot info

This bug has been fixed in CVS.

In case this was a documentation problem, the fix will show up at the
end of next Sunday (CET) on pecl.php.net.

In case this was a pecl.php.net website problem, the change will show
up on the website in short time.
 
Thank you for the report, and for helping us make PECL better.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2026 The PHP Group All rights reserved.	Last updated: Fri Jan 30 12:00:01 2026 UTC