PHP :: Bug #50995 :: segfault with Zend Memory Manager = enabled

Bug #50995

segfault with Zend Memory Manager = enabled

Submitted:

2010-02-10 15:41 UTC

Modified:

2010-02-20 01:00 UTC

Votes:	2
Avg. Score:	5.0 ± 0.0
Reproduced:	2 of 2 (100.0%)
Same Version:	2 (100.0%)
Same OS:	2 (100.0%)

From:

valters at videinfra dot com

Assigned:

Status:

No Feedback

Package:

Scripting Engine problem

PHP Version:

5.2.12

OS:

Debian Lenny

Private report:

CVE-ID:

None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	valters at videinfra dot com
New email:
PHP Version:		OS:

New Comment:

[2010-02-10 15:41 UTC] valters at videinfra dot com

Description:
------------
./configure --prefix=/usr/local/php5.2 --sysconfdir=/etc --with-apxs2=/usr/local/apache/bin/apxs --with-config-file-path=/etc/php/apache2-php5 --with-config-file-scan-dir=/etc/php/apache2-php5/ext-active --without-pear --enable-bcmath --enable-calendar --with-curl --enable-exif --enable-ftp --with-gettext --with-gmp --enable-mbstring --with-mcrypt --with-mhash --with-openssl --with-openssl-dir --with-pgsql --with-pspell --enable-soap --enable-sockets --with-xmlrpc --with-xsl --enable-zip --with-zlib --enable-dba --with-db4 --with-gdbm --with-freetype-dir --with-jpeg-dir --with-png-dir --with-gd --with-imap --with-imap-ssl --with-ldap --with-pdo-dblib --with-pdo-pgsql --with-pdo-sqlite --with-readline --with-sqlite --enable-sqlite-utf8 --with-kerberos --disable-ipv6

there is no segfault with --enable-debug and it seems that this crash happens after the end of the script. The crash happens when php is compiled with Zend Memory Manager = enabled 
Server version: Apache/2.2.14 (Unix)
[notice] child pid 8480 exit signal Segmentation fault (11)


Actual result:
--------------
0xb79d7ffa in zend_mm_remove_from_free_list (heap=<value optimized out>, mm_block=0x8f35784) at /root/php-5.2.12/Zend/zend_alloc.c:822
822				ZEND_MM_CHECK_TREE(mm_block);
(gdb) bt
#0  0xb79d7ffa in zend_mm_remove_from_free_list (heap=<value optimized out>, mm_block=0x8f35784) at /root/php-5.2.12/Zend/zend_alloc.c:822
#1  0xb79d8131 in _zend_mm_free_int (heap=0x8965fd8, p=<value optimized out>) at /root/php-5.2.12/Zend/zend_alloc.c:1979
#2  0xb79fbe5a in zend_hash_destroy (ht=0x8f36c64) at /root/php-5.2.12/Zend/zend_hash.c:531
#3  0xb79f18d5 in _zval_dtor_func (zvalue=0x8f42320) at /root/php-5.2.12/Zend/zend_variables.c:42
#4  0xb79e5460 in _zval_ptr_dtor (zval_ptr=0x8f41fc0) at /root/php-5.2.12/Zend/zend_variables.h:35
#5  0xb79fbe2e in zend_hash_destroy (ht=0x8f36e7c) at /root/php-5.2.12/Zend/zend_hash.c:526
#6  0xb7a0bcb3 in zend_object_std_dtor (object=0x8f41460) at /root/php-5.2.12/Zend/zend_objects.c:45
#7  0xb7a0bce2 in zend_objects_free_object_storage (object=0x8f41460) at /root/php-5.2.12/Zend/zend_objects.c:122
#8  0xb7a0f018 in zend_objects_store_del_ref_by_handle (handle=51) at /root/php-5.2.12/Zend/zend_objects_API.c:211
#9  0xb7a0f038 in zend_objects_store_del_ref (zobject=0x8f4094c) at /root/php-5.2.12/Zend/zend_objects_API.c:169
#10 0xb79e5460 in _zval_ptr_dtor (zval_ptr=0x91dcf74) at /root/php-5.2.12/Zend/zend_variables.h:35
#11 0xb79fbe2e in zend_hash_destroy (ht=0x91dcf10) at /root/php-5.2.12/Zend/zend_hash.c:526
#12 0xb7a0bcb3 in zend_object_std_dtor (object=0x91dceb8) at /root/php-5.2.12/Zend/zend_objects.c:45
#13 0xb7a0bce2 in zend_objects_free_object_storage (object=0x91dceb8) at /root/php-5.2.12/Zend/zend_objects.c:122
#14 0xb7a0f018 in zend_objects_store_del_ref_by_handle (handle=102) at /root/php-5.2.12/Zend/zend_objects_API.c:211
#15 0xb7a0f038 in zend_objects_store_del_ref (zobject=0x91dcea0) at /root/php-5.2.12/Zend/zend_objects_API.c:169
#16 0xb79e5460 in _zval_ptr_dtor (zval_ptr=0x91dd028) at /root/php-5.2.12/Zend/zend_variables.h:35
#17 0xb79fbe2e in zend_hash_destroy (ht=0x91dcb00) at /root/php-5.2.12/Zend/zend_hash.c:526
#18 0xb79f18d5 in _zval_dtor_func (zvalue=0x91dbff4) at /root/php-5.2.12/Zend/zend_variables.c:42
#19 0xb79e5460 in _zval_ptr_dtor (zval_ptr=0x9113624) at /root/php-5.2.12/Zend/zend_variables.h:35
#20 0xb79fbe2e in zend_hash_destroy (ht=0x91dc424) at /root/php-5.2.12/Zend/zend_hash.c:526
#21 0xb7a0bcb3 in zend_object_std_dtor (object=0x911424c) at /root/php-5.2.12/Zend/zend_objects.c:45
#22 0xb7a0bce2 in zend_objects_free_object_storage (object=0x911424c) at /root/php-5.2.12/Zend/zend_objects.c:122
#23 0xb7a0f018 in zend_objects_store_del_ref_by_handle (handle=97) at /root/php-5.2.12/Zend/zend_objects_API.c:211
#24 0xb7a0f038 in zend_objects_store_del_ref (zobject=0x9108a8c) at /root/php-5.2.12/Zend/zend_objects_API.c:169
#25 0xb79e5460 in _zval_ptr_dtor (zval_ptr=0x91dcae0) at /root/php-5.2.12/Zend/zend_variables.h:35
#26 0xb79fbe2e in zend_hash_destroy (ht=0x91dc3d4) at /root/php-5.2.12/Zend/zend_hash.c:526
#27 0xb79f18d5 in _zval_dtor_func (zvalue=0x908e678) at /root/php-5.2.12/Zend/zend_variables.c:42
#28 0xb79e5460 in _zval_ptr_dtor (zval_ptr=0x91de514) at /root/php-5.2.12/Zend/zend_variables.h:35
#29 0xb79fbe2e in zend_hash_destroy (ht=0x9189c04) at /root/php-5.2.12/Zend/zend_hash.c:526
#30 0xb79f18d5 in _zval_dtor_func (zvalue=0x9165f54) at /root/php-5.2.12/Zend/zend_variables.c:42
#31 0xb79e5460 in _zval_ptr_dtor (zval_ptr=0x9165f00) at /root/php-5.2.12/Zend/zend_variables.h:35
#32 0xb79fbe2e in zend_hash_destroy (ht=0x9189b20) at /root/php-5.2.12/Zend/zend_hash.c:526
#33 0xb7a0bcb3 in zend_object_std_dtor (object=0x918ad50) at /root/php-5.2.12/Zend/zend_objects.c:45
#34 0xb7a0bce2 in zend_objects_free_object_storage (object=0x918ad50) at /root/php-5.2.12/Zend/zend_objects.c:122
#35 0xb7a0f018 in zend_objects_store_del_ref_by_handle (handle=4) at /root/php-5.2.12/Zend/zend_objects_API.c:211
#36 0xb7a0f038 in zend_objects_store_del_ref (zobject=0x8ae57d4) at /root/php-5.2.12/Zend/zend_objects_API.c:169
#37 0xb79e5460 in _zval_ptr_dtor (zval_ptr=0x8a999b0) at /root/php-5.2.12/Zend/zend_variables.h:35
#38 0xb79fbe2e in zend_hash_destroy (ht=0x8a99694) at /root/php-5.2.12/Zend/zend_hash.c:526
#39 0xb79e94f6 in destroy_zend_class (pce=0x8ace6bc) at /root/php-5.2.12/Zend/zend_opcode.c:184
#40 0xb79fbae2 in zend_hash_apply_deleter (ht=0x8966270, p=0x8ace6b0) at /root/php-5.2.12/Zend/zend_hash.c:611
#41 0xb79fbbf0 in zend_hash_reverse_apply (ht=0x8966270, apply_func=0xb79e4b70 <clean_non_persistent_class>) at /root/php-5.2.12/Zend/zend_hash.c:760
#42 0xb79e7f02 in shutdown_executor () at /root/php-5.2.12/Zend/zend_execute_API.c:291
#43 0xb79f2353 in zend_deactivate () at /root/php-5.2.12/Zend/zend.c:860
#44 0xb79b0e07 in php_request_shutdown (dummy=0x0) at /root/php-5.2.12/main/main.c:1504
#45 0xb7a5e321 in php_handler (r=0x8bd0fb8) at /root/php-5.2.12/sapi/apache2handler/sapi_apache2.c:477
#46 0x0807c3c9 in ap_run_handler (r=0x8bd0fb8) at config.c:158
#47 0x0807f729 in ap_invoke_handler (r=0x8bd0fb8) at config.c:372
#48 0x08096ff6 in ap_process_request (r=0x8bd0fb8) at http_request.c:282
#49 0x08094078 in ap_process_http_connection (c=0x8ab8db0) at http_core.c:190
#50 0x08083849 in ap_run_process_connection (c=0x8ab8db0) at connection.c:43
#51 0x080b1b5d in child_main (child_num_arg=<value optimized out>) at prefork.c:662
#52 0x080b1e27 in make_child (s=0x88b1db0, slot=0) at prefork.c:702
#53 0x080b2532 in ap_mpm_run (_pconf=0x88ad0a8, plog=0x88eb1a0, s=0x88b1db0) at prefork.c:978
#54 0x08068ed0 in main (argc=Cannot access memory at address 0x0
) at main.c:740

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2010-02-11 22:42 UTC] aigors at inbox dot lv

The workaround has been found to the issue. The segmentation fault disappeared when the class property visibility was changed from protected to public or the __wakeup method was changed ? the nullifying of the same property was removed.

[2010-02-12 17:17 UTC] jani@php.net

Please try using this snapshot:

  http://snaps.php.net/php5.2-latest.tar.gz
 
For Windows:

  http://windows.php.net/snapshots/

[2010-02-20 01:00 UTC] php-bugs at lists dot php dot net

No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Sat Dec 06 15:00:02 2025 UTC