php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #57478 Segmentation fault in TSRM shutdown if APC extension loaded
Submitted: 2007-01-15 09:38 UTC Modified: 2007-02-06 19:07 UTC
From: wharmby at uk dot ibm dot com Assigned:
Status: Closed Package: APC (PECL)
PHP Version: 5_2 CVS-2007-01-15 OS: Linux RHEL4
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: wharmby at uk dot ibm dot com
New email:
PHP Version: OS:

 

 [2007-01-15 09:38 UTC] wharmby at uk dot ibm dot com 
Description:
------------
Using latest PHP 5.2 snapshot (Jan 15th 1130 GMT)and latest
APC available from PECL (APC-3.0.12p2.tgz)I get a segmentation fault in TSRM shutdown when I invoke a php
script using CLI. 

PHP is configured to enable ZTS.

I have the following entries in my php.ini file: 
      extension=apc.so 
      apc.enable_cli=0  

A simple query of the PHP version using CLI results in a  segmentation fault, e.g 

[andy@rhel4 testcases]$ php -v
PHP 5.2.1RC3-dev (cli) (built: Jan 15 2007 12:23:26)
Copyright (c) 1997-2007 The PHP Group 
Zend Engine v2.2.0, Copyright (c)1998-2007 Zend Technologies
Segmentation fault (core dumped)
[andy@rhel4 testcases]$

When I invoke as follows all is OK:

[andy@rhel4 testcases]$ php -dapc.enable_cli=1 -v
PHP 5.2.1RC3-dev (cli) (built: Jan 15 2007 12:23:26)
Copyright (c) 1997-2007 The PHP Group
Zend Engine v2.2.0, Copyright (c)1998-2007 Zend Technologies
[andy@rhel4 testcases]$
    
Back trace in core shows:
(gdb) bt
#0  0x006a5f64 in ?? ()
#1  0x0810206e in tsrm_shutdown () at /root/php5.2-200701151130/TSRM/TSRM.c:180
#2  0x081b347e in main (argc=3, argv=0xbfe7cc94)
    at /root/php5.2-200701151130/sapi/cli/php_cli.c:1283
(gdb)

We are trap in the following code in tsrm_shutdown():   

for (j=0; j<p->count; j++) {
    if (p->storage[j]) {
	if (resource_types_table &&          
            resource_types_table[j].done && 
            resource_types_table[j].dtor) {
		 resource_types_table[j].dtor(p->storage[j],
                    &p->storage);   <<< TRAP  HERE
		}
		free(p->storage[j]);
	}
}

as we try to call the dtor for a resource type. A little 
more debugging showed this to be call to php_apc_shutdown_globals(). 

As we have already unloaded the APC module by the time 
tsrm_shutdown() runs (unloaded by module_destructor() ) the 
segmentation fault is to be expected. However, any global
storage for the APC extension should have been freed 
(and dtor called) when APC was called for MSHUTDOWN.

A quick look at the MSHUTDOWN function for APC shows why this is not happening; the code to free APC globals is 
not called if APCG(enabled) is false. 

Reproduce code:
---------------
The following simple patch prevents the segmentation fault: 
 
    http://www.pastebin.ca/317303



Expected result:
----------------
[andy@rhel4 testcases]$ php -v
PHP 5.2.1RC3-dev (cli) (built: Jan 15 2007 12:23:26)
Copyright (c) 1997-2007 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2007 Zend Technologies
[andy@rhel4 testcases]$

Actual result:
--------------
[andy@rhel4 testcases]$ php -v
PHP 5.2.1RC3-dev (cli) (built: Jan 15 2007 12:23:26)
Copyright (c) 1997-2007 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2007 Zend Technologies
Segmentation fault (core dumped)
[andy@rhel4 testcases]$

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2007-01-18 20:58 UTC] gopalv82 at yahoo dot com 
Thanks for the patch, will be applied as soon as I'm back to work.
 [2007-02-06 19:07 UTC] gopalv82 at yahoo dot com 
Fixed in CVS.

http://news.php.net/php.pecl.cvs/7136
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sat May 18 20:01:34 2024 UTC