PHP :: Bug #60197 :: mem leak reporting of a library using dlopen imported cause segfault

Bug #60197	mem leak reporting of a library using dlopen imported cause segfault
Submitted:	2011-11-02 04:29 UTC	Modified:	2011-11-02 08:17 UTC
From:	imcnan at gmail dot com	Assigned:
Status:	Wont fix	Package:	Scripting Engine problem
PHP Version:	5.3.8	OS:	linux
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	imcnan at gmail dot com
New email:
PHP Version:		OS:

New Comment:

[2011-11-02 04:29 UTC] imcnan at gmail dot com

Description:
------------
php以debug模式编译。如果没有释放zval*，dl加载模块的时候会引起段错误。

I compiled php in debug mode.If the zval* isn't freed,the php will cause a 
Segmentation fault when load the module using dl();



Test script:
---------------
In PHP:
<?php
test_call();
echo "The Programe is over~\n";
?>


Expected result:
----------------
printf the detail info abount Memory leak

Actual result:
--------------
There is the same error with php 5.3.8.

walu@walu-ThinkPad:/cnan/php/bin-5.3.6/bin$ ./php test.php 
The Programe is over~
[Wed Nov  2 11:57:28 2011]  Script:  'test.php'
Segmentation fault

backtrace when Segmentation fault:


(gdb) run test.php
Starting program: /cnan/php/bin-5.3.6/bin/php test.php
The Programe is over~
[Wed Nov  2 11:25:49 2011]  Script:  'test.php'

Program received signal SIGSEGV, Segmentation fault.
0x0838bd33 in format_converter (odp=0xbfffdbf4, fmt=0x875bcc9 "s(%d) :  Freeing 
0x%.8lX (%zu bytes), script=%s\n", ap=0xbfffdc60 "(")
    at /cnan/php/source-5.3.6/main/snprintf.c:964
964							s_len = strlen(s);
(gdb) bt
#0  0x0838bd33 in format_converter (odp=0xbfffdbf4, fmt=0x875bcc9 "s(%d) :  
Freeing 0x%.8lX (%zu bytes), script=%s\n", ap=0xbfffdc60 "(")
    at /cnan/php/source-5.3.6/main/snprintf.c:964
#1  0x0838c578 in strx_printv (ccp=0xbfffdc38, buf=0xbfffdccc "[Wed Nov  2 
11:25:49 2011]  Script:  'test.php'\n", len=512, 
    format=0x875bcc8 "%s(%d) :  Freeing 0x%.8lX (%zu bytes), script=%s\n", 
ap=0xbfffdc5c "PYE") at /cnan/php/source-5.3.6/main/snprintf.c:1211
#2  0x0838c676 in ap_php_snprintf (buf=0xbfffdccc "[Wed Nov  2 11:25:49 2011]  
Script:  'test.php'\n", len=512, 
    format=0x875bcc8 "%s(%d) :  Freeing 0x%.8lX (%zu bytes), script=%s\n") at 
/cnan/php/source-5.3.6/main/snprintf.c:1256
#3  0x083887b4 in php_message_handler_for_zend (message=4, data=0xbfffef24) at 
/cnan/php/source-5.3.6/main/main.c:1273
#4  0x083f5ec2 in zend_message_dispatcher (message=4, data=0xbfffef24) at 
/cnan/php/source-5.3.6/Zend/zend.c:944
#5  0x083d3084 in zend_mm_check_leaks (heap=0x87fc1b8) at /cnan/php/source-
5.3.6/Zend/zend_alloc.c:1280
#6  0x083d3ba7 in zend_mm_shutdown (heap=0x87fc1b8, full_shutdown=0, silent=0) 
at /cnan/php/source-5.3.6/Zend/zend_alloc.c:1638
#7  0x083d5bb8 in shutdown_memory_manager (silent=0, full_shutdown=0) at 
/cnan/php/source-5.3.6/Zend/zend_alloc.c:2562
#8  0x083891df in php_request_shutdown (dummy=0x0) at /cnan/php/source-
5.3.6/main/main.c:1654
#9  0x084b9812 in main (argc=2, argv=0xbffff364) at /cnan/php/source-
5.3.6/sapi/cli/php_cli.c:1374

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2011-11-02 04:31 UTC] imcnan at gmail dot com

Test right script is:
---------------
In PHP:
<?php
dl("test.so");
test_call();
echo "The Programe is over~\n";
?>

[2011-11-02 05:35 UTC] laruence@php.net

this is because, zend_post_deactivate_modules is called before 
shutdown_memory_manager(in which the memleak will be reported) while 
php_request_shutdown was calling.

but if we put shutdown_memory_manager forward, there will be a lot lot new 
problems

considering the dl() is not use too common, so may be leave this as won't fix

[2011-11-02 05:35 UTC] laruence@php.net

-Status: Open +Status: Feedback

[2011-11-02 05:44 UTC] laruence@php.net

in shutdown_memory_manager, it try to report a memleak with the __FILE__, which is 
a const string in test.so.

but the test.so has alread be closed(dlclose) in zend_post_deactivate_modules.  so 
a segfault will be occurred.

as I said above, dl is not use too common, furthermore ,this also require --
enable-debug. so I really think there is no need to fix :)

[2011-11-02 06:06 UTC] imcnan at gmail dot com

Thanks a lot!
谢谢鸟哥～

[2011-11-02 06:06 UTC] imcnan at gmail dot com

-Status: Feedback +Status: Open

[2011-11-02 08:17 UTC] laruence@php.net

-Summary: PHP cause a segmentation fault when the zval* isn't freed. +Summary: mem leak reporting of a library using dlopen imported cause segfault -Status: Open +Status: Wont fix

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Thu May 08 09:01:27 2025 UTC