PHP :: Bug #57329 :: pconnect: (apache crashes) incorrect memory freeing handling

Bug #57329	pconnect: (apache crashes) incorrect memory freeing handling
Submitted:	2006-10-27 17:48 UTC	Modified:	2006-10-27 18:36 UTC
From:	selecter at gmail dot com	Assigned:
Status:	Closed	Package:	memcache (PECL)
PHP Version:	5.1.6	OS:	Linux Gentoo 2006.1 x86_64
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	selecter at gmail dot com
New email:
PHP Version:		OS:

New/Additional Comment:

[2006-10-27 17:48 UTC] selecter at gmail dot com

Description:
------------
In case when pconnect fails to connect, memcache incorrectly frees memory sometimes.

"connect" is fine

To reproduce, memcached must be disabled. And try to run a script several times.

Reproduce code:
---------------
<?php
	$cache = new Memcache;
	$cache->pconnect('localhost', 11211);
?>

Actual result:
--------------
error_log:
[Sat Oct 28 00:24:31 2006] [notice] child pid 13185 exit signal Segmentation fault (11)
*** glibc detected *** /usr/sbin/apache2: corrupted double-linked list: 0x00002ba5b28669f0 ***
*** glibc detected *** /usr/sbin/apache2: double free or corruption (!prev): 0x0000000000963850 ***

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2006-10-27 18:00 UTC] tony2001 at phpclub dot net

What memcache version do you use?
Please provide GDB backtrace also.

[2006-10-27 18:06 UTC] selecter at gmail dot com

pecl-memcache-2.0.4
memcached-1.2.0

Backtrace was generated by pecl-xdebug(I think) in another script that uses pconnect.

*** glibc detected *** /usr/sbin/apache2: munmap_chunk(): invalid pointer: 0x000000000086b3a8 ***
======= Backtrace: =========
/lib/libc.so.6(__libc_free+0x174)[0x2ba5b2698474]
/usr/lib64/php5/lib/php/extensions/no-debug-non-zts-20050922/memcache.so[0x2ba5b7334d0d]
/usr/lib64/php5/lib/php/extensions/no-debug-non-zts-20050922/memcache.so[0x2ba5b733648a]
/usr/lib64/php5/lib/php/extensions/no-debug-non-zts-20050922/xdebug.so(xdebug_execute_internal+0x154)[0x2ba5b7208a0b]
/usr/lib64/apache2/modules/libphp5.so[0x2ba5b45b1498]
/usr/lib64/apache2/modules/libphp5.so(execute+0x173)[0x2ba5b45a1673]
/usr/lib64/php5/lib/php/extensions/no-debug-non-zts-20050922/xdebug.so(xdebug_execute+0xac7)[0x2ba5b72086cd]
/usr/lib64/apache2/modules/libphp5.so[0x2ba5b45a7216]
/usr/lib64/apache2/modules/libphp5.so(execute+0x173)[0x2ba5b45a1673]
/usr/lib64/php5/lib/php/extensions/no-debug-non-zts-20050922/xdebug.so(xdebug_execute+0xac7)[0x2ba5b72086cd]
/usr/lib64/apache2/modules/libphp5.so(zend_execute_scripts+0x16f)[0x2ba5b4584c3f]
/usr/lib64/apache2/modules/libphp5.so(php_execute_script+0x229)[0x2ba5b45481f9]
/usr/lib64/apache2/modules/libphp5.so[0x2ba5b460117d]
/usr/sbin/apache2(ap_run_handler+0x79)[0x425c89]
/usr/sbin/apache2(ap_invoke_handler+0x72)[0x428b52]
/usr/sbin/apache2(ap_process_request+0x158)[0x423c58]
/usr/sbin/apache2(apr_vformatter+0x9c0)[0x41ec60]
/usr/sbin/apache2(ap_run_process_connection+0x71)[0x42fb91]
/usr/sbin/apache2[0x424973]
/usr/sbin/apache2[0x424b94]
/usr/sbin/apache2(ap_mpm_run+0x647)[0x425297]
/usr/sbin/apache2(main+0x5ed)[0x42b2ed]
/lib/libc.so.6(__libc_start_main+0xf4)[0x2ba5b2647134]
/usr/sbin/apache2(apr_bucket_mmap_make+0x59)[0x41e5b9]

[2006-10-27 18:10 UTC] tony2001 at phpclub dot net

Please update to the latest stable version first (2.1.0) and if you still can replicate it, provide a backtrace as described here: 
http://bugs.php.net/bugs-generating-backtrace.php

[2006-10-27 18:30 UTC] selecter at gmail dot com

>To get a backtrace with correct information you must have PHP configured with --enable-debug

I am sorry, can't do that. I have no time for that. And there is no ebuild in gentoo for 2.1.0 :(

[2006-10-27 18:36 UTC] tony2001 at phpclub dot net

I can't reproduce it too, so I guess it's fixed.
Feel free to reopen the report when/if you have more information to tell.

[2008-10-13 16:59 UTC] andre at roaldseth dot net

I do believe I experience this or an similar bug with 3.0.2 and memcached 1.2.6.

I have an job that runs as an CLI-job. This job multi-gets about 45.000-50.000 keys and loops through all of them and does some delete and some sets depending on the information but mostly it does nothing. This multi-get normally takes nothing more then a few tenths of a second.

The problem occurs sometimes when the memcached-cluster is under pretty high load(~10000 request per second per server(14 servers)). Now the multi-get suddenly take 4-8 minutes to complete and all the following deletes and sets Memcached is supposed to have done isn't successfully.

The job finishes(I have an echo on the last line) and after that I get this:

*** glibc detected *** corrupted double-linked list: 0x0000000002a09260 ***
Aborted

All sets and deletes returns FALSE. The servers are added to the connection pool using addServer().

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Sun Oct 26 19:00:01 2025 UTC