|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2009-05-02 21:14 UTC] jani@php.net
|
|||||||||||||||||||||||||||
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Sat Dec 21 13:01:31 2024 UTC |
Description: ------------ Using SNMP will cause a segfault. Tested with 5.2.9, 5.3.0RC1 and 5.3CVS(2009-05-02). PHP 5.2.9: works correctly 5.3.0RC1 and 5.3CVS: broken This issue could be related to #45405. Tested using cli using -n on a clean install of CentOS5.2 x86_64 with all updates and required development libs and removed all non-x86_64 arch-specific packages. Compiled with: --enbale-debug --enable-snmp=/usr Reproduce code: --------------- echo snmpget('localhost', 'public', 'sysDescr.0'); Expected result: ---------------- STRING: Linux phptest 2.6.18-128.1.6.el5 #1 SMP Wed Apr 1 09:10:25 EDT 2009 x86_64 Actual result: -------------- [root@phptest cli]# gdb ./php GNU gdb Fedora (6.8-27.el5) Copyright (C) 2008 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-redhat-linux-gnu"... (gdb) run -n -r "echo snmpget('localhost', 'public', 'sysDescr.0');" Starting program: /root/php-5.3.0RC1/sapi/cli/php -n -r "echo snmpget('localhost', 'public', 'sysDescr.0');" [Thread debugging using libthread_db enabled] [New Thread 0x2b88b101a7c0 (LWP 20328)] *** glibc detected *** /root/php-5.3.0RC1/sapi/cli/php: double free or corruption (!prev): 0x000000000ee53200 *** ======= Backtrace: ========= /lib64/libc.so.6[0x3c94e71ce2] /lib64/libc.so.6(cfree+0x8c)[0x3c94e7590c] /root/php-5.3.0RC1/sapi/cli/php[0x5f433f] /root/php-5.3.0RC1/sapi/cli/php[0x5f5146] /root/php-5.3.0RC1/sapi/cli/php[0x5f5194] /root/php-5.3.0RC1/sapi/cli/php[0x7cc762] /root/php-5.3.0RC1/sapi/cli/php[0x7d21c5] /root/php-5.3.0RC1/sapi/cli/php(execute+0x333)[0x7cb9ae] /root/php-5.3.0RC1/sapi/cli/php(zend_eval_string+0x1b5)[0x78d204] /root/php-5.3.0RC1/sapi/cli/php(zend_eval_string_ex+0x28)[0x78d3af] /root/php-5.3.0RC1/sapi/cli/php[0x885f4f] /lib64/libc.so.6(__libc_start_main+0xf4)[0x3c94e1d974] /root/php-5.3.0RC1/sapi/cli/php(realloc+0x481)[0x41e279] ======= Memory map: ======== 00400000-00bc8000 r-xp 00000000 fd:00 97790 /root/php-5.3.0RC1/sapi/cli/php 00dc8000-00dd4000 rw-p 007c8000 fd:00 97790 /root/php-5.3.0RC1/sapi/cli/php 00dd4000-00dee000 rw-p 00dd4000 00:00 0 0ebf5000-0ee73000 rw-p 0ebf5000 00:00 0 [heap] 3c94a00000-3c94a1c000 r-xp 00000000 fd:00 133736 /lib64/ld-2.5.so 3c94c1b000-3c94c1c000 r--p 0001b000 fd:00 133736 /lib64/ld-2.5.so 3c94c1c000-3c94c1d000 rw-p 0001c000 fd:00 133736 /lib64/ld-2.5.so 3c94e00000-3c94f4c000 r-xp 00000000 fd:00 133737 /lib64/libc-2.5.so 3c94f4c000-3c9514c000 ---p 0014c000 fd:00 133737 /lib64/libc-2.5.so 3c9514c000-3c95150000 r--p 0014c000 fd:00 133737 /lib64/libc-2.5.so 3c95150000-3c95151000 rw-p 00150000 fd:00 133737 /lib64/libc-2.5.so 3c95151000-3c95156000 rw-p 3c95151000 00:00 0 3c95200000-3c95202000 r-xp 00000000 fd:00 133738 /lib64/libdl-2.5.so 3c95202000-3c95402000 ---p 00002000 fd:00 133738 /lib64/libdl-2.5.so 3c95402000-3c95403000 r--p 00002000 fd:00 133738 /lib64/libdl-2.5.so 3c95403000-3c95404000 rw-p 00003000 fd:00 133738 /lib64/libdl-2.5.so 3c95600000-3c95682000 r-xp 00000000 fd:00 133742 /lib64/libm-2.5.so 3c95682000-3c95881000 ---p 00082000 fd:00 133742 /lib64/libm-2.5.so 3c95881000-3c95882000 r--p 00081000 fd:00 133742 /lib64/libm-2.5.so 3c95882000-3c95883000 rw-p 00082000 fd:00 133742 /lib64/libm-2.5.so 3c95a00000-3c95a90000 r-xp 00000000 fd:00 206002 /usr/lib64/libnetsnmp.so.10.0.3 3c95a90000-3c95c8f000 ---p 00090000 fd:00 206002 /usr/lib64/libnetsnmp.so.10.0.3 3c95c8f000-3c95c93000 rw-p 0008f000 fd:00 206002 /usr/lib64/libnetsnmp.so.10.0.3 3c95c93000-3c95cc7000 rw-p 3c95c93000 00:00 0 3c96600000-3c96614000 r-xp 00000000 fd:00 230464 /usr/lib64/libz.so.1.2.3 3c96614000-3c96813000 ---p 00014000 fd:00 230464 /usr/lib64/libz.so.1.2.3 3c96813000-3c96814000 rw-p 00013000 fd:00 230464 /usr/lib64/libz.so.1.2.3 3c96a00000-3c96a07000 r-xp 00000000 fd:00 133744 /lib64/librt-2.5.so 3c96a07000-3c96c07000 ---p 00007000 fd:00 133744 /lib64/librt-2.5.so 3c96c07000-3c96c08000 r--p 00007000 fd:00 133744 /lib64/librt-2.5.so 3c96c08000-3c96c09000 rw-p 00008000 fd:00 133744 /lib64/librt-2.5.so 3c96e00000-3c96e0d000 r-xp 00000000 fd:00 133745 /lib64/libgcc_s-4.1.2-20080825.so.1 3c96e0d000-3c9700d000 ---p 0000d000 fd:00 133745 /lib64/libgcc_s-4.1.2-20080825.so.1 3c9700d000-3c9700e000 rw-p 0000d000 fd:00 133745 /lib64/libgcc_s-4.1.2-20080825.so.1 3c97200000-3c97215000 r-xp 00000000 fd:00 387260 /lib64/libnsl-2.5.so 3c97215000-3c97414000 ---p 00015000 fd:00 387260 /lib64/libnsl-2.5.so 3c97414000-3c97415000 r--p 00014000 fd:00 387260 /lib64/libnsl-2.5.so 3c9741500 Program received signal SIGABRT, Aborted. 0x0000003c94e30215 in raise () from /lib64/libc.so.6 (gdb) bt #0 0x0000003c94e30215 in raise () from /lib64/libc.so.6 #1 0x0000003c94e31cc0 in abort () from /lib64/libc.so.6 #2 0x0000003c94e6a7fb in __libc_message () from /lib64/libc.so.6 #3 0x0000003c94e71ce2 in _int_free () from /lib64/libc.so.6 #4 0x0000003c94e7590c in free () from /lib64/libc.so.6 #5 0x00000000005f433f in php_snmp_internal (ht=3, return_value=0xee30148, return_value_ptr=0x0, this_ptr=0x0, return_value_used=1, st=1, session=0x7ffff9ec0e00, objid=0xee300e8 "sysDescr.0", type=0 '\0', value=0x0) at /root/php-5.3.0RC1/ext/snmp/snmp.c:658 #6 0x00000000005f5146 in php_snmp (ht=3, return_value=0xee30148, return_value_ptr=0x0, this_ptr=0x0, return_value_used=1, st=1, version=0) at /root/php-5.3.0RC1/ext/snmp/snmp.c:854 #7 0x00000000005f5194 in zif_snmpget (ht=3, return_value=0xee30148, return_value_ptr=0x0, this_ptr=0x0, return_value_used=1) at /root/php-5.3.0RC1/ext/snmp/snmp.c:862 #8 0x00000000007cc762 in zend_do_fcall_common_helper_SPEC (execute_data=0x2b88b4899090) at /root/php-5.3.0RC1/Zend/zend_vm_execute.h:313 #9 0x00000000007d21c5 in ZEND_DO_FCALL_SPEC_CONST_HANDLER (execute_data=0x2b88b4899090) at /root/php-5.3.0RC1/Zend/zend_vm_execute.h:1616 #10 0x00000000007cb9ae in execute (op_array=0xee2f700) at /root/php-5.3.0RC1/Zend/zend_vm_execute.h:104 #11 0x000000000078d204 in zend_eval_string (str=0x7ffff9ec1be0 "echo snmpget('localhost', 'public', 'sysDescr.0');", retval_ptr=0x0, string_name=0xb6e87c "Command line code") at /root/php-5.3.0RC1/Zend/zend_execute_API.c:1157 #12 0x000000000078d3af in zend_eval_string_ex (str=0x7ffff9ec1be0 "echo snmpget('localhost', 'public', 'sysDescr.0');", retval_ptr=0x0, string_name=0xb6e87c "Command line code", handle_exceptions=1) at /root/php-5.3.0RC1/Zend/zend_execute_API.c:1192 #13 0x0000000000885f4f in main (argc=4, argv=0x7ffff9ec1878) at /root/php-5.3.0RC1/sapi/cli/php_cli.c:1198 (gdb) frame 0 #0 0x0000003c94e30215 in raise () from /lib64/libc.so.6 (gdb) frame 1 #1 0x0000003c94e31cc0 in abort () from /lib64/libc.so.6 (gdb) frame 2 #2 0x0000003c94e6a7fb in __libc_message () from /lib64/libc.so.6 (gdb) frame 3 #3 0x0000003c94e71ce2 in _int_free () from /lib64/libc.so.6 (gdb) frame 4 #4 0x0000003c94e7590c in free () from /lib64/libc.so.6 (gdb) frame 5 #5 0x00000000005f433f in php_snmp_internal (ht=3, return_value=0xee30148, return_value_ptr=0x0, this_ptr=0x0, return_value_used=1, st=1, session=0x7ffff9ec0e00, objid=0xee300e8 "sysDescr.0", type=0 '\0', value=0x0) at /root/php-5.3.0RC1/ext/snmp/snmp.c:658 658 snmp_free_pdu(pdu); (gdb) frame 6 #6 0x00000000005f5146 in php_snmp (ht=3, return_value=0xee30148, return_value_ptr=0x0, this_ptr=0x0, return_value_used=1, st=1, version=0) at /root/php-5.3.0RC1/ext/snmp/snmp.c:854 854 php_snmp_internal(INTERNAL_FUNCTION_PARAM_PASSTHRU, st, &session, a3, type, value); (gdb) frame 7 #7 0x00000000005f5194 in zif_snmpget (ht=3, return_value=0xee30148, return_value_ptr=0x0, this_ptr=0x0, return_value_used=1) at /root/php-5.3.0RC1/ext/snmp/snmp.c:862 862 php_snmp(INTERNAL_FUNCTION_PARAM_PASSTHRU,SNMP_CMD_GET, SNMP_VERSION_1); (gdb) frame 8 #8 0x00000000007cc762 in zend_do_fcall_common_helper_SPEC (execute_data=0x2b88b4899090) at /root/php-5.3.0RC1/Zend/zend_vm_execute.h:313 313 ((zend_internal_function *) EX(function_state).function)->handler(opline->extended_value, EX_T(opline->result.u.var).var.ptr, EX(function_state).function->common.return_reference?&EX_T(opline->result.u.var).var.ptr:NULL, EX(object), RETURN_VALUE_USED(opline) TSRMLS_CC); (gdb) frame 9 #9 0x00000000007d21c5 in ZEND_DO_FCALL_SPEC_CONST_HANDLER (execute_data=0x2b88b4899090) at /root/php-5.3.0RC1/Zend/zend_vm_execute.h:1616 1616 return zend_do_fcall_common_helper_SPEC(ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); (gdb) frame 10 #10 0x00000000007cb9ae in execute (op_array=0xee2f700) at /root/php-5.3.0RC1/Zend/zend_vm_execute.h:104 104 if ((ret = EX(opline)->handler(execute_data TSRMLS_CC)) > 0) { (gdb) frame 11 #11 0x000000000078d204 in zend_eval_string (str=0x7ffff9ec1be0 "echo snmpget('localhost', 'public', 'sysDescr.0');", retval_ptr=0x0, string_name=0xb6e87c "Command line code") at /root/php-5.3.0RC1/Zend/zend_execute_API.c:1157 1157 zend_execute(new_op_array TSRMLS_CC); (gdb) frame 12 #12 0x000000000078d3af in zend_eval_string_ex (str=0x7ffff9ec1be0 "echo snmpget('localhost', 'public', 'sysDescr.0');", retval_ptr=0x0, string_name=0xb6e87c "Command line code", handle_exceptions=1) at /root/php-5.3.0RC1/Zend/zend_execute_API.c:1192 1192 result = zend_eval_string(str, retval_ptr, string_name TSRMLS_CC); (gdb) frame 13 #13 0x0000000000885f4f in main (argc=4, argv=0x7ffff9ec1878) at /root/php-5.3.0RC1/sapi/cli/php_cli.c:1198 1198 if (zend_eval_string_ex(exec_direct, NULL, "Command line code", 1 TSRMLS_CC) == FAILURE) { (gdb)