PHP :: Bug #55630 :: GC causes SEGFAULT

Bug #55630	GC causes SEGFAULT
Submitted:	2011-09-07 08:20 UTC	Modified:	2011-09-16 14:08 UTC
From:	ladislav at marek dot su	Assigned:
Status:	Closed	Package:	Scripting Engine problem
PHP Version:	5.3SVN-2011-09-07 (snap)	OS:	Linux x86
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	ladislav at marek dot su
New email:
PHP Version:		OS:

New Comment:

[2011-09-07 08:20 UTC] ladislav at marek dot su

Description:
------------
PHP sometimes ends with segfault. It actually works with gc_disabled().


Test script:
---------------
Im unable to reproduce it with small script and I cannot provide whole application, it is possible to discover where problem is only with backtrace from GDB?.

Expected result:
----------------
no SEGFAULT

Actual result:
--------------
#0  zval_mark_grey (pz=0xa059808) at /home/lm/php-5.3.8/Zend/zend_gc.c:372
#1  0x083bb129 in zval_mark_grey (pz=0xa059808) at
/home/lm/php-5.3.8/Zend/zend_gc.c:379
#2  0x083bb129 in zval_mark_grey (pz=0xa059808) at
/home/lm/php-5.3.8/Zend/zend_gc.c:379
#3  0x083bb129 in zval_mark_grey (pz=0xa059808) at
/home/lm/php-5.3.8/Zend/zend_gc.c:379
#4  0x083bb129 in zval_mark_grey (pz=0xa059808) at
/home/lm/php-5.3.8/Zend/zend_gc.c:379
#5  0x083bb129 in zval_mark_grey (pz=0xa059808) at
/home/lm/php-5.3.8/Zend/zend_gc.c:379
#6  0x083bb9ed in gc_mark_roots () at /home/lm/php-5.3.8/Zend/zend_gc.c:435
#7  gc_collect_cycles () at /home/lm/php-5.3.8/Zend/zend_gc.c:664
#8  0x083bbbfb in gc_zval_possible_root (zv=0xa995780) at
/home/lm/php-5.3.8/Zend/zend_gc.c:166
#9  0x0841692e in gc_zval_check_possible_root (execute_data=0x2) at
/home/lm/php-5.3.8/Zend/zend_gc.h:183
#10 zend_pzval_unlock_func (execute_data=0x2) at
/home/lm/php-5.3.8/Zend/zend_execute.c:80
#11 _get_zval_ptr_var (execute_data=0x2) at
/home/lm/php-5.3.8/Zend/zend_execute.c:211
#12 ZEND_ASSIGN_SPEC_CV_VAR_HANDLER (execute_data=0x2) at
/home/lm/php-5.3.8/Zend/zend_vm_execute.h:27425
#13 0x083c3396 in execute (op_array=0x9fd1f44) at
/home/lm/php-5.3.8/Zend/zend_vm_execute.h:107
#14 0x083963da in zend_call_function (fci=0xbfd7cd00,
fci_cache=0xbfd7cd24) at
/home/lm/php-5.3.8/Zend/zend_execute_API.c:968
#15 0x082de05b in zif_call_user_func_array (ht=2,
return_value=0xa5bf698, return_value_ptr=0x0, this_ptr=0x0,
return_value_used=1) at
/home/lm/php-5.3.8/ext/standard/basic_functions.c:4797
#16 0x083e7691 in zend_do_fcall_common_helper_SPEC
(execute_data=0x9f605d4) at
/home/lm/php-5.3.8/Zend/zend_vm_execute.h:320
#17 0x083c3396 in execute (op_array=0xa058148) at
/home/lm/php-5.3.8/Zend/zend_vm_execute.h:107
#18 0x083963da in zend_call_function (fci=0xbfd7cf9c,
fci_cache=0xbfd7cfc0) at
/home/lm/php-5.3.8/Zend/zend_execute_API.c:968
#19 0x083b510b in zend_call_method (object_pp=0x9f42860,
obj_ce=0xa094fdc, fn_proxy=0x9f4285c, function_name=0x9f51090
"nette\\loaders\\robotloader::tryload*", function_name_len=39,
retval_ptr_ptr=0xbfd7d068, param_count=1,
   arg1=0xa4cda10, arg2=0x0) at /home/lm/php-5.3.8/Zend/zend_interfaces.c:97
#20 0x0826bc0a in zif_spl_autoload_call (ht=1, return_value=0xa535e3c,
return_value_ptr=0xbfd7d250, this_ptr=0x0, return_value_used=1) at
/home/lm/php-5.3.8/ext/spl/php_spl.c:405
#21 0x0839648a in zend_call_function (fci=0xbfd7d208,
fci_cache=0xbfd7d22c) at
/home/lm/php-5.3.8/Zend/zend_execute_API.c:990
#22 0x083969eb in zend_lookup_class_ex (name=0xa58c5fc
"I\\have\\to\\hide\\className", name_length=39,
use_autoload=1, ce=0xbfd7d2ac) at
/home/lm/php-5.3.8/Zend/zend_execute_API.c:1125
#23 0x08396cb3 in zend_fetch_class (class_name=0xa58c5fc
"I\\have\\to\\hide\\className", class_name_len=39,
fetch_type=4) at /home/lm/php-5.3.8/Zend/zend_execute_API.c:1567
#24 0x083c1f25 in ZEND_FETCH_CLASS_SPEC_CONST_HANDLER
(execute_data=0x9f5f4f0) at
/home/lm/php-5.3.8/Zend/zend_vm_execute.h:731
#25 0x083c3396 in execute (op_array=0xa58bc4c) at
/home/lm/php-5.3.8/Zend/zend_vm_execute.h:107
#26 0x083963da in zend_call_function (fci=0xbfd7d49c,
fci_cache=0xbfd7d4c0) at
/home/lm/php-5.3.8/Zend/zend_execute_API.c:968
#27 0x083b510b in zend_call_method (object_pp=0x9f42860,
obj_ce=0xa094fdc, fn_proxy=0x9f4285c, function_name=0x9f51090
"nette\\loaders\\robotloader::tryload*", function_name_len=39,
retval_ptr_ptr=0xbfd7d568, param_count=1,
   arg1=0xa4cbc28, arg2=0x0) at /home/lm/php-5.3.8/Zend/zend_interfaces.c:97
#28 0x0826bc0a in zif_spl_autoload_call (ht=1, return_value=0xa54d134,
return_value_ptr=0xbfd7d760, this_ptr=0x0, return_value_used=1) at
/home/lm/php-5.3.8/ext/spl/php_spl.c:405
#29 0x0839648a in zend_call_function (fci=0xbfd7d718,
fci_cache=0xbfd7d73c) at
/home/lm/php-5.3.8/Zend/zend_execute_API.c:990
#30 0x083969eb in zend_lookup_class_ex (name=0xa35f380
"I\\have\\to\\hide\\className",
name_length=61, use_autoload=1, ce=0xbfd7d7bc) at
/home/lm/php-5.3.8/Zend/zend_execute_API.c:1125
#31 0x08396cb3 in zend_fetch_class (class_name=0xa35f380
"I\\have\\to\\hide\\className",
class_name_len=61, fetch_type=4) at
/home/lm/php-5.3.8/Zend/zend_execute_API.c:1567
#32 0x083c1f25 in ZEND_FETCH_CLASS_SPEC_CONST_HANDLER
(execute_data=0x9f5edb4) at
/home/lm/php-5.3.8/Zend/zend_vm_execute.h:731
#33 0x083c3396 in execute (op_array=0xa393054) at
/home/lm/php-5.3.8/Zend/zend_vm_execute.h:107
#34 0x083963da in zend_call_function (fci=0xbfd7d9a8,
fci_cache=0xbfd7d9cc) at
/home/lm/php-5.3.8/Zend/zend_execute_API.c:968
#35 0x08219d25 in zim_reflection_method_invokeArgs (ht=2,
return_value=0xa4bfa48, return_value_ptr=0x0, this_ptr=0xa4bfaa8,
return_value_used=1) at
/home/lm/php-5.3.8/ext/reflection/php_reflection.c:2750
#36 0x083e7691 in zend_do_fcall_common_helper_SPEC
(execute_data=0x9f5eb4c) at
/home/lm/php-5.3.8/Zend/zend_vm_execute.h:320
#37 0x083c3396 in execute (op_array=0xa4c7c7c) at
/home/lm/php-5.3.8/Zend/zend_vm_execute.h:107
#38 0x0839f4e6 in zend_execute_scripts (type=8, retval=0x0,
file_count=3) at /home/lm/php-5.3.8/Zend/zend.c:1236
#39 0x0834e636 in php_execute_script (primary_file=0xbfd81fa8) at
/home/lm/php-5.3.8/main/main.c:2284
#40 0x08428d37 in main (argc=1, argv=0xbfd82104) at
/home/lm/php-5.3.8/sapi/fpm/fpm/fpm_main.c:1902

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2011-09-07 15:45 UTC] felipe@php.net

-Status: Open +Status: Feedback

[2011-09-07 15:45 UTC] felipe@php.net

Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves. 

A proper reproducing script starts with <?php and ends with ?>,
is max. 10-20 lines long and does not require any external 
resources such as databases, etc. If the script requires a 
database to demonstrate the issue, please make sure it creates 
all necessary tables, stored procedures etc.

Please avoid embedding huge scripts into the report.

[2011-09-07 15:46 UTC] felipe@php.net

-Package: Class/Object related +Package: Scripting Engine problem

[2011-09-16 14:08 UTC] ladislav at marek dot su

-Status: Feedback +Status: Closed

[2011-09-16 14:08 UTC] ladislav at marek dot su

> To properly diagnose the problem, we need a short but complete example
> script to be able to reproduce this bug ourselves

Which I'm unable to provide, as I noted in report...

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Thu Jul 03 19:01:35 2025 UTC