|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
[2006-01-30 15:13 UTC] jon at gamingsolutions dot ca
Description: ------------ I'm using PHP 5.1.2 from http://www.dotdeb.org/ with "default" static modules, and no dynamic modules loaded. Using the latest anonymous CVS of APC - a fix was committed not too long ago for a static member problem that I believe this bug also triggers, so I can't report against 3.0.8. Using two files (one includes the other), I get a reproducible segfault. The server displays the files just fine on the first page load. The next page load segfaults apache2. (Load crashme1.php in a web browser.) The scripts have minimal code, but if I remove any part of it, the segfault isn't as reproducible. php.ini is also almost identical to the distributed file, except memory_limit was increased to 16M and include path was changed slightly. The GDB output is as follows: Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 1437436864 (LWP 15207)] 0x5646d425 in my_copy_zval_ptr (dst=0x8279dec, src=0x21, allocate=0x564738c0 <apc_php_malloc>, deallocate=0x564738e6 <apc_php_free>) at /root/apc-20060126/apc_compile.c:250 250 if(!my_copy_zval(*dst, *src, allocate, deallocate)) return NULL; (gdb) bt #0 0x5646d425 in my_copy_zval_ptr (dst=0x8279dec, src=0x21, allocate=0x564738c0 <apc_php_malloc>, deallocate=0x564738e6 <apc_php_free>) at /root/apc-20060126/apc_compile.c:250 #1 0x5646e2ac in my_copy_hashtable_ex (dst=0x8279ab0, src=0x82787cc, copy_fn=0x5646d3bd <my_copy_zval_ptr>, free_fn=0x5646f462 <my_free_zval_ptr>, holds_ptrs=1, allocate=0x564738c0 <apc_php_malloc>, deallocate=0x564738e6 <apc_php_free>, check_fn=0) at /root/apc-20060126/apc_compile.c:894 #2 0x5646f9e0 in apc_copy_class_entry_for_execution (src=0x56528c20, is_derived=0) at /root/apc-20060126/apc_compile.c:1831 #3 0x564708bc in install_class (cl= {name = 0x56528c08 "crashme2", name_len = 8, is_derived = 0, parent_name = 0x0, class_entry = 0x56528c20}) at /root/apc-20060126/apc_main.c:105 #4 0x56470a43 in cached_compile () at /root/apc-20060126/apc_main.c:190 #5 0x56470c06 in my_compile_file (h=0xffffa0a0, type=136812522) at /root/apc-20060126/apc_main.c:253 #6 0x55dacd43 in execute () from /usr/lib/apache2/modules/libphp5.so #7 0x55da86c8 in execute () from /usr/lib/apache2/modules/libphp5.so #8 0x55d8d8ea in zend_execute_scripts () from /usr/lib/apache2/modules/libphp5.so #9 0x55d4eabf in php_execute_script () from /usr/lib/apache2/modules/libphp5.so ---Type <return> to continue, or q <return> to quit--- #10 0x55e0c234 in zend_get_zval_ptr_ptr () from /usr/lib/apache2/modules/libphp5.so #11 0x08078375 in ap_run_handler () #12 0x08078980 in ap_invoke_handler () #13 0x08069c6a in ap_process_request () #14 0x0806512d in _start () #15 0x082657a8 in ?? () #16 0x00000004 in ?? () #17 0x082657a8 in ?? () #18 0x0808370c in ap_run_pre_connection () #19 0x080835c5 in ap_run_process_connection () #20 0x08076974 in ap_graceful_stop_signalled () #21 0x08076b8b in ap_graceful_stop_signalled () #22 0x08076be8 in ap_graceful_stop_signalled () #23 0x0807745a in ap_mpm_run () #24 0x0807da8d in main () If I can provide any more information that would help, let me know. Reproduce code: --------------- --- crashme1.php --- <?php $v1 = 1; include_once('crashme2.php'); $v2 = 2; echo "Variables are: \n $v1 -> $v2" . "\n"; ?> --- end crashme1.php --- --- crashme2.php --- <?php class crashme2 { private static $crashVar = ""; public static function crashFunc() {} } ?> --- end crashme2.php --- Expected result: ---------------- The script should do almost nothing. This is what it does given Output: Variables are: 1 -> 2 Actual result: -------------- No output on second page load, apache2 segfault. PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
|
|||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Sun Dec 21 18:00:02 2025 UTC |
The patch does seem to help things significantly. (Thank you!) I applied it against anonymous CVS from about an hour ago - it didn't apply cleanly to 3.0.8. The crashme1.php and crashme2.php scripts now behave exactly as expected (no segfault). There are some residual issues though; Some scripts still segfault (just not the crashme1/2 scripts), and APC now makes the Zend Studio Server crash. I don't really care that Zend Studio crashes, so I disabled it on my test server. The new segfault is in places that we didn't necessarily see a segfault before. I will try to come up with a simplified script that triggers the new segfault sometime today. Please let me know if there's any additional information that I can provide that will help. For reference, here is the new segfault's backtrace - this one's completely different. Although this doesn't reference APC at all, this segfault doesn't occur without APC loaded. Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 1437424576 (LWP 14192)] 0x55bec270 in instanceof_function_ex (instance_ce=0x0, ce=0x820c17c, interfaces_only=0 '\0') at /root/build/php5-5.1.2/Zend/zend_operators.c:1562 1562 for (i=0; i<instance_ce->num_interfaces; i++) { (gdb) bt #0 0x55bec270 in instanceof_function_ex (instance_ce=0x0, ce=0x820c17c, interfaces_only=0 '\0') at /root/build/php5-5.1.2/Zend/zend_operators.c:1562 #1 0x55bec2fa in instanceof_function (instance_ce=0x0, ce=0x0) at /root/build/php5-5.1.2/Zend/zend_operators.c:1581 #2 0x55bec290 in instanceof_function_ex (instance_ce=0x8409164, ce=0x820c17c, interfaces_only=0 '\0') at /root/build/php5-5.1.2/Zend/zend_operators.c:1563 #3 0x55bec2fa in instanceof_function (instance_ce=0x0, ce=0x0) at /root/build/php5-5.1.2/Zend/zend_operators.c:1581 #4 0x55c63345 in zend_verify_arg_type (zf=0x55d0909c, arg_num=1, arg=0x8426b44) at /root/build/php5-5.1.2/Zend/zend_execute.c:484 #5 0x55c0921f in ZEND_RECV_SPEC_HANDLER (execute_data=0xffff93a0) at zend_vm_execute.h:369 #6 0x55c087a2 in execute (op_array=0xffff93a0) at zend_vm_execute.h:92 #7 0x55c08bec in zend_do_fcall_common_helper_SPEC (execute_data=0xffff9610) at zend_vm_execute.h:226 #8 0x55c08f99 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0x0) at zend_vm_execute.h:314 #9 0x55c087a2 in execute (op_array=0xffff9610) at zend_vm_execute.h:92 #10 0x55c08bec in zend_do_fcall_common_helper_SPEC (execute_data=0xffff9c50) at zend_vm_execute.h:226 #11 0x55c08f99 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0x0) at zend_vm_execute.h:314 #12 0x55c087a2 in execute (op_array=0xffff9c50) at zend_vm_execute.h:92 #13 0x55c08bec in zend_do_fcall_common_helper_SPEC (execute_data=0xffffa990) at zend_vm_execute.h:226 #14 0x55c08f99 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0x0) at zend_vm_execute.h:314 #15 0x55c087a2 in execute (op_array=0xffffa990) at zend_vm_execute.h:92 #16 0x55c08bec in zend_do_fcall_common_helper_SPEC (execute_data=0xffffaab0) at zend_vm_execute.h:226 #17 0x55c08f99 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0x0) at zend_vm_execute.h:314 #18 0x55c087a2 in execute (op_array=0xffffaab0) at zend_vm_execute.h:92 #19 0x55be570f in zend_call_function (fci=0xffffac10, fci_cache=0x0) at /root/build/php5-5.1.2/Zend/zend_execute_API.c:907 #20 0x55be47ce in call_user_function_ex (function_table=0x0, object_pp=0x0, function_name=0x0, retval_ptr_ptr=0x0, param_count=0, params=0x0, no_separation=0, symbol_table=0x0) at /root/build/php5-5.1.2/Zend/zend_execute_API.c:571 #21 0x55b5aa73 in zif_call_user_func_array (ht=2, return_value=0x829eca4, return_value_ptr=0x0, this_ptr=0x0, return_value_used=1) at /root/build/php5-5.1.2/ext/standard/basic_functions.c:2148 #22 0x55c08ada in zend_do_fcall_common_helper_SPEC (execute_data=0xffffb100) at zend_vm_execute.h:192 #23 0x55c0c168 in ZEND_DO_FCALL_SPEC_CONST_HANDLER (execute_data=0xffffb100) at zend_vm_execute.h:1587 #24 0x55c087a2 in execute (op_array=0xffffb100) at zend_vm_execute.h:92 #25 0x55c08bec in zend_do_fcall_common_helper_SPEC (execute_data=0xffffb3a0) at zend_vm_execute.h:226 #26 0x55c08f99 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0x0) at zend_vm_execute.h:314 #27 0x55c087a2 in execute (op_array=0xffffb3a0) at zend_vm_execute.h:92 #28 0x55c08bec in zend_do_fcall_common_helper_SPEC (execute_data=0xffffb610) at zend_vm_execute.h:226 #29 0x55c08f99 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0x0) at zend_vm_execute.h:314 #30 0x55c087a2 in execute (op_array=0xffffb610) at zend_vm_execute.h:92 #31 0x55bef1a2 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /root/build/php5-5.1.2/Zend/zend.c:1101 #32 0x55bb444f in php_execute_script (primary_file=0xffffd980) at /root/build/php5-5.1.2/main/main.c:1720 #33 0x55c65b87 in php_handler (r=0x81e1888) at /root/build/php5-5.1.2/sapi/apache2handler/sapi_apache2.c:584 #34 0x08078375 in ap_run_handler () #35 0x08078980 in ap_invoke_handler () #36 0x08069c6a in ap_process_request () #37 0x0806512d in _start () #38 0x081e1888 in ?? () #39 0x00000004 in ?? () #40 0x081e1888 in ?? () #41 0x0808370c in ap_run_pre_connection () #42 0x080835c5 in ap_run_process_connection () #43 0x08076974 in ap_graceful_stop_signalled () #44 0x08076b8b in ap_graceful_stop_signalled () #45 0x08076be8 in ap_graceful_stop_signalled () #46 0x0807745a in ap_mpm_run () #47 0x0807da8d in main ()