PHP :: Bug #23574 :: Wrong behaviour and crash of aggregate subsystem

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for

Bug #23574

Wrong behaviour and crash of aggregate subsystem

Submitted:

2003-05-10 11:35 UTC

Modified:

2003-06-04 14:02 UTC

Votes:	1
Avg. Score:	4.0 ± 0.0
Reproduced:	1 of 1 (100.0%)
Same Version:	1 (100.0%)
Same OS:	1 (100.0%)

From:

michael at gostev dot name

Assigned:

Status:

Closed

Package:

Scripting Engine problem

PHP Version:

4CVS-2003-05-10 (stable)

OS:

Linux RedHat 7.2

Private report:

No

CVE-ID:

None

View Developer Edit

[2003-05-10 11:35 UTC] michael at gostev dot name

Here is sample script:
<?
class Node
{
 function Node(){}
}

class B
{
 var $id;

 function newNode()
 {
  static $nCount=0;

  $n=new Node();
  aggregate($n,'B');
  $n->id=++$nCount;
  return $n;
 }
}

function makeBNode()
{
 $b=new B();
 return $b->newNode();
}

$bn1=makeBNode();
print_r( $bn1 );

$bn2=$bn1->newNode();
print_r( $bn2 );

unset($bn2);   // Comment/uncomment this line to get interesting result

$bn3=$bn1->newNode();
print_r($bn3);
print_r($bn3->newNode());

?>

produce following result:
[root@RAMM garb]# /usr/local/php_ss/bin/php aggregate.php
node Object
(
    [id] => 1
)
node Object
(
    [id] => 2
)
node Object
(
    [id] => 3
)
node Object
(
    [id] => 4
)
Segmentation fault (core dumped)

Here is information from gdb:

(gdb) where
#0  0x4013fc90 in chunk_free (ar_ptr=0x401f3620, p=0x81dac50) at malloc.c:3231
#1  0x4013fbf4 in __libc_free (mem=0x81db430) at malloc.c:3154
#2  0x081171ac in shutdown_memory_manager (silent=0, clean_cache=0, tsrm_ls=0x817d0c0)
    at /home/mike/Software/php4-STABLE-200305101330/Zend/zend_alloc.c:492
#3  0x080faa3e in php_request_shutdown (dummy=0x0) at /home/mike/Software/php4-STABLE-200305101330/main/main.c:996
#4  0x08144680 in main (argc=2, argv=0xbffffa64) at /home/mike/Software/php4-STABLE-200305101330/sapi/cli/php_cli.c:843
#5  0x400db507 in __libc_start_main (main=0x8143884 <main>, argc=2, ubp_av=0xbffffa64, init=0x80614b4 <_init>,
    fini=0x8144b00 <_fini>, rtld_fini=0x4000dc14 <_dl_fini>, stack_end=0xbffffa5c) at ../sysdeps/generic/libc-start.c:129


One more issue. If comment line #34: unset($bn2);
We got following unexpected result:
[root@RAMM garb]# /usr/local/php_ss/bin/php aggregate.php
node Object
(
    [id] => 1
)
node Object
(
    [id] => 2
)
node Object
(
    [id] => 3
)

Fatal error: Call to undefined function:  newnode() in /var/www/html/Kiss/garb/aggregate.php on line 38
Segmentation fault (core dumped)


Auxiliary information about system:
[root@RAMM garb]# /usr/local/php_ss/bin/php -r 'phpinfo();'
phpinfo()
PHP Version => 4.3.2-RC3-dev

System => Linux RAMM 2.4.20 #2 Sat Feb 1 17:42:27 MSK 2003 i686
Build Date => May 10 2003 19:00:42
Configure Command =>  './configure' '--prefix=/usr/local/php_ss' '--with-apxs2=/usr/local/apache2/bin/apxs' '--with-config-file-path=/etc'
Server API => Command Line Interface
Virtual Directory Support => enabled
Configuration File (php.ini) Path => /etc
PHP API => 20020918
PHP Extension => 20020429
Zend Extension => 20021010
Debug Build => no
Thread Safety => enabled
Registered PHP Streams => php, http, ftp  


This program makes use of the Zend Scripting Language Engine:
Zend Engine v1.3.0, Copyright (c) 1998-2003 Zend Technologies


 _______________________________________________________________________


Configuration

PHP Core

Directive => Local Value => Master Value
allow_call_time_pass_reference => On => On
allow_url_fopen => On => On
always_populate_raw_post_data => Off => Off
arg_separator.input => & => &
arg_separator.output => & => &
asp_tags => Off => Off
auto_append_file => no value => no value
auto_prepend_file => no value => no value
browscap => no value => no value
default_charset => no value => no value
default_mimetype => text/html => text/html
define_syslog_variables => Off => Off
disable_classes => no value => no value
disable_functions => no value => no value
display_errors => On => On
display_startup_errors => Off => Off
doc_root => no value => no value
docref_ext => no value => no value
docref_root => no value => no value
enable_dl => On => On
error_append_string => no value => no value
error_log => no value => no value
error_prepend_string => no value => no value
error_reporting => no value => no value
expose_php => On => On
extension_dir => /usr/local/php_ss/lib/php/extensions/no-debug-zts-20020429 => /usr/local/php_ss/lib/php/extensions/no-debug-zts-20020429
file_uploads => On => On
gpc_order => GPC => GPC
highlight.bg => #FFFFFF => #FFFFFF
highlight.comment => #FF8000 => #FF8000
highlight.default => #0000BB => #0000BB
highlight.html => #000000 => #000000
highlight.keyword => #007700 => #007700
highlight.string => #DD0000 => #DD0000
html_errors => Off => On
ignore_repeated_errors => Off => Off
ignore_repeated_source => Off => Off
ignore_user_abort => Off => Off
implicit_flush => On => Off
include_path => .:/usr/local/php_ss/lib/php => .:/usr/local/php_ss/lib/php
log_errors => Off => Off
log_errors_max_len => 1024 => 1024
magic_quotes_gpc => On => On
magic_quotes_runtime => Off => Off
magic_quotes_sybase => Off => Off
max_execution_time => 0 => 30
max_input_time => -1 => -1
open_basedir => no value => no value
output_buffering => 0 => 0
output_handler => no value => no value
post_max_size => 8M => 8M
precision => 14 => 14
register_argc_argv => On => On
register_globals => Off => Off
report_memleaks => On => On
safe_mode => Off => Off
safe_mode_exec_dir => /usr/local/php/bin => /usr/local/php/bin
safe_mode_gid => Off => Off
safe_mode_include_dir => no value => no value
sendmail_from => no value => no value
sendmail_path => /usr/sbin/sendmail -t -i  => /usr/sbin/sendmail -t -i 
serialize_precision => 100 => 100
short_open_tag => On => On
SMTP => localhost => localhost
smtp_port => 25 => 25
sql.safe_mode => Off => Off
track_errors => Off => Off
unserialize_callback_func => no value => no value
upload_max_filesize => 2M => 2M
upload_tmp_dir => no value => no value
user_dir => no value => no value
variables_order => no value => no value
xmlrpc_error_number => 0 => 0
xmlrpc_errors => Off => Off
y2k_compliance => On => On

ctype

ctype functions => enabled

mysql

MySQL Support => enabled
Active Persistent Links => 0
Active Links => 0
Client API version => 3.23.49
MYSQL_MODULE_TYPE => builtin
MYSQL_SOCKET => /var/lib/mysql/mysql.sock
MYSQL_INCLUDE =>  
MYSQL_LIBS =>  

Directive => Local Value => Master Value
mysql.allow_persistent => On => On
mysql.connect_timeout => -1 => -1
mysql.default_host => no value => no value
mysql.default_password => no value => no value
mysql.default_port => no value => no value
mysql.default_socket => no value => no value
mysql.default_user => no value => no value
mysql.max_links => Unlimited => Unlimited
mysql.max_persistent => Unlimited => Unlimited
mysql.trace_mode => Off => Off

overload

User-Space Object Overloading Support => enabled

pcre

PCRE (Perl Compatible Regular Expressions) Support => enabled
PCRE Library Version => 3.92 11-Sep-2002

posix

Revision => $Revision: 1.51.2.2 $

session

Session Support => enabled
Registered save handlers => files user 

Directive => Local Value => Master Value
session.auto_start => Off => Off
session.bug_compat_42 => On => On
session.bug_compat_warn => On => On
session.cache_expire => 180 => 180
session.cache_limiter => nocache => nocache
session.cookie_domain => no value => no value
session.cookie_lifetime => 0 => 0
session.cookie_path => / => /
session.cookie_secure => Off => Off
session.entropy_file => no value => no value
session.entropy_length => 0 => 0
session.gc_divisor => 100 => 100
session.gc_maxlifetime => 1440 => 1440
session.gc_probability => 1 => 1
session.name => PHPSESSID => PHPSESSID
session.referer_check => no value => no value
session.save_handler => files => files
session.save_path => /tmp => /tmp
session.serialize_handler => php => php
session.use_cookies => On => On
session.use_only_cookies => Off => Off
session.use_trans_sid => Off => Off

standard

Regex Library => Bundled library enabled
Dynamic Library Support => enabled
Path to sendmail => /usr/sbin/sendmail -t -i 

Directive => Local Value => Master Value
assert.active => 1 => 1
assert.bail => 0 => 0
assert.callback => no value => no value
assert.quiet_eval => 0 => 0
assert.warning => 1 => 1
auto_detect_line_endings => 0 => 0
default_socket_timeout => 60 => 60
safe_mode_allowed_env_vars => PHP_ => PHP_
safe_mode_protected_env_vars => LD_LIBRARY_PATH => LD_LIBRARY_PATH
url_rewriter.tags => a=href,area=href,frame=src,form=,fieldset= => a=href,area=href,frame=src,form=,fieldset=
user_agent => no value => no value

tokenizer

Tokenizer Support => enabled

xml

XML Support => active
XML Namespace Support => active
EXPAT Version => 1.95.2

Additional Modules

Module Name

Environment

Variable => Value
PWD => /var/www/html
HOSTNAME => RAMM
QTDIR => /usr/lib/qt-2.3.1
LESSOPEN => |/usr/bin/lesspipe.sh %s
KDEDIR => /usr
USER => root
LS_COLORS => no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=01;05;37;41:mi=01;05;37;41:ex=01;32:*.cmd=01;32:*.exe=01;32:*.com=01;32:*.btm=01;32:*.bat=01;32:*.sh=01;32:*.csh=01;32:*.tar=01;31:*.tgz=01;31:*.arj=01;31:*.taz=01;31:*.lzh=01;31:*.zip=01;31:*.z=01;31:*.Z=01;31:*.gz=01;31:*.bz2=01;31:*.bz=01;31:*.tz=01;31:*.rpm=01;31:*.cpio=01;31:*.jpg=01;35:*.gif=01;35:*.bmp=01;35:*.xbm=01;35:*.xpm=01;35:*.png=01;35:*.tif=01;35:
HISTCONTROL => ignorespace
MACHTYPE => i386-redhat-linux-gnu
MAIL => /var/spool/mail/root
INPUTRC => /etc/inputrc
OLDPWD => /home/mike/Software/php4-STABLE-200305101330
BASH_ENV => /root/.bashrc
LANG => en_US
LOGNAME => root
SHLVL => 2
SHELL => /bin/bash
USERNAME => root
MC_CONTROL_FILE => /tmp/mc.1173.control
HOSTTYPE => i386
OSTYPE => linux-gnu
HISTSIZE => 1000
HOME => /root
TERM => xterm
SSH_ASKPASS => /usr/libexec/openssh/gnome-ssh-askpass
PATH => /usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin:/root/bin
SSH_TTY => /dev/pts/0
_ => /usr/local/php_ss/bin/php

PHP Variables

Variable => Value
_SERVER["PWD"] => /var/www/html/
_SERVER["HOSTNAME"] => RAMM
_SERVER["QTDIR"] => /usr/lib/qt-2.3.1
_SERVER["LESSOPEN"] => |/usr/bin/lesspipe.sh %s
_SERVER["KDEDIR"] => /usr
_SERVER["USER"] => root
_SERVER["LS_COLORS"] => no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=01;05;37;41:mi=01;05;37;41:ex=01;32:*.cmd=01;32:*.exe=01;32:*.com=01;32:*.btm=01;32:*.bat=01;32:*.sh=01;32:*.csh=01;32:*.tar=01;31:*.tgz=01;31:*.arj=01;31:*.taz=01;31:*.lzh=01;31:*.zip=01;31:*.z=01;31:*.Z=01;31:*.gz=01;31:*.bz2=01;31:*.bz=01;31:*.tz=01;31:*.rpm=01;31:*.cpio=01;31:*.jpg=01;35:*.gif=01;35:*.bmp=01;35:*.xbm=01;35:*.xpm=01;35:*.png=01;35:*.tif=01;35:
_SERVER["HISTCONTROL"] => ignorespace
_SERVER["MACHTYPE"] => i386-redhat-linux-gnu
_SERVER["MAIL"] => /var/spool/mail/root
_SERVER["INPUTRC"] => /etc/inputrc
_SERVER["OLDPWD"] => /home/mike/Software/php4-STABLE-200305101330
_SERVER["BASH_ENV"] => /root/.bashrc
_SERVER["LANG"] => en_US
_SERVER["LOGNAME"] => root
_SERVER["SHLVL"] => 2
_SERVER["SHELL"] => /bin/bash
_SERVER["USERNAME"] => root
_SERVER["MC_CONTROL_FILE"] => /tmp/mc.1173.control
_SERVER["HOSTTYPE"] => i386
_SERVER["OSTYPE"] => linux-gnu
_SERVER["HISTSIZE"] => 1000
_SERVER["HOME"] => /root
_SERVER["TERM"] => xterm
_SERVER["SSH_ASKPASS"] => /usr/libexec/openssh/gnome-ssh-askpass
_SERVER["PATH"] => /usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin:/root/bin
_SERVER["SSH_TTY"] => /dev/pts/0
_SERVER["_"] => /usr/local/php_ss/bin/php
_SERVER["PHP_SELF"] => -
_SERVER["SCRIPT_NAME"] => -
_SERVER["SCRIPT_FILENAME"] => 
_SERVER["PATH_TRANSLATED"] => 
_SERVER["DOCUMENT_ROOT"] => 
_SERVER["argv"] => Array
(
    [0] => -
)

_SERVER["argc"] => 1
_ENV["PWD"] => /var/www/html/
_ENV["HOSTNAME"] => RAMM
_ENV["QTDIR"] => /usr/lib/qt-2.3.1
_ENV["LESSOPEN"] => |/usr/bin/lesspipe.sh %s
_ENV["KDEDIR"] => /usr
_ENV["USER"] => root
_ENV["LS_COLORS"] => no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=01;05;37;41:mi=01;05;37;41:ex=01;32:*.cmd=01;32:*.exe=01;32:*.com=01;32:*.btm=01;32:*.bat=01;32:*.sh=01;32:*.csh=01;32:*.tar=01;31:*.tgz=01;31:*.arj=01;31:*.taz=01;31:*.lzh=01;31:*.zip=01;31:*.z=01;31:*.Z=01;31:*.gz=01;31:*.bz2=01;31:*.bz=01;31:*.tz=01;31:*.rpm=01;31:*.cpio=01;31:*.jpg=01;35:*.gif=01;35:*.bmp=01;35:*.xbm=01;35:*.xpm=01;35:*.png=01;35:*.tif=01;35:
_ENV["HISTCONTROL"] => ignorespace
_ENV["MACHTYPE"] => i386-redhat-linux-gnu
_ENV["MAIL"] => /var/spool/mail/root
_ENV["INPUTRC"] => /etc/inputrc
_ENV["OLDPWD"] => /home/mike/Software/php4-STABLE-200305101330
_ENV["BASH_ENV"] => /root/.bashrc
_ENV["LANG"] => en_US
_ENV["LOGNAME"] => root
_ENV["SHLVL"] => 2
_ENV["SHELL"] => /bin/bash
_ENV["USERNAME"] => root
_ENV["MC_CONTROL_FILE"] => /tmp/mc.1173.control
_ENV["HOSTTYPE"] => i386
_ENV["OSTYPE"] => linux-gnu
_ENV["HISTSIZE"] => 1000
_ENV["HOME"] => /root
_ENV["TERM"] => xterm
_ENV["SSH_ASKPASS"] => /usr/libexec/openssh/gnome-ssh-askpass
_ENV["PATH"] => /usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin:/root/bin
_ENV["SSH_TTY"] => /dev/pts/0
_ENV["_"] => /usr/local/php_ss/bin/php

PHP License
This program is free software; you can redistribute it and/or modify
it under the terms of the PHP License as published by the PHP Group
and included in the distribution in the file:  LICENSE

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

If you did not receive a copy of the PHP license, or have any
questions about PHP licensing, please contact license@php.net.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2003-06-04 14:02 UTC] andrei@php.net

This bug has been fixed in CVS.

In case this was a PHP problem, snapshots of the sources are packaged
every three hours; this change will be in the next snapshot. You can
grab the snapshot at http://snaps.php.net/.
 
In case this was a documentation problem, the fix will show up soon at
http://www.php.net/manual/.

In case this was a PHP.net website problem, the change will show
up on the PHP.net site and on the mirror sites in short time.
 
Thank you for the report, and for helping us make PHP better.


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Thu Mar 27 11:01:29 2025 UTC