PHP :: Bug #61236 :: "double free or corruption" when shutting down built-in web server

Bug #61236

"double free or corruption" when shutting down built-in web server

Submitted:

2012-03-02 06:37 UTC

Modified:

2021-07-01 05:20 UTC

Votes:	9
Avg. Score:	4.9 ± 0.3
Reproduced:	9 of 9 (100.0%)
Same Version:	5 (55.6%)
Same OS:	3 (33.3%)

From:

savetheinternet at tinyboard dot org

Assigned:

ab (profile)

Status:

Duplicate

Package:

APC (PECL)

PHP Version:

5.4.0

OS:

Debian GNU/Linux

Private report:

CVE-ID:

None

View Developer Edit

[2012-03-02 06:37 UTC] savetheinternet at tinyboard dot org

Description:
------------
I just upgraded to PHP 5.4 and figured I'd test the built-in web server. It runs fine, 
but 
always crashes when it's closing. I have APC enabled in my php.ini and according to the 
backtrace that is the problem. Removing APC from php.ini fixes it.

Regardless of whether the program starts successfully or not (arbitrary invalid 
arguments 
produce the same result), it will always crash on shutdown.

I am using PHP 5.4.0 and APC-3.1.9. I haven't had any problems with APC using CGI.

Test script:
---------------
$ php -S ?

Expected result:
----------------
An error message and clean exit.

Actual result:
--------------
(gdb) run -S ?
Starting program: /usr/local/bin/php -S ?
[Thread debugging using libthread_db enabled]
Invalid address: t
*** glibc detected *** /usr/local/bin/php: double free or corruption (out): 
0x00007ffff7ebdfe0 ***
======= Backtrace: =========
/lib/libc.so.6(+0x71bd6)[0x7ffff5784bd6]
/lib/libc.so.6(cfree+0x6c)[0x7ffff578994c]
/usr/local/bin/php(destroy_zend_class+0x23d)[0x74a08d]
/usr/local/bin/php(zend_hash_clean+0x73)[0x75f203]
/usr/local/lib/php/extensions/no-debug-non-zts-
20100525/apc.so(apc_interned_strings_shutdown+0x20)[0x7fffed9800c0]
/usr/local/lib/php/extensions/no-debug-non-zts-
20100525/apc.so(apc_module_shutdown+0x12a)[0x7fffed97863a]
/usr/local/lib/php/extensions/no-debug-non-zts-20100525/apc.so(+0xafdf)
[0x7fffed96efdf]
/usr/local/bin/php[0x758275]
/usr/local/bin/php[0x75eb72]
/usr/local/bin/php(zend_hash_graceful_reverse_destroy+0x18)[0x75ee08]
/usr/local/bin/php[0x752ee3]
/usr/local/bin/php(php_module_shutdown+0x2d)[0x6f7a0d]
/usr/local/bin/php[0x7f9245]
/lib/libc.so.6(__libc_start_main+0xfd)[0x7ffff5731c8d]
/usr/local/bin/php[0x430849]
======= Memory map: ========
00400000-00c83000 r-xp 00000000 08:03 12371472                           
/usr/local/bin/php
00e82000-00e90000 rw-p 00882000 08:03 12371472                           
/usr/local/bin/php
00e90000-01127000 rw-p 00000000 00:00 0                                  [heap]
7fffe8000000-7fffe8021000 rw-p 00000000 00:00 0 
7fffe8021000-7fffec000000 ---p 00000000 00:00 0 
7fffed964000-7fffed986000 r-xp 00000000 08:03 12486101                   
/usr/local/lib/php/extensions/no-debug-non-zts-20100525/apc.so
7fffed986000-7fffedb86000 ---p 00022000 08:03 12486101                   
/usr/local/lib/php/extensions/no-debug-non-zts-20100525/apc.so
7fffedb86000-7fffedb89000 rw-p 00022000 08:03 12486101                   
/usr/local/lib/php/extensions/no-debug-non-zts-20100525/apc.so
7fffedb89000-7fffedb92000 rw-p 00000000 00:00 0 
7ffff2e31000-7ffff2e47000 r-xp 00000000 08:03 6463529                    
/lib/libgcc_s.so.1
7ffff2e47000-7ffff3046000 ---p 00016000 08:03 6463529                    
/lib/libgcc_s.so.1
7ffff3046000-7ffff3047000 rw-p 00015000 08:03 6463529                    
/lib/libgcc_s.so.1
7ffff3047000-7ffff31bc000 r--p 00000000 08:03 12371130                   
/usr/lib/locale/locale-archive
7ffff31bc000-7ffff31cc000 r-xp 00000000 08:03 12357782                   
/usr/lib/libtasn1.so.3.1.9
7ffff31cc000-7ffff33cb000 ---p 00010000 08:03 12357782                   
/usr/lib/libtasn1.so.3.1.9
7ffff33cb000-7ffff33cc000 rw-p 0000f000 08:03 12357782                   
/usr/lib/libtasn1.so.3.1.9
7ffff33cc000-7ffff33cf000 r-xp 00000000 08:03 12357778                   
/usr/lib/libgpg-error.so.0.4.0
7ffff33cf000-7ffff35ce000 ---p 00003000 08:03 12357778                   
/usr/lib/libgpg-error.so.0.4.0
7ffff35ce000-7ffff35cf000 rw-p 00002000 08:03 12357778                   
/usr/lib/libgpg-error.so.0.4.0
7ffff35cf000-7ffff35d1000 r-xp 00000000 08:03 6465557                    
/lib/libkeyutils.so.1.3
7ffff35d1000-7ffff37d0000 ---p 00002000 08:03 6465557                    
/lib/libkeyutils.so.1.3
7ffff37d0000-7ffff37d1000 rw-p 00001000 08:03 6465557                    
/lib/libkeyutils.so.1.3
7ffff37d1000-7ffff37d8000 r-xp 00000000 08:03 12357254                   
/usr/lib/libkrb5support.so.0.1
7ffff37d8000-7ffff39d8000 ---p 00007000 08:03 12357254                   
/usr/lib/libkrb5support.so.0.1
7ffff39d8000-7ffff39d9000 rw-p 00007000 08:03 12357254                   
/usr/lib/libkrb5support.so.0.1
7ffff39d9000-7ffff39dc000 r-xp 00000000 08:03 6463497                    
/lib/libcom_err.so.2.1
7ffff39dc000-7ffff3bdb000 ---p 00003000 08:03 6463497                    
/lib/libcom_err.so.2.1
7ffff3bdb000-7ffff3bdc000 rw-p 00002000 08:03 6463497                    
/lib/libcom_err.so.2.1
7ffff3bdc000-7ffff3c01000 r-xp 00000000 08:03 12357244                   
/usr/lib/libk5crypto.so.3.1
7ffff3c01000-7ffff3e00000 ---p 00025000 08:03 12357244                   
/usr/lib/libk5crypto.so.3.1
7ffff3e00000-7ffff3e02000 rw-p 00024000 08:03 12357244                   
/usr/lib/libk5crypto.so.3.1
7ffff3e02000-7ffff3ec0000 r-xp 00000000 08:03 12359532                   
/usr/lib/libkrb5.so.3.3
7ffff3ec0000-7ffff40bf000 ---p 000be000 08:03 12359532                   
/usr/lib/libkrb5.so.3.3
7ffff40bf000-7ffff40ca000 rw-p 000bd000 08:03 12359532                   
/usr/lib/libkrb5.so.3.3
7ffff40ca000-7ffff4166000 r-xp 00000000 08:03 12354798                   
/usr/lib/libgnutls.so.26.14.12
7ffff4166000-7ffff4365000 ---p 0009c000 08:03 12354798                   
/usr/lib/libgnutls.so.26.14.12
7ffff4365000-7ffff436c000 rw-p 0009b000 08:03 12354798                   
/usr/lib/libgnutls.so.26.14.12
7ffff436c000-7ffff4385000 r-xp 00000000 08:03 12357936                   
/usr/lib/libsasl2.so.2.0.23
7ffff4385000-7ffff4584000 ---p 00019000 08:03 12357936                   
/usr/lib/libsasl2.so.2.0.23
7ffff4584000-7ffff4585000 rw-p 00018000 08:03 12357936                   
/usr/lib/libsasl2.so.2.0.23
7ffff4585000-7ffff45f9000 r-xp 00000000 08:03 12357780                   
/usr/lib/libgcrypt.so.11.5.3
7ffff45f9000-7ffff47f9000 ---p 00074000 08:03 12357780                   
/usr/lib/libgcrypt.so.11.5.3
7ffff47f9000-7ffff47fd000 rw-p 00074000 08:03 12357780                   
/usr/lib/libgcrypt.so.11.5.3
7ffff47fd000-7ffff4830000 r-xp 00000000 08:03 12357252                   
/usr/lib/libgssapi_krb5.so.2.2
7ffff4830000-7ffff4a30000 ---p 00033000 08:03 12357252                   
/usr/lib/libgssapi_krb5.so.2.2
7ffff4a30000-7ffff4a32000 rw-p 00033000 08:03 12357252                   
/usr/lib/libgssapi_krb5.so.2.2
7ffff4a32000-7ffff4a79000 r-xp 00000000 08:03 12357939                   
/usr/lib/libldap_r-2.4.so.2.5.6
7ffff4a79000-7ffff4c78000 ---p 00047000 08:03 12357939                   
/usr/lib/libldap_r-2.4.so.2.5.6
7ffff4c78000-7ffff4c7b000 rw-p 00046000 08:03 12357939                   
/usr/lib/libldap_r-2.4.so.2.5.6
7ffff4c7b000-7ffff4c7d000 rw-p 00000000 00:00 0 
7ffff4c7d000-7ffff4c8a000 r-xp 00000000 08:03 12357938                   
/usr/lib/liblber-2.4.so.2.5.6
7ffff4c8a000-7ffff4e8a000 ---p 0000d000 08:03 12357938                   
/usr/lib/liblber-2.4.so.2.5.6

Program received signal SIGABRT, Aborted.
0x00007ffff57451b5 in raise () from /lib/libc.so.6

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2012-03-04 22:01 UTC] aktush at gmail dot com

Exactly the same issue after upgrading seeing this :

php -v


root@host:/web/projects/web# php -v
PHP 5.4.0 (cli) (built: Mar  3 2012 20:16:29) 
Copyright (c) 1997-2012 The PHP Group
Zend Engine v2.4.0, Copyright (c) 1998-2012 Zend Technologies
*** glibc detected *** php: double free or corruption (out): 0x00007f5903058df0 
***
======= Backtrace: =========
/lib/libc.so.6(+0x71bd6)[0x7f59008e1bd6]
/lib/libc.so.6(cfree+0x6c)[0x7f59008e694c]
php(destroy_zend_class+0x255)[0x77b295]
php(zend_hash_clean+0x6b)[0x7906eb]
/usr/local/php-5.4.0-cgi/lib/php/extensions/no-debug-non-zts-
20100525/apc.so(apc_interned_strings_shutdown+0x20)[0x7f58fb6d40c0]
/usr/local/php-5.4.0-cgi/lib/php/extensions/no-debug-non-zts-
20100525/apc.so(apc_module_shutdown+0x12a)[0x7f58fb6cc63a]
/usr/local/php-5.4.0-cgi/lib/php/extensions/no-debug-non-zts-
20100525/apc.so(+0xafdf)[0x7f58fb6c2fdf]
php[0x7895e5]
php[0x790052]
php(zend_hash_graceful_reverse_destroy+0x18)[0x7902f8]
php[0x7840f3]
php(php_module_shutdown+0x2d)[0x72411d]
php[0x82c9b5]
/lib/libc.so.6(__libc_start_main+0xfd)[0x7f590088ec8d]
php[0x4303a9]
======= Memory map: ========
00400000-00cb4000 r-xp 00000000 08:03 32656                              
/usr/local/php-5.4.0-cgi/bin/php
00eb4000-00ec2000 rw-p 008b4000 08:03 32656                              
/usr/local/php-5.4.0-cgi/bin/php
00ec2000-00ee5000 rw-p 00000000 00:00 0 
02450000-026a2000 rw-p 00000000 00:00 0                                  [heap]
7f58f4000000-7f58f4021000 rw-p 00000000 00:00 0 
7f58f4021000-7f58f8000000 ---p 00000000 00:00 0 
7f58fb6b8000-7f58fb6da000 r-xp 00000000 08:03 4307                       
/usr/local/php-5.4.0-cgi/lib/php/extensions/no-debug-non-zts-20100525/apc.so
7f58fb6da000-7f58fb8da000 ---p 00022000 08:03 4307                       
/usr/local/php-5.4.0-cgi/lib/php/extensions/no-debug-non-zts-20100525/apc.so
7f58fb8da000-7f58fb8dd000 rw-p 00022000 08:03 4307                       
/usr/local/php-5.4.0-cgi/lib/php/extensions/no-debug-non-zts-20100525/apc.so
7f58fb8dd000-7f58fb8e6000 rw-p 00000000 00:00 0 
7f58fdbe1000-7f58fdbf7000 r-xp 00000000 08:03 137118                     
/lib/libgcc_s.so.1
7f58fdbf7000-7f58fddf6000 ---p 00016000 08:03 137118                     
/lib/libgcc_s.so.1
7f58fddf6000-7f58fddf7000 rw-p 00015000 08:03 137118                     
/lib/libgcc_s.so.1
7f58fddf7000-7f58fe319000 r--p 00000000 08:03 1860                       
/usr/lib/locale/locale-archive
7f58fe319000-7f58fe329000 r-xp 00000000 08:03 1231                       
/usr/lib/libtasn1.so.3.1.9
7f58fe329000-7f58fe528000 ---p 00010000 08:03 1231                       
/usr/lib/libtasn1.so.3.1.9
7f58fe528000-7f58fe529000 rw-p 0000f000 08:03 1231                       
/usr/lib/libtasn1.so.3.1.9
7f58fe529000-7f58fe52c000 r-xp 00000000 08:03 207                        
/usr/lib/libgpg-error.so.0.4.0
7f58fe52c000-7f58fe72b000 ---p 00003000 08:03 207                        
/usr/lib/libgpg-error.so.0.4.0
7f58fe72b000-7f58fe72c000 rw-p 00002000 08:03 207                        
/usr/lib/libgpg-error.so.0.4.0
7f58fe72c000-7f58fe72e000 r-xp 00000000 08:03 131218                     
/lib/libkeyutils.so.1.3
7f58fe72e000-7f58fe92d000 ---p 00002000 08:03 131218                     
/lib/libkeyutils.so.1.3
7f58fe92d000-7f58fe92e000 rw-p 00001000 08:03 131218                     
/lib/libkeyutils.so.1.3
7f58fe92e000-7f58fe935000 r-xp 00000000 08:03 2653                       
/usr/lib/libkrb5support.so.0.1
7f58fe935000-7f58feb35000 ---p 00007000 08:03 2653                       
/usr/lib/libkrb5support.so.0.1
7f58feb35000-7f58feb36000 rw-p 00007000 08:03 2653                       
/usr/lib/libkrb5support.so.0.1
7f58feb36000-7f58feb39000 r-xp 00000000 08:03 134937                     
/lib/libcom_err.so.2.1
7f58feb39000-7f58fed38000 ---p 00003000 08:03 134937                     
/lib/libcom_err.so.2.1
7f58fed38000-7f58fed39000 rw-p 00002000 08:03 134937                     
/lib/libcom_err.so.2.1
7f58fed39000-7f58fed5e000 r-xp 00000000 08:03 1479                       
/usr/lib/libk5crypto.so.3.1
7f58fed5e000-7f58fef5d000 ---p 00025000 08:03 1479                       
/usr/lib/libk5crypto.so.3.1
7f58fef5d000-7f58fef5f000 rw-p 00024000 08:03 1479                       
/usr/lib/libk5crypto.so.3.1
7f58fef5f000-7f58ff01d000 r-xp 00000000 08:03 2642                       
/usr/lib/libkrb5.so.3.3
7f58ff01d000-7f58ff21c000 ---p 000be000 08:03 2642                       
/usr/lib/libkrb5.so.3.3
7f58ff21c000-7f58ff227000 rw-p 000bd000 08:03 2642                       
/usr/lib/libkrb5.so.3.3
7f58ff227000-7f58ff2c3000 r-xp 00000000 08:03 345                        
/usr/lib/libgnutls.so.26.14.12
7f58ff2c3000-7f58ff4c2000 ---p 0009c000 08:03 345                        
/usr/lib/libgnutls.so.26.14.12
7f58ff4c2000-7f58ff4c9000 rw-p 0009b000 08:03 345                        
/usr/lib/libgnutls.so.26.14.12
7f58ff4c9000-7f58ff4e2000 r-xp 00000000 08:03 1399                       
/usr/lib/libsasl2.so.2.0.23
7f58ff4e2000-7f58ff6e1000 ---p 00019000 08:03 1399                       
/usr/lib/libsasl2.so.2.0.23
7f58ff6e1000-7f58ff6e2000 rw-p 00018000 08:03 1399                       
/usr/lib/libsasl2.so.2.0.23
7f58ff6e2000-7f58ff756000 r-xp 00000000 08:03 2702                       
/usr/lib/libgcrypt.so.11.5.3
7f58ff756000-7f58ff956000 ---p 00074000 08:03 2702                       
/usr/lib/libgcrypt.so.11.5.3
7f58ff956000-7f58ff95a000 rw-p 00074000 08:03 2702                       
/usr/lib/libgcrypt.so.11.5.3
7f58ff95a000-7f58ff98d000 r-xp 00000000 08:03 2635                       
/usr/lib/libgssapi_krb5.so.2.2
7f58ff98d000-7f58ffb8d000 ---p 00033000 08:03 2635                       
/usr/lib/libgssapi_krb5.so.2.2
7f58ffb8d000-7f58ffb8f000 rw-p 00033000 08:03 2635                       
/usr/lib/libgssapi_krb5.so.2.2
7f58ffb8f000-7f58ffbd6000 r-xp 00000000 08:03 4579                       
/usr/lib/libldap_r-2.4.so.2.5.6
7f58ffbd6000-7f58ffdd5000 ---p 00047000 08:03 4579                       
/usr/lib/libldap_r-2.4.so.2.5.6
7f58ffdd5000-7f58ffdd8000 rw-p 00046000 08:03 4579                       
/usr/lib/libldap_r-2.4.so.2.5.6
7f58ffdd8000-7f58ffdda000 rw-p 00000000 00:00 0 
7f58ffdda000-7f58ffde7000 r-xp 00000000 08:03 881                        
/usr/lib/liblber-2.4.so.2.5.6
7f58ffde7000-7f58fffe7000 ---p 0000d000 08:03 881                        
/usr/lib/liblber-2.4.so.2.5.6
7f58fffe7000-7f58fffe8000 rw-p 0000d000 08:03 881                        
/usr/lib/liblber-2.4.so.2.5.6
7f58fffe8000-7f590000b000 r-xp 00000000 08:03 17957                      
/usr/lib/libssh2.so.1.0.1
7f590000b000-7f590020b000 ---p 00023000 08:03 17957                      
/usr/lib/libssh2.so.1.0.1Aborted

Using the same versions of PHP 5.4 and APC

[2012-03-06 09:24 UTC] pajoye@php.net

see #61238

[2012-03-06 09:24 UTC] pajoye@php.net

-Status: Open +Status: Duplicate

[2012-03-07 12:14 UTC] pierre at archlinux dot de

This bug is still present in revision 323991 for me while bug #61238 was marked as fixed.

[2012-03-08 08:41 UTC] ab@php.net

@pierre at archlinux dot de

This bug was marked as duplicate as it looks alike. Could you please send your 
current backtrace?

[2012-03-09 00:10 UTC] pierre at archlinux dot de

It seems to be still the same as originally reported. Would if help I rebuilt php and apc with debugging symbols?

*** glibc detected *** php-fpm: double free or corruption (out): 0x00007fb23d022
======= Backtrace: =========
/lib/libc.so.6(+0x78e66)[0x7fb23bb4ce66]
php-fpm(destroy_zend_class+0x255)[0x62364
php-fpm(zend_hash_clean+0x70)[0x63add
/usr/lib/php/modules/apc.so(apc_interned_strings_shutdown+0x20)[0x7fb23
/usr/lib/php/modules/apc.so(apc_module_shutdown+0x10e)[0x7f
/usr/lib/php/modules/apc.so(+0xb05f)[0x7fb238a5205f]
php-fpm[0x634333]
php-fpm[0x6396f5]
php-fpm(zend_hash_graceful_reverse_destroy+0x18)[0x63ae
php-fpm[0x62d07e]
php-fpm(php_module_shutdown+0x2a)[0x5ce93
php-fpm[0x4254ba]
/lib/libc.so.6(__libc_start_main+0xed)[0x7fb23baf538d
php-fpm[0x426b41]

[2012-03-09 16:13 UTC] ab@php.net

-Assigned To: +Assigned To: ab

[2012-03-09 16:13 UTC] ab@php.net

Thanks. This bug is still a duplicate of #61238, please point your further 
messages there.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Mon Dec 30 14:01:28 2024 UTC