PHP :: Bug #45542 :: call_user_function_ex in separate thread causes segfault

Bug #45542	call_user_function_ex in separate thread causes segfault
Submitted:	2008-07-17 10:58 UTC	Modified:	2008-07-21 21:14 UTC
From:	cnorthcote at underground dot co dot uk	Assigned:
Status:	Not a bug	Package:	Scripting Engine problem
PHP Version:	5.2.6	OS:	Debian Linux
Private report:	No	CVE-ID:	None

View Developer Edit

[2008-07-17 10:58 UTC] cnorthcote at underground dot co dot uk

Description:
------------
I am developing an in-house extension which executes call_user_function_ex() within a seperate thread from the main PHP executable.

When this function is called, there is a segmentation in free().

I am also able to reproduce this on Debian stable (Etch) as well.

PHP was configured with --enable-debug --enable-maintainer-zts.

Reproduce code:
---------------
See http://pastebin.com/m2ddefa48

Expected result:
----------------
The thread should be run (it is), and "Hello World!" printed to the screen.

Actual result:
--------------
Thread starts, then:

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1213146192 (LWP 9615)]
0xb7cf2abe in free () from /lib/tls/i686/cmov/libc.so.6
(gdb) bt
#0  0xb7cf2abe in free () from /lib/tls/i686/cmov/libc.so.6
#1  0xb7cf49ef in malloc () from /lib/tls/i686/cmov/libc.so.6
#2  0x082c6b7a in allocate_new_resource (thread_resources_ptr=0x84a105c, thread_id=3081821104)
    at /home/ugr/php-5.2.6/TSRM/TSRM.c:275
#3  0x082c6e02 in ts_resource_ex (id=0, th_id=0x0) at /home/ugr/php-5.2.6/TSRM/TSRM.c:361
#4  0x0830cb39 in _emalloc (size=8, __zend_filename=0x8473abc "/home/ugr/php-5.2.6/Zend/zend_operators.h",
    __zend_lineno=296, __zend_orig_filename=0x0, __zend_orig_lineno=0)
    at /home/ugr/php-5.2.6/Zend/zend_alloc.c:2277
#5  0x08321fbd in zend_str_tolower_dup (source=0x859edd8 "test_userfunc", length=7)
    at /home/ugr/php-5.2.6/Zend/zend_operators.h:296
#6  0x08320ef1 in zend_call_function (fci=0xb7b0d3e4, fci_cache=0x0, tsrm_ls=0x84a1050)
    at /home/ugr/php-5.2.6/Zend/zend_execute_API.c:848
#7  0x08320075 in call_user_function_ex (function_table=0x84a2438, object_pp=0x0, function_name=0x859ebc0,
    retval_ptr_ptr=0xb7b0d448, param_count=0, params=0x0, no_separation=0, symbol_table=0x0, tsrm_ls=0x84a1050)
    at /home/ugr/php-5.2.6/Zend/zend_execute_API.c:640
#8  0xb7f781a0 in userfunc_execute (args=0x859edc8) at /home/ugr/php_ugmt/ugmt.c:160
#9  0xb7dc4240 in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#10 0xb7d5849e in clone () from /lib/tls/i686/cmov/libc.so.6

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2008-07-21 21:14 UTC] jani@php.net

See http://pecl.php.net/package/threads
This is not any PHP bug per se. Just bad code.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Thu Nov 27 19:00:01 2025 UTC