PHP :: Bug #20482 :: Segmentation fault in zend_execute

Bug #20482	Segmentation fault in zend_execute_API.c
Submitted:	2002-11-18 09:55 UTC	Modified:	2002-11-28 09:06 UTC
From:	smith at compound dot se	Assigned:
Status:	Not a bug	Package:	DOM XML related
PHP Version:	4.4.0-dev	OS:	RedHat 7.2 kernel 2.4.9-13
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

[2002-11-18 09:55 UTC] smith at compound dot se

PHP 4.2.3 built with
libxml2-2.4.26
Sablot-0.96

During certain XML/XSLT transforms I get the following stack dump:

#0  0x401d4588 in chunk_free (ar_ptr=0x40288300, p=0x846dd10) at malloc.c:3252
#1  0x401d43f4 in __libc_free (mem=0x846dd70) at malloc.c:3154
#2  0x4033ec68 in _efree (ptr=0x846dd7c) at zend_alloc.c:246
#3  0x4035a1f1 in zend_hash_destroy (ht=0x846dbac) at zend_hash.c:546
#4  0x40354c67 in _zval_dtor (zvalue=0x846db8c) at zend_variables.c:60
#5  0x4034d691 in _zval_ptr_dtor (zval_ptr=0xbfffea50)
    at zend_execute_API.c:274
#6  0x40373d0b in php_free_xml_node (rsrc=0x846dd04) at php_domxml.c:505
#7  0x4035b53d in list_entry_destructor (ptr=0x846dd04) at zend_list.c:177
#8  0x4035a338 in zend_hash_apply_deleter (ht=0x404ec15c, p=0x846dccc)
    at zend_hash.c:596
#9  0x4035a48a in zend_hash_graceful_reverse_destroy (ht=0x404ec15c)
    at zend_hash.c:662
#10 0x4035b68c in zend_destroy_rsrc_list (ht=0x404ec15c) at zend_list.c:233
#11 0x4034d4b6 in shutdown_executor () at zend_execute_API.c:196
#12 0x40355bca in zend_deactivate () at zend.c:598
#13 0x403620e3 in php_request_shutdown (dummy=0x0) at main.c:789
#14 0x4035f1cc in apache_php_module_main (r=0x80fe78c, display_source_mode=0)
    at sapi_apache.c:96
#15 0x4035fc4e in send_php (r=0x80fe78c, display_source_mode=0, filename=0x0)
    at mod_php4.c:575
#16 0x4035fca2 in send_parsed_php (r=0x80fe78c) at mod_php4.c:590
#17 0x08053dd3 in ap_invoke_handler ()
#18 0x08068d57 in process_request_internal ()
#19 0x08068db8 in ap_process_request ()
#20 0x0805fbf5 in child_main ()
#21 0x0805fda0 in make_child ()
#22 0x0805ff14 in startup_children ()
#23 0x0806058c in standalone_main ()
#24 0x08060def in main ()
#25 0x4016f657 in __libc_start_main (main=0x8060a48 <main>, argc=2,
    ubp_av=0xbffff8e4, init=0x804e34c <_init>, fini=0x807e760 <_fini>,
    rtld_fini=0x4000dcd4 <_dl_fini>, stack_end=0xbffff8dc)
    at ../sysdeps/generic/libc-start.c:129
(gdb)

-- 
Bj?rn Smith <smith@compound.se>

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2002-11-18 09:58 UTC] derick@php.net

Please try using this CVS snapshot:

  http://snaps.php.net/php4-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php4-win32-latest.zip

[2002-11-18 11:01 UTC] smith at compound dot se

I just tried the "latest" snapshot (20021118) but it didn't
help. Still segmentation fault =-(
-- 
Bj?rn Smith <smith@compound.se>

[2002-11-18 11:07 UTC] sniper@php.net

Reclassified as DOM XML bug as the segfault seems to be caused by it.

Please provide a backtrace with the CVS snapshot too.

[2002-11-18 11:08 UTC] sniper@php.net

And also a short example script which can be used to reproduce this would be nice to have here.. :)

[2002-11-28 08:00 UTC] chregu@php.net

Could you please provide the shortest possible example, which segfaults. I'm willing to investigate into it and hopefully provide a solution for 4.3, but this will be released soon, so you have to hurry up :)

chregu

[2002-11-28 08:44 UTC] smith at compound dot se

tor 2002-11-28 klockan 15.00 skrev PHP Bug Database:

> Could you please provide the shortest possible example, which
> segfaults. I'm willing to investigate into it and hopefully provide a
> solution for 4.3, but this will be released soon, so you have to hurry
> up :)

The problem was not related to PHP. I found out the real reason for this
segfault. My PHP module was built with unixODBC 2.2.3 and Freetds
(snapshot 20021118).
There are some ODBC driver function call related to cursors made within
unixODBC. It appears that these functions (badly or not implemented) in
Freetds messes up the dynamic memory areas.

What I did was to comment out some odbc option calls in the unixODBC
code and the problem was solved. This is not the proper way to solve the
problem but it helped me for now. I suppose I shold pass this case over
to the unixODBC/Freetds people or...?

[2002-11-28 09:06 UTC] iliaa@php.net

Sorry, but your problem does not imply a bug in PHP itself.  For a
list of more appropriate places to ask for help using PHP, please
visit http://www.php.net/support.php as this bug system is not the
appropriate forum for asking support questions. 

Thank you for your interest in PHP.

This is definately something for unixODBC/Freetds developers to address. Since this is not a PHP bug, I am closing the report.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Wed Apr 24 11:01:30 2024 UTC