php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #57478 Segmentation fault in TSRM shutdown if APC extension loaded
Submitted: 2007-01-15 09:38 UTC Modified: 2007-02-06 19:07 UTC
From: wharmby at uk dot ibm dot com Assigned:
Status: Closed Package: APC (PECL)
PHP Version: 5_2 CVS-2007-01-15 OS: Linux RHEL4
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: wharmby at uk dot ibm dot com
New email:
PHP Version: OS:

 

 [2007-01-15 09:38 UTC] wharmby at uk dot ibm dot com 
Description:
------------
Using latest PHP 5.2 snapshot (Jan 15th 1130 GMT)and latest
APC available from PECL (APC-3.0.12p2.tgz)I get a segmentation fault in TSRM shutdown when I invoke a php
script using CLI. 

PHP is configured to enable ZTS.

I have the following entries in my php.ini file: 
      extension=apc.so 
      apc.enable_cli=0  

A simple query of the PHP version using CLI results in a  segmentation fault, e.g 

[andy@rhel4 testcases]$ php -v
PHP 5.2.1RC3-dev (cli) (built: Jan 15 2007 12:23:26)
Copyright (c) 1997-2007 The PHP Group 
Zend Engine v2.2.0, Copyright (c)1998-2007 Zend Technologies
Segmentation fault (core dumped)
[andy@rhel4 testcases]$

When I invoke as follows all is OK:

[andy@rhel4 testcases]$ php -dapc.enable_cli=1 -v
PHP 5.2.1RC3-dev (cli) (built: Jan 15 2007 12:23:26)
Copyright (c) 1997-2007 The PHP Group
Zend Engine v2.2.0, Copyright (c)1998-2007 Zend Technologies
[andy@rhel4 testcases]$
    
Back trace in core shows:
(gdb) bt
#0  0x006a5f64 in ?? ()
#1  0x0810206e in tsrm_shutdown () at /root/php5.2-200701151130/TSRM/TSRM.c:180
#2  0x081b347e in main (argc=3, argv=0xbfe7cc94)
    at /root/php5.2-200701151130/sapi/cli/php_cli.c:1283
(gdb)

We are trap in the following code in tsrm_shutdown():   

for (j=0; j<p->count; j++) {
    if (p->storage[j]) {
	if (resource_types_table &&          
            resource_types_table[j].done && 
            resource_types_table[j].dtor) {
		 resource_types_table[j].dtor(p->storage[j],
                    &p->storage);   <<< TRAP  HERE
		}
		free(p->storage[j]);
	}
}

as we try to call the dtor for a resource type. A little 
more debugging showed this to be call to php_apc_shutdown_globals(). 

As we have already unloaded the APC module by the time 
tsrm_shutdown() runs (unloaded by module_destructor() ) the 
segmentation fault is to be expected. However, any global
storage for the APC extension should have been freed 
(and dtor called) when APC was called for MSHUTDOWN.

A quick look at the MSHUTDOWN function for APC shows why this is not happening; the code to free APC globals is 
not called if APCG(enabled) is false. 

Reproduce code:
---------------
The following simple patch prevents the segmentation fault: 
 
    http://www.pastebin.ca/317303



Expected result:
----------------
[andy@rhel4 testcases]$ php -v
PHP 5.2.1RC3-dev (cli) (built: Jan 15 2007 12:23:26)
Copyright (c) 1997-2007 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2007 Zend Technologies
[andy@rhel4 testcases]$

Actual result:
--------------
[andy@rhel4 testcases]$ php -v
PHP 5.2.1RC3-dev (cli) (built: Jan 15 2007 12:23:26)
Copyright (c) 1997-2007 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2007 Zend Technologies
Segmentation fault (core dumped)
[andy@rhel4 testcases]$

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2007-01-18 20:58 UTC] gopalv82 at yahoo dot com 
Thanks for the patch, will be applied as soon as I'm back to work.
 [2007-02-06 19:07 UTC] gopalv82 at yahoo dot com 
Fixed in CVS.

http://news.php.net/php.pecl.cvs/7136
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Fri Jul 04 15:01:36 2025 UTC