PHP :: Bug #43834 :: zend_mm_shutdown

Bug #43834

zend_mm_shutdown - Apache Crash

Submitted:

2008-01-14 00:07 UTC

Modified:

2008-02-10 01:00 UTC

Votes:	7
Avg. Score:	5.0 ± 0.0
Reproduced:	7 of 7 (100.0%)
Same Version:	3 (42.9%)
Same OS:	5 (71.4%)

From:

jaco at jump dot co dot za

Assigned:

Status:

No Feedback

Package:

Scripting Engine problem

PHP Version:

5.2CVS-2008-01-14 (snap)

OS:

Windows 2003

Private report:

CVE-ID:

None

View Developer Edit

[2008-01-14 00:07 UTC] jaco at jump dot co dot za

Description:
------------
On random apache crashes, the following is in the event log:

Faulting application httpd.exe, version 2.2.4.0, faulting module php5ts.dll, version 5.2.5.5, fault address 0x0000adae.

The fault address is always: 0x0000adae and 0x0000acb9

The following dump was created by dr watson:

*----> State Dump for Thread Id 0xc68 <----*

eax=030f011c ebx=016616f8 ecx=000a2168 edx=1a943ff8 esi=fe5415dc edi=00030000
eip=006aadae esp=03c2fad0 ebp=03c2fae0 iopl=0         nv up ei ng nz ac pe cy
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00010293

function: php5ts!zend_mm_shutdown
        006aad93 8b03             mov     eax,[ebx]
        006aad95 8b4d0c           mov     ecx,[ebp+0xc]
        006aad98 03c8             add     ecx,eax
        006aad9a 894d0c           mov     [ebp+0xc],ecx
        006aad9d 8bf9             mov     edi,ecx
        006aad9f 8b4604           mov     eax,[esi+0x4]
        006aada2 a801             test    al,0x1
        006aada4 0f85a7010000     jne     php5ts!zend_mm_shutdown+0x11e1 (006aaf51)
        006aadaa 24fc             and     al,0xfc
        006aadac 2bf0             sub     esi,eax
FAULT ->006aadae 8b7e08           mov     edi,[esi+0x8]     ds:0023:fe5415e4=????????
        006aadb1 8b5e0c           mov     ebx,[esi+0xc]
        006aadb4 3bfe             cmp     edi,esi
        006aadb6 0f85b4000000     jne     php5ts!zend_mm_shutdown+0x1100 (006aae70)
        006aadbc 3bde             cmp     ebx,esi
        006aadbe 740d             jz      php5ts!zend_mm_shutdown+0x105d (006aadcd)
        006aadc0 68cc629500       push    0x9562cc
        006aadc5 e886f5ffff       call    php5ts!zend_mm_shutdown+0x5e0 (006aa350)
        006aadca 83c404           add     esp,0x4
        006aadcd 8b5618           mov     edx,[esi+0x18]
        006aadd0 33c9             xor     ecx,ecx

*----> Stack Back Trace <----*
ChildEBP RetAddr  Args to Child              
WARNING: Stack unwind information not available. Following frames may be wrong.
03c2fae0 006abce9 1a9424d0 00030000 00755f17 php5ts!zend_mm_shutdown+0x103e
77bbce33 e877ba20 0000b685 8508758b ac840ff6 php5ts!efree+0x39
e868186a 00000000 00000000 00000000 00000000 0xe877ba20

I have installed the latest snapshot, and this is still happening.


Reproduce code:
---------------
I am not able to reproduce this code, this only happens on the production server, with more than 4 million records in the database, every page I tested does not cause this to happen, so I am now thinking that this might be caused by specific data coming from mysql

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2008-01-14 06:45 UTC] jaco at jump dot co dot za

I finally got the symbol files to work, and the stack trace looks a bit different now:

function: php5ts!_zend_mm_free_int
        006aac9b 33c9             xor     ecx,ecx
        006aac9d 8b4718           mov     eax,[edi+0x18]
        006aaca0 85c0             test    eax,eax
        006aaca2 0f95c1           setne   cl
        006aaca5 8d448f14         lea     eax,[edi+ecx*4+0x14]
        006aaca9 8b4c8f14         mov     ecx,[edi+ecx*4+0x14]
        006aacad 85c9             test    ecx,ecx
        006aacaf 75e6             jnz     php5ts!_zend_mm_free_int+0x117 (006aac97)
        006aacb1 c70200000000     mov     dword ptr [edx],0x0
        006aacb7 eb6f             jmp     php5ts!_zend_mm_free_int+0x1a8 (006aad28)
FAULT ->006aacb9 395f0c           cmp     [edi+0xc],ebx     ds:0023:0000000c=????????
        006aacbc 7505             jnz     php5ts!_zend_mm_free_int+0x143 (006aacc3)
        006aacbe 395908           cmp     [ecx+0x8],ebx
        006aacc1 7410             jz      php5ts!_zend_mm_free_int+0x153 (006aacd3)
        006aacc3 68cc629500       push    0x9562cc
        006aacc8 e883f6ffff       call    php5ts!zend_mm_panic (006aa350)
        006aaccd 8b4dfc           mov     ecx,[ebp-0x4]
        006aacd0 83c404           add     esp,0x4
        006aacd3 894f0c           mov     [edi+0xc],ecx
        006aacd6 897908           mov     [ecx+0x8],edi
        006aacd9 8b03             mov     eax,[ebx]

*----> Stack Back Trace <----*
ChildEBP RetAddr  Args to Child              
0236fae0 006abce9 080dab18 00020000 00755f17 php5ts!_zend_mm_free_int+0x139 (CONV: cdecl)
0236faec 00755f17 01253a20 0b936cac 00735f13 php5ts!_efree+0x39 (FPO: [1,0,0]) (CONV: cdecl)
0236faf8 00735f13 01253a78 0b936d20 0073a117 php5ts!_zval_dtor_func+0x27 (FPO: [1,0,1]) (CONV: cdecl)
0236fb04 0073a117 0b936cac 0b937348 0b927c00 php5ts!_zval_ptr_dtor+0x23 (FPO: [1,0,1]) (CONV: cdecl)
0236fb1c 00755f49 0b927c60 0b937354 00735f13 php5ts!zend_hash_destroy+0x27 (FPO: [EBP 0x0b927a40] [1,0,4]) (CONV: cdecl)
0236fb28 00735f13 0b927c00 0b937420 0073a1a3 php5ts!_zval_dtor_func+0x59 (FPO: [1,0,1]) (CONV: cdecl)
0236fb34 0073a1a3 0b937354 0b925718 0236fc10 php5ts!_zval_ptr_dtor+0x23 (FPO: [1,0,1]) (CONV: cdecl)
0236fb4c 006bce7b 0b927a40 00000000 0b91f89e php5ts!zend_hash_clean+0x23 (FPO: [EBP 0x0236fbb4] [1,0,4]) (CONV: cdecl)
0236fb94 006bc465 0236fbb4 080d98a0 006bc3e5 php5ts!zend_do_fcall_common_helper_SPEC+0xa0b (FPO: [EBP 0x0236fb98] [2,12,4]) (CONV: cdecl)
0236fba0 006bc3e5 0236fbb4 080d98a0 080d98a0 php5ts!ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER+0x15 (FPO: [2,0,0]) (CONV: cdecl)
0236fc28 0075b9fd 00000008 080d98a0 00000000 php5ts!execute+0x1c5 (FPO: [EBP 0x0b920598] [2,16,3]) (CONV: cdecl)
0236fc58 006abca9 7c827d0b 00000040 000006f4 php5ts!php_execute_script+0x20d (CONV: cdecl)
0236fc5c 7c827d0b 00000040 000006f4 00000000 php5ts!_emalloc+0x39 (FPO: [1,0,0]) (CONV: cdecl)
WARNING: Stack unwind information not available. Following frames may be wrong.
0236fc6c 77e61d43 08112da8 00000000 0236fcb8 ntdll!NtWaitForSingleObject+0xc
00000000 00000000 00000000 00000000 00000000 kernel32!WaitForSingleObjectEx+0xad

[2008-01-14 07:10 UTC] jaco at jump dot co dot za

I got this in the user.dmp file:

In user.dmp the assembly instruction at php5ts!_zend_mm_free_int+139 in C:\WINDOWS\system32\php5ts.dll from The PHP Group has caused an access violation exception (0xC0000005) when trying to read from memory location 0x697a6f59 on thread 7

[2008-01-28 23:37 UTC] tony2001@php.net

Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves. 

A proper reproducing script starts with <?php and ends with ?>,
is max. 10-20 lines long and does not require any external 
resources such as databases, etc. If the script requires a 
database to demonstrate the issue, please make sure it creates 
all necessary tables, stored procedures etc.

Please avoid embedding huge scripts into the report.

[2008-01-31 07:18 UTC] jaco at jump dot co dot za

I am unable to privide any code to re-produce this proplem. The best I could figure out up to know is that the get_browser() function together with the browscap.ini on windows on a busy website is not a good idea.

The bug does not appear every time, but after I removed all get_browser() code from the site, the server did not crash again. We get about 500,000 page impressions per day, and the error occured about 10-15 times a day.

[2008-02-02 20:29 UTC] jani@php.net

Please try using this CVS snapshot:

  http://snaps.php.net/php5.3-latest.tar.gz
 
For Windows (zip):
 
  http://snaps.php.net/win32/php5.3-win32-latest.zip

For Windows (installer):

  http://snaps.php.net/win32/php5.3-win32-installer-latest.msi

[2008-02-10 01:00 UTC] php-bugs at lists dot php dot net

No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".

[2010-04-11 00:42 UTC] qq12345 at web dot de

For me the same:
Since update to PHP 5.3.1 in conjunction with Apache 2.2.14

We have only 100 page impressions per day.
By random per day around 4 crashes.

Modul: php5ts.dll
In the dump:
Funktion: php5ts!zend_mm_shutdown
        00dcc1b1 45               inc     ebp
        00dcc1b2 14ba             adc     al,0xba
        00dcc1b4 0100             add     [eax],eax
        00dcc1b6 0000             add     [eax],al
        00dcc1b8 8bcf             mov     ecx,edi
        00dcc1ba d3e2             shl     edx,cl
        00dcc1bc f7d2             not     edx
        00dcc1be 23c2             and     eax,edx
        00dcc1c0 894514           mov     [ebp+0x14],eax
        00dcc1c3 e90d010000       jmp     php5ts!zend_mm_shutdown+0x1065 (00dcc2d5)
        00dcc1c8 8b4f18           mov     ecx,[edi+0x18]
        00dcc1cb 33c0             xor     eax,eax
        00dcc1cd 85c9             test    ecx,ecx
        00dcc1cf 0f95c0           setne   al
        00dcc1d2 8b4c8714         mov     ecx,[edi+eax*4+0x14]
        00dcc1d6 8d448714         lea     eax,[edi+eax*4+0x14]
        00dcc1da 85c9             test    ecx,ecx
        00dcc1dc 741a             jz      php5ts!zend_mm_shutdown+0xf88 (00dcc1f8)
        00dcc1de 8bf9             mov     edi,ecx
        00dcc1e0 8bd0             mov     edx,eax
        00dcc1e2 33c9             xor     ecx,ecx
        00dcc1e4 8b4718           mov     eax,[edi+0x18]
        00dcc1e7 85c0             test    eax,eax
        00dcc1e9 0f95c1           setne   cl
        00dcc1ec 8d448f14         lea     eax,[edi+ecx*4+0x14]
        00dcc1f0 8b4c8f14         mov     ecx,[edi+ecx*4+0x14]
        00dcc1f4 85c9             test    ecx,ecx
        00dcc1f6 75e6             jnz     php5ts!zend_mm_shutdown+0xf6e (00dcc1de)
        00dcc1f8 c70200000000     mov     dword ptr [edx],0x0
        00dcc1fe eb6a             jmp     php5ts!zend_mm_shutdown+0xffa (00dcc26a)
FEHLER ->00dcc200 395f0c           cmp     [edi+0xc],ebx     ds:0023:0000000c=????????
        00dcc203 7505             jnz     php5ts!zend_mm_shutdown+0xf9a (00dcc20a)
        00dcc205 395908           cmp     [ecx+0x8],ebx
        00dcc208 7411             jz      php5ts!zend_mm_shutdown+0xfab (00dcc21b)
        00dcc20a 68c4cc1301       push    0x113ccc4
        00dcc20f e85cf6ffff       call    php5ts!zend_mm_shutdown+0x600 (00dcb870)
        00dcc214 8b4c2418         mov     ecx,[esp+0x18]
        00dcc218 83c404           add     esp,0x4
        00dcc21b 894f0c           mov     [edi+0xc],ecx
        00dcc21e 897908           mov     [ecx+0x8],edi
        00dcc221 8b03             mov     eax,[ebx]
        00dcc223 3d10010000       cmp     eax,0x110
        00dcc228 7339             jnb     php5ts!zend_mm_shutdown+0xff3 (00dcc263)
        00dcc22a 3bf9             cmp     edi,ecx
        00dcc22c 0f85a3000000     jne     php5ts!zend_mm_shutdown+0x1065 (00dcc2d5)
        00dcc232 c1e803           shr     eax,0x3
        00dcc235 83e802           sub     eax,0x2
        00dcc238 8b94c5d0000000   mov     edx,[ebp+eax*8+0xd0]
        00dcc23f 8b8cc5d4000000   mov     ecx,[ebp+eax*8+0xd4]
        00dcc246 3bd1             cmp     edx,ecx
        00dcc248 0f8587000000     jne     php5ts!zend_mm_shutdown+0x1065 (00dcc2d5)
        00dcc24e ba01000000       mov     edx,0x1
        00dcc253 8bc8             mov     ecx,eax
        00dcc255 8b4510           mov     eax,[ebp+0x10]
        00dcc258 d3e2             shl     edx,cl
        00dcc25a f7d2             not     edx
        00dcc25c 23c2             and     eax,edx
        00dcc25e 894510           mov     [ebp+0x10],eax
        00dcc261 eb72             jmp     php5ts!zend_mm_shutdown+0x1065 (00dcc2d5)
        00dcc263 8b4310           mov     eax,[ebx+0x10]
        00dcc266 85c0             test    eax,eax
---------------------
Anwendungsausnahme aufgetreten:
        Anwendung: ....\xampp\apache\bin\httpd.exe (pid=2804)
        Wann: 31.03.2010 @ 04:58:57.478
        Ausnahmenummer: c0000005 (Zugriffsverletzung)
Funktion: php5ts!zend_mm_shutdown
        00dcc2a0 cc               int     3
        00dcc2a1 f5               cmc
        00dcc2a2 ffff             ???
        00dcc2a4 83c404           add     esp,0x4
        00dcc2a7 8b5714           mov     edx,[edi+0x14]
        00dcc2aa 8d4714           lea     eax,[edi+0x14]
        00dcc2ad 894210           mov     [edx+0x10],eax
        00dcc2b0 8b4318           mov     eax,[ebx+0x18]
        00dcc2b3 83c718           add     edi,0x18
        00dcc2b6 85c0             test    eax,eax
        00dcc2b8 8907             mov     [edi],eax
        00dcc2ba 7419             jz      php5ts!zend_mm_shutdown+0x1065 (00dcc2d5)
        00dcc2bc 8b4810           mov     ecx,[eax+0x10]
        00dcc2bf 3901             cmp     [ecx],eax
        00dcc2c1 740d             jz      php5ts!zend_mm_shutdown+0x1060 (00dcc2d0)
        00dcc2c3 68c4cc1301       push    0x113ccc4
        00dcc2c8 e8a3f5ffff       call    php5ts!zend_mm_shutdown+0x600 (00dcb870)
        00dcc2cd 83c404           add     esp,0x4
        00dcc2d0 8b17             mov     edx,[edi]
        00dcc2d2 897a10           mov     [edx+0x10],edi
        00dcc2d5 8b03             mov     eax,[ebx]
        00dcc2d7 8b4c2418         mov     ecx,[esp+0x18]
        00dcc2db 03c8             add     ecx,eax
        00dcc2dd 894c2418         mov     [esp+0x18],ecx
        00dcc2e1 8bf9             mov     edi,ecx
        00dcc2e3 8b4604           mov     eax,[esi+0x4]
        00dcc2e6 a801             test    al,0x1
        00dcc2e8 0f85a2010000     jne     php5ts!zend_mm_shutdown+0x1220 (00dcc490)
        00dcc2ee 24fc             and     al,0xfc
        00dcc2f0 2bf0             sub     esi,eax
FEHLER ->00dcc2f2 8b7e08           mov     edi,[esi+0x8]     ds:0023:feea64cc=????????
        00dcc2f5 8b5e0c           mov     ebx,[esi+0xc]
        00dcc2f8 3bfe             cmp     edi,esi
        00dcc2fa 0f85b3000000     jne     php5ts!zend_mm_shutdown+0x1143 (00dcc3b3)
        00dcc300 3bde             cmp     ebx,esi
        00dcc302 740d             jz      php5ts!zend_mm_shutdown+0x10a1 (00dcc311)
        00dcc304 68c4cc1301       push    0x113ccc4
        00dcc309 e862f5ffff       call    php5ts!zend_mm_shutdown+0x600 (00dcb870)
        00dcc30e 83c404           add     esp,0x4
        00dcc311 8b5618           mov     edx,[esi+0x18]
        00dcc314 33c9             xor     ecx,ecx
        00dcc316 85d2             test    edx,edx
        00dcc318 0f95c1           setne   cl
        00dcc31b 8b7c8e14         mov     edi,[esi+ecx*4+0x14]
        00dcc31f 8d548e14         lea     edx,[esi+ecx*4+0x14]
        00dcc323 85ff             test    edi,edi
        00dcc325 7554             jnz     php5ts!zend_mm_shutdown+0x110b (00dcc37b)
        00dcc327 8b16             mov     edx,[esi]
        00dcc329 89542414         mov     [esp+0x14],edx
        00dcc32d 0fbd442414       bsr     eax,[esp+0x14]
        00dcc332 8bf8             mov     edi,eax
        00dcc334 8b4610           mov     eax,[esi+0x10]
        00dcc337 3930             cmp     [eax],esi
        00dcc339 740d             jz      php5ts!zend_mm_shutdown+0x10d8 (00dcc348)
        00dcc33b 68c4cc1301       push    0x113ccc4
        00dcc340 e82bf5ffff       call    php5ts!zend_mm_shutdown+0x600 (00dcb870)
        00dcc345 83c404           add     esp,0x4
        00dcc348 8b4e10           mov     ecx,[esi+0x10]
        00dcc34b 8d94bdd0010000   lea     edx,[ebp+edi*4+0x1d0]
        00dcc352 c70100000000     mov     dword ptr [ecx],0x0
        00dcc358 8b4610           mov     eax,[esi+0x10]
---------------------------------
Anwendungsausnahme aufgetreten:
        Anwendung: ...\xampp\apache\bin\httpd.exe (pid=3184)
        Wann: 31.03.2010 @ 05:08:57.478
        Ausnahmenummer: c0000005 (Zugriffsverletzung)
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for C:\avinotec\xampp\php\php5ts.dll - 
Funktion: php5ts!zend_mm_shutdown
        00dcc1b1 45               inc     ebp
        00dcc1b2 14ba             adc     al,0xba
        00dcc1b4 0100             add     [eax],eax
        00dcc1b6 0000             add     [eax],al
        00dcc1b8 8bcf             mov     ecx,edi
        00dcc1ba d3e2             shl     edx,cl
        00dcc1bc f7d2             not     edx
        00dcc1be 23c2             and     eax,edx
        00dcc1c0 894514           mov     [ebp+0x14],eax
        00dcc1c3 e90d010000       jmp     php5ts!zend_mm_shutdown+0x1065 (00dcc2d5)
        00dcc1c8 8b4f18           mov     ecx,[edi+0x18]
        00dcc1cb 33c0             xor     eax,eax
        00dcc1cd 85c9             test    ecx,ecx
        00dcc1cf 0f95c0           setne   al
        00dcc1d2 8b4c8714         mov     ecx,[edi+eax*4+0x14]
        00dcc1d6 8d448714         lea     eax,[edi+eax*4+0x14]
        00dcc1da 85c9             test    ecx,ecx
        00dcc1dc 741a             jz      php5ts!zend_mm_shutdown+0xf88 (00dcc1f8)
        00dcc1de 8bf9             mov     edi,ecx
        00dcc1e0 8bd0             mov     edx,eax
        00dcc1e2 33c9             xor     ecx,ecx
        00dcc1e4 8b4718           mov     eax,[edi+0x18]
        00dcc1e7 85c0             test    eax,eax
        00dcc1e9 0f95c1           setne   cl
        00dcc1ec 8d448f14         lea     eax,[edi+ecx*4+0x14]
        00dcc1f0 8b4c8f14         mov     ecx,[edi+ecx*4+0x14]
        00dcc1f4 85c9             test    ecx,ecx
        00dcc1f6 75e6             jnz     php5ts!zend_mm_shutdown+0xf6e (00dcc1de)
        00dcc1f8 c70200000000     mov     dword ptr [edx],0x0
        00dcc1fe eb6a             jmp     php5ts!zend_mm_shutdown+0xffa (00dcc26a)
FEHLER ->00dcc200 395f0c           cmp     [edi+0xc],ebx     ds:0023:00000010=????????
        00dcc203 7505             jnz     php5ts!zend_mm_shutdown+0xf9a (00dcc20a)
        00dcc205 395908           cmp     [ecx+0x8],ebx
        00dcc208 7411             jz      php5ts!zend_mm_shutdown+0xfab (00dcc21b)
        00dcc20a 68c4cc1301       push    0x113ccc4
        00dcc20f e85cf6ffff       call    php5ts!zend_mm_shutdown+0x600 (00dcb870)
        00dcc214 8b4c2418         mov     ecx,[esp+0x18]
        00dcc218 83c404           add     esp,0x4
        00dcc21b 894f0c           mov     [edi+0xc],ecx
        00dcc21e 897908           mov     [ecx+0x8],edi
        00dcc221 8b03             mov     eax,[ebx]
        00dcc223 3d10010000       cmp     eax,0x110
        00dcc228 7339             jnb     php5ts!zend_mm_shutdown+0xff3 (00dcc263)
        00dcc22a 3bf9             cmp     edi,ecx
        00dcc22c 0f85a3000000     jne     php5ts!zend_mm_shutdown+0x1065 (00dcc2d5)
        00dcc232 c1e803           shr     eax,0x3
        00dcc235 83e802           sub     eax,0x2
        00dcc238 8b94c5d0000000   mov     edx,[ebp+eax*8+0xd0]
        00dcc23f 8b8cc5d4000000   mov     ecx,[ebp+eax*8+0xd4]
        00dcc246 3bd1             cmp     edx,ecx
        00dcc248 0f8587000000     jne     php5ts!zend_mm_shutdown+0x1065 (00dcc2d5)
        00dcc24e ba01000000       mov     edx,0x1
        00dcc253 8bc8             mov     ecx,eax
        00dcc255 8b4510           mov     eax,[ebp+0x10]
        00dcc258 d3e2             shl     edx,cl
        00dcc25a f7d2             not     edx
        00dcc25c 23c2             and     eax,edx
        00dcc25e 894510           mov     [ebp+0x10],eax
        00dcc261 eb72             jmp     php5ts!zend_mm_shutdown+0x1065 (00dcc2d5)
        00dcc263 8b4310           mov     eax,[ebx+0x10]
        00dcc266 85c0             test    eax,eax
---------------------------
Anwendungsausnahme aufgetreten:
        Anwendung: ....\xampp\apache\bin\httpd.exe (pid=1392)
        Wann: 31.03.2010 @ 10:28:57.510
        Ausnahmenummer: c0000005 (Zugriffsverletzung)
Funktion: php5ts!zend_mm_shutdown
        00dcc1b1 45               inc     ebp
        00dcc1b2 14ba             adc     al,0xba
        00dcc1b4 0100             add     [eax],eax
        00dcc1b6 0000             add     [eax],al
        00dcc1b8 8bcf             mov     ecx,edi
        00dcc1ba d3e2             shl     edx,cl
        00dcc1bc f7d2             not     edx
        00dcc1be 23c2             and     eax,edx
        00dcc1c0 894514           mov     [ebp+0x14],eax
        00dcc1c3 e90d010000       jmp     php5ts!zend_mm_shutdown+0x1065 (00dcc2d5)
        00dcc1c8 8b4f18           mov     ecx,[edi+0x18]
        00dcc1cb 33c0             xor     eax,eax
        00dcc1cd 85c9             test    ecx,ecx
        00dcc1cf 0f95c0           setne   al
        00dcc1d2 8b4c8714         mov     ecx,[edi+eax*4+0x14]
        00dcc1d6 8d448714         lea     eax,[edi+eax*4+0x14]
        00dcc1da 85c9             test    ecx,ecx
        00dcc1dc 741a             jz      php5ts!zend_mm_shutdown+0xf88 (00dcc1f8)
        00dcc1de 8bf9             mov     edi,ecx
        00dcc1e0 8bd0             mov     edx,eax
        00dcc1e2 33c9             xor     ecx,ecx
        00dcc1e4 8b4718           mov     eax,[edi+0x18]
        00dcc1e7 85c0             test    eax,eax
        00dcc1e9 0f95c1           setne   cl
        00dcc1ec 8d448f14         lea     eax,[edi+ecx*4+0x14]
        00dcc1f0 8b4c8f14         mov     ecx,[edi+ecx*4+0x14]
        00dcc1f4 85c9             test    ecx,ecx
        00dcc1f6 75e6             jnz     php5ts!zend_mm_shutdown+0xf6e (00dcc1de)
        00dcc1f8 c70200000000     mov     dword ptr [edx],0x0
        00dcc1fe eb6a             jmp     php5ts!zend_mm_shutdown+0xffa (00dcc26a)
FEHLER ->00dcc200 395f0c           cmp     [edi+0xc],ebx     ds:0023:0000010c=????????
        00dcc203 7505             jnz     php5ts!zend_mm_shutdown+0xf9a (00dcc20a)
        00dcc205 395908           cmp     [ecx+0x8],ebx
        00dcc208 7411             jz      php5ts!zend_mm_shutdown+0xfab (00dcc21b)
        00dcc20a 68c4cc1301       push    0x113ccc4
        00dcc20f e85cf6ffff       call    php5ts!zend_mm_shutdown+0x600 (00dcb870)
        00dcc214 8b4c2418         mov     ecx,[esp+0x18]
        00dcc218 83c404           add     esp,0x4
        00dcc21b 894f0c           mov     [edi+0xc],ecx
        00dcc21e 897908           mov     [ecx+0x8],edi
        00dcc221 8b03             mov     eax,[ebx]
        00dcc223 3d10010000       cmp     eax,0x110
        00dcc228 7339             jnb     php5ts!zend_mm_shutdown+0xff3 (00dcc263)
        00dcc22a 3bf9             cmp     edi,ecx
        00dcc22c 0f85a3000000     jne     php5ts!zend_mm_shutdown+0x1065 (00dcc2d5)
        00dcc232 c1e803           shr     eax,0x3
        00dcc235 83e802           sub     eax,0x2
        00dcc238 8b94c5d0000000   mov     edx,[ebp+eax*8+0xd0]
        00dcc23f 8b8cc5d4000000   mov     ecx,[ebp+eax*8+0xd4]
        00dcc246 3bd1             cmp     edx,ecx
        00dcc248 0f8587000000     jne     php5ts!zend_mm_shutdown+0x1065 (00dcc2d5)
        00dcc24e ba01000000       mov     edx,0x1
        00dcc253 8bc8             mov     ecx,eax
        00dcc255 8b4510           mov     eax,[ebp+0x10]
        00dcc258 d3e2             shl     edx,cl
        00dcc25a f7d2             not     edx
        00dcc25c 23c2             and     eax,edx
        00dcc25e 894510           mov     [ebp+0x10],eax
        00dcc261 eb72             jmp     php5ts!zend_mm_shutdown+0x1065 (00dcc2d5)
        00dcc263 8b4310           mov     eax,[ebx+0x10]
        00dcc266 85c0             test    eax,eax
------------------
Apache/2.2.14 (Win32) mod_ssl/2.2.14 OpenSSL/0.9.8l
PHP Version 5.3.1

[2012-01-30 17:26 UTC] neweracracker at gmail dot com

I can also reproduce this bug, this happens when php code is ran under high concurrency.

Apache bench utility could be used to reproduce this,

Apache must be configured to use 32 ThreadsPerChild in order for this to be reproducible with fewer concurrent connections.

Test Script:
<?php
$link = mysqli_connect('127.0.0.1','root','password');
mysqli_close($link);
echo 'OK';
?>

Apache bench:
ab -n 1000 -c 500 http://127.0.0.1/test.php

[2012-02-01 11:20 UTC] neweracracker at gmail dot com

A workaround to this issue is to create an environment variable named USE_ZEND_ALLOC and set it to "0" (without quotes).

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Tue Oct 28 18:00:01 2025 UTC