php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #59397 Segmentation fault in consume
Submitted: 2010-09-05 03:48 UTC Modified: 2010-11-25 13:12 UTC
From: matteo at beccati dot com Assigned:
Status: Not a bug Package: amqp (PECL)
PHP Version: 5.3.2 OS: FreeBSD 6.2 (amd64)
Private report: No CVE-ID: None
 [2010-09-05 03:48 UTC] matteo at beccati dot com
Description:
------------
A daemon that is using the amqp extension died with a segmentation fault. I can't tell myself if the issue in the the extension (it could have called amqp_simple_rpc with bad data) or librabbitmq itself.

No reproduce code, unfortunately. Only a backtrace generated obtained from the core dump.

Actual result:
--------------
Program terminated with signal 11, Segmentation fault.
...
#0  0x000000008234b630 in memcpy () from /lib/libc.so.6
No symbol table info available.
#1  0x0000000082599420 in amqp_handle_input () from /usr/local/lib/librabbitmq.so.0
No symbol table info available.
#2  0x000000008259a16c in amqp_data_in_buffer () from /usr/local/lib/librabbitmq.so.0
No symbol table info available.
#3  0x000000008259a49d in amqp_simple_rpc () from /usr/local/lib/librabbitmq.so.0
No symbol table info available.
#4  0x000000008249041e in zim_amqp_queue_class_consume (ht=0, return_value=0x1240440, return_value_ptr=0x7, this_ptr=0x12b4ca8, return_value_used=-19614888) at /tmp/pear/temp/amqp/amqp.c:929
        id = (zval *) 0x123d690
        ctx = (amqp_queue_object *) 0x12596a0
        queue_len = 1
        res = {reply_type = 14550520, reply = {id = 7610043, decoded = 0x0}, library_errno = 19140480}
        pbuf = 0x12596a0 ""
        parms = 128
        content = {value = {lval = 17336816, dval = 8.5655251938708565e-317, str = {val = 0x10889f0 "\001", len = 14550520}, ht = 0x10889f0, obj = {handle = 17336816, handlers = 0xde05f8}}, refcount__gc = 18541416, type = 0 '\0',
  is_ref__gc = 0 '\0'}
        cnn = (amqp_object *) 0x123bd70
        s = {ticket = 0, queue = {len = 8, bytes = 0x12596c1}, consumer_tag = {len = 0, bytes = 0x0}, no_local = 0, no_ack = 1, exclusive = 0, nowait = 0}
        method_ok = 3932181
        r = (amqp_basic_consume_ok_t *) 0x1079400
        frame = {frame_type = 208 '?', channel = 220, payload = {method = {id = 19241952, decoded = 0xdcada0}, properties = {class_id = 39904, body_size = 14462368, decoded = 0x7, raw = {len = 19139376, bytes = 0xdcadd0}},
    body_fragment = {len = 19241952, bytes = 0xdcada0}, protocol_header = {transport_high = 224 '?', transport_low = 155 '\233', protocol_version_major = 37 '%', protocol_version_minor = 1 '\001'}}}
        result = 0
        body_received = 14566192
        body_target = 4302187084
        i = 17273856
        buf = 0x7fffffffcc60 "?m?"
#5  0x0000000000745992 in zend_do_fcall_common_helper_SPEC (execute_data=0x1088668) at zend_vm_execute.h:313
        i = 1
        p = (zval **) 0x10889f0
        arg_count = 0
        opline = (zend_op *) 0xde4330
        should_change_scope = 1 '\001'


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2010-11-25 13:12 UTC] pdezwart at gmail dot com
Thank you for taking the time to report a problem with the package.
Unfortunately you are not using a current version of the package -- 
the problem might already be fixed. Please download a new
version from http://pecl.php.net/packages.php

If you are able to reproduce the bug with one of the latest
versions, please change the package version on this bug report
to the version you tested and change the status back to "Open".
Again, thank you for your continued support of PECL.

Try with trunk @ r305590 or higher.
 [2011-12-04 22:17 UTC] kitek at implix dot com
Unfortunately same thing happens with latest version from trunk (r. 320261).

It can be reproduced by doing following:
- publish 50k "hello world" messages
- consume that
- in processor function print the result on screen, ack message and return true.

on my laptop I get Segmentation fault: 11 after 27k message with error message:
Allowed memory size of 134217728 bytes exhausted (tried to allocate 2880 bytes)
 
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Mon Nov 30 03:01:23 2020 UTC