php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #60469 Segfault in 5.4RC2 with APC@svn#320651
Submitted: 2011-12-08 12:07 UTC Modified: 2013-02-18 00:35 UTC
Votes:4
Avg. Score:3.0 ± 1.4
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: jpauli@php.net Assigned:
Status: No Feedback Package: APC (PECL)
PHP Version: 5.4.0RC2 OS: Linux Ubuntu
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2011-12-08 12:07 UTC] jpauli@php.net
Description:
------------
I cant provide PHP script, as I'm segfaulting in a Doctrine2 script. I have the function that segfaults and some traces.

Test script:
---------------
(gdb) run -X
Starting program: /usr/local/apache2/bin/httpd -X
[Thread debugging using libthread_db enabled]
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff5e8f672 in execute (op_array=0xb6a990) at /usr/local/src/php-5.4.0RC2/Zend/zend_vm_execute.h:410
410			if ((ret = OPLINE->handler(execute_data TSRMLS_CC)) > 0) {

(gdb) bt
#0  0x00007ffff5e8f672 in execute (op_array=0xb6a990) at /usr/local/src/php-5.4.0RC2/Zend/zend_vm_execute.h:410
#1  0x00007ffff5e3b00e in zend_call_function (fci=0x7fffffffb6d0, fci_cache=0x7fffffffb720) at /usr/local/src/php-5.4.0RC2/Zend/zend_execute_API.c:958
#2  0x00007ffff5c94b12 in zif_array_map (ht=2, return_value=0xbd0358, return_value_ptr=0x0, this_ptr=0x0, return_value_used=1)
    at /usr/local/src/php-5.4.0RC2/ext/standard/array.c:4334
#3  0x00007ffff5e90ef3 in zend_do_fcall_common_helper_SPEC (execute_data=0x7ffff7f953e8) at /usr/local/src/php-5.4.0RC2/Zend/zend_vm_execute.h:642
#4  0x00007ffff5e91efd in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0x7ffff7f953e8) at /usr/local/src/php-5.4.0RC2/Zend/zend_vm_execute.h:752
#5  0x00007ffff5e8f67e in execute (op_array=0xbe4600) at /usr/local/src/php-5.4.0RC2/Zend/zend_vm_execute.h:410
#6  0x00007ffff5e4f4a6 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /usr/local/src/php-5.4.0RC2/Zend/zend.c:1272
#7  0x00007ffff5db8f91 in php_execute_script (primary_file=0x7fffffffe050) at /usr/local/src/php-5.4.0RC2/main/main.c:2414

(gdb) print executor_globals->active_op_array
$3 = (zend_op_array *) 0xb6a990

(gdb) print *(executor_globals->active_op_array)
$4 = {type = 2 '\002', function_name = 0x7fffdeb6e980 "addFieldResult", scope = 0xb6a020, fn_flags = 134283520, prototype = 0x0, num_args = 4, required_num_args = 3, 
  arg_info = 0x7fffdeb6d840, refcount = 0xb6aad8, opcodes = 0x7fffdeb6ec18, last = 28, vars = 0x7fffdeb6f158, last_var = 4, T = 17, brk_cont_array = 0x0, 
  last_brk_cont = 0, try_catch_array = 0x0, last_try_catch = 0, static_variables = 0x0, this_var = 4294967295, 
  filename = 0x7fffdeb6d8c0 "/home/julien/www/Doctrine/lib/Doctrine/ORM/Query/ResultSetMapping.php", line_start = 202, line_end = 213, 
  doc_comment = 0x7fffdeb6f1b8 "/**\n     * Adds a field to the result that belongs to an entity or joined entity.\n     *\n     * @param string $alias The alias of the root entity or joined entity to which the field belongs.\n     * @p"..., doc_comment_len = 843, early_binding = 4294967295, literals = 0x7fffdeb6e9e8, 
  last_literal = 14, run_time_cache = 0xbd0dc8, last_cache_slot = 15, reserved = {0x1, 0x0, 0x0, 0x0}}

(gdb) print executor_globals->opline_ptr
$12 = (zend_op **) 0x7ffff7f99e28

(gdb) print *(executor_globals->opline_ptr)
$13 = (zend_op *) 0x7fffddfe3d78

(gdb) print **(executor_globals->opline_ptr)
Cannot access memory at address 0x7fffddfe3d78

(gdb) print executor_globals->opline_ptr[0]->handler
Cannot access memory at address 0x7fffddfe3d78

(gdb) print executor_globals->opline_ptr[1]->handler
$15 = (opcode_handler_t) 0x2

(gdb) print executor_globals->opline_ptr[1]->opcode 
$20 = 3 '\003'

(gdb) print executor_globals->opline_ptr[1]->result
$21 = {constant = 134283520, var = 134283520, num = 134283520, hash = 134283520, opline_num = 134283520, jmp_addr = 0x8010100, zv = 0x8010100, literal = 0x8010100, 
  ptr = 0x8010100}

(gdb) print executor_globals->opline_ptr[1]->op1
$22 = {constant = 3736529280, var = 3736529280, num = 3736529280, hash = 140736929917312, opline_num = 3736529280, jmp_addr = 0x7fffdeb6e980, zv = 0x7fffdeb6e980, 
  literal = 0x7fffdeb6e980, ptr = 0x7fffdeb6e980}

(gdb) print executor_globals->opline_ptr[1]->op2
$23 = {constant = 11968544, var = 11968544, num = 11968544, hash = 11968544, opline_num = 11968544, jmp_addr = 0xb6a020, zv = 0xb6a020, literal = 0xb6a020, 
  ptr = 0xb6a020}

Here is the function :

 public function addFieldResult($alias, $columnName, $fieldName, $declaringClass = null)
    {
        // column name (in result set) => field name
        $this->fieldMappings[$columnName] = $fieldName;
        // column name => alias of owner
        $this->columnOwnerMap[$columnName] = $alias;
        // field name => class name of declaring class
        $this->declaringClasses[$columnName] = $declaringClass ?: $this->aliasMap[$alias];
        if ( ! $this->isMixed && $this->scalarMappings) {
            $this->isMixed = true;
        }
    }

Expected result:
----------------
The script ends

Actual result:
--------------
The script segfaults

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-03-18 13:44 UTC] pajoye@php.net
-Status: Open +Status: Feedback
 [2012-03-18 13:44 UTC] pajoye@php.net
Please try using this snapshot:

  http://snaps.php.net/php-trunk-latest.tar.gz
 
For Windows:

  http://windows.php.net/snapshots/

with 5.4.0 final please :)
 [2012-04-20 09:15 UTC] rene dot welbers at unicepta dot de
I have the same error, with the latest PHP 5.4 Snapshot and the latest master snapshot (5.5).

I think it is the same error than https://bugs.php.net/bug.php?id=61164
 [2013-02-18 00:35 UTC] pecl-dev at lists dot php dot net
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Open". Thank you.
 
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Sat Apr 04 10:01:25 2020 UTC