php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #16805 sem_remove(...) segfaults
Submitted: 2002-04-24 14:24 UTC Modified: 2002-09-11 10:58 UTC
From: sean at caedmon dot net Assigned:
Status: Not a bug Package: Semaphore related
PHP Version: 4.0CVS-2002-04-24 OS: Linux 2.2.x (Debian)
Private report: No CVE-ID: None
 [2002-04-24 14:24 UTC] sean at caedmon dot net
sem_remove causes a segfault with the following script:

*****
<?php

// create the semaphore:
$sem = sem_get($parentPID);

// delete the semaphore:
sem_remove($sem);

?>

*****
Here's my terminal log:

sean@adnagaporp:~/dev/sock$ php4-dev -v
4.3.0-dev
sean@adnagaporp:~/dev/sock$ php4-dev -q sem.php
[Wed Apr 24 14:21:56 2002]  Script:  'sem.php'
---------------------------------------
/home/sean/cvs/php/php4/Zend/zend_execute.h(62) : Block 0x08231DF0 status:
Beginning:      Overrun (magic=0x00000000, expected=0x7312F8DC)
      End:      Unknown
---------------------------------------
Segmentation fault

*****
And my php configuration:

System Linux adnagaporp 2.2.19pre17 #1 Tue Mar 13 22:37:59 EST 2001 i686 
Build Date Apr 24 2002 14:12:20 
Configure Command './configure' '--enable-sockets' '--enable-pcntl' '--enable-shmop' '--enable-sysvsem' '--enable-debug' 
Server API CGI 
Virtual Directory Support disabled 
Configuration File (php.ini) Path /usr/local/lib 
Debug Build yes 
Thread Safety disabled 
PHP Streams enabled 

*****

S

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-04-25 14:21 UTC] derick@php.net
Can you please provide a self-contained script that should work but crashses?
I can't reproduce this.

Derick
 [2002-04-25 14:44 UTC] sean at caedmon dot net
<?php

// create the semaphore:
$sem = sem_get(posix_getpid());

// delete the semaphore:
sem_remove($sem);

?>

Creation is fine, but whenever I call sem_remove, segfault.

Here's my complete system info:
sean@adnagaporp:~$ uname -a
Linux adnagaporp 2.2.19pre17 #1 Tue Mar 13 22:37:59 EST 2001 i686 unknown
sean@adnagaporp:~$ cat /proc/cpuinfo
processor       : 0
vendor_id       : GenuineIntel
cpu family      : 6
model           : 8
model name      : Pentium III (Coppermine)
stepping        : 3
cpu MHz         : 701.376
cache size      : 256 KB
fdiv_bug        : no
hlt_bug         : no
sep_bug         : no
f00f_bug        : no
coma_bug        : no
fpu             : yes
fpu_exception   : yes
cpuid level     : 2
wp              : yes
flags           : fpu vme de pse tsc msr pae mce cx8 sep mtrr pge mca cmov pat pse36 mmx fxsr xmm
bogomips        : 1399.19
sean@adnagaporp:~/bin$ ./php4-dev -v
4.3.0-dev

(note: php4-dev is a symlink to my PHP4/CVS build)

sean@adnagaporp:~/dev/sock$ php4-dev -q sem.php
[Thu Apr 25 14:29:58 2002]  Script:  'sem.php'
---------------------------------------
/home/sean/cvs/php/php4/Zend/zend_execute.h(62) : Block 0x0822FEA8 status:
Beginning:      Overrun (magic=0x0000322E, expected=0x7312F8DC)
      End:      Unknown
---------------------------------------
Segmentation fault

(sem.php is the script I posted above)

if this helps:
sean@adnagaporp:~/dev/sock$ ipcs

------ Shared Memory Segments --------
key       shmid     owner     perms     bytes     nattch    status
0x00000200 15360     root      666       1024      13
0x00280267 132       root      644       1048576   1

------ Semaphore Arrays --------
key       semid     owner     perms     nsems     status
0x00280269 0         root      666       14

------ Message Queues --------
key       msqid     owner     perms     used-bytes  messages

if I comment out the sem_remove line, I get a freshly created semaphore:
------ Semaphore Arrays --------
key       semid     owner     perms     nsems     status
0x00280269 0         root      666       14
0x00003241 1409      sean      666       3

and I can even do this, successfully, so I don't think it's a problem with my OS/config:
sean@adnagaporp:~/dev/sock$ ipcrm sem 1409
resource deleted

It segfaults as a regular user (sean) and also as root.

PHP isn't generating core files for some reason, even though --enable-debug is on, or I'm just not looking in the right place.. ?
Here's my gdb session:
sean@adnagaporp:~/dev/sock$ gdb -q php4-dev
(gdb) run -q sem.php
Starting program: /home/sean/cvs/php/php4.3.0/php -q sem.php
[Thu Apr 25 14:43:34 2002]  Script:  'sem.php'
---------------------------------------
/home/sean/cvs/php/php4/Zend/zend_execute.h(62) : Block 0x0822FA88 status:
Beginning:      Overrun (magic=0x0000331B, expected=0x7312F8DC)
      End:      Unknown
---------------------------------------

Program received signal SIGSEGV, Segmentation fault.
0x400e8bfe in free () from /lib/libc.so.6
(gdb) bt
#0  0x400e8bfe in free () from /lib/libc.so.6
#1  0x400e8ad3 in free () from /lib/libc.so.6
#2  0x08165073 in shutdown_memory_manager (silent=0, clean_cache=0)
    at /home/sean/cvs/php/php4/Zend/zend_alloc.c:484
#3  0x08147a95 in php_request_shutdown (dummy=0x0)
    at /home/sean/cvs/php/php4/main/main.c:816
#4  0x0818c055 in main (argc=3, argv=0xbffffd84)
    at /home/sean/cvs/php/php4/sapi/cgi/cgi_main.c:1069
(gdb) frame 0
#0  0x400e8bfe in free () from /lib/libc.so.6
(gdb) frame 1
#1  0x400e8ad3 in free () from /lib/libc.so.6
(gdb) frame 2
#2  0x08165073 in shutdown_memory_manager (silent=0, clean_cache=0)
    at /home/sean/cvs/php/php4/Zend/zend_alloc.c:484
484                                     ZEND_DO_FREE(ptr);
(gdb) frame 3
#3  0x08147a95 in php_request_shutdown (dummy=0x0)
    at /home/sean/cvs/php/php4/main/main.c:816
816                     shutdown_memory_manager(CG(unclean_shutdown), 0 TSRMLS_CC);
(gdb) frame 4
#4  0x0818c055 in main (argc=3, argv=0xbffffd84)
    at /home/sean/cvs/php/php4/sapi/cgi/cgi_main.c:1069
1069                    php_request_shutdown((void *) 0);
(gdb)

---
unfortunately, I don't know gdb any better than that.
I can give you access to adnagaporp if you need it, Derick.

Thanks again.

S
 [2002-05-26 14:39 UTC] derick@php.net
I still can not reproduce this... can you try the latest PHP 4.2.1?
 [2002-07-04 17:42 UTC] sean at caedmon dot net
Sorry. I haven't had any time to check this lately. I will try to get to it soon. Might be fixed in CVS ?
I'll try on multiple boxes, too.

S
 [2002-09-11 10:58 UTC] sniper@php.net
Thank you for taking the time to report a problem with PHP.
Unfortunately you are not using a current version of PHP -- 
the problem might already be fixed. Please download a new
PHP version from http://www.php.net/downloads.php

If you are able to reproduce the bug with one of the latest
versions of PHP, please change the PHP version on this bug report
to the version you tested and change the status back to "Open".
Again, thank you for your continued support of PHP.


 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Wed Sep 29 02:03:37 2021 UTC