PHP :: Bug #60197 :: mem leak reporting of a library using dlopen imported cause segfault

Bug #60197	mem leak reporting of a library using dlopen imported cause segfault
Submitted:	2011-11-02 04:29 UTC	Modified:	2011-11-02 08:17 UTC
From:	imcnan at gmail dot com	Assigned:
Status:	Wont fix	Package:	Scripting Engine problem
PHP Version:	5.3.8	OS:	linux
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

Quick Fix:	(description)
	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	imcnan at gmail dot com
New email:
PHP Version:		OS:

New/Additional Comment:

[2011-11-02 04:29 UTC] imcnan at gmail dot com

Description:
------------
php以debug模式编译。如果没有释放zval*，dl加载模块的时候会引起段错误。

I compiled php in debug mode.If the zval* isn't freed,the php will cause a 
Segmentation fault when load the module using dl();



Test script:
---------------
In PHP:
<?php
test_call();
echo "The Programe is over~\n";
?>


Expected result:
----------------
printf the detail info abount Memory leak

Actual result:
--------------
There is the same error with php 5.3.8.

walu@walu-ThinkPad:/cnan/php/bin-5.3.6/bin$ ./php test.php 
The Programe is over~
[Wed Nov  2 11:57:28 2011]  Script:  'test.php'
Segmentation fault

backtrace when Segmentation fault:


(gdb) run test.php
Starting program: /cnan/php/bin-5.3.6/bin/php test.php
The Programe is over~
[Wed Nov  2 11:25:49 2011]  Script:  'test.php'

Program received signal SIGSEGV, Segmentation fault.
0x0838bd33 in format_converter (odp=0xbfffdbf4, fmt=0x875bcc9 "s(%d) :  Freeing 
0x%.8lX (%zu bytes), script=%s\n", ap=0xbfffdc60 "(")
    at /cnan/php/source-5.3.6/main/snprintf.c:964
964							s_len = strlen(s);
(gdb) bt
#0  0x0838bd33 in format_converter (odp=0xbfffdbf4, fmt=0x875bcc9 "s(%d) :  
Freeing 0x%.8lX (%zu bytes), script=%s\n", ap=0xbfffdc60 "(")
    at /cnan/php/source-5.3.6/main/snprintf.c:964
#1  0x0838c578 in strx_printv (ccp=0xbfffdc38, buf=0xbfffdccc "[Wed Nov  2 
11:25:49 2011]  Script:  'test.php'\n", len=512, 
    format=0x875bcc8 "%s(%d) :  Freeing 0x%.8lX (%zu bytes), script=%s\n", 
ap=0xbfffdc5c "PYE") at /cnan/php/source-5.3.6/main/snprintf.c:1211
#2  0x0838c676 in ap_php_snprintf (buf=0xbfffdccc "[Wed Nov  2 11:25:49 2011]  
Script:  'test.php'\n", len=512, 
    format=0x875bcc8 "%s(%d) :  Freeing 0x%.8lX (%zu bytes), script=%s\n") at 
/cnan/php/source-5.3.6/main/snprintf.c:1256
#3  0x083887b4 in php_message_handler_for_zend (message=4, data=0xbfffef24) at 
/cnan/php/source-5.3.6/main/main.c:1273
#4  0x083f5ec2 in zend_message_dispatcher (message=4, data=0xbfffef24) at 
/cnan/php/source-5.3.6/Zend/zend.c:944
#5  0x083d3084 in zend_mm_check_leaks (heap=0x87fc1b8) at /cnan/php/source-
5.3.6/Zend/zend_alloc.c:1280
#6  0x083d3ba7 in zend_mm_shutdown (heap=0x87fc1b8, full_shutdown=0, silent=0) 
at /cnan/php/source-5.3.6/Zend/zend_alloc.c:1638
#7  0x083d5bb8 in shutdown_memory_manager (silent=0, full_shutdown=0) at 
/cnan/php/source-5.3.6/Zend/zend_alloc.c:2562
#8  0x083891df in php_request_shutdown (dummy=0x0) at /cnan/php/source-
5.3.6/main/main.c:1654
#9  0x084b9812 in main (argc=2, argv=0xbffff364) at /cnan/php/source-
5.3.6/sapi/cli/php_cli.c:1374

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2011-11-02 04:31 UTC] imcnan at gmail dot com

Test right script is:
---------------
In PHP:
<?php
dl("test.so");
test_call();
echo "The Programe is over~\n";
?>

[2011-11-02 05:35 UTC] laruence@php.net

this is because, zend_post_deactivate_modules is called before 
shutdown_memory_manager(in which the memleak will be reported) while 
php_request_shutdown was calling.

but if we put shutdown_memory_manager forward, there will be a lot lot new 
problems

considering the dl() is not use too common, so may be leave this as won't fix

[2011-11-02 05:35 UTC] laruence@php.net

-Status: Open +Status: Feedback

[2011-11-02 05:44 UTC] laruence@php.net

in shutdown_memory_manager, it try to report a memleak with the __FILE__, which is 
a const string in test.so.

but the test.so has alread be closed(dlclose) in zend_post_deactivate_modules.  so 
a segfault will be occurred.

as I said above, dl is not use too common, furthermore ,this also require --
enable-debug. so I really think there is no need to fix :)

[2011-11-02 06:06 UTC] imcnan at gmail dot com

Thanks a lot!
谢谢鸟哥～

[2011-11-02 06:06 UTC] imcnan at gmail dot com

-Status: Feedback +Status: Open

[2011-11-02 08:17 UTC] laruence@php.net

-Summary: PHP cause a segmentation fault when the zval* isn't freed. +Summary: mem leak reporting of a library using dlopen imported cause segfault -Status: Open +Status: Wont fix

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sun Apr 28 22:01:29 2024 UTC