php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #42338 Memory leak in SAPI.c
Submitted: 2007-08-18 15:10 UTC Modified: 2007-09-04 01:00 UTC
From: programatorfreez at gmail dot com Assigned:
Status: No Feedback Package: *General Issues
PHP Version: 5.2.4RC2 OS: Gentoo GNU/Linux
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: programatorfreez at gmail dot com
New email:
PHP Version: OS:

 

 [2007-08-18 15:10 UTC] programatorfreez at gmail dot com
Description:
------------
[Sat Aug 18 16:24:38 2007]  Script:  '/var/www/localhost/htdocs/weblog/test.php'
/var/tmp/portage/dev-lang/php-5.2.4_pre200708051230-r2/work/php5.2-200708051230/main/SAPI.c(940) :  Freeing 0x082A9C38 (10 bytes), script=/var$
Last leak repeated 1 time
=== Total 2 memory leaks detected ===


Reproduce code:
---------------
<?php
// save as test.php into directory weblog in your HTDOCS
if (!isset($_GET['test'])) {
    for ($i = 0; $i < 5; $i++) { // change $i < 5 to $i < 0 after first running of this script
        $query = str_repeat('[]', 1024);
        $url = 'http://127.0.0.1/weblog/test.php?test' . $query . '=1';
        file_get_contents($url);
    }
}

echo 'finished';
?>

Expected result:
----------------
No memory leak =)

Actual result:
--------------
sh-3.2# USE_ZEND_ALLOC=0 valgrind --leak-check=full --gen-suppressions=yes php -f /var/www/localhost/htdocs/weblog/
test.php

==31902== Memcheck, a memory error detector.
==31902== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.
==31902== Using LibVEX rev 1732, a library for dynamic binary translation.
==31902== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.
==31902== Using valgrind-3.2.3, a dynamic binary instrumentation framework.
==31902== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.
==31902== For more details, rerun with: -v
==31902== 

Warning: file_get_contents(http://127.0.0.1/weblog/test.php?test[][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][ in /var/www/localhost/htdocs/weblog/test.php on line 6
finished==31902== 
==31902== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 7 from 1)
==31902== malloc/free: in use at exit: 26,319 bytes in 1,505 blocks.
==31902== malloc/free: 17,148 allocs, 15,643 frees, 1,966,546 bytes allocated.
==31902== For counts of detected errors, rerun with: -v
==31902== searching for pointers to 1,505 not-freed blocks.
==31902== checked 1,359,216 bytes.
==31902== 
==31902== LEAK SUMMARY:
==31902==    definitely lost: 0 bytes in 0 blocks.
==31902==      possibly lost: 0 bytes in 0 blocks.
==31902==    still reachable: 26,319 bytes in 1,505 blocks.
==31902==         suppressed: 0 bytes in 0 blocks.
==31902== Reachable blocks (those to which a pointer was found) are not shown.
==31902== To see them, rerun with: --leak-check=full --show-reachable=yes
sh-3.2# USE_ZEND_ALLOC=0 valgrind --leak-check=full --gen-suppressions=yes --show-reachable=yes php -f /var/www/localhost/htdocs/weblog/test.php
==31907== Memcheck, a memory error detector.
==31907== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.
==31907== Using LibVEX rev 1732, a library for dynamic binary translation.
==31907== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.
==31907== Using valgrind-3.2.3, a dynamic binary instrumentation framework.
==31907== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.
==31907== For more details, rerun with: -v
==31907== 

Warning: file_get_contents(http://127.0.0.1/weblog/test.php?test[][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][ in /var/www/localhost/htdocs/weblog/test.php on line 6
finished==31907== 
==31907== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 7 from 1)
==31907== malloc/free: in use at exit: 26,319 bytes in 1,505 blocks.
==31907== malloc/free: 17,148 allocs, 15,643 frees, 1,966,546 bytes allocated.
==31907== For counts of detected errors, rerun with: -v
==31907== searching for pointers to 1,505 not-freed blocks.
==31907== checked 1,359,216 bytes.
==31907== 
==31907== 20 bytes in 1 blocks are still reachable in loss record 1 of 14
==31907==    at 0x4020B3D: calloc (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==31907==    by 0x40ED34B: (within /lib/libdl-2.5.so)
==31907==    by 0x40ECD73: dlopen (in /lib/libdl-2.5.so)
==31907==    by 0x82C13C5: php_dl (in /usr/lib/php5/bin/php)
==31907==    by 0x8090FD0: (within /usr/lib/php5/bin/php)
==31907== 
==31907== ---- Print suppression ? --- [Return/N/n/Y/y/C/c] ---- ==31907== 
==31907== 
==31907== 32 bytes in 1 blocks are still reachable in loss record 2 of 14
==31907==    at 0x4022A7E: malloc (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==31907==    by 0x4CE1B8E: suhosin_hook_session (in /usr/lib/php5/lib/php/extensions/debug-non-zts-20060613/suhosin.so)
==31907== 
==31907== 
==31907== 56 bytes in 2 blocks are still reachable in loss record 3 of 14
==31907==    at 0x4022A7E: malloc (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==31907==    by 0x400C55B: _dl_map_object_deps (in /lib/ld-2.5.so)
==31907==    by 0x40115B0: dl_open_worker (in /lib/ld-2.5.so)
==31907==    by 0x400D6E5: _dl_catch_error (in /lib/ld-2.5.so)
==31907==    by 0x4010FD3: _dl_open (in /lib/ld-2.5.so)
==31907==    by 0x40ECE3C: (within /lib/libdl-2.5.so)
==31907==    by 0x400D6E5: _dl_catch_error (in /lib/ld-2.5.so)
==31907==    by 0x40ED2DB: (within /lib/libdl-2.5.so)
==31907==    by 0x40ECD73: dlopen (in /lib/libdl-2.5.so)
==31907==    by 0x82C13C5: php_dl (in /usr/lib/php5/bin/php)
==31907==    by 0x8090FD0: (within /usr/lib/php5/bin/php)
==31907== 
==31907== 
==31907== 67 bytes in 1 blocks are still reachable in loss record 4 of 14
==31907==    at 0x4022A7E: malloc (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==31907==    by 0x400A51D: _dl_new_object (in /lib/ld-2.5.so)
==31907==    by 0x40062E7: _dl_map_object_from_fd (in /lib/ld-2.5.so)
==31907==    by 0x4008162: _dl_map_object (in /lib/ld-2.5.so)
==31907==    by 0x4011555: dl_open_worker (in /lib/ld-2.5.so)
==31907==    by 0x400D6E5: _dl_catch_error (in /lib/ld-2.5.so)
==31907==    by 0x4010FD3: _dl_open (in /lib/ld-2.5.so)
==31907==    by 0x40ECE3C: (within /lib/libdl-2.5.so)
==31907==    by 0x400D6E5: _dl_catch_error (in /lib/ld-2.5.so)
==31907==    by 0x40ED2DB: (within /lib/libdl-2.5.so)
==31907==    by 0x40ECD73: dlopen (in /lib/libdl-2.5.so)
==31907==    by 0x82C13C5: php_dl (in /usr/lib/php5/bin/php)
==31907== 
==31907== 
==31907== 67 bytes in 1 blocks are still reachable in loss record 5 of 14
==31907==    at 0x4022A7E: malloc (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==31907==    by 0x4007664: expand_dynamic_string_token (in /lib/ld-2.5.so)
==31907==    by 0x40080A2: _dl_map_object (in /lib/ld-2.5.so)
==31907==    by 0x4011555: dl_open_worker (in /lib/ld-2.5.so)
==31907==    by 0x400D6E5: _dl_catch_error (in /lib/ld-2.5.so)
==31907==    by 0x4010FD3: _dl_open (in /lib/ld-2.5.so)
==31907==    by 0x40ECE3C: (within /lib/libdl-2.5.so)
==31907==    by 0x400D6E5: _dl_catch_error (in /lib/ld-2.5.so)
==31907==    by 0x40ED2DB: (within /lib/libdl-2.5.so)
==31907==    by 0x40ECD73: dlopen (in /lib/libdl-2.5.so)
==31907==    by 0x82C13C5: php_dl (in /usr/lib/php5/bin/php)
==31907==    by 0x8090FD0: (within /usr/lib/php5/bin/php)
==31907== 
==31907== 
==31907== 96 bytes in 1 blocks are still reachable in loss record 6 of 14
==31907==    at 0x4020B3D: calloc (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==31907==    by 0x400EFAC: _dl_check_map_versions (in /lib/ld-2.5.so)
==31907==    by 0x4011838: dl_open_worker (in /lib/ld-2.5.so)
==31907==    by 0x400D6E5: _dl_catch_error (in /lib/ld-2.5.so)
==31907==    by 0x4010FD3: _dl_open (in /lib/ld-2.5.so)
==31907==    by 0x40ECE3C: (within /lib/libdl-2.5.so)
==31907==    by 0x400D6E5: _dl_catch_error (in /lib/ld-2.5.so)
==31907==    by 0x40ED2DB: (within /lib/libdl-2.5.so)
==31907==    by 0x40ECD73: dlopen (in /lib/libdl-2.5.so)
==31907==    by 0x82C13C5: php_dl (in /usr/lib/php5/bin/php)
==31907==    by 0x8090FD0: (within /usr/lib/php5/bin/php)
==31907== 
==31907== 
==31907== 188 bytes in 1 blocks are still reachable in loss record 7 of 14
==31907==    at 0x4022A7E: malloc (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==31907==    by 0x4011398: add_to_global (in /lib/ld-2.5.so)
==31907==    by 0x4011785: dl_open_worker (in /lib/ld-2.5.so)
==31907==    by 0x400D6E5: _dl_catch_error (in /lib/ld-2.5.so)
==31907==    by 0x4010FD3: _dl_open (in /lib/ld-2.5.so)
==31907==    by 0x40ECE3C: (within /lib/libdl-2.5.so)
==31907==    by 0x400D6E5: _dl_catch_error (in /lib/ld-2.5.so)
==31907==    by 0x40ED2DB: (within /lib/libdl-2.5.so)
==31907==    by 0x40ECD73: dlopen (in /lib/libdl-2.5.so)
==31907==    by 0x82C13C5: php_dl (in /usr/lib/php5/bin/php)
==31907==    by 0x8090FD0: (within /usr/lib/php5/bin/php)
==31907== 
==31907== 
==31907== 256 bytes in 1 blocks are still reachable in loss record 8 of 14
==31907==    at 0x4022BA0: realloc (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==31907==    by 0x83C799C: (within /usr/lib/php5/bin/php)
==31907== 
==31907== 
==31907== 556 bytes in 1 blocks are still reachable in loss record 9 of 14
==31907==    at 0x4022A7E: malloc (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==31907==    by 0x46D48A4: _db_push_ (in /usr/lib/mysql/libmysqlclient.so.15.0.0)
==31907== 
==31907== 
==31907== 667 bytes in 1 blocks are still reachable in loss record 10 of 14
==31907==    at 0x4020B3D: calloc (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==31907==    by 0x400A268: _dl_new_object (in /lib/ld-2.5.so)
==31907==    by 0x40062E7: _dl_map_object_from_fd (in /lib/ld-2.5.so)
==31907==    by 0x4008162: _dl_map_object (in /lib/ld-2.5.so)
==31907==    by 0x4011555: dl_open_worker (in /lib/ld-2.5.so)
==31907==    by 0x400D6E5: _dl_catch_error (in /lib/ld-2.5.so)
==31907==    by 0x4010FD3: _dl_open (in /lib/ld-2.5.so)
==31907==    by 0x40ECE3C: (within /lib/libdl-2.5.so)
==31907==    by 0x400D6E5: _dl_catch_error (in /lib/ld-2.5.so)
==31907==    by 0x40ED2DB: (within /lib/libdl-2.5.so)
==31907==    by 0x40ECD73: dlopen (in /lib/libdl-2.5.so)
==31907==    by 0x82C13C5: php_dl (in /usr/lib/php5/bin/php)
==31907== 
==31907== 
==31907== 1,024 bytes in 1 blocks are still reachable in loss record 11 of 14
==31907==    at 0x4022A7E: malloc (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==31907==    by 0x83C6DC8: (within /usr/lib/php5/bin/php)
==31907==    by 0x8090FD0: (within /usr/lib/php5/bin/php)
==31907== 
==31907== 
==31907== 1,024 bytes in 1 blocks are still reachable in loss record 12 of 14
==31907==    at 0x4022A7E: malloc (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==31907==    by 0x83AEA28: (within /usr/lib/php5/bin/php)
==31907==    by 0x8090FD0: (within /usr/lib/php5/bin/php)
==31907== 
==31907== 
==31907== 4,096 bytes in 1 blocks are still reachable in loss record 13 of 14
==31907==    at 0x4022BA0: realloc (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==31907==    by 0x457F8A3: (within /usr/lib/libcrypto.so.0.9.8)
==31907== 
==31907== 
==31907== 18,170 bytes in 1,491 blocks are still reachable in loss record 14 of 14
==31907==    at 0x4022A7E: malloc (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==31907==    by 0x457F86B: (within /usr/lib/libcrypto.so.0.9.8)
==31907== 
==31907== LEAK SUMMARY:
==31907==    definitely lost: 0 bytes in 0 blocks.
==31907==      possibly lost: 0 bytes in 0 blocks.
==31907==    still reachable: 26,319 bytes in 1,505 blocks.
==31907==         suppressed: 0 bytes in 0 blocks.


Apache error_log:
][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][$
[Sat Aug 18 16:24:38 2007]  Script:  '/var/www/localhost/htdocs/weblog/test.php'
/var/tmp/portage/dev-lang/php-5.2.4_pre200708051230-r2/work/php5.2-200708051230/main/SAPI.c(940) :  Freeing 0x082A9C38 (10 bytes), script=/var$
Last leak repeated 1 time
=== Total 2 memory leaks detected ===

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2007-08-18 15:20 UTC] programatorfreez at gmail dot com
When i execute It without suhosin, the result is: http://pastebin.ca/662282
 [2007-08-19 20:04 UTC] jani@php.net
And what was the configure line you used to configure PHP?
This is #1 thing you should put in a bug report anybody wants to even look at. (It's mentioned on the page you submitted the bug from..)
 [2007-08-19 21:12 UTC] programatorfreez at gmail dot com
Ok, next time I will remember. It was:
USE="apache2 berkdb bzip2 cli crypt ctype debug gd gdbm iconv mysql ncurses nls pcre pdo readline reflection session simplexml soap sockets spell spl ssl suhosin tokenizer truetype unicode xml xmlreader xmlwriter xsl zlib"
 [2007-08-20 06:19 UTC] derick@php.net
That's not your configure command... configure commands start with "./configure"
 [2007-08-20 16:00 UTC] programatorfreez at gmail dot com
ACCEPT_KEYWORDS='~x86' USE="apache2 berkdb bzip2 cli crypt ctype debug gd gdbm iconv mysql
ncurses nls pcre pdo readline reflection session simplexml soap sockets
spell spl ssl suhosin tokenizer truetype unicode xml xmlreader xmlwriter
xsl zlib" emerge -av dev-lang/php5

If you are not able to use ./configure --apache2, --berkdb, --bzip2, --cli, etc. than It's your problem, not my.
 [2007-08-21 07:35 UTC] jani@php.net
Uh..that comment causes immediate bogusing. Plus: You're using threaded Apache, there's propably even more broken in your system than just that.
 [2007-08-21 20:20 UTC] programatorfreez at gmail dot com
Jani: I don't understand you, what do you mean? There is *not* anything broken in my system, that's why PHP 5.2.3 didn't report any memory leak with the same code and (of course) with the same USE flags and I use threaded apache for years without any problem (until now with PHP 5.2.4).
 [2007-08-27 21:37 UTC] programatorfreez at gmail dot com
'./configure' '--prefix=/usr/lib/php5' '--host=i686-pc-linux-gnu' '--mandir=/usr/lib/php5/man' '--infodir=/usr/lib/php5/info' '--sysconfdir=/etc' '--cache-file=./config.cache' '--disable-cli' '--with-apxs2=/usr/sbin/apxs2' '--with-config-file-path=/etc/php/apache2-php5' '--with-config-file-scan-dir=/etc/php/apache2-php5/ext-active' '--without-pear' '--disable-bcmath' '--with-bz2' '--disable-calendar' '--without-curl' '--without-curlwrappers' '--disable-dbase' '--disable-exif' '--without-fbsql' '--without-fdftk' '--disable-filter' '--disable-ftp' '--with-gettext' '--without-gmp' '--disable-hash' '--disable-ipv6' '--disable-json' '--without-kerberos' '--enable-mbstring' '--with-mcrypt' '--without-mhash' '--without-msql' '--without-mssql' '--with-ncurses' '--with-openssl' '--with-openssl-dir=/usr' '--disable-pcntl' '--without-pgsql' '--disable-posix' '--with-pspell' '--without-recode' '--disable-shmop' '--without-snmp' '--enable-soap' '--enable-sockets' '--without-sybase' '--without-sybase-ct' '--disable-sysvmsg' '--disable-sysvsem' '--disable-sysvshm' '--without-tidy' '--disable-wddx' '--without-xmlrpc' '--with-xsl' '--disable-zip' '--with-zlib' '--enable-debug' '--enable-dba' '--without-cdb' '--with-db4' '--without-flatfile' '--with-gdbm' '--without-inifile' '--without-qdbm' '--with-freetype-dir=/usr' '--with-t1lib=/usr' '--disable-gd-jis-conv' '--with-jpeg-dir=/usr' '--with-png-dir=/usr' '--without-xpm-dir' '--with-gd' '--with-mysql=/usr' '--with-mysql-sock=/var/run/mysqld/mysqld.sock' '--without-mysqli' '--without-pdo-dblib' '--with-pdo-mysql=/usr' '--without-pdo-odbc' '--without-pdo-pgsql' '--without-pdo-sqlite' '--with-readline' '--without-libedit' '--without-mm' '--without-sqlite'
 [2007-08-27 22:11 UTC] jani@php.net
Ever heard about '--disable-all' ? That disables all the "enabled-by-default" extensions and you can just enable those you actually need. Please shorten the configure line to shortest possible.

And about threaded stuff: there are dozens of libraries PHP can be linked with which are not thread-safe. Why do you insist on using the much slower threaded one anyway when you could have much more reliable and non-leaking, fast PHP running under non-threaded webserver?
 [2007-09-04 01:00 UTC] php-bugs at lists dot php dot net
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri Dec 27 06:01:29 2024 UTC