|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
[2007-04-04 08:59 UTC] r at roze dot lv
Description:
------------
I've found out that on some array retrievals get() php segfaults.
Program received signal SIGSEGV, Segmentation fault.
0x0813180c in php_strtr (str=0x84bfc04 "132", len=1515870810, str_from=0xb7e1e259 "\t\r\n ", str_to=0xb7e1e254 "____", trlen=4) at /data/install/php-4.4.6/ext/standard/string.c:1879
1879 str[i] = xlat[(unsigned char) str[i]];
(gdb) bt full
#0 0x0813180c in php_strtr (str=0x84bfc04 "132", len=1515870810, str_from=0xb7e1e259 "\t\r\n ", str_to=0xb7e1e254 "____", trlen=4) at /data/install/php-4.4.6/ext/standard/string.c:1879
i = 29692
xlat = "\000\001\002\003\004\005\006\a\b__\v\f_\016\017\020\021\022\023\024\025\026\027\030\031\032\033\034\035\036\037_!\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\177\200\201\202\203\204\205\206\207\210\211\212\213\214\215\216\217\220\221\222\223\224\225\226\227\230\231\232\233\234\235\236\237????????????????????????????????????????"...
#1 0xb7e1b7d1 in zif_memcache_get (ht=1, return_value=0x84bdab4, this_ptr=0x84b57b4, return_value_used=1) at /data/install/memcache_CVS/memcache.c:1143
pool = (mmc_pool_t *) 0x84bdb74
key = (zval *) 0x84bfe7c
tmp_key = {value = {lval = 139210444, dval = 1.7838864206580435e+127, str = {val = 0x84c2ecc "\b", len = 1515870810}, ht = 0x84c2ecc, obj = {ce = 0x84c2ecc, properties = 0x5a5a5a5a}},
type = 4 '\004', is_ref = 0 '\0', refcount = 2}
mmc_object = (zval *) 0x84b57b4
#2 0x081a8536 in execute (op_array=0x84b9054) at /data/install/php-4.4.6/Zend/zend_execute.c:1681
original_return_value = (zval **) 0xb7e88854
return_value_used = 1
execute_data = {opline = 0x84bd8a0, function_state = {function_symbol_table = 0x0, function = 0x84b4198, reserved = {0xb7f4e170, 0xf30, 0xb7e88854, 0x4}}, fbc = 0x84b4198, ce = 0x0,
object = {ptr = 0x84b57b4}, Ts = 0xbf90aac0, original_in_execution = 0 '\0', op_array = 0x84b9054, prev_execute_data = 0x0}
#3 0x08191e4c in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /data/install/php-4.4.6/Zend/zend.c:935
files = 0xbf90b0b4 ""
i = 1
file_handle = (zend_file_handle *) 0xbf90d2f8
orig_op_array = (zend_op_array *) 0x0
orig_retval_ptr_ptr = (zval **) 0x0
local_retval = (zval *) 0x0
#4 0x08158ce2 in php_execute_script (primary_file=0xbf90d2f8) at /data/install/php-4.4.6/main/main.c:1757
orig_bailout = {{__jmpbuf = {-1208692748, -1207956320, -1081027728, -1081027752, 204201108, -1147018213}, __mask_was_saved = 0, __saved_mask = {__val = {0 <repeats 32 times>}}}}
orig_bailout_set = 1 '\001'
prepend_file_p = (zend_file_handle *) 0x0
append_file_p = (zend_file_handle *) 0x0
prepend_file = {type = 0 '\0', filename = 0x0, opened_path = 0x0, handle = {fd = 0, fp = 0x0}, free_filename = 0 '\0'}
append_file = {type = 0 '\0', filename = 0x0, opened_path = 0x0, handle = {fd = 0, fp = 0x0}, free_filename = 0 '\0'}
old_cwd = 0xbf90b0c0 ""
old_primary_file_path = 0x0
retval = 0
#5 0x081af13b in main (argc=2, argv=0xbf90d3f4) at /data/install/php-4.4.6/sapi/cli/php_cli.c:838
orig_bailout = {{__jmpbuf = {0, 0, 0, 0, 0, 0}, __mask_was_saved = 0, __saved_mask = {__val = {0 <repeats 32 times>}}}}
orig_bailout_set = 0 '\0'
exit_status = 0
c = -1
file_handle = {type = 2 '\002', filename = 0xbf90dbe5 "/data/web/root/mm.php", opened_path = 0x0, handle = {fd = 139155280, fp = 0x84b5750}, free_filename = 0 '\0'}
behavior = 1
orig_optind = 1
orig_optarg = 0x0
arg_free = 0xbf90dbe5 "/data/web/root/mm.php"
arg_excp = (char **) 0xbf90d3f8
script_file = 0xbf90dbe5 "/data/web/root/mm.php"
global_vars = {head = 0x0, tail = 0x0, size = 4, count = 0, dtor = 0, persistent = 0 '\0', traverse_ptr = 0x0}
interactive = 0
module_started = 1
lineno = 1
exec_direct = 0x0
param_error = 0x0
hide_argv = 0
(gdb)
Reproduce code:
---------------
The solution for us was just to change in memcache.c:1143
MMC_PREPARE_KEY(str_key, Z_STRLEN_PP(key));
to
MMC_PREPARE_KEY(str_key, key_len);
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
|
|||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Mon Nov 03 11:00:02 2025 UTC |
I can't provide a simple test case because (till far haven't found the true reason) it pops at random. The generic code would be: <? $smc = new Memcache; $smc->connect('127.0.0.1',11212); $smc->get(322); $fr['ids'] = array(1258697=>1258697,1142376=>1142376,954488=>954488,903370=>903370,726721=>726721,607245=>607245,566410=>566410,476124=>476124,472450=>472450,223273=>223273,218957=>218957,206273=>2 06273,190032=>190032,133542=>133542,116356=>116356,112106=>112106); $smc->get($fr['ids']); ?> The problem is that the second array() is produced by an external php extension. Although the var_dump() always looks correct (the same as simple php array definition) the key_len sometimes gets corrupted/wrong as in the backtrace len=1515870810 although the key was given as 132 (str=0x84bfc04 "132") which theoretically may be that the custom extension is at fault - but it has worked with previous 1.x and 2.0.x releases.. It works fine with that small change..