PHP :: Bug #60275 :: Segfault

Bug #60275	Segfault
Submitted:	2011-11-11 21:54 UTC	Modified:	2011-11-12 09:57 UTC
From:	kontakt at beberlei dot de	Assigned:
Status:	Closed	Package:	Reproducible crash
PHP Version:	5.4.0RC1	OS:	Linux
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	kontakt at beberlei dot de
New email:
PHP Version:		OS:

New Comment:

[2011-11-11 21:54 UTC] kontakt at beberlei dot de

Description:
------------
This runs against the Doctrine 2 testsuite and fails at the same location all 
the time. I will investigate more, this is just so i don't forget the progress 
for now :)

Program received signal SIGSEGV, Segmentation fault.
_zend_mm_free_int (heap=0xf56300, p=0x7ffff7f8b7a8) at 
/home/benny/Downloads/php5.4-201105301830/Zend/zend_alloc.c:2091
2091		if (ZEND_MM_IS_FREE_BLOCK(next_block)) {
(gdb) bt
#0  _zend_mm_free_int (heap=0xf56300, p=0x7ffff7f8b7a8) at 
/home/benny/Downloads/php5.4-201105301830/Zend/zend_alloc.c:2091
#1  0x000000000072ac39 in zend_call_function (fci=0x7fffffffb520, fci_cache=
<value optimized out>)
    at /home/benny/Downloads/php5.4-201105301830/Zend/zend_execute_API.c:1018
#2  0x000000000074d707 in zend_call_method (object_pp=0x7fffffffb648, 
obj_ce=0x77d2d68, fn_proxy=0x77d2ed0, function_name=0xbdc24b "__tostring", 
    function_name_len=-303805192, retval_ptr_ptr=<value optimized out>, 
param_count=0, arg1=0x0, arg2=0x0)
    at /home/benny/Downloads/php5.4-201105301830/Zend/zend_interfaces.c:97
#3  0x0000000000759ae3 in zend_std_cast_object_tostring (readobj=0x7ffff7f8b7a8, 
writeobj=0x7fffffffb6d0, type=<value optimized out>)
    at /home/benny/Downloads/php5.4-
201105301830/Zend/zend_object_handlers.c:1472
#4  0x0000000000736c0f in zend_make_printable_zval (expr=0xf56300, 
expr_copy=0x7fffffffb6d0, use_copy=0x7fffffffb708)
    at /home/benny/Downloads/php5.4-201105301830/Zend/zend.c:257
#5  0x000000000072eb54 in concat_function (result=0x7ffff7f8b7c8, 
op1=0x7ffff7f8b728, op2=0x7ffff7f8b7a8)
    at /home/benny/Downloads/php5.4-201105301830/Zend/zend_operators.c:1246
#6  0x00000000007909de in ZEND_CONCAT_SPEC_TMP_TMP_HANDLER 
(execute_data=0x7ffff7f8b548) at /home/benny/Downloads/php5.4-
201105301830/Zend/zend_vm_execute.h:7881
#7  0x000000000079f510 in execute (op_array=0x64d8010) at 
/home/benny/Downloads/php5.4-201105301830/Zend/zend_vm_execute.h:410
#8  0x000000000072ace4 in zend_call_function (fci=0x7fffffffb910, fci_cache=
<value optimized out>)
    at /home/benny/Downloads/php5.4-201105301830/Zend/zend_execute_API.c:957
#9  0x00000000005c9304 in zim_reflection_method_invokeArgs (ht=<value optimized 
out>, return_value=0x77d0f78, return_value_ptr=<value optimized out>, 
    this_ptr=<value optimized out>, return_value_used=<value optimized out>) at 
/home/benny/Downloads/php5.4-201105301830/ext/reflection/php_reflection.c:2902
#10 0x00000000007a4274 in zend_do_fcall_common_helper_SPEC 
(execute_data=0x7ffff7f899e0) at /home/benny/Downloads/php5.4-
201105301830/Zend/zend_vm_execute.h:642
#11 0x000000000079f510 in execute (op_array=0x1a64848) at 
/home/benny/Downloads/php5.4-201105301830/Zend/zend_vm_execute.h:410
#12 0x0000000000735a2f in zend_execute_scripts (type=8, retval=<value optimized 
out>, file_count=3) at /home/benny/Downloads/php5.4-
201105301830/Zend/zend.c:1212
#13 0x00000000006dab28 in php_execute_script (primary_file=<value optimized 
out>) at /home/benny/Downloads/php5.4-201105301830/main/main.c:2352
#14 0x00000000007d9db4 in main (argc=<value optimized out>, argv=<value 
optimized out>) at /home/benny/Downloads/php5.4-
201105301830/sapi/cli/php_cli.c:1136

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2011-11-11 21:58 UTC] kontakt at beberlei dot de

Got another one in another scenario with I think almost the same stack trace:

#0  0x0000000000000000 in ?? ()
#1  0x00000000007a3bcb in zend_do_fcall_common_helper_SPEC (execute_data=0x7ffff7f8bed0) at /home/benny/Downloads/php5.4-201105301830/Zend/zend_vm_execute.h:693
#2  0x000000000079f510 in execute (op_array=0x1dec230) at /home/benny/Downloads/php5.4-201105301830/Zend/zend_vm_execute.h:410
#3  0x000000000072ace4 in zend_call_function (fci=0x7fffffffb5f0, fci_cache=<value optimized out>)
    at /home/benny/Downloads/php5.4-201105301830/Zend/zend_execute_API.c:957
#4  0x000000000065a1f7 in zif_call_user_func_array (ht=<value optimized out>, return_value=0x1dfe278, return_value_ptr=<value optimized out>, 
    this_ptr=<value optimized out>, return_value_used=<value optimized out>) at /home/benny/Downloads/php5.4-201105301830/ext/standard/basic_functions.c:4729
#5  0x00000000007a4274 in zend_do_fcall_common_helper_SPEC (execute_data=0x7ffff7f8acc8) at /home/benny/Downloads/php5.4-201105301830/Zend/zend_vm_execute.h:642
#6  0x000000000079f510 in execute (op_array=0x1de0918) at /home/benny/Downloads/php5.4-201105301830/Zend/zend_vm_execute.h:410
#7  0x000000000072ace4 in zend_call_function (fci=0x7fffffffb910, fci_cache=<value optimized out>)
    at /home/benny/Downloads/php5.4-201105301830/Zend/zend_execute_API.c:957
#8  0x00000000005c9304 in zim_reflection_method_invokeArgs (ht=<value optimized out>, return_value=0x1df7dc0, return_value_ptr=<value optimized out>, 
    this_ptr=<value optimized out>, return_value_used=<value optimized out>) at /home/benny/Downloads/php5.4-201105301830/ext/reflection/php_reflection.c:2902
#9  0x00000000007a4274 in zend_do_fcall_common_helper_SPEC (execute_data=0x7ffff7f899e0) at /home/benny/Downloads/php5.4-201105301830/Zend/zend_vm_execute.h:642
#10 0x000000000079f510 in execute (op_array=0x14c06a8) at /home/benny/Downloads/php5.4-201105301830/Zend/zend_vm_execute.h:410
#11 0x0000000000735a2f in zend_execute_scripts (type=8, retval=<value optimized out>, file_count=3) at /home/benny/Downloads/php5.4-201105301830/Zend/zend.c:1212
#12 0x00000000006dab28 in php_execute_script (primary_file=<value optimized out>) at /home/benny/Downloads/php5.4-201105301830/main/main.c:2352
#13 0x00000000007d9db4 in main (argc=<value optimized out>, argv=<value optimized out>) at /home/benny/Downloads/php5.4-201105301830/sapi/cli/php_cli.c:1136

[2011-11-11 22:23 UTC] kontakt at beberlei dot de

more juicy details :-) I recompiled with --enable-debug and got this:

benny@benny-dell:~/code/php/wsnetbeans/doctrine2(master)$ /usr/local/php54/bin/php /usr/local/php531/bin/phpunit 
PHPUnit 3.5.10 by Sebastian Bergmann.

.............................................F............F..   61 / 1280 (  4%)
......F..F....................................S........S.....  122 / 1280 (  9%)
...............................S.............................  183 / 1280 ( 14%)
...F...............*** glibc detected *** /usr/local/php54/bin/php: free(): invalid pointer: 0x000000000186ecb8 ***
======= Backtrace: =========
/lib/libc.so.6(+0x775b6)[0x7fcbd84f45b6]
/lib/libc.so.6(cfree+0x73)[0x7fcbd84fae83]
/usr/local/php54/bin/php(zend_call_function+0x7c9)[0x72ac39]
/usr/local/php54/bin/php(zend_call_method+0x1c7)[0x74d707]
/usr/local/php54/bin/php(zend_std_cast_object_tostring+0xd3)[0x759ae3]
/usr/local/php54/bin/php(zend_make_printable_zval+0x9f)[0x736c0f]
/usr/local/php54/bin/php(concat_function+0x64)[0x72eb54]
/usr/local/php54/bin/php[0x7909de]
/usr/local/php54/bin/php(execute+0x220)[0x79f510]
/usr/local/php54/bin/php(zend_call_function+0x874)[0x72ace4]
/usr/local/php54/bin/php[0x5c9304]
/usr/local/php54/bin/php[0x7a4274]
/usr/local/php54/bin/php(execute+0x220)[0x79f510]
/usr/local/php54/bin/php(zend_execute_scripts+0x16f)[0x735a2f]
/usr/local/php54/bin/php(php_execute_script+0x1d8)[0x6dab28]
/usr/local/php54/bin/php[0x7d9db4]
/lib/libc.so.6(__libc_start_main+0xfd)[0x7fcbd849bc4d]
/usr/local/php54/bin/php[0x439689]
======= Memory map: ========
00400000-00c74000 r-xp 00000000 08:06 4618                               /usr/local/php54/bin/php
00e74000-00f24000 r--p 00874000 08:06 4618                               /usr/local/php54/bin/php
00f24000-00f34000 rw-p 00924000 08:06 4618                               /usr/local/php54/bin/php
00f34000-00f56000 rw-p 00000000 00:00 0 
01593000-07fb3000 rw-p 00000000 00:00 0                                  [heap]
7fcbd0000000-7fcbd0021000 rw-p 00000000 00:00 0 
7fcbd0021000-7fcbd4000000 ---p 00000000 00:00 0 
7fcbd4417000-7fcbd4518000 rw-p 00000000 00:00 0 
7fcbd4599000-7fcbd4d1a000 rw-p 00000000 00:00 0 
7fcbd4d5b000-7fcbd4d67000 r-xp 00000000 08:06 1966669                    /lib/libnss_files-2.11.1.so
7fcbd4d67000-7fcbd4f66000 ---p 0000c000 08:06 1966669                    /lib/libnss_files-2.11.1.so
7fcbd4f66000-7fcbd4f67000 r--p 0000b000 08:06 1966669                    /lib/libnss_files-2.11.1.so
7fcbd4f67000-7fcbd4f68000 rw-p 0000c000 08:06 1966669                    /lib/libnss_files-2.11.1.so
7fcbd4f68000-7fcbd4f70000 r-xp 00000000 08:06 4614                       /usr/local/php54/lib/php/extensions/no-debug-non-zts-20100525/pdo_pgsql.so
7fcbd4f70000-7fcbd5170000 ---p 00008000 08:06 4614                       /usr/local/php54/lib/php/extensions/no-debug-non-zts-20100525/pdo_pgsql.so
7fcbd5170000-7fcbd5171000 r--p 00008000 08:06 4614                       /usr/local/php54/lib/php/extensions/no-debug-non-zts-20100525/pdo_pgsql.so
7fcbd5171000-7fcbd5172000 rw-p 00009000 08:06 4614                       /usr/local/php54/lib/php/extensions/no-debug-non-zts-20100525/pdo_pgsql.so
7fcbd5172000-7fcbd5179000 r-xp 00000000 08:06 4613                       /usr/local/php54/lib/php/extensions/no-debug-non-zts-20100525/pdo_mysql.so
7fcbd5179000-7fcbd5378000 ---p 00007000 08:06 4613                       /usr/local/php54/lib/php/extensions/no-debug-non-zts-20100525/pdo_mysql.so
7fcbd5378000-7fcbd5379000 r--p 00006000 08:06 4613                       /usr/local/php54/lib/php/extensions/no-debug-non-zts-20100525/pdo_mysql.so
7fcbd5379000-7fcbd537a000 rw-p 00007000 08:06 4613                       /usr/local/php54/lib/php/extensions/no-debug-non-zts-20100525/pdo_mysql.so
7fcbd537a000-7fcbd5404000 r-xp 00000000 08:06 3410707                    /usr/lib/libsqlite3.so.0.8.6
7fcbd5404000-7fcbd5603000 ---p 0008a000 08:06 3410707                    /usr/lib/libsqlite3.so.0.8.6
7fcbd5603000-7fcbd5605000 r--p 00089000 08:06 3410707                    /usr/lib/libsqlite3.so.0.8.6
7fcbd5605000-7fcbd5607000 rw-p 0008b000 08:06 3410707                    /usr/lib/libsqlite3.so.0.8.6
7fcbd5607000-7fcbd560d000 r-xp 00000000 08:06 4616                       /usr/local/php54/lib/php/extensions/no-debug-non-zts-20100525/pdo_sqlite.so
7fcbd560d000-7fcbd580c000 ---p 00006000 08:06 4616                       /usr/local/php54/lib/php/extensions/no-debug-non-zts-20100525/pdo_sqlite.so
7fcbd580c000-7fcbd580d000 r--p 00005000 08:06 4616                       /usr/local/php54/lib/php/extensions/no-debug-non-zts-20100525/pdo_sqlite.so
7fcbd580d000-7fcbd580e000 rw-p 00006000 08:06 4616                       /usr/local/php54/lib/php/extensions/no-debug-non-zts-20100525/pdo_sqlite.so
7fcbd580e000-7fcbd5824000 r-xp 00000000 08:06 4615                       /usr/local/php54/lib/php/extensions/no-debug-non-zts-20100525/pdo.so
7fcbd5824000-7fcbd5a23000 ---p 00016000 08:06 4615                       /usr/local/php54/lib/php/extensions/no-debug-non-zts-20100525/pdo.so
7fcbd5a23000-7fcbd5a26000 r--p 00015000 08:06 4615                       /usr/local/php54/lib/php/extensions/no-debug-non-zts-20100525/pdo.so
7fcbd5a26000-7fcbd5a27000 rw-p 00018000 08:06 4615                       /usr/local/php54/lib/php/extensions/no-debug-non-zts-20100525/pdo.so
7fcbd5a27000-7fcbd5a37000 r-xp 00000000 08:06 3408595                    /usr/lib/libtasn1.so.3.1.7
7fcbd5a37000-7fcbd5c36000 ---p 00010000 08:06 3408595                    /usr/lib/libtasn1.so.3.1.7
7fcbd5c36000-7fcbd5c37000 r--p 0000f000 08:06 3408595                    /usr/lib/libtasn1.so.3.1.7
7fcbd5c37000-7fcbd5c38000 rw-p 00010000 08:06 3408595                    /usr/lib/libtasn1.so.3.1.7
7fcbd5c38000-7fcbd5c3d000 r-xp 00000000 08:06 3431482                    /usr/lib/libXdmcp.so.6.0.0
7fcbd5c3d000-7fcbd5e3c000 ---p 00005000 08:06 3431482                    /usr/lib/libXdmcp.so.6.0.0
7fcbd5e3c000-7fcbd5e3d000 r--p 00004000 08:06 3431482                    /usr/lib/libXdmcp.so.6.0.0
7fcbd5e3d000-7fcbd5e3e000 rw-p 00005000 08:06 3431482                    /usr/lib/libXdmcp.so.6.0.0
7fcbd5e3e000-7fcbd5e40000 r-xp 00000000 08:06 3431476                    /usr/lib/libXau.so.6.0.0
7fcbd5e40000-7fcbd6040000 ---p 00002000 08:06 3431476                    /usr/lib/libXau.so.6.0.0
7fcbd6040000-7fcbd6041000 r--p 00002000 08:06 3431476                    /usr/lib/libXau.so.6.0.0
7fcbd6041000-7fcbd6042000 rw-p 00003000 08:06 3431476                    /usr/lib/libXau.so.6.0.0Aborted

[2011-11-12 03:47 UTC] laruence@php.net

-Status: Open +Status: Feedback

[2011-11-12 03:47 UTC] laruence@php.net

Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves. 

A proper reproducing script starts with <?php and ends with ?>,
is max. 10-20 lines long and does not require any external 
resources such as databases, etc. If the script requires a 
database to demonstrate the issue, please make sure it creates 
all necessary tables, stored procedures etc.

Please avoid embedding huge scripts into the report.

[2011-11-12 09:57 UTC] kontakt at beberlei dot de

Sorry my mistake, this is not an issue.

[2011-11-12 09:57 UTC] kontakt at beberlei dot de

-Status: Feedback +Status: Closed

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Tue May 06 15:01:30 2025 UTC