php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #24196 Serialize segfaults in a rare instance
Submitted: 2003-06-15 19:27 UTC Modified: 2003-07-13 00:16 UTC
From: ramato at squiz dot net Assigned:
Status: No Feedback Package: Reproducible crash
PHP Version: 4.3.2 OS: Redhat 7.3
Private report: No CVE-ID: None
View Developer Edit
 [2003-06-15 19:27 UTC] ramato at squiz dot net 
Description:
------------
I'm trying to track down a segfault to do with serializing an object.

I can't reproduce it with a small script so I'm not sure where to go from here. Any suggestions, tips, helpful hints greatly appreciated.

It's part of a largish CMS which uses lots of circular references so pasting an example isn't easy. I know that circular references are a source of a lot of problems however all the circular references are being removed in the __sleep function so this shouldn't be an issue.



Expected result:
----------------
Normal execution

Actual result:
--------------
(gdb) bt
#0  0x4023d67e in php_var_serialize_class_name (buf=0xbffddf20, struc=0x8bd961c)
    at /usr/src/php-4.3.2/ext/standard/var.c:416
#1  0x4023c899 in php_var_serialize_class (buf=0xbffddf20, struc=0x8bd961c, retval_ptr=0x8b43dec, var_hash=0xbffddf30)
    at /usr/src/php-4.3.2/ext/standard/var.c:430
#2  0x4023cdf5 in php_var_serialize_intern (buf=0xbffddf20, struc=0x8bd961c, var_hash=0xbffddf30)
    at /usr/src/php-4.3.2/ext/standard/var.c:549
#3  0x4023d05b in php_var_serialize (buf=0xbffddf20, struc=0x8bd961c, var_hash=0xbffddf30)
    at /usr/src/php-4.3.2/ext/standard/var.c:623
#4  0x4023d108 in zif_serialize (ht=1, return_value=0x88340d4, this_ptr=0x0, return_value_used=1)
    at /usr/src/php-4.3.2/ext/standard/var.c:646
#5  0x402c8947 in execute (op_array=0x8cb5da4) at /usr/src/php-4.3.2/Zend/zend_execute.c:1606

(gdb) frame 5
#5  0x402c8947 in execute (op_array=0x8cb5da4) at /usr/src/php-4.3.2/Zend/zend_execute.c:1606
1606 ((zend_internal_function *) EX(function_state).function)->handler(EX(opline)->extended_value, EX(Ts)[EX(opline)->result.u.var].var.ptr, EX(object).ptr, return_value_used TSRMLS_CC);

(gdb) print (char *)(executor_globals.function_state_ptr->function)->common.function_name
$1 = 0x4030831b "serialize"

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-06-15 22:19 UTC] sniper@php.net 
Please try using this CVS snapshot:

  http://snaps.php.net/php4-STABLE-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php4-win32-STABLE-latest.zip


And if that crashes too, please try to provide a short example script..
 [2003-06-15 23:59 UTC] ramato at squiz dot net 
Snapshot still crashes. Backtrace looks esentially identical. I will see if I can get a simple test script but I have tried a few times in the past to make one and havn't been able to. 

I have a bunch of core files that I can work on and I can reproduce it every time, however I couldn't work out enough about the internals to figure out how to get gdb to print out the var that is getting passed to it (which I suspect to be the problem).

I tried asking on the dev list if anyone has any ideas about this and they suggested recompiling with gcc 2.95 but that didn't make any difference.
 [2003-06-16 01:16 UTC] ramato at squiz dot net 
I forgot to include the actual seg fault message in the report. 

(gdb) run -X
Starting program: /usr/local/apache/bin/httpd -X

Program received signal SIGSEGV, Segmentation fault.
0x4024b352 in php_var_serialize_class_name (buf=0xbffd9fec, struc=0x86829d0) at /root/apache+php/php4-STABLE-200306160330/ext/standard/var.c:416
416             PHP_SET_CLASS_ATTRIBUTES(*struc);
 [2003-06-16 08:18 UTC] sniper@php.net 
We really need the example script, otherwise it's impossible
to even guess where the problem is..
 [2003-06-17 00:20 UTC] ramato at squiz dot net 
I might be able to arrange shell access to the machine and show you the code thats doing it if that would help ? The problem is that its in a codebase which has around 300,000 lines of code in it which makes pinning it down more difficult. But if you think shell access to the machine would help let me know.
 [2003-07-13 00:16 UTC] sniper@php.net 
No short example script provided.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Fri May 09 10:01:28 2025 UTC