PHP :: Bug #28602 :: Segmentation fault in _zval_ptr

Bug #28602

Segmentation fault in _zval_ptr_dtor()

Submitted:

2004-06-01 12:49 UTC

Modified:

2004-12-13 01:15 UTC

Votes:	3
Avg. Score:	5.0 ± 0.0
Reproduced:	3 of 3 (100.0%)
Same Version:	1 (33.3%)
Same OS:	3 (100.0%)

From:

arkadi at mebius dot lv

Assigned:

Status:

Closed

Package:

Scripting Engine problem

PHP Version:

4.3.6

OS:

FreeBSD

Private report:

CVE-ID:

None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	arkadi at mebius dot lv
New email:
PHP Version:		OS:

New Comment:

[2004-06-01 12:49 UTC] arkadi at mebius dot lv

Description:
------------
Apache 1.3.31, DSO mod_php4, FreeBSD 4.9, compiled with -O -g.
I have apache core files with a segmentation fault error on the same line inside the PHP:

#0  0x2842f72d in _zval_ptr_dtor (zval_ptr=0x8ff1158) at /usr/home/arkadi/build/php-4.3.6/Zend/zend_execute_API.c:289
289             (*zval_ptr)->refcount--;
(gdb) bt
#0  0x2842f72d in _zval_ptr_dtor (zval_ptr=0x8ff1158) at /usr/home/arkadi/build/php-4.3.6/Zend/zend_execute_API.c:289
#1  0x2843c839 in zend_hash_destroy (ht=0x83a5e0c) at /usr/home/arkadi/build/php-4.3.6/Zend/zend_hash.c:553
#2  0x2842f37e in shutdown_executor () at /usr/home/arkadi/build/php-4.3.6/Zend/zend_execute_API.c:180
#3  0x28437f80 in zend_deactivate () at /usr/home/arkadi/build/php-4.3.6/Zend/zend.c:667
#4  0x2840ea6e in php_request_shutdown (dummy=0x0) at /usr/home/arkadi/build/php-4.3.6/main/main.c:996
#5  0x28451667 in php_apache_request_shutdown (dummy=0x0) at /usr/home/arkadi/build/php-4.3.6/sapi/apache/mod_php4.c:302
#6  0x8050bfa in run_cleanups (c=0x838a80c) at alloc.c:1936
#7  0x804fbfb in ap_clear_pool (a=0x836400c) at alloc.c:650
#8  0x804fc5c in ap_destroy_pool (a=0x836400c) at alloc.c:680
#9  0x804fbe7 in ap_clear_pool (a=0x80d600c) at alloc.c:643
#10 0x805c2ae in child_main (child_num_arg=23) at http_main.c:4548
#11 0x805c8cd in make_child (s=0x8099034, slot=23, now=1086039560) at http_main.c:5051
#12 0x805cfe8 in standalone_main (argc=2, argv=0xbfbffbec) at http_main.c:5451
#13 0x805d597 in main (argc=2, argv=0xbfbffbec) at http_main.c:5757
(gdb) p zval_ptr
$1 = (zval **) 0x8ff1158
(gdb) p **zval_ptr
Cannot access memory at address 0x3.
(gdb) p *zval_ptr
$2 = (zval *) 0x3

The error happens approximatelly every 100,000 requests. MaxRequestPerChild is set to 10,000. There are malloc() errors in error_log that may be related:

httpd in free(): warning: chunk is already free
httpd in malloc(): warning: recursive call
FATAL:  emalloc():  Unable to allocate 1617 bytes

or just malloc() w/o free():

httpd in malloc(): warning: recursive call
FATAL:  emalloc():  Unable to allocate 1851 bytes

Since last httpd restart there are 300,000 requests, three core files, four free() errors and five malloc() errors in error_log. They happens at different times though.

Similar problem was reported in bug #14239.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2004-07-11 21:38 UTC] sniper@php.net

Please try using this CVS snapshot:

  http://snaps.php.net/php4-STABLE-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php4-win32-STABLE-latest.zip

[2004-07-26 13:16 UTC] arkadi at mebius dot lv

Looks like the problem is resolved by php4-STABLE-200407120630. Over a week w/o a single SEGFAULT.

[2004-12-13 01:15 UTC] sniper@php.net

Solved -> closed..

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Fri Sep 20 08:01:28 2024 UTC