PHP :: Bug #56755 :: apc_store with circular reference doesn't work

Bug #56755	apc_store with circular reference doesn't work
Submitted:	2005-12-28 16:26 UTC	Modified:	2006-11-06 04:04 UTC
From:	stoens at activegrid dot com	Assigned:
Status:	Closed	Package:	APC (PECL)
PHP Version:	5.1.1	OS:	Fedora Core 4
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

[2005-12-28 16:26 UTC] stoens at activegrid dot com

Description:
------------
I am using apc_store to store a data structure that has a ciruclar reference. I get a segfault. 

Here's the gdb backtrace:

#0  0x007b8fd2 in fcntl () from /lib/libc.so.6
#1  0x00c47da9 in lock_reg (fd=8, cmd=7, type=Variable "type" is not available.
)
    at /home/stoens/activegridsetup/APC-3.0.8/apc_fcntl.c:78
#2  0x00c47df3 in apc_fcntl_lock (fd=-1089310676)
    at /home/stoens/activegridsetup/APC-3.0.8/apc_fcntl.c:85
#3  0x00c4a603 in apc_sma_malloc (n=35)
    at /home/stoens/activegridsetup/APC-3.0.8/apc_sma.c:319
#4  0x00c41d15 in apc_xmemcpy (p=0x952ff14, n=35, f=0xc4a5c4 <apc_sma_malloc>)
    at /home/stoens/activegridsetup/APC-3.0.8/apc.c:95
#5  0x00c44f7e in my_copy_hashtable_ex (dst=0x2aa4898, src=0x952fe24,
    copy_fn=0xc45288 <my_copy_zval_ptr>, free_fn=0xc46dec <my_free_zval_ptr>,
    holds_ptrs=1, allocate=0xc4a5c4 <apc_sma_malloc>,
    deallocate=0xc4a7b0 <apc_sma_free>, check_fn=0)
    at /home/stoens/activegridsetup/APC-3.0.8/apc_compile.c:1007
#6  0x00c45233 in my_copy_zval (dst=0x2aa4890, src=0x953002c, allocate=Variable "allocate" is not available.
)
    at /home/stoens/activegridsetup/APC-3.0.8/apc_compile.c:385
#7  0x00c452d1 in my_copy_zval_ptr (dst=0x2aa4870, src=0x9530068,
    allocate=0xc4a5c4 <apc_sma_malloc>, deallocate=0xc4a7b0 <apc_sma_free>)
    at /home/stoens/activegridsetup/APC-3.0.8/apc_compile.c:346
#8  0x00c44fc0 in my_copy_hashtable_ex (dst=0x2aa46c0, src=0x9528b44,
    copy_fn=0xc45288 <my_copy_zval_ptr>, free_fn=0xc46dec <my_free_zval_ptr>,
    holds_ptrs=1, allocate=0xc4a5c4 <apc_sma_malloc>,
    deallocate=0xc4a7b0 <apc_sma_free>, check_fn=0)



Reproduce code:
---------------
$a = array("1", array());
$v = array("0", &$a); 
$a[] = $v; //apc_store breaks if this circular ref is added
apc_store("foo", $v);

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2006-10-27 14:38 UTC] shire@php.net

This has been fixed in CVS.

[2006-10-29 12:19 UTC] gopalv82 at yahoo dot com

I'm currently having a few problems with this fix (I think).

Append the following lines to the original test case and it seems to cause problems ?

$a = array("1", array());
apc_store("foo", $a);

(I am working on this, anyway)

[2006-10-29 14:29 UTC] shire@php.net

Sorry, the my_free_zval code needs to be checking for the recursion as well.  I'll hold of on patching it because it sounds like you are re-working that anyways.  Let me know if you want me to checkin a fix.

[2006-11-06 04:04 UTC] gopalv82 at yahoo dot com

I did try a few things, but I'm sorry to say that a lot of shm code in apc doesn't check for refcounts.

So if you had a solution, please feel free to check-in.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Fri May 03 08:01:29 2024 UTC