php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #56054 randomly coredump with function(){static array}
Submitted: 2004-05-10 04:35 UTC Modified: 2004-09-07 00:58 UTC
From: xuefer at 21cn dot com Assigned: rasmus (profile)
Status: Closed Package: APC (PECL)
PHP Version: 4.3.3 OS: linux
Private report: No CVE-ID: None
 [2004-05-10 04:35 UTC] xuefer at 21cn dot com
Description:
------------
0x4042b028 in zend_hash_index_update_or_next_insert (ht=0x82e96cc, h=1949380, 
    pData=0x0, nDataSize=4, pDest=0xbfffcf78, flag=0)
    at /home/oursky/src/php4-test/Zend/zend_hash.c:391
391     /home/oursky/src/php4-test/Zend/zend_hash.c: No such file or directory.
        in /home/oursky/src/php4-test/Zend/zend_hash.c


Reproduce code:
---------------
define('ABC', '1');
ini_set('display_errors', 'On');
error_reporting(E_ALL);
echo abc();

function abc()
{
    static $abc = array(
        ABC => array(),
    );
    return $abc[ABC];
}


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-05-10 22:53 UTC] xuefer at 21cn dot com
note: it's crash on reload
 [2004-05-12 04:45 UTC] fujimoto@php.net
I could reproduce this problem and followings are the suggested fix (against current cvs):

cvs diff: Diffing .
Index: apc_compile.c
===================================================================
RCS file: /repository/pecl/apc/apc_compile.c,v
retrieving revision 3.6
diff -u -r3.6 apc_compile.c
--- apc_compile.c       20 Jul 2003 00:07:02 -0000      3.6
+++ apc_compile.c       12 May 2004 08:51:14 -0000
@@ -202,6 +202,8 @@
     case IS_CONSTANT:
     case IS_STRING:
     case FLAG_IS_BC:
+    case IS_CONSTANT | IS_CONSTANT_INDEX:
+    case IS_STRING | IS_CONSTANT_INDEX:
         if (src->value.str.val)
             CHECK(dst->value.str.val = apc_xmemcpy(src->value.str.val,
                                                    src->value.str.len+1,
@@ -680,6 +682,8 @@
     case IS_CONSTANT:
     case IS_STRING:
     case FLAG_IS_BC:
+    case IS_CONSTANT | IS_CONSTANT_INDEX:
+    case IS_STRING | IS_CONSTANT_INDEX:
         deallocate(src->value.str.val);
         break;

If it's ok, someone who has karma please commit this patch or give me the karma for pecl/apc:)
 [2004-05-12 12:03 UTC] fujimoto@php.net
oops, I already have karma for pecl, so please forget about this:

> give me the karma for pecl/apc

and of course I will wait for the author's judge, though
I never commit this without author's permission.
(perhaps we can write a better patch?)
 [2004-06-02 09:48 UTC] swen dot thuemmler at telefonica dot de
I had no luck with your patch, it still crashes (php-4.3.7RC1, apache-2.0.49, Solaris 2.8). But with the patch below the crashes go away. I'm not sure about the correctnes of this patch, I did just a bit guessing by looking at the sources of turck-mmcache...
Comments?

Index: apc_compile.c
===================================================================
RCS file: /repository/pecl/apc/apc_compile.c,v
retrieving revision 3.7
diff -u -b -r3.7 apc_compile.c
--- apc_compile.c       1 Jun 2004 21:16:54 -0000       3.7
+++ apc_compile.c       2 Jun 2004 13:56:57 -0000
@@ -191,7 +191,7 @@
 
     memcpy(dst, src, sizeof(src[0]));
 
-    switch (src->type) {
+    switch (src->type & ~IS_CONSTANT_INDEX) {
     case IS_RESOURCE:
     case IS_BOOL:
     case IS_LONG:
@@ -671,7 +671,7 @@
 /* {{{ my_destroy_zval */
 static void my_destroy_zval(zval* src, apc_free_t deallocate)
 {
-    switch (src->type) {
+    switch (src->type & ~IS_CONSTANT_INDEX) {
     case IS_RESOURCE:
     case IS_BOOL:
     case IS_LONG:
 [2004-06-17 04:41 UTC] Xuefer at 21cn dot com
the last patch works fine for me :)
 [2004-09-07 00:58 UTC] rasmus@php.net
Fixed in CVS, thanks.
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Sat Jul 20 05:01:25 2019 UTC