php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #16026 Segmentation fault in zend_alloc.c
Submitted: 2002-03-12 18:05 UTC Modified: 2002-07-21 01:00 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:0 (0.0%)
From: loverde at nvisia dot com Assigned:
Status: No Feedback Package: PostgreSQL related
PHP Version: 4.1.2 OS: RH 7.2
Private report: No CVE-ID: None
 [2002-03-12 18:05 UTC] loverde at nvisia dot com
I had a problem trying to migrate a SourceForge installation from PHP 4.0.6 to 4.1.2.  It appears to be related to something in the postgres integration (opening two connections to the same database).  The workaround was to just turn sys_db_use_replication to false (which it probably should have been set to originally anyway..)  

But here is the script that failed (about as small as I could make it).  Note that there were other areas of code that I had commented out that would produce the same problem.  In particular one really strange section where commenting out the "global" line from a function eliminated the seg fault.  However, this is the script I narrowed down to a single CGI file.

======== BEGIN SCRIPT ========
#!/home/system/pkg/sourceforge.net/php/4.1.2/bin/php -q
<?php

$sys_dbhost="localhost";
$sys_db_use_replication=true;
$sys_dbreadhost='localhost';
$sys_dbreaddb='sourceforge';
$sys_dbname="sourceforge";
$sys_dbuser="sf-admin";
$sys_dbpasswd="";
$sys_server="mysql";

$sys_db_row_pointer=array(); //current row for each result set

function db_connect() {
        global $sys_dbhost,$sys_dbuser,$sys_dbpasswd,$conn,
                $sys_dbname,$sys_db_use_replication,$sys_dbreaddb,$sys_dbreadhos
t;

        //
        //      Connect to primary database
        //
        $conn = @pg_pconnect("user=$sys_dbuser dbname=$sys_dbname host=$sys_dbho
st password=$sys_dbpasswd");

        //
        //      If any replication is configured, connect
        //
        if ($sys_db_use_replication) {
                $conn2 = @pg_pconnect("user=$sys_dbuser dbname=$sys_dbreaddb hos
t=$sys_dbreadhost password=$sys_dbpasswd");
        } else {
                $conn2 = $conn;
        }

        //
        //      Now map the physical database connections to the
        //      "virtual" list that is used to distribute load in db_query()
        //
        define("SYS_DB_PRIMARY",$conn);
}

db_connect();


?>
======== END SCRIPT ========




PHP was built with the following options:
../configure \
        --prefix=$PKG/php/4.1.2 \
        --with-pgsql=$PKG/postgres/7.1.2 \
        --enable-track-vars \
        --enable-discard-path \
        --with-config-file-path=$PKG/apache/conf \
        --with-ldap=$PKG/openldap/2.0.11 \
        --with-gd=$PKG/gd/1.8.4 \
        --with-png-dir=$PKG/libpng/1.0.12 \
        --with-jpeg-dir=$PKG/jpeg/6b \
        --with-t1lib=$PKG/t1lib/1.2 \
        --with-zlib=$PKG/zlib/1.1.3 \
        --with-curl=$PKG/curl/7.9 \
        --with-mcrypt=$PKG/libmcrypt/2.4.15 \
        --enable-rule=EAPI \
        --with-debug


And here is the backtrace:
#0  0x402dcdf0 in chunk_free (ar_ptr=0x40385f00, p=0x81eee18) at malloc.c:3131
        hd = 1077436944
        sz = 3912
        idx = 1077436216
        next = 0x81efd60
        nextsz = 1077436216
        prevsz = 1077436944
        bck = 0x40386170
        fwd = 0x81efd60
        islr = 0
        sz = 3912
        next = 0x81efd60
        bck = 0x40386170
        islr = 0
#1  0x402dcd59 in __libc_free (mem=0x81efd20) at malloc.c:3054
        mem = (void *) 0x81efd60
        ar_ptr = (arena *) 0x40385f00
        p = 0x81efd18
#2  0x080f5025 in shutdown_memory_manager (silent=0, clean_cache=0)
    at ../../Zend/zend_alloc.c:485
        ptr = (zend_mem_header *) 0x40385f00
        p = (zend_mem_header *) 0x20
        t = (zend_mem_header *) 0x81efd60
        fci = 11292
        i = 7
        j = 32
        fast_cache_list_entry = (zend_fast_cache_list_entry *) 0x40386210
        next_fast_cache_list_entry = (zend_fast_cache_list_entry *) 0x20
#3  0x08069ae3 in php_request_shutdown (dummy=0x0)
    at /home/system/src/sourceforge.net/sourceforge.net-binaries-needed-software
/php-4.1.2/main/main.c:742
        orig_bailout = {{__jmpbuf = {1077443044, 135978484, -1073745380,
      -1073745288, -1073745632, 134644858}, __mask_was_saved = 0,
    __saved_mask = {__val = {0 <repeats 32 times>}}}}
        orig_bailout_set = 1 '\001'
        orig_bailout = {{__jmpbuf = {1077443044, 135978484, -1073745380,
      -1073745288, -1073745632, 134644858}, __mask_was_saved = 0,
    __saved_mask = {__val = {0 <repeats 32 times>}}}}
        orig_bailout_set = 1 '\001'
        orig_bailout = {{__jmpbuf = {1077443044, 135978484, -1073745380,
      -1073745288, -1073745632, 134644858}, __mask_was_saved = 0,
    __saved_mask = {__val = {0 <repeats 32 times>}}}}
        orig_bailout_set = 1 '\001'
        orig_bailout = {{__jmpbuf = {1077443044, 135978484, -1073745380,
      -1073745288, -1073745632, 134644858}, __mask_was_saved = 0,
    __saved_mask = {__val = {0 <repeats 32 times>}}}}
        orig_bailout_set = 1 '\001'
        orig_bailout = {{__jmpbuf = {1077443044, 135978484, -1073745380,
      -1073745288, -1073745632, 134644858}, __mask_was_saved = 0,
    __saved_mask = {__val = {0 <repeats 32 times>}}}}
        orig_bailout_set = 1 '\001'
        orig_bailout = {{__jmpbuf = {0, 1073834432, 1073834432, -40736468,
      571, 0}, __mask_was_saved = 0, __saved_mask = {__val = {0, 3221220736,
        0, 2, 1076368789, 0, 1073781889, 0, 1076368789, 0, 1562, 1076303630,
        1077443044, 1076232668, 1075046400, 22, 1077137904, 17, 1077443044,
        3221220664, 1077138054, 136241152, 0, 1074067016, 1077137986, 0,
        1077443044, 3221220696, 1077443044, 4096, 136237056, 3221220696}}}}
        orig_bailout_set = 0 '\000'
#4  0x08068b7f in main (argc=3, argv=0xbffff2ec)
    at /home/system/src/sourceforge.net/sourceforge.net-binaries-needed-software
/php-4.1.2/sapi/cgi/cgi_main.c:776
        orig_bailout = {{__jmpbuf = {0, 0, 0, 0, 0, 0}, __mask_was_saved = 0,
    __saved_mask = {__val = {0 <repeats 32 times>}}}}
        exit_status = 0
        cgi = 0
        c = 1077436944
        i = 135978328
        len = 136248672
        file_handle = {type = 2 '\002', filename = 0x81eff5c "./bar.php",
  opened_path = 0x81f00ec "SYS_DB_PRIMARY", handle = {fd = 136249200,
    fp = 0x81eff70}, free_filename = 0 '\000'}
        retval = 0
        s = 0x0
        behavior = 1
        no_headers = 1
        orig_optind = 1
        orig_optarg = 0x0
        argv0 = 0x0
        script_file = 0x0
        global_vars = {head = 0x0, tail = 0x0, size = 4, count = 0, dtor = 0,
  persistent = 0 '\000', traverse_ptr = 0x819861c}
        interactive = 0
#5  0x40279177 in __libc_start_main (main=0x80682d8 <main>, argc=3,
    ubp_av=0xbffff2ec, init=0x8065b9c <_init>, fini=0x8136e80 <_fini>,
    rtld_fini=0x4000e184 <_dl_fini>, stack_end=0xbffff2dc)
    at ../sysdeps/generic/libc-start.c:129
        ubp_av = (char **) 0xbffff2ec
        fini = (void (*)()) 0x40016b64 <_dl_debug_mask>
        rtld_fini = (void (*)()) 0x40385f00 <main_arena>
        ubp_ev = (char **) 0xbffff2fc
(gdb)



Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-03-12 20:01 UTC] yohgaki@php.net
Your script is not complete.  db_query() is not defined. (and missing ";")
Please submit short and complete script. Thank you.
 [2002-03-12 20:45 UTC] jimw@php.net
the script is complete. the db_query() is just from a comment line that wrapped.
 [2002-06-20 20:27 UTC] yohgaki@php.net
I see. I tends to forgot this bug system wrap lines.

It should not wordwrap. It just makes reading code much harder and copy&paste impossible. No benefits at all.

Anyway, loverde@nvisia.com
do you still have the problem with lastest CVS snapshot?

http://snaps.php.net/


 [2002-07-21 01:00 UTC] php-bugs at lists dot php dot net
No feedback was provided for this bug for over a month, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Dec 26 19:01:30 2024 UTC