php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #60886 Random segmentation faults in autoload (PHP 5.3.9)
Submitted: 2012-01-25 16:06 UTC Modified: 2013-02-18 00:35 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:1 (100.0%)
From: sefer at hotmail dot com Assigned:
Status: No Feedback Package: Reproducible crash
PHP Version: 5.3.9 OS: Ubuntu Linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
Have you experienced this issue?
Rate the importance of this bug to you:

 [2012-01-25 16:06 UTC] sefer at hotmail dot com 
Description:
------------
Hi,

I have been experiencing sporadic segmentation faults in our PHP 5.3.8/9 
(running as a module under Apache 2.2.21 in Ubuntu Linux ). We upgraded to PHP 
5.3.9 but the random segmentation problems remain.
From the core dump I see that this is happening in our autoload function.

Here's how we register the autoload call:

spl_autoload_register(array("AutoLoadCache", "autoload"));


class AutoLoadCache
{
        static public function autoload($class_name)
	{
		...
	}
}

This is how we built our PHP instance:

./configure --prefix=/opt/php-5.3.9 --with-apxs2=/opt/httpd/bin/apxs --enable-
zip --enable-zend-multibyte --enable-sysvshm --enable-sysvsem --enable-sysvmsg -
-with-openssl --with-zlib --enable-calendar --with-zlib --enable-ftp --enable-
intl --enable-intl --with-pgsql=/opt/postgresql --with-readline --enable-sockets 
--enable-sqlite-utf8 --enable-soap --with-mcrypt=/opt/libmcrypt --enable-
mbstring --with-curl --with-gd --enable-gd-native-ttf --with-freetype-dir --
with-gmp --with-gettext --with-jpeg-dir --with-png-dir


This is the stack trace:


Program terminated with signal 11, Segmentation fault.
#0  _zend_mm_alloc_int (heap=0x252ca10, size=112) at /home/rolley/t/php-
5.3.9/Zend/zend_alloc.c:1835
1835				heap->cache[index] = best_fit->prev_free_block;
(gdb) bt
#0  _zend_mm_alloc_int (heap=0x252ca10, size=112) at /home/rolley/t/php-
5.3.9/Zend/zend_alloc.c:1835
#1  0x00007f030e3e94ec in _zend_hash_add_or_update (ht=0x23b8e18, arKey=<value 
optimized out>, nKeyLength=41, pData=0x7f03006d5fb8, 
    nDataSize=<value optimized out>, pDest=0x7f03006d5fc0, flag=1) at 
/home/rolley/t/php-5.3.9/Zend/zend_hash.c:250
#2  0x00007f030e45baf5 in zend_symtable_update (result=0x4451880, container_ptr=
<value optimized out>, dim=0x23db538, 
    dim_is_tmp_var=<value optimized out>, type=1, tsrm_ls=0x252a410) at 
/home/rolley/t/php-5.3.9/Zend/zend_hash.h:346
#3  zend_fetch_dimension_address_inner (result=0x4451880, container_ptr=<value 
optimized out>, dim=0x23db538, 
    dim_is_tmp_var=<value optimized out>, type=1, tsrm_ls=0x252a410) at 
/home/rolley/t/php-5.3.9/Zend/zend_execute.c:833
#4  zend_fetch_dimension_address (result=0x4451880, container_ptr=<value 
optimized out>, dim=0x23db538, 
    dim_is_tmp_var=<value optimized out>, type=1, tsrm_ls=0x252a410) at 
/home/rolley/t/php-5.3.9/Zend/zend_execute.c:903
#5  0x00007f030e465956 in ZEND_ASSIGN_DIM_SPEC_CV_CV_HANDLER 
(execute_data=0x44514a0, tsrm_ls=0x252a410)
    at /home/rolley/t/php-5.3.9/Zend/zend_vm_execute.h:29572
#6  0x00007f030e404377 in execute (op_array=0x23d4ad8, tsrm_ls=0x252a410) at 
/home/rolley/t/php-5.3.9/Zend/zend_vm_execute.h:107
#7  0x00007f030e3cdf6f in zend_call_function (fci=0x7f03006d62c0, fci_cache=
<value optimized out>, tsrm_ls=0x252a410)
    at /home/rolley/t/php-5.3.9/Zend/zend_execute_API.c:969
#8  0x00007f030e3f4c61 in zend_call_method (object_pp=0x0, obj_ce=<value 
optimized out>, fn_proxy=0x23b9d68, 
    function_name=0x23cb488 "autoloadcache::autoload", function_name_len=<value 
optimized out>, retval_ptr_ptr=0x7f03006d6408, 
    param_count=1, arg1=0x23d4930, arg2=0x0, tsrm_ls=0x252a410) at 
/home/rolley/t/php-5.3.9/Zend/zend_interfaces.c:97
#9  0x00007f030e28e07c in zif_spl_autoload_call (ht=<value optimized out>, 
return_value=<value optimized out>, 
    return_value_ptr=<value optimized out>, this_ptr=<value optimized out>, 
return_value_used=<value optimized out>, tsrm_ls=0x252a410)
    at /home/rolley/t/php-5.3.9/ext/spl/php_spl.c:405
#10 0x00007f030e3ce051 in zend_call_function (fci=0x7f03006d6610, fci_cache=
<value optimized out>, tsrm_ls=0x252a410)
    at /home/rolley/t/php-5.3.9/Zend/zend_execute_API.c:991
#11 0x00007f030e3ce9db in zend_lookup_class_ex (name=0x23ba1e8 
"DatabaseFactory", name_length=15, use_autoload=1, ce=0x7f03006d6728, 
    tsrm_ls=0x252a410) at /home/rolley/t/php-5.3.9/Zend/zend_execute_API.c:1126
#12 0x00007f030e3cf158 in zend_fetch_class (class_name=0x23ba1e8 
"DatabaseFactory", class_name_len=15, fetch_type=0, tsrm_ls=0x252a410)
    at /home/rolley/t/php-5.3.9/Zend/zend_execute_API.c:1568
#13 0x00007f030e42ed4b in ZEND_INIT_STATIC_METHOD_CALL_SPEC_CONST_CONST_HANDLER 
(execute_data=0x4450c78, tsrm_ls=0x252a410)
    at /home/rolley/t/php-5.3.9/Zend/zend_vm_execute.h:2689
#14 0x00007f030e404377 in execute (op_array=0x23c3d88, tsrm_ls=0x252a410) at 
/home/rolley/t/php-5.3.9/Zend/zend_vm_execute.h:107
#15 0x00007f030e3dd2f5 in zend_execute_scripts (type=8, tsrm_ls=0x252a410, 
retval=0x0, file_count=3)
    at /home/rolley/t/php-5.3.9/Zend/zend.c:1236
---Type <return> to continue, or q <return> to quit---
#16 0x00007f030e380273 in php_execute_script (primary_file=0x7f03006d8c40, 
tsrm_ls=0x252a410) at /home/rolley/t/php-5.3.9/main/main.c:2308
#17 0x00007f030e476fb2 in php_handler (r=0x46f7510) at /home/rolley/t/php-
5.3.9/sapi/apache2handler/sapi_apache2.c:669
#18 0x0000000000438c48 in ap_run_handler (r=0x46f7510) at config.c:158
#19 0x000000000043908c in ap_invoke_handler (r=0x46f7510) at config.c:376
#20 0x000000000044565c in ap_internal_redirect (new_uri=<value optimized out>, 
r=<value optimized out>) at http_request.c:554
#21 0x00007f030edf40fd in handler_redirect (r=0x45e81a0) at mod_rewrite.c:4838
#22 0x0000000000438c48 in ap_run_handler (r=0x45e81a0) at config.c:158
#23 0x000000000043908c in ap_invoke_handler (r=0x45e81a0) at config.c:376
#24 0x0000000000445fb0 in ap_process_request (r=0x45e81a0) at http_request.c:282
#25 0x0000000000443120 in ap_process_http_connection (c=0x2656368) at 
http_core.c:190
#26 0x000000000043f568 in ap_run_process_connection (c=0x2656368) at 
connection.c:43
#27 0x000000000044bb11 in process_socket (thd=0x18a32a0, dummy=<value optimized 
out>) at worker.c:544
#28 worker_thread (thd=0x18a32a0, dummy=<value optimized out>) at worker.c:894
#29 0x00007f031731fd8c in start_thread (arg=0x7f03006d9700) at 
pthread_create.c:304
#30 0x00007f0316e6704d in clone () at 
../sysdeps/unix/sysv/linux/x86_64/clone.S:112
#31 0x0000000000000000 in ?? ()

I'd appreciate any insight as to what might be causing this, whether it's some 
missing configuration on our end of some problem in PHP.

Thanks,
   Sefer.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-01-27 09:40 UTC] aharvey@php.net 
Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves. 

A proper reproducing script starts with <?php and ends with ?>,
is max. 10-20 lines long and does not require any external 
resources such as databases, etc. If the script requires a 
database to demonstrate the issue, please make sure it creates 
all necessary tables, stored procedures etc.

Please avoid embedding huge scripts into the report.

I can't reproduce this out of the box. We're going to need to know at least what's 
in your autoload function to progress here, and preferably a self-contained 
example.
 [2012-01-27 09:40 UTC] aharvey@php.net
-Status: Open +Status: Feedback -Package: *General Issues +Package: Reproducible crash
 [2012-02-12 15:19 UTC] sefer at hotmail dot com 
Hi

I will try to provide the autoload module (if I receive permission to).
I seem to be getting other stack traces that lead me to suspect the multibyte 
module.
The [mbstring] section in our php.ini file doesn't contain any definitions, so 
defaults apply.

I hope this provides another clue.


#0  _zend_mm_free_int (heap=0x30bd6f0, p=0x37b8fe0) at /home/sababa/t/php-
5.3.9/Zend/zend_alloc.c:2028
2028		if (ZEND_MM_IS_FREE_BLOCK(next_block)) {

#0  _zend_mm_free_int (heap=0x30bd6f0, p=0x37b8fe0) at /home/sababa/t/php-
5.3.9/Zend/zend_alloc.c:2028
#1  0x00007f030e3a92d7 in zend_multibyte_read_script (buf=0x7f0318495000 
<Address 0x7f0318495000 out of bounds>, n=1445, tsrm_ls=0x2dc6800)
    at Zend/zend_language_scanner.l:709
#2  0x00007f030e3a9410 in open_file_for_scanning (file_handle=0x7f02f87f7c40, 
tsrm_ls=0x2dc6800) at Zend/zend_language_scanner.l:279
#3  0x00007f030e3a97f8 in compile_file (file_handle=0x7f02f87f7c40, type=8, 
tsrm_ls=0x2dc6800) at Zend/zend_language_scanner.l:352
#4  0x00007f030e219366 in phar_compile_file (file_handle=0x7f02f87f7c40, type=8, 
tsrm_ls=0x2dc6800)
    at /home/sababa/t/php-5.3.9/ext/phar/phar.c:3393
#5  0x00007f030e3dd266 in zend_execute_scripts (type=8, tsrm_ls=0x2dc6800, 
retval=0x0, file_count=3)
    at /home/sababa/t/php-5.3.9/Zend/zend.c:1228
#6  0x00007f030e380273 in php_execute_script (primary_file=0x7f02f87f7c40, 
tsrm_ls=0x2dc6800) at /home/sababa/t/php-5.3.9/main/main.c:2308
#7  0x00007f030e476fb2 in php_handler (r=0x467ee10) at /home/sababa/t/php-
5.3.9/sapi/apache2handler/sapi_apache2.c:669
#8  0x0000000000438c48 in ap_run_handler (r=0x467ee10) at config.c:158
#9  0x000000000043908c in ap_invoke_handler (r=0x467ee10) at config.c:376
#10 0x000000000044565c in ap_internal_redirect (new_uri=<value optimized out>, 
r=<value optimized out>) at http_request.c:554
#11 0x00007f030edf40fd in handler_redirect (r=0x4677970) at mod_rewrite.c:4838
#12 0x0000000000438c48 in ap_run_handler (r=0x4677970) at config.c:158
#13 0x000000000043908c in ap_invoke_handler (r=0x4677970) at config.c:376
#14 0x0000000000445fb0 in ap_process_request (r=0x4677970) at http_request.c:282
#15 0x0000000000443120 in ap_process_http_connection (c=0x4671278) at 
http_core.c:190
#16 0x000000000043f568 in ap_run_process_connection (c=0x4671278) at 
connection.c:43
#17 0x000000000044bb11 in process_socket (thd=0x18a33f0, dummy=<value optimized 
out>) at worker.c:544
#18 worker_thread (thd=0x18a33f0, dummy=<value optimized out>) at worker.c:894
#19 0x00007f031731fd8c in start_thread (arg=0x7f02f87f8700) at 
pthread_create.c:304
#20 0x00007f0316e6704d in clone () at 
../sysdeps/unix/sysv/linux/x86_64/clone.S:112
#21 0x0000000000000000 in ?? ()
 [2013-02-18 00:35 UTC] php-bugs at lists dot php dot net 
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Open". Thank you.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sat May 04 15:01:29 2024 UTC