|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
[2016-12-09 10:13 UTC] naoki-kawamukai at cybozu dot co dot jp
Description:
------------
PHP 7.0.14 compiled with "-fsanitize=address" option with opcache
reports a memory error("free(): invalid size: 0x00006040000165d0").
If I set "opcache.enable_cli=0" on php.ini, this bug does not occur.
PHP 7.1.0 has same issue.
But PHP 5.6.29 does not.
https://bugs.php.net/bug.php?id=68121 is a similar bug.
Test script:
---------------
Environment: Ubuntu 16.04.1(64bit) + gcc version 5.4.0
$ wget http://jp2.php.net/get/php-7.0.14.tar.gz/from/this/mirror -O php-7.0.14.tar.gz
$ tar xzf php-7.0.14.tar.gz
$ cd php-7.0.14
$ ./configure
$ vi Makefile
------------
CC = cc
↓
CC = cc -fsanitize=address
------------
$ make -j2
$ echo "zend_extension=$(pwd)/modules/opcache.so" >> php.ini
$ echo "opcache.enable_cli=1" >> php.ini
Expected result:
----------------
$ gdb --args sapi/cli/php -c php.ini -v
(...snip...)
(gdb) run
Starting program: /home/vagrant/php-7.0.14/sapi/cli/php -c php.ini -v
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
PHP 7.0.14 (cli) (built: Dec 9 2016 10:02:37) ( NTS )
Copyright (c) 1997-2016 The PHP Group
Zend Engine v3.0.0, Copyright (c) 1998-2016 Zend Technologies
with Zend OPcache v7.0.14, Copyright (c) 1999-2016, by Zend Technologies
[Inferior 1 (process 31746) exited normally]
Actual result:
--------------
$ gdb --args sapi/cli/php -c php.ini -v
(...snip...)
(gdb) run
Starting program: /home/vagrant/php-7.0.14/sapi/cli/php -c php.ini -v
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
*** Error in `/home/vagrant/php-7.0.14/sapi/cli/php': free(): invalid size: 0x0000604000016590 ***
======= Backtrace: =========
/lib/x86_64-linux-gnu/libc.so.6(+0x777e5)[0x7ffff60367e5]
/lib/x86_64-linux-gnu/libc.so.6(+0x7fe0a)[0x7ffff603ee0a]
/lib/x86_64-linux-gnu/libc.so.6(cfree+0x4c)[0x7ffff604298c]
/home/vagrant/php-7.0.14/modules/opcache.so(+0x11df4)[0x7ffff069fdf4]
/home/vagrant/php-7.0.14/modules/opcache.so(+0x1250a)[0x7ffff06a050a]
/home/vagrant/php-7.0.14/modules/opcache.so(+0x13fe5)[0x7ffff06a1fe5]
/home/vagrant/php-7.0.14/sapi/cli/php[0xbc3c7c]
/home/vagrant/php-7.0.14/sapi/cli/php(zend_llist_apply_with_del+0xb0)[0xb7d380]
/home/vagrant/php-7.0.14/sapi/cli/php[0xbc3d77]
/home/vagrant/php-7.0.14/sapi/cli/php(php_module_startup+0x9f8)[0xaaabb8]
/home/vagrant/php-7.0.14/sapi/cli/php[0xda3b0d]
/home/vagrant/php-7.0.14/sapi/cli/php[0x43a4df]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf0)[0x7ffff5fdf830]
/home/vagrant/php-7.0.14/sapi/cli/php(_start+0x29)[0x43ab99]
======= Memory map: ========
00400000-013aa000 r-xp 00000000 fc:00 1853893 /home/vagrant/php-7.0.14/sapi/cli/php
(...snip...)
Program received signal SIGABRT, Aborted.
0x00007ffff5ff4428 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:54
54 ../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) bt
#0 0x00007ffff5ff4428 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:54
#1 0x00007ffff5ff602a in __GI_abort () at abort.c:89
#2 0x00007ffff60367ea in __libc_message (do_abort=do_abort@entry=2, fmt=fmt@entry=0x7ffff614f2e0 "*** Error in `%s': %s: 0x%s ***\n") at ../sysdeps/posix/libc_fatal.c:175
#3 0x00007ffff603ee0a in malloc_printerr (ar_ptr=<optimized out>, ptr=<optimized out>, str=0x7ffff614c0ca "free(): invalid size", action=3) at malloc.c:5004
#4 _int_free (av=<optimized out>, p=<optimized out>, have_lock=0) at malloc.c:3865
#5 0x00007ffff604298c in __GI___libc_free (mem=<optimized out>) at malloc.c:2966
#6 0x00007ffff069fdf4 in zend_string_release (s=0x604000016590) at /home/vagrant/php-7.0.14/Zend/zend_string.h:271
#7 accel_new_interned_string (str=0x604000016590) at /home/vagrant/php-7.0.14/ext/opcache/ZendAccelerator.c:504
#8 0x00007ffff06a050a in accel_use_shm_interned_strings () at /home/vagrant/php-7.0.14/ext/opcache/ZendAccelerator.c:564
#9 0x00007ffff06a1fe5 in zend_accel_init_shm () at /home/vagrant/php-7.0.14/ext/opcache/ZendAccelerator.c:2517
#10 accel_startup (extension=<optimized out>) at /home/vagrant/php-7.0.14/ext/opcache/ZendAccelerator.c:2754
#11 0x0000000000bc3c7c in zend_extension_startup (extension=0x611000009dd0) at /home/vagrant/php-7.0.14/Zend/zend_extensions.c:184
#12 0x0000000000b7d380 in zend_llist_apply_with_del (l=l@entry=0x17c5dc0 <zend_extensions>, func=func@entry=0xbc3c50 <zend_extension_startup>) at /home/vagrant/php-7.0.14/Zend/zend_llist.c:171
#13 0x0000000000bc3d77 in zend_startup_extensions () at /home/vagrant/php-7.0.14/Zend/zend_extensions.c:205
#14 0x0000000000aaabb8 in php_module_startup (sf=<optimized out>, additional_modules=additional_modules@entry=0x0, num_additional_modules=num_additional_modules@entry=0) at /home/vagrant/php-7.0.14/main/main.c:2220
#15 0x0000000000da3b0d in php_cli_startup (sapi_module=<optimized out>) at /home/vagrant/php-7.0.14/sapi/cli/php_cli.c:423
#16 0x000000000043a4df in main (argc=<optimized out>, argv=0x60400000df50) at /home/vagrant/php-7.0.14/sapi/cli/php_cli.c:1324
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
|
|||||||||||||||||||||||||||||||||||||
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Sat Dec 21 18:01:29 2024 UTC |
Thank you for reminding me this. It looks OK for now. I close this record. I checked the following: 7.0.14 (original report) -> reproduced 7.2.31 -> not reproduced 7.3.18 -> not reproduced 7.4.6 -> I can't compile it on my ubuntu 16.04. But it would be OK.