|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #40545 zend_strtod.c threading issue
Submitted: 2007-02-19 17:53 UTC Modified: 2007-02-20 13:26 UTC
From: scottmacvicar at ntlworld dot com Assigned:
Status: Closed Package: Reproducible crash
PHP Version: 5.2.1 OS: RHEL 4
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Bug Type:
From: scottmacvicar at ntlworld dot com
New email:
PHP Version: OS:


 [2007-02-19 17:53 UTC] scottmacvicar at ntlworld dot com
Recently upgraded to PHP 5.2.1 from PHP 5.1.6 and we started to see a series of crashes every few hundred thousand requests, couldn't isolate this to a specific section of code so I think its a concurrency problem.

I managed to catch a core file from the past few and in each case the backtrace revealed that the problem is zend_strod. This is just an excerpt the rest of the backtrace are just apache internals.

Thread 27 (process 14353):
#0  0x008b07a2 in _dl_sysinfo_int80 () from /lib/
No symbol table info available.
#1  0x0013bc46 in kill () from /lib/tls/
No symbol table info available.
#2  0x0807e90d in sig_coredump (sig=14332) at mpm_common.c:1170
No locals.
#3  <signal handler called>
No symbol table info available.
#4  Balloc (k=1953067823) at /www/src/php-5.2.1/Zend/zend_strtod.c:460
        x = Variable "x" is not available. 

We're seeing this problem on both of our web servers, I can recompile one of the boxes in debug mode if that would help.

The only change I can see of recent was a reimplementation of the code to a BSD license.


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2007-02-19 18:14 UTC]
We still need to know how to reproduce it, otherwise it's hardly a "**Reproducible** crash".
 [2007-02-19 18:21 UTC] scottmacvicar at ntlworld dot com
I've been unable to track it down specifically, its happening across a larger number of scripts, the only thing I can see in common between them all is a large number of unserialize calls during the script startup.

I've compiled PHP into debug mode now and I'll leave it running overnight to try and obtain a more detailed backtrace.
 [2007-02-19 18:24 UTC]
 [2007-02-19 18:51 UTC] scottmacvicar at ntlworld dot com
The backtrace was too large to paste, the trace from the thread in question is at.

It does appear to be an unserialize call thats causing the crash.
 [2007-02-19 19:20 UTC]
That's ok, but how to reproduce it?
 [2007-02-19 20:21 UTC] scottmacvicar at ntlworld dot com
Source of a simple script at

You can grab the text file from the same folder.

I then ran:
ab -c 30 -n 10000 http://localhost/~scott/bug40545.php

Segfaults within a few hundred requests.

Apache 2.2.4 with keep alive disabled and PHP 5.2.1

It's a development box and not a production box so I can change more or less anything if you need anything else tested.
 [2007-02-19 20:24 UTC]
'./datastore.txt' ?
Looks like you forgot to provide this file.
 [2007-02-19 20:29 UTC] scottmacvicar at ntlworld dot com
As I said its in the same folder.
 [2007-02-20 11:35 UTC]
What kind of MPM are you using?
I assume it's worker?
 [2007-02-20 11:46 UTC] scottmacvicar at ntlworld dot com
That's correct, configure string for apache is the following:

./configure --with-included-apr --enable-so --enable-info --enable-rewrite --enable-speling --enable-deflate --enable-ssl --enable-mime-magic --with-mpm=worker
 [2007-02-20 12:02 UTC]
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
Thank you for the report, and for helping us make PHP better.

Ok, found and fixed.
Special thanks for the great reproduce case.
 [2007-02-20 13:14 UTC] scottmacvicar at ntlworld dot com
Applied the patch to our production servers and I'll leave it running overnight again and check tomorrow morning.

I have however seen another core dump in _zend_mm_alloc_int but I'll hold back on reporting it for the moment.
 [2007-02-20 13:26 UTC]
Thanks. Feel free to reopen the report if you find something.
PHP Copyright © 2001-2023 The PHP Group
All rights reserved.
Last updated: Sat Feb 04 08:08:49 2023 UTC