php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #60275 Segfault
Submitted: 2011-11-11 21:54 UTC Modified: 2011-11-12 09:57 UTC
From: kontakt at beberlei dot de Assigned:
Status: Closed Package: Reproducible crash
PHP Version: 5.4.0RC1 OS: Linux
Private report: No CVE-ID: None
 [2011-11-11 21:54 UTC] kontakt at beberlei dot de
Description:
------------
This runs against the Doctrine 2 testsuite and fails at the same location all 
the time. I will investigate more, this is just so i don't forget the progress 
for now :)

Program received signal SIGSEGV, Segmentation fault.
_zend_mm_free_int (heap=0xf56300, p=0x7ffff7f8b7a8) at 
/home/benny/Downloads/php5.4-201105301830/Zend/zend_alloc.c:2091
2091		if (ZEND_MM_IS_FREE_BLOCK(next_block)) {
(gdb) bt
#0  _zend_mm_free_int (heap=0xf56300, p=0x7ffff7f8b7a8) at 
/home/benny/Downloads/php5.4-201105301830/Zend/zend_alloc.c:2091
#1  0x000000000072ac39 in zend_call_function (fci=0x7fffffffb520, fci_cache=
<value optimized out>)
    at /home/benny/Downloads/php5.4-201105301830/Zend/zend_execute_API.c:1018
#2  0x000000000074d707 in zend_call_method (object_pp=0x7fffffffb648, 
obj_ce=0x77d2d68, fn_proxy=0x77d2ed0, function_name=0xbdc24b "__tostring", 
    function_name_len=-303805192, retval_ptr_ptr=<value optimized out>, 
param_count=0, arg1=0x0, arg2=0x0)
    at /home/benny/Downloads/php5.4-201105301830/Zend/zend_interfaces.c:97
#3  0x0000000000759ae3 in zend_std_cast_object_tostring (readobj=0x7ffff7f8b7a8, 
writeobj=0x7fffffffb6d0, type=<value optimized out>)
    at /home/benny/Downloads/php5.4-
201105301830/Zend/zend_object_handlers.c:1472
#4  0x0000000000736c0f in zend_make_printable_zval (expr=0xf56300, 
expr_copy=0x7fffffffb6d0, use_copy=0x7fffffffb708)
    at /home/benny/Downloads/php5.4-201105301830/Zend/zend.c:257
#5  0x000000000072eb54 in concat_function (result=0x7ffff7f8b7c8, 
op1=0x7ffff7f8b728, op2=0x7ffff7f8b7a8)
    at /home/benny/Downloads/php5.4-201105301830/Zend/zend_operators.c:1246
#6  0x00000000007909de in ZEND_CONCAT_SPEC_TMP_TMP_HANDLER 
(execute_data=0x7ffff7f8b548) at /home/benny/Downloads/php5.4-
201105301830/Zend/zend_vm_execute.h:7881
#7  0x000000000079f510 in execute (op_array=0x64d8010) at 
/home/benny/Downloads/php5.4-201105301830/Zend/zend_vm_execute.h:410
#8  0x000000000072ace4 in zend_call_function (fci=0x7fffffffb910, fci_cache=
<value optimized out>)
    at /home/benny/Downloads/php5.4-201105301830/Zend/zend_execute_API.c:957
#9  0x00000000005c9304 in zim_reflection_method_invokeArgs (ht=<value optimized 
out>, return_value=0x77d0f78, return_value_ptr=<value optimized out>, 
    this_ptr=<value optimized out>, return_value_used=<value optimized out>) at 
/home/benny/Downloads/php5.4-201105301830/ext/reflection/php_reflection.c:2902
#10 0x00000000007a4274 in zend_do_fcall_common_helper_SPEC 
(execute_data=0x7ffff7f899e0) at /home/benny/Downloads/php5.4-
201105301830/Zend/zend_vm_execute.h:642
#11 0x000000000079f510 in execute (op_array=0x1a64848) at 
/home/benny/Downloads/php5.4-201105301830/Zend/zend_vm_execute.h:410
#12 0x0000000000735a2f in zend_execute_scripts (type=8, retval=<value optimized 
out>, file_count=3) at /home/benny/Downloads/php5.4-
201105301830/Zend/zend.c:1212
#13 0x00000000006dab28 in php_execute_script (primary_file=<value optimized 
out>) at /home/benny/Downloads/php5.4-201105301830/main/main.c:2352
#14 0x00000000007d9db4 in main (argc=<value optimized out>, argv=<value 
optimized out>) at /home/benny/Downloads/php5.4-
201105301830/sapi/cli/php_cli.c:1136



Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-11-11 21:58 UTC] kontakt at beberlei dot de
Got another one in another scenario with I think almost the same stack trace:

#0  0x0000000000000000 in ?? ()
#1  0x00000000007a3bcb in zend_do_fcall_common_helper_SPEC (execute_data=0x7ffff7f8bed0) at /home/benny/Downloads/php5.4-201105301830/Zend/zend_vm_execute.h:693
#2  0x000000000079f510 in execute (op_array=0x1dec230) at /home/benny/Downloads/php5.4-201105301830/Zend/zend_vm_execute.h:410
#3  0x000000000072ace4 in zend_call_function (fci=0x7fffffffb5f0, fci_cache=<value optimized out>)
    at /home/benny/Downloads/php5.4-201105301830/Zend/zend_execute_API.c:957
#4  0x000000000065a1f7 in zif_call_user_func_array (ht=<value optimized out>, return_value=0x1dfe278, return_value_ptr=<value optimized out>, 
    this_ptr=<value optimized out>, return_value_used=<value optimized out>) at /home/benny/Downloads/php5.4-201105301830/ext/standard/basic_functions.c:4729
#5  0x00000000007a4274 in zend_do_fcall_common_helper_SPEC (execute_data=0x7ffff7f8acc8) at /home/benny/Downloads/php5.4-201105301830/Zend/zend_vm_execute.h:642
#6  0x000000000079f510 in execute (op_array=0x1de0918) at /home/benny/Downloads/php5.4-201105301830/Zend/zend_vm_execute.h:410
#7  0x000000000072ace4 in zend_call_function (fci=0x7fffffffb910, fci_cache=<value optimized out>)
    at /home/benny/Downloads/php5.4-201105301830/Zend/zend_execute_API.c:957
#8  0x00000000005c9304 in zim_reflection_method_invokeArgs (ht=<value optimized out>, return_value=0x1df7dc0, return_value_ptr=<value optimized out>, 
    this_ptr=<value optimized out>, return_value_used=<value optimized out>) at /home/benny/Downloads/php5.4-201105301830/ext/reflection/php_reflection.c:2902
#9  0x00000000007a4274 in zend_do_fcall_common_helper_SPEC (execute_data=0x7ffff7f899e0) at /home/benny/Downloads/php5.4-201105301830/Zend/zend_vm_execute.h:642
#10 0x000000000079f510 in execute (op_array=0x14c06a8) at /home/benny/Downloads/php5.4-201105301830/Zend/zend_vm_execute.h:410
#11 0x0000000000735a2f in zend_execute_scripts (type=8, retval=<value optimized out>, file_count=3) at /home/benny/Downloads/php5.4-201105301830/Zend/zend.c:1212
#12 0x00000000006dab28 in php_execute_script (primary_file=<value optimized out>) at /home/benny/Downloads/php5.4-201105301830/main/main.c:2352
#13 0x00000000007d9db4 in main (argc=<value optimized out>, argv=<value optimized out>) at /home/benny/Downloads/php5.4-201105301830/sapi/cli/php_cli.c:1136
 [2011-11-11 22:23 UTC] kontakt at beberlei dot de
more juicy details :-) I recompiled with --enable-debug and got this:

benny@benny-dell:~/code/php/wsnetbeans/doctrine2(master)$ /usr/local/php54/bin/php /usr/local/php531/bin/phpunit 
PHPUnit 3.5.10 by Sebastian Bergmann.

.............................................F............F..   61 / 1280 (  4%)
......F..F....................................S........S.....  122 / 1280 (  9%)
...............................S.............................  183 / 1280 ( 14%)
...F...............*** glibc detected *** /usr/local/php54/bin/php: free(): invalid pointer: 0x000000000186ecb8 ***
======= Backtrace: =========
/lib/libc.so.6(+0x775b6)[0x7fcbd84f45b6]
/lib/libc.so.6(cfree+0x73)[0x7fcbd84fae83]
/usr/local/php54/bin/php(zend_call_function+0x7c9)[0x72ac39]
/usr/local/php54/bin/php(zend_call_method+0x1c7)[0x74d707]
/usr/local/php54/bin/php(zend_std_cast_object_tostring+0xd3)[0x759ae3]
/usr/local/php54/bin/php(zend_make_printable_zval+0x9f)[0x736c0f]
/usr/local/php54/bin/php(concat_function+0x64)[0x72eb54]
/usr/local/php54/bin/php[0x7909de]
/usr/local/php54/bin/php(execute+0x220)[0x79f510]
/usr/local/php54/bin/php(zend_call_function+0x874)[0x72ace4]
/usr/local/php54/bin/php[0x5c9304]
/usr/local/php54/bin/php[0x7a4274]
/usr/local/php54/bin/php(execute+0x220)[0x79f510]
/usr/local/php54/bin/php(zend_execute_scripts+0x16f)[0x735a2f]
/usr/local/php54/bin/php(php_execute_script+0x1d8)[0x6dab28]
/usr/local/php54/bin/php[0x7d9db4]
/lib/libc.so.6(__libc_start_main+0xfd)[0x7fcbd849bc4d]
/usr/local/php54/bin/php[0x439689]
======= Memory map: ========
00400000-00c74000 r-xp 00000000 08:06 4618                               /usr/local/php54/bin/php
00e74000-00f24000 r--p 00874000 08:06 4618                               /usr/local/php54/bin/php
00f24000-00f34000 rw-p 00924000 08:06 4618                               /usr/local/php54/bin/php
00f34000-00f56000 rw-p 00000000 00:00 0 
01593000-07fb3000 rw-p 00000000 00:00 0                                  [heap]
7fcbd0000000-7fcbd0021000 rw-p 00000000 00:00 0 
7fcbd0021000-7fcbd4000000 ---p 00000000 00:00 0 
7fcbd4417000-7fcbd4518000 rw-p 00000000 00:00 0 
7fcbd4599000-7fcbd4d1a000 rw-p 00000000 00:00 0 
7fcbd4d5b000-7fcbd4d67000 r-xp 00000000 08:06 1966669                    /lib/libnss_files-2.11.1.so
7fcbd4d67000-7fcbd4f66000 ---p 0000c000 08:06 1966669                    /lib/libnss_files-2.11.1.so
7fcbd4f66000-7fcbd4f67000 r--p 0000b000 08:06 1966669                    /lib/libnss_files-2.11.1.so
7fcbd4f67000-7fcbd4f68000 rw-p 0000c000 08:06 1966669                    /lib/libnss_files-2.11.1.so
7fcbd4f68000-7fcbd4f70000 r-xp 00000000 08:06 4614                       /usr/local/php54/lib/php/extensions/no-debug-non-zts-20100525/pdo_pgsql.so
7fcbd4f70000-7fcbd5170000 ---p 00008000 08:06 4614                       /usr/local/php54/lib/php/extensions/no-debug-non-zts-20100525/pdo_pgsql.so
7fcbd5170000-7fcbd5171000 r--p 00008000 08:06 4614                       /usr/local/php54/lib/php/extensions/no-debug-non-zts-20100525/pdo_pgsql.so
7fcbd5171000-7fcbd5172000 rw-p 00009000 08:06 4614                       /usr/local/php54/lib/php/extensions/no-debug-non-zts-20100525/pdo_pgsql.so
7fcbd5172000-7fcbd5179000 r-xp 00000000 08:06 4613                       /usr/local/php54/lib/php/extensions/no-debug-non-zts-20100525/pdo_mysql.so
7fcbd5179000-7fcbd5378000 ---p 00007000 08:06 4613                       /usr/local/php54/lib/php/extensions/no-debug-non-zts-20100525/pdo_mysql.so
7fcbd5378000-7fcbd5379000 r--p 00006000 08:06 4613                       /usr/local/php54/lib/php/extensions/no-debug-non-zts-20100525/pdo_mysql.so
7fcbd5379000-7fcbd537a000 rw-p 00007000 08:06 4613                       /usr/local/php54/lib/php/extensions/no-debug-non-zts-20100525/pdo_mysql.so
7fcbd537a000-7fcbd5404000 r-xp 00000000 08:06 3410707                    /usr/lib/libsqlite3.so.0.8.6
7fcbd5404000-7fcbd5603000 ---p 0008a000 08:06 3410707                    /usr/lib/libsqlite3.so.0.8.6
7fcbd5603000-7fcbd5605000 r--p 00089000 08:06 3410707                    /usr/lib/libsqlite3.so.0.8.6
7fcbd5605000-7fcbd5607000 rw-p 0008b000 08:06 3410707                    /usr/lib/libsqlite3.so.0.8.6
7fcbd5607000-7fcbd560d000 r-xp 00000000 08:06 4616                       /usr/local/php54/lib/php/extensions/no-debug-non-zts-20100525/pdo_sqlite.so
7fcbd560d000-7fcbd580c000 ---p 00006000 08:06 4616                       /usr/local/php54/lib/php/extensions/no-debug-non-zts-20100525/pdo_sqlite.so
7fcbd580c000-7fcbd580d000 r--p 00005000 08:06 4616                       /usr/local/php54/lib/php/extensions/no-debug-non-zts-20100525/pdo_sqlite.so
7fcbd580d000-7fcbd580e000 rw-p 00006000 08:06 4616                       /usr/local/php54/lib/php/extensions/no-debug-non-zts-20100525/pdo_sqlite.so
7fcbd580e000-7fcbd5824000 r-xp 00000000 08:06 4615                       /usr/local/php54/lib/php/extensions/no-debug-non-zts-20100525/pdo.so
7fcbd5824000-7fcbd5a23000 ---p 00016000 08:06 4615                       /usr/local/php54/lib/php/extensions/no-debug-non-zts-20100525/pdo.so
7fcbd5a23000-7fcbd5a26000 r--p 00015000 08:06 4615                       /usr/local/php54/lib/php/extensions/no-debug-non-zts-20100525/pdo.so
7fcbd5a26000-7fcbd5a27000 rw-p 00018000 08:06 4615                       /usr/local/php54/lib/php/extensions/no-debug-non-zts-20100525/pdo.so
7fcbd5a27000-7fcbd5a37000 r-xp 00000000 08:06 3408595                    /usr/lib/libtasn1.so.3.1.7
7fcbd5a37000-7fcbd5c36000 ---p 00010000 08:06 3408595                    /usr/lib/libtasn1.so.3.1.7
7fcbd5c36000-7fcbd5c37000 r--p 0000f000 08:06 3408595                    /usr/lib/libtasn1.so.3.1.7
7fcbd5c37000-7fcbd5c38000 rw-p 00010000 08:06 3408595                    /usr/lib/libtasn1.so.3.1.7
7fcbd5c38000-7fcbd5c3d000 r-xp 00000000 08:06 3431482                    /usr/lib/libXdmcp.so.6.0.0
7fcbd5c3d000-7fcbd5e3c000 ---p 00005000 08:06 3431482                    /usr/lib/libXdmcp.so.6.0.0
7fcbd5e3c000-7fcbd5e3d000 r--p 00004000 08:06 3431482                    /usr/lib/libXdmcp.so.6.0.0
7fcbd5e3d000-7fcbd5e3e000 rw-p 00005000 08:06 3431482                    /usr/lib/libXdmcp.so.6.0.0
7fcbd5e3e000-7fcbd5e40000 r-xp 00000000 08:06 3431476                    /usr/lib/libXau.so.6.0.0
7fcbd5e40000-7fcbd6040000 ---p 00002000 08:06 3431476                    /usr/lib/libXau.so.6.0.0
7fcbd6040000-7fcbd6041000 r--p 00002000 08:06 3431476                    /usr/lib/libXau.so.6.0.0
7fcbd6041000-7fcbd6042000 rw-p 00003000 08:06 3431476                    /usr/lib/libXau.so.6.0.0Aborted
 [2011-11-12 03:47 UTC] laruence@php.net
-Status: Open +Status: Feedback
 [2011-11-12 03:47 UTC] laruence@php.net
Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves. 

A proper reproducing script starts with <?php and ends with ?>,
is max. 10-20 lines long and does not require any external 
resources such as databases, etc. If the script requires a 
database to demonstrate the issue, please make sure it creates 
all necessary tables, stored procedures etc.

Please avoid embedding huge scripts into the report.


 [2011-11-12 09:57 UTC] kontakt at beberlei dot de
Sorry my mistake, this is not an issue.
 [2011-11-12 09:57 UTC] kontakt at beberlei dot de
-Status: Feedback +Status: Closed
 
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Mon Jan 27 08:01:25 2020 UTC