PHP :: Bug #45542 :: call_user_function_ex in separate thread causes segfault

Bug #45542	call_user_function_ex in separate thread causes segfault
Submitted:	2008-07-17 10:58 UTC	Modified:	2008-07-21 21:14 UTC
From:	cnorthcote at underground dot co dot uk	Assigned:
Status:	Not a bug	Package:	Scripting Engine problem
PHP Version:	5.2.6	OS:	Debian Linux
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	cnorthcote at underground dot co dot uk
New email:
PHP Version:		OS:

New Comment:

[2008-07-17 10:58 UTC] cnorthcote at underground dot co dot uk

Description:
------------
I am developing an in-house extension which executes call_user_function_ex() within a seperate thread from the main PHP executable.

When this function is called, there is a segmentation in free().

I am also able to reproduce this on Debian stable (Etch) as well.

PHP was configured with --enable-debug --enable-maintainer-zts.

Reproduce code:
---------------
See http://pastebin.com/m2ddefa48

Expected result:
----------------
The thread should be run (it is), and "Hello World!" printed to the screen.

Actual result:
--------------
Thread starts, then:

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1213146192 (LWP 9615)]
0xb7cf2abe in free () from /lib/tls/i686/cmov/libc.so.6
(gdb) bt
#0  0xb7cf2abe in free () from /lib/tls/i686/cmov/libc.so.6
#1  0xb7cf49ef in malloc () from /lib/tls/i686/cmov/libc.so.6
#2  0x082c6b7a in allocate_new_resource (thread_resources_ptr=0x84a105c, thread_id=3081821104)
    at /home/ugr/php-5.2.6/TSRM/TSRM.c:275
#3  0x082c6e02 in ts_resource_ex (id=0, th_id=0x0) at /home/ugr/php-5.2.6/TSRM/TSRM.c:361
#4  0x0830cb39 in _emalloc (size=8, __zend_filename=0x8473abc "/home/ugr/php-5.2.6/Zend/zend_operators.h",
    __zend_lineno=296, __zend_orig_filename=0x0, __zend_orig_lineno=0)
    at /home/ugr/php-5.2.6/Zend/zend_alloc.c:2277
#5  0x08321fbd in zend_str_tolower_dup (source=0x859edd8 "test_userfunc", length=7)
    at /home/ugr/php-5.2.6/Zend/zend_operators.h:296
#6  0x08320ef1 in zend_call_function (fci=0xb7b0d3e4, fci_cache=0x0, tsrm_ls=0x84a1050)
    at /home/ugr/php-5.2.6/Zend/zend_execute_API.c:848
#7  0x08320075 in call_user_function_ex (function_table=0x84a2438, object_pp=0x0, function_name=0x859ebc0,
    retval_ptr_ptr=0xb7b0d448, param_count=0, params=0x0, no_separation=0, symbol_table=0x0, tsrm_ls=0x84a1050)
    at /home/ugr/php-5.2.6/Zend/zend_execute_API.c:640
#8  0xb7f781a0 in userfunc_execute (args=0x859edc8) at /home/ugr/php_ugmt/ugmt.c:160
#9  0xb7dc4240 in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#10 0xb7d5849e in clone () from /lib/tls/i686/cmov/libc.so.6

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2008-07-21 21:14 UTC] jani@php.net

See http://pecl.php.net/package/threads
This is not any PHP bug per se. Just bad code.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Thu Nov 27 19:00:01 2025 UTC