php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #58330 bus error
Submitted: 2008-09-02 02:39 UTC Modified: 2008-10-07 18:46 UTC
From: fletch at pobox dot com Assigned:
Status: Closed Package: svn (PECL)
PHP Version: 5.2.6 OS: Mac OS X 10.5.4
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: fletch at pobox dot com
New email:
PHP Version: OS:

 

 [2008-09-02 02:39 UTC] fletch at pobox dot com
Description:
------------
My PHP version is actually 5.2.6, but that's no an option in 
the bug report form.

Reproduce code:
---------------
I can't reproduce this against a public repository, so I don't have any reproduce code for you.  I have no idea what you'll need to track this down.  I'm hoping the backtrace is enough.

Please let me know if you need something more.

Actual result:
--------------
Here's the result of the crash occurring in gdb:

Program received signal EXC_BAD_ACCESS, Could not access 
memory.
Reason: KERN_PROTECTION_FAILURE at address: 0x00000000
0x95c8e150 in strlen ()
(gdb) bt
#0  0x95c8e150 in strlen ()
#1  0x0026f2cf in add_next_index_string ()
#2  0x019ea156 in zif_svn_commit ()
#3  0x0028eb01 in zend_do_fcall_common_helper_SPEC ()
#4  0x0028c2f8 in execute ()
#5  0x0028e52d in zend_do_fcall_common_helper_SPEC ()
#6  0x0028c2f8 in execute ()
#7  0x0026dd0c in zend_execute_scripts ()
#8  0x00225e2f in php_execute_script ()
#9  0x00306a2a in main ()
(gdb) 




Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2008-09-02 08:09 UTC] scottmac@php.net
A reproduce script and details about the repository would help, what version it is and how you are accessing it etc.
 [2008-09-02 13:15 UTC] fletch at pobox dot com
The server is on an Ubuntu box.  The repository is accessed 
via HTTP through Apache with mod_dav_svn.  These are the 
relevant Ubuntu packages and their versions:

apache2/hardy 2.2.8-1ubuntu0.3
libsvn1/intrepid 1.5.1dfsg1-1ubuntu2
libapache2-svn/intrepid 1.5.1dfsg1-1ubuntu2
subversion/intrepid 1.5.1dfsg1-1ubuntu2

I'll work on whittling down the code to a manageable 
reproduce script.
 [2008-09-02 18:22 UTC] scottmac@php.net
Can you compile a debug build of PHP and the extension? It sounds like the string was NULL.

Now based on the function called its svn_commit and either username or date was NULL.
 [2008-09-02 20:09 UTC] fletch at pobox dot com
Here's the backtrace w/ a debug build of PHP.

Program received signal EXC_BAD_ACCESS, Could not access 
memory.
Reason: KERN_PROTECTION_FAILURE at address: 0x00000000
0x00235c68 in add_next_index_string (arg=0x1028f58, str=0x0, 
duplicate=1) at 
/opt/local/var/macports/build/_opt_local_var_macports_source
s_rsync.macports.org_release_ports_www_php5/work/p
hp-5.2.6/Zend/zend_API.c:1202
1202            ZVAL_STRING(tmp, str, duplicate);
(gdb) bt
#0  0x00235c68 in add_next_index_string (arg=0x1028f58, 
str=0x0, duplicate=1) at 
/opt/local/var/macports/build/_opt_local_var_macports_source
s_rsync.macports.org_release_ports_www_php5/work/p
hp-5.2.6/Zend/zend_API.c:1202
#1  0x006e4f88 in zif_svn_commit ()
#2  0x0025a5be in zend_do_fcall_common_helper_SPEC 
(execute_data=0xbfffcc00) at zend_vm_execute.h:200
#3  0x002609b0 in ZEND_DO_FCALL_SPEC_CONST_HANDLER 
(execute_data=0xbfffcc00) at zend_vm_execute.h:1679
#4  0x0025a091 in execute (op_array=0x1023b20) at 
zend_vm_execute.h:92
#5  0x0025a79c in zend_do_fcall_common_helper_SPEC 
(execute_data=0xbfffcd50) at zend_vm_execute.h:234
#6  0x0025b3ee in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER 
(execute_data=0xbfffcd50) at zend_vm_execute.h:322
#7  0x0025a091 in execute (op_array=0x1011cd0) at 
zend_vm_execute.h:92
#8  0x00231773 in zend_execute_scripts (type=8, retval=0x0, 
file_count=3) at 
/opt/local/var/macports/build/_opt_local_var_macports_source
s_rsync.macports.org_release_ports_www_php5/work/p
hp-5.2.6/Zend/zend.c:1134
#9  0x001d438a in php_execute_script 
(primary_file=0xbfffd470) at 
/opt/local/var/macports/build/_opt_local_var_macports_source
s_rsync.macports.org_release_ports_www_php5/work/p
hp-5.2.6/main/main.c:2005
#10 0x002b7a0b in main (argc=3, argv=0xbfffd54c) at 
/opt/local/var/macports/build/_opt_local_var_macports_source
s_rsync.macports.org_release_ports_www_php5/work/p
hp-5.2.6/sapi/cli/php_cli.c:1140
 [2008-09-02 20:15 UTC] scottmac@php.net
can you rebuild the svn extension has a debug build as well, 
i'm curious what line in svn.c that is calling 
add_next_index_string() as there are two right next to each 
other in svn_commit.
 [2008-09-02 21:17 UTC] fletch at pobox dot com
I realized I never mentioned what version of your extension I was using.  It was 0.4.1 beta.  While recompiling the 
extension with debug symbols I realized I should make sure it's not already fixed in CVS.  It doesn't appear to be.

Here's a backtrace of the crash occurring in HEAD.  Looks like it's the first of those two calls to add_next_index_string():

Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_PROTECTION_FAILURE at address: 0x00000000
0x0034640c in add_next_index_string (arg=0x1bc1784, str=0x0, duplicate=1) at 
/opt/local/var/macports/build/_opt_local_var_macports_sources_rsync.macports.org_release_ports_www_php5/work/php-
5.2.6/Zend/zend_API.c:1202
1202            ZVAL_STRING(tmp, str, duplicate);
(gdb) bt
#0  0x0034640c in add_next_index_string (arg=0x1bc1784, str=0x0, duplicate=1) at 
/opt/local/var/macports/build/_opt_local_var_macports_sources_rsync.macports.org_release_ports_www_php5/work/php-
5.2.6/Zend/zend_API.c:1202
#1  0x01bf2f60 in zif_svn_commit (ht=3, return_value=0x1bc1784, return_value_ptr=0x0, this_ptr=0x0, 
return_value_used=0) at /Users/rick/pecl/svn/svn.c:2654
#2  0x0036ad62 in zend_do_fcall_common_helper_SPEC (execute_data=0xbfffcc00) at zend_vm_execute.h:200
#3  0x00371154 in ZEND_DO_FCALL_SPEC_CONST_HANDLER (execute_data=0xbfffcc00) at zend_vm_execute.h:1679
#4  0x0036a835 in execute (op_array=0x1bb9c9c) at zend_vm_execute.h:92
#5  0x0036af40 in zend_do_fcall_common_helper_SPEC (execute_data=0xbfffcd50) at zend_vm_execute.h:234
#6  0x0036bb92 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0xbfffcd50) at zend_vm_execute.h:322
#7  0x0036a835 in execute (op_array=0x1ba7e4c) at zend_vm_execute.h:92
#8  0x00341f17 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at 
/opt/local/var/macports/build/_opt_local_var_macports_sources_rsync.macports.org_release_ports_www_php5/work/php-
5.2.6/Zend/zend.c:1134
#9  0x002e4406 in php_execute_script (primary_file=0xbfffd470) at 
/opt/local/var/macports/build/_opt_local_var_macports_sources_rsync.macports.org_release_ports_www_php5/work/php-
5.2.6/main/main.c:2005
#10 0x003c81af in main (argc=3, argv=0xbfffd54c) at 
/opt/local/var/macports/build/_opt_local_var_macports_sources_rsync.macports.org_release_ports_www_php5/work/php-
5.2.6/sapi/cli/php_cli.c:1140
(gdb) 

I'm also still planning on getting you some reproduce code, but that has to wait until I get home later tonight.
 [2008-09-02 21:38 UTC] scottmac@php.net
Can you comment out the two add_next_index_string lines there 
within svn_commit.

I have a feeling that the revision returned from svn_commit is 
going to be "-1" though I'm not sure why this is the case. 
Have you been able to work out a reproduce case?

Perhaps its a commit hook?
 [2008-09-03 02:39 UTC] fletch at pobox dot com
I spent some time with this tonight and finally found a simple test case.  
Here's some reproduce code:

<?php
    $versioned_dir = '/path/to/working/copy';

    // make a new file in the versioned dir
    $new_file = $versioned_dir . '/' . uniqid();
    touch( $new_file );

    // schedule it for addition
    svn_add( $new_file );

    // commit it
    svn_commit( 'testing for php bug', $new_file );
    
    // commit it again, triggering the bus error
    svn_commit( 'testing for php bug', $new_file );
?>

The larger script that I first had problems with processes a large set of xml 
files, commits them, rinse, repeat.  I guess I have some work to do to make sure 
the files are actually modified first. :)
 [2008-10-07 18:46 UTC] scottmac@php.net
Fixed this now in CVS.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved.
Last updated: Thu Jul 03 17:01:33 2025 UTC