php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #61390 Segfault with dba_close and dba_popen'ed handles
Submitted: 2012-03-14 19:08 UTC Modified: 2017-01-07 15:35 UTC
Votes:2
Avg. Score:4.0 ± 1.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:1 (100.0%)
From: cjashfor at linux dot vnet dot ibm dot com Assigned: cmb (profile)
Status: Closed Package: DBM/DBA related
PHP Version: 5.4.0 OS: Linux
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: cjashfor at linux dot vnet dot ibm dot com
New email:
PHP Version: OS:

 

 [2012-03-14 19:08 UTC] cjashfor at linux dot vnet dot ibm dot com
Description:
------------
I have a simple test case that dba_opens a flatfile once which returns a resource descriptor, inserts a key and value into that flatfile, opens the same flatfile again returning a second resource, closes the second resource, and again reads the a key from the first descriptor.  This causes a seg fault.


Test script:
---------------
Note, this test case requires the dba extension to be installed.

<?php
$handler = "flatfile";
$db_filename = $db_file = dirname(__FILE__) .'/test0.dbm';
@unlink($db_filename);
@unlink($db_filename.'.lck');

echo "open ./test.inc as a flatfile db, and insert a key\n";
$db_file1 = dba_popen($db_filename, 'n', $handler);
dba_insert("key1", "This is a test insert 1", $db_file1);

echo "open a second resource on the same file\n";
$db_file2 = dba_popen($db_filename, 'n', $handler);

echo "close the second resource\n";
dba_close($db_file2);
echo "query the key value again from the first resource, after closing second resource\n";
echo dba_fetch("key1", $db_file1), "\n";
?>


Expected result:
----------------
I expect that instead of seg faulting on the final line, that it would instead print:

This is a test insert 1



Actual result:
--------------
(gdb) bt
#0  flatfile_findkey (dba=0x0, key_datum=...) at /home/corey/php-5.4.0/ext/dba/libflatfile/flatfile.c:172
#1  0x00000000004f05dd in flatfile_fetch (dba=0x0, key_datum=...) at /home/corey/php-5.4.0/ext/dba/libflatfile/flatfile.c:90
#2  0x00000000004ef0fe in dba_fetch_flatfile (info=<value optimized out>, key=0x7fcd5cb42a10 "key1", keylen=4, skip=<value optimized out>, newlen=0x7fff6396689c) at /home/corey/php-5.4.0/ext/dba/dba_flatfile.c:70
#3  0x00000000004ed1fb in zif_dba_fetch (ht=2, return_value=0x7fcd5cc57cb0, return_value_ptr=<value optimized out>, this_ptr=<value optimized out>, return_value_used=<value optimized out>) at /home/corey/php-5.4.0/ext/dba/dba.c:1020
#4  0x0000000000722b83 in zend_do_fcall_common_helper_SPEC (execute_data=<value optimized out>) at /home/corey/php-5.4.0/Zend/zend_vm_execute.h:642
#5  0x00000000006dd2c5 in execute (op_array=0x7fcd5cc560a8) at /home/corey/php-5.4.0/Zend/zend_vm_execute.h:410
#6  0x000000000067f585 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /home/corey/php-5.4.0/Zend/zend.c:1272
#7  0x0000000000622109 in php_execute_script (primary_file=0x7fff63968f70) at /home/corey/php-5.4.0/main/main.c:2473
#8  0x00000000007253ee in do_cli (argc=2, argv=0x7fff63969368) at /home/corey/php-5.4.0/sapi/cli/php_cli.c:983
#9  0x0000000000725c9f in main (argc=2, argv=0x7fff63969368) at /home/corey/php-5.4.0/sapi/cli/php_cli.c:1356

Here's the valgrind memcheck log:

==18497== Memcheck, a memory error detector
==18497== Copyright (C) 2002-2009, and GNU GPL'd, by Julian Seward et al.
==18497== Using Valgrind-3.5.0 and LibVEX; rerun with -h for copyright info
==18497== Command: /usr/bin/php new.php
==18497== Parent PID: 17376
==18497== 
==18497== Invalid read of size 8
==18497==    at 0xB2E009B: ??? (in /usr/lib64/php/modules/dba.so)
==18497==    by 0x5FDE3C: ??? (in /usr/bin/php)
==18497==    by 0x5D6793: execute (in /usr/bin/php)
==18497==    by 0x5B3965: zend_execute_scripts (in /usr/bin/php)
==18497==    by 0x5603F2: php_execute_script (in /usr/bin/php)
==18497==    by 0x64688C: ??? (in /usr/bin/php)
==18497==    by 0x3C0D41EE5C: (below main) (in /lib64/libc-2.13.so)
==18497==  Address 0x5216d88 is 56 bytes inside a block of size 88 free'd
==18497==    at 0x4A05187: free (vg_replace_malloc.c:325)
==18497==    by 0x5C16CD: ??? (in /usr/bin/php)
==18497==    by 0x5BE0D4: ??? (in /usr/bin/php)
==18497==    by 0x5BF93B: zend_hash_apply_with_argument (in /usr/bin/php)
==18497==    by 0x5C175D: ??? (in /usr/bin/php)
==18497==    by 0x5BF5AB: zend_hash_del_key_or_index (in /usr/bin/php)
==18497==    by 0x5C1888: _zend_list_delete (in /usr/bin/php)
==18497==    by 0xB2DF3D3: ??? (in /usr/lib64/php/modules/dba.so)
==18497==    by 0x5FDE3C: ??? (in /usr/bin/php)
==18497==    by 0x5D6793: execute (in /usr/bin/php)
==18497==    by 0x5B3965: zend_execute_scripts (in /usr/bin/php)
==18497==    by 0x5603F2: php_execute_script (in /usr/bin/php)
==18497==    by 0x64688C: ??? (in /usr/bin/php)
==18497==    by 0x3C0D41EE5C: (below main) (in /lib64/libc-2.13.so)
==18497== 
==18497== Invalid read of size 8
==18497==    at 0xB2E2376: ??? (in /usr/lib64/php/modules/dba.so)
==18497==    by 0xB2E00BF: ??? (in /usr/lib64/php/modules/dba.so)
==18497==    by 0x5FDE3C: ??? (in /usr/bin/php)
==18497==    by 0x5D6793: execute (in /usr/bin/php)
==18497==    by 0x5B3965: zend_execute_scripts (in /usr/bin/php)
==18497==    by 0x5603F2: php_execute_script (in /usr/bin/php)
==18497==    by 0x64688C: ??? (in /usr/bin/php)
==18497==    by 0x3C0D41EE5C: (below main) (in /lib64/libc-2.13.so)
==18497==  Address 0x5216d50 is 0 bytes inside a block of size 88 free'd
==18497==    at 0x4A05187: free (vg_replace_malloc.c:325)
==18497==    by 0x5C16CD: ??? (in /usr/bin/php)
==18497==    by 0x5BE0D4: ??? (in /usr/bin/php)
==18497==    by 0x5BF93B: zend_hash_apply_with_argument (in /usr/bin/php)
==18497==    by 0x5C175D: ??? (in /usr/bin/php)
==18497==    by 0x5BF5AB: zend_hash_del_key_or_index (in /usr/bin/php)
==18497==    by 0x5C1888: _zend_list_delete (in /usr/bin/php)
==18497==    by 0xB2DF3D3: ??? (in /usr/lib64/php/modules/dba.so)
==18497==    by 0x5FDE3C: ??? (in /usr/bin/php)
==18497==    by 0x5D6793: execute (in /usr/bin/php)
==18497==    by 0x5B3965: zend_execute_scripts (in /usr/bin/php)
==18497==    by 0x5603F2: php_execute_script (in /usr/bin/php)
==18497==    by 0x64688C: ??? (in /usr/bin/php)
==18497==    by 0x3C0D41EE5C: (below main) (in /lib64/libc-2.13.so)
==18497== 
==18497== Invalid read of size 8
==18497==    at 0xB2E379A: ??? (in /usr/lib64/php/modules/dba.so)
==18497==    by 0xB2E390D: ??? (in /usr/lib64/php/modules/dba.so)
==18497==    by 0xB2E238D: ??? (in /usr/lib64/php/modules/dba.so)
==18497==    by 0xB2E00BF: ??? (in /usr/lib64/php/modules/dba.so)
==18497==    by 0x5FDE3C: ??? (in /usr/bin/php)
==18497==    by 0x5D6793: execute (in /usr/bin/php)
==18497==    by 0x5B3965: zend_execute_scripts (in /usr/bin/php)
==18497==    by 0x5603F2: php_execute_script (in /usr/bin/php)
==18497==    by 0x64688C: ??? (in /usr/bin/php)
==18497==    by 0x3C0D41EE5C: (below main) (in /lib64/libc-2.13.so)
==18497==  Address 0x5217470 is 16 bytes inside a block of size 48 free'd
==18497==    at 0x4A05187: free (vg_replace_malloc.c:325)
==18497==    by 0xB2DF40F: ??? (in /usr/lib64/php/modules/dba.so)
==18497==    by 0x5C16CD: ??? (in /usr/bin/php)
==18497==    by 0x5BE0D4: ??? (in /usr/bin/php)
==18497==    by 0x5BF93B: zend_hash_apply_with_argument (in /usr/bin/php)
==18497==    by 0x5C175D: ??? (in /usr/bin/php)
==18497==    by 0x5BF5AB: zend_hash_del_key_or_index (in /usr/bin/php)
==18497==    by 0x5C1888: _zend_list_delete (in /usr/bin/php)
==18497==    by 0xB2DF3D3: ??? (in /usr/lib64/php/modules/dba.so)
==18497==    by 0x5FDE3C: ??? (in /usr/bin/php)
==18497==    by 0x5D6793: execute (in /usr/bin/php)
==18497==    by 0x5B3965: zend_execute_scripts (in /usr/bin/php)
==18497==    by 0x5603F2: php_execute_script (in /usr/bin/php)
==18497==    by 0x64688C: ??? (in /usr/bin/php)
==18497==    by 0x3C0D41EE5C: (below main) (in /lib64/libc-2.13.so)
==18497== 
==18497== Invalid read of size 4
==18497==    at 0x5743E9: _php_stream_seek (in /usr/bin/php)
==18497==    by 0xB2E37B2: ??? (in /usr/lib64/php/modules/dba.so)
==18497==    by 0xB2E390D: ??? (in /usr/lib64/php/modules/dba.so)
==18497==    by 0xB2E238D: ??? (in /usr/lib64/php/modules/dba.so)
==18497==    by 0xB2E00BF: ??? (in /usr/lib64/php/modules/dba.so)
==18497==    by 0x5FDE3C: ??? (in /usr/bin/php)
==18497==    by 0x5D6793: execute (in /usr/bin/php)
==18497==    by 0x5B3965: zend_execute_scripts (in /usr/bin/php)
==18497==    by 0x5603F2: php_execute_script (in /usr/bin/php)
==18497==    by 0x64688C: ??? (in /usr/bin/php)
==18497==    by 0x3C0D41EE5C: (below main) (in /lib64/libc-2.13.so)
==18497==  Address 0x5217188 is 120 bytes inside a block of size 216 free'd
==18497==    at 0x4A05187: free (vg_replace_malloc.c:325)
==18497==    by 0x5760FC: _php_stream_free (in /usr/bin/php)
==18497==    by 0xB2DF465: ??? (in /usr/lib64/php/modules/dba.so)
==18497==    by 0x5C16CD: ??? (in /usr/bin/php)
==18497==    by 0x5BE0D4: ??? (in /usr/bin/php)
==18497==    by 0x5BF93B: zend_hash_apply_with_argument (in /usr/bin/php)
==18497==    by 0x5C175D: ??? (in /usr/bin/php)
==18497==    by 0x5BF5AB: zend_hash_del_key_or_index (in /usr/bin/php)
==18497==    by 0x5C1888: _zend_list_delete (in /usr/bin/php)
==18497==    by 0xB2DF3D3: ??? (in /usr/lib64/php/modules/dba.so)
==18497==    by 0x5FDE3C: ??? (in /usr/bin/php)
==18497==    by 0x5D6793: execute (in /usr/bin/php)
==18497==    by 0x5B3965: zend_execute_scripts (in /usr/bin/php)
==18497==    by 0x5603F2: php_execute_script (in /usr/bin/php)
==18497==    by 0x64688C: ??? (in /usr/bin/php)
==18497==    by 0x3C0D41EE5C: (below main) (in /lib64/libc-2.13.so)
==18497== 
==18497== Invalid read of size 4
==18497==    at 0x5743F3: _php_stream_seek (in /usr/bin/php)
==18497==    by 0xB2E37B2: ??? (in /usr/lib64/php/modules/dba.so)
==18497==    by 0xB2E390D: ??? (in /usr/lib64/php/modules/dba.so)
==18497==    by 0xB2E238D: ??? (in /usr/lib64/php/modules/dba.so)
==18497==    by 0xB2E00BF: ??? (in /usr/lib64/php/modules/dba.so)
==18497==    by 0x5FDE3C: ??? (in /usr/bin/php)
==18497==    by 0x5D6793: execute (in /usr/bin/php)
==18497==    by 0x5B3965: zend_execute_scripts (in /usr/bin/php)
==18497==    by 0x5603F2: php_execute_script (in /usr/bin/php)
==18497==    by 0x64688C: ??? (in /usr/bin/php)
==18497==    by 0x3C0D41EE5C: (below main) (in /lib64/libc-2.13.so)
==18497==  Address 0x52171a8 is 152 bytes inside a block of size 216 free'd
==18497==    at 0x4A05187: free (vg_replace_malloc.c:325)
==18497==    by 0x5760FC: _php_stream_free (in /usr/bin/php)
==18497==    by 0xB2DF465: ??? (in /usr/lib64/php/modules/dba.so)
==18497==    by 0x5C16CD: ??? (in /usr/bin/php)
==18497==    by 0x5BE0D4: ??? (in /usr/bin/php)
==18497==    by 0x5BF93B: zend_hash_apply_with_argument (in /usr/bin/php)
==18497==    by 0x5C175D: ??? (in /usr/bin/php)
==18497==    by 0x5BF5AB: zend_hash_del_key_or_index (in /usr/bin/php)
==18497==    by 0x5C1888: _zend_list_delete (in /usr/bin/php)
==18497==    by 0xB2DF3D3: ??? (in /usr/lib64/php/modules/dba.so)
==18497==    by 0x5FDE3C: ??? (in /usr/bin/php)
==18497==    by 0x5D6793: execute (in /usr/bin/php)
==18497==    by 0x5B3965: zend_execute_scripts (in /usr/bin/php)
==18497==    by 0x5603F2: php_execute_script (in /usr/bin/php)
==18497==    by 0x64688C: ??? (in /usr/bin/php)
==18497==    by 0x3C0D41EE5C: (below main) (in /lib64/libc-2.13.so)
==18497== 
==18497== Invalid read of size 8
==18497==    at 0x574407: _php_stream_seek (in /usr/bin/php)
==18497==    by 0xB2E37B2: ??? (in /usr/lib64/php/modules/dba.so)
==18497==    by 0xB2E390D: ??? (in /usr/lib64/php/modules/dba.so)
==18497==    by 0xB2E238D: ??? (in /usr/lib64/php/modules/dba.so)
==18497==    by 0xB2E00BF: ??? (in /usr/lib64/php/modules/dba.so)
==18497==    by 0x5FDE3C: ??? (in /usr/bin/php)
==18497==    by 0x5D6793: execute (in /usr/bin/php)
==18497==    by 0x5B3965: zend_execute_scripts (in /usr/bin/php)
==18497==    by 0x5603F2: php_execute_script (in /usr/bin/php)
==18497==    by 0x64688C: ??? (in /usr/bin/php)
==18497==    by 0x3C0D41EE5C: (below main) (in /lib64/libc-2.13.so)
==18497==  Address 0x52171b0 is 160 bytes inside a block of size 216 free'd
==18497==    at 0x4A05187: free (vg_replace_malloc.c:325)
==18497==    by 0x5760FC: _php_stream_free (in /usr/bin/php)
==18497==    by 0xB2DF465: ??? (in /usr/lib64/php/modules/dba.so)
==18497==    by 0x5C16CD: ??? (in /usr/bin/php)
==18497==    by 0x5BE0D4: ??? (in /usr/bin/php)
==18497==    by 0x5BF93B: zend_hash_apply_with_argument (in /usr/bin/php)
==18497==    by 0x5C175D: ??? (in /usr/bin/php)
==18497==    by 0x5BF5AB: zend_hash_del_key_or_index (in /usr/bin/php)
==18497==    by 0x5C1888: _zend_list_delete (in /usr/bin/php)
==18497==    by 0xB2DF3D3: ??? (in /usr/lib64/php/modules/dba.so)
==18497==    by 0x5FDE3C: ??? (in /usr/bin/php)
==18497==    by 0x5D6793: execute (in /usr/bin/php)
==18497==    by 0x5B3965: zend_execute_scripts (in /usr/bin/php)
==18497==    by 0x5603F2: php_execute_script (in /usr/bin/php)
==18497==    by 0x64688C: ??? (in /usr/bin/php)
==18497==    by 0x3C0D41EE5C: (below main) (in /lib64/libc-2.13.so)
==18497== 
==18497== Invalid read of size 8
==18497==    at 0x574430: _php_stream_seek (in /usr/bin/php)
==18497==    by 0xB2E37B2: ??? (in /usr/lib64/php/modules/dba.so)
==18497==    by 0xB2E390D: ??? (in /usr/lib64/php/modules/dba.so)
==18497==    by 0xB2E238D: ??? (in /usr/lib64/php/modules/dba.so)
==18497==    by 0xB2E00BF: ??? (in /usr/lib64/php/modules/dba.so)
==18497==    by 0x5FDE3C: ??? (in /usr/bin/php)
==18497==    by 0x5D6793: execute (in /usr/bin/php)
==18497==    by 0x5B3965: zend_execute_scripts (in /usr/bin/php)
==18497==    by 0x5603F2: php_execute_script (in /usr/bin/php)
==18497==    by 0x64688C: ??? (in /usr/bin/php)
==18497==    by 0x3C0D41EE5C: (below main) (in /lib64/libc-2.13.so)
==18497==  Address 0x5217110 is 0 bytes inside a block of size 216 free'd
==18497==    at 0x4A05187: free (vg_replace_malloc.c:325)
==18497==    by 0x5760FC: _php_stream_free (in /usr/bin/php)
==18497==    by 0xB2DF465: ??? (in /usr/lib64/php/modules/dba.so)
==18497==    by 0x5C16CD: ??? (in /usr/bin/php)
==18497==    by 0x5BE0D4: ??? (in /usr/bin/php)
==18497==    by 0x5BF93B: zend_hash_apply_with_argument (in /usr/bin/php)
==18497==    by 0x5C175D: ??? (in /usr/bin/php)
==18497==    by 0x5BF5AB: zend_hash_del_key_or_index (in /usr/bin/php)
==18497==    by 0x5C1888: _zend_list_delete (in /usr/bin/php)
==18497==    by 0xB2DF3D3: ??? (in /usr/lib64/php/modules/dba.so)
==18497==    by 0x5FDE3C: ??? (in /usr/bin/php)
==18497==    by 0x5D6793: execute (in /usr/bin/php)
==18497==    by 0x5B3965: zend_execute_scripts (in /usr/bin/php)
==18497==    by 0x5603F2: php_execute_script (in /usr/bin/php)
==18497==    by 0x64688C: ??? (in /usr/bin/php)
==18497==    by 0x3C0D41EE5C: (below main) (in /lib64/libc-2.13.so)
==18497== 
==18497== Invalid read of size 8
==18497==    at 0x5744C8: _php_stream_seek (in /usr/bin/php)
==18497==    by 0xB2E37B2: ??? (in /usr/lib64/php/modules/dba.so)
==18497==    by 0xB2E390D: ??? (in /usr/lib64/php/modules/dba.so)
==18497==    by 0xB2E238D: ??? (in /usr/lib64/php/modules/dba.so)
==18497==    by 0xB2E00BF: ??? (in /usr/lib64/php/modules/dba.so)
==18497==    by 0x5FDE3C: ??? (in /usr/bin/php)
==18497==    by 0x5D6793: execute (in /usr/bin/php)
==18497==    by 0x5B3965: zend_execute_scripts (in /usr/bin/php)
==18497==    by 0x5603F2: php_execute_script (in /usr/bin/php)
==18497==    by 0x64688C: ??? (in /usr/bin/php)
==18497==    by 0x3C0D41EE5C: (below main) (in /lib64/libc-2.13.so)
==18497==  Address 0x5217138 is 40 bytes inside a block of size 216 free'd
==18497==    at 0x4A05187: free (vg_replace_malloc.c:325)
==18497==    by 0x5760FC: _php_stream_free (in /usr/bin/php)
==18497==    by 0xB2DF465: ??? (in /usr/lib64/php/modules/dba.so)
==18497==    by 0x5C16CD: ??? (in /usr/bin/php)
==18497==    by 0x5BE0D4: ??? (in /usr/bin/php)
==18497==    by 0x5BF93B: zend_hash_apply_with_argument (in /usr/bin/php)
==18497==    by 0x5C175D: ??? (in /usr/bin/php)
==18497==    by 0x5BF5AB: zend_hash_del_key_or_index (in /usr/bin/php)
==18497==    by 0x5C1888: _zend_list_delete (in /usr/bin/php)
==18497==    by 0xB2DF3D3: ??? (in /usr/lib64/php/modules/dba.so)
==18497==    by 0x5FDE3C: ??? (in /usr/bin/php)
==18497==    by 0x5D6793: execute (in /usr/bin/php)
==18497==    by 0x5B3965: zend_execute_scripts (in /usr/bin/php)
==18497==    by 0x5603F2: php_execute_script (in /usr/bin/php)
==18497==    by 0x64688C: ??? (in /usr/bin/php)
==18497==    by 0x3C0D41EE5C: (below main) (in /lib64/libc-2.13.so)
==18497== 
==18497== Invalid read of size 8
==18497==    at 0x579E86: ??? (in /usr/bin/php)
==18497==    by 0x574502: _php_stream_seek (in /usr/bin/php)
==18497==    by 0xB2E37B2: ??? (in /usr/lib64/php/modules/dba.so)
==18497==    by 0xB2E390D: ??? (in /usr/lib64/php/modules/dba.so)
==18497==    by 0xB2E238D: ??? (in /usr/lib64/php/modules/dba.so)
==18497==    by 0xB2E00BF: ??? (in /usr/lib64/php/modules/dba.so)
==18497==    by 0x5FDE3C: ??? (in /usr/bin/php)
==18497==    by 0x5D6793: execute (in /usr/bin/php)
==18497==    by 0x5B3965: zend_execute_scripts (in /usr/bin/php)
==18497==    by 0x5603F2: php_execute_script (in /usr/bin/php)
==18497==    by 0x64688C: ??? (in /usr/bin/php)
==18497==    by 0x3C0D41EE5C: (below main) (in /lib64/libc-2.13.so)
==18497==  Address 0x5217118 is 8 bytes inside a block of size 216 free'd
==18497==    at 0x4A05187: free (vg_replace_malloc.c:325)
==18497==    by 0x5760FC: _php_stream_free (in /usr/bin/php)
==18497==    by 0xB2DF465: ??? (in /usr/lib64/php/modules/dba.so)
==18497==    by 0x5C16CD: ??? (in /usr/bin/php)
==18497==    by 0x5BE0D4: ??? (in /usr/bin/php)
==18497==    by 0x5BF93B: zend_hash_apply_with_argument (in /usr/bin/php)
==18497==    by 0x5C175D: ??? (in /usr/bin/php)
==18497==    by 0x5BF5AB: zend_hash_del_key_or_index (in /usr/bin/php)
==18497==    by 0x5C1888: _zend_list_delete (in /usr/bin/php)
==18497==    by 0xB2DF3D3: ??? (in /usr/lib64/php/modules/dba.so)
==18497==    by 0x5FDE3C: ??? (in /usr/bin/php)
==18497==    by 0x5D6793: execute (in /usr/bin/php)
==18497==    by 0x5B3965: zend_execute_scripts (in /usr/bin/php)
==18497==    by 0x5603F2: php_execute_script (in /usr/bin/php)
==18497==    by 0x64688C: ??? (in /usr/bin/php)
==18497==    by 0x3C0D41EE5C: (below main) (in /lib64/libc-2.13.so)
==18497== 
==18497== Invalid read of size 1
==18497==    at 0x579E8A: ??? (in /usr/bin/php)
==18497==    by 0x574502: _php_stream_seek (in /usr/bin/php)
==18497==    by 0xB2E37B2: ??? (in /usr/lib64/php/modules/dba.so)
==18497==    by 0xB2E390D: ??? (in /usr/lib64/php/modules/dba.so)
==18497==    by 0xB2E238D: ??? (in /usr/lib64/php/modules/dba.so)
==18497==    by 0xB2E00BF: ??? (in /usr/lib64/php/modules/dba.so)
==18497==    by 0x5FDE3C: ??? (in /usr/bin/php)
==18497==    by 0x5D6793: execute (in /usr/bin/php)
==18497==    by 0x5B3965: zend_execute_scripts (in /usr/bin/php)
==18497==    by 0x5603F2: php_execute_script (in /usr/bin/php)
==18497==    by 0x64688C: ??? (in /usr/bin/php)
==18497==    by 0x3C0D41EE5C: (below main) (in /lib64/libc-2.13.so)
==18497==  Address 0xc is not stack'd, malloc'd or (recently) free'd
==18497== 
==18497== 
==18497== Process terminating with default action of signal 11 (SIGSEGV): dumping core
==18497==  Access not within mapped region at address 0xC
==18497==    at 0x579E8A: ??? (in /usr/bin/php)
==18497==    by 0x574502: _php_stream_seek (in /usr/bin/php)
==18497==    by 0xB2E37B2: ??? (in /usr/lib64/php/modules/dba.so)
==18497==    by 0xB2E390D: ??? (in /usr/lib64/php/modules/dba.so)
==18497==    by 0xB2E238D: ??? (in /usr/lib64/php/modules/dba.so)
==18497==    by 0xB2E00BF: ??? (in /usr/lib64/php/modules/dba.so)
==18497==    by 0x5FDE3C: ??? (in /usr/bin/php)
==18497==    by 0x5D6793: execute (in /usr/bin/php)
==18497==    by 0x5B3965: zend_execute_scripts (in /usr/bin/php)
==18497==    by 0x5603F2: php_execute_script (in /usr/bin/php)
==18497==    by 0x64688C: ??? (in /usr/bin/php)
==18497==    by 0x3C0D41EE5C: (below main) (in /lib64/libc-2.13.so)
==18497==  If you believe this happened as a result of a stack
==18497==  overflow in your program's main thread (unlikely but
==18497==  possible), you can try to increase the size of the
==18497==  main thread stack using the --main-stacksize= flag.
==18497==  The main thread stack size used in this run was 8388608.
==18497== 
==18497== HEAP SUMMARY:
==18497==     in use at exit: 2,542,594 bytes in 14,407 blocks
==18497==   total heap usage: 15,583 allocs, 1,176 frees, 2,957,462 bytes allocated
==18497== 
==18497== LEAK SUMMARY:
==18497==    definitely lost: 0 bytes in 0 blocks
==18497==    indirectly lost: 0 bytes in 0 blocks
==18497==      possibly lost: 269,497 bytes in 36 blocks
==18497==    still reachable: 2,273,097 bytes in 14,371 blocks
==18497==         suppressed: 0 bytes in 0 blocks
==18497== Rerun with --leak-check=full to see details of leaked memory
==18497== 
==18497== For counts of detected and suppressed errors, rerun with: -v
==18497== ERROR SUMMARY: 10 errors from 10 contexts (suppressed: 46 from 6)




Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-03-14 19:14 UTC] cjashfor at linux dot vnet dot ibm dot com
The first echo in the test case is incorrect.  It should read:
echo "open ./test0.dbm as a flatfile db, and insert a key\n"
 [2012-03-14 19:28 UTC] cjashfor at linux dot vnet dot ibm dot com
The first valgrind memcheck I ran was on the installed php, and so it's missing some file/line# information.  Here's one where I ran it on the php where I built it; it contains complete file/line# info:

==18593== Memcheck, a memory error detector
==18593== Copyright (C) 2002-2009, and GNU GPL'd, by Julian Seward et al.
==18593== Using Valgrind-3.5.0 and LibVEX; rerun with -h for copyright info
==18593== Command: /home/corey/php-5.4.0/sapi/cli/php new.php
==18593== Parent PID: 17376
==18593== 
==18593== Invalid read of size 8
==18593==    at 0x4ED1D9: zif_dba_fetch (dba.c:1018)
==18593==    by 0x722B82: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:642)
==18593==    by 0x6DD2C4: execute (zend_vm_execute.h:410)
==18593==    by 0x67F584: zend_execute_scripts (zend.c:1272)
==18593==    by 0x622108: php_execute_script (main.c:2473)
==18593==    by 0x7253ED: do_cli (php_cli.c:983)
==18593==    by 0x725C9E: main (php_cli.c:1356)
==18593==  Address 0x51e48e8 is 56 bytes inside a block of size 88 free'd
==18593==    at 0x4A05187: free (vg_replace_malloc.c:325)
==18593==    by 0x68D55D: plist_entry_destructor (zend_list.c:209)
==18593==    by 0x689D0E: zend_hash_apply_deleter (zend_hash.c:650)
==18593==    by 0x68B7CB: zend_hash_apply_with_argument (zend_hash.c:743)
==18593==    by 0x68D5ED: list_entry_destructor (zend_list.c:183)
==18593==    by 0x68B3F0: zend_hash_del_key_or_index (zend_hash.c:531)
==18593==    by 0x68D6D6: _zend_list_delete (zend_list.c:57)
==18593==    by 0x4ED35F: zif_dba_close (dba.c:969)
==18593==    by 0x722B82: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:642)
==18593==    by 0x6DD2C4: execute (zend_vm_execute.h:410)
==18593==    by 0x67F584: zend_execute_scripts (zend.c:1272)
==18593==    by 0x622108: php_execute_script (main.c:2473)
==18593==    by 0x7253ED: do_cli (php_cli.c:983)
==18593==    by 0x725C9E: main (php_cli.c:1356)
==18593== 
==18593== Invalid read of size 8
==18593==    at 0x4EF0E6: dba_fetch_flatfile (dba_flatfile.c:67)
==18593==    by 0x4ED1FA: zif_dba_fetch (dba.c:1020)
==18593==    by 0x722B82: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:642)
==18593==    by 0x6DD2C4: execute (zend_vm_execute.h:410)
==18593==    by 0x67F584: zend_execute_scripts (zend.c:1272)
==18593==    by 0x622108: php_execute_script (main.c:2473)
==18593==    by 0x7253ED: do_cli (php_cli.c:983)
==18593==    by 0x725C9E: main (php_cli.c:1356)
==18593==  Address 0x51e48b0 is 0 bytes inside a block of size 88 free'd
==18593==    at 0x4A05187: free (vg_replace_malloc.c:325)
==18593==    by 0x68D55D: plist_entry_destructor (zend_list.c:209)
==18593==    by 0x689D0E: zend_hash_apply_deleter (zend_hash.c:650)
==18593==    by 0x68B7CB: zend_hash_apply_with_argument (zend_hash.c:743)
==18593==    by 0x68D5ED: list_entry_destructor (zend_list.c:183)
==18593==    by 0x68B3F0: zend_hash_del_key_or_index (zend_hash.c:531)
==18593==    by 0x68D6D6: _zend_list_delete (zend_list.c:57)
==18593==    by 0x4ED35F: zif_dba_close (dba.c:969)
==18593==    by 0x722B82: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:642)
==18593==    by 0x6DD2C4: execute (zend_vm_execute.h:410)
==18593==    by 0x67F584: zend_execute_scripts (zend.c:1272)
==18593==    by 0x622108: php_execute_script (main.c:2473)
==18593==    by 0x7253ED: do_cli (php_cli.c:983)
==18593==    by 0x725C9E: main (php_cli.c:1356)
==18593== 
==18593== Invalid read of size 8
==18593==    at 0x4F047A: flatfile_findkey (flatfile.c:172)
==18593==    by 0x4F05DC: flatfile_fetch (flatfile.c:90)
==18593==    by 0x4EF0FD: dba_fetch_flatfile (dba_flatfile.c:70)
==18593==    by 0x4ED1FA: zif_dba_fetch (dba.c:1020)
==18593==    by 0x722B82: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:642)
==18593==    by 0x6DD2C4: execute (zend_vm_execute.h:410)
==18593==    by 0x67F584: zend_execute_scripts (zend.c:1272)
==18593==    by 0x622108: php_execute_script (main.c:2473)
==18593==    by 0x7253ED: do_cli (php_cli.c:983)
==18593==    by 0x725C9E: main (php_cli.c:1356)
==18593==  Address 0x51e5050 is 16 bytes inside a block of size 48 free'd
==18593==    at 0x4A05187: free (vg_replace_malloc.c:325)
==18593==    by 0x4ED39F: dba_close (dba.c:401)
==18593==    by 0x68D55D: plist_entry_destructor (zend_list.c:209)
==18593==    by 0x689D0E: zend_hash_apply_deleter (zend_hash.c:650)
==18593==    by 0x68B7CB: zend_hash_apply_with_argument (zend_hash.c:743)
==18593==    by 0x68D5ED: list_entry_destructor (zend_list.c:183)
==18593==    by 0x68B3F0: zend_hash_del_key_or_index (zend_hash.c:531)
==18593==    by 0x68D6D6: _zend_list_delete (zend_list.c:57)
==18593==    by 0x4ED35F: zif_dba_close (dba.c:969)
==18593==    by 0x722B82: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:642)
==18593==    by 0x6DD2C4: execute (zend_vm_execute.h:410)
==18593==    by 0x67F584: zend_execute_scripts (zend.c:1272)
==18593==    by 0x622108: php_execute_script (main.c:2473)
==18593==    by 0x7253ED: do_cli (php_cli.c:983)
==18593==    by 0x725C9E: main (php_cli.c:1356)
==18593== 
==18593== Invalid read of size 4
==18593==    at 0x637DC6: _php_stream_seek (streams.c:1208)
==18593==    by 0x4F0492: flatfile_findkey (flatfile.c:172)
==18593==    by 0x4F05DC: flatfile_fetch (flatfile.c:90)
==18593==    by 0x4EF0FD: dba_fetch_flatfile (dba_flatfile.c:70)
==18593==    by 0x4ED1FA: zif_dba_fetch (dba.c:1020)
==18593==    by 0x722B82: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:642)
==18593==    by 0x6DD2C4: execute (zend_vm_execute.h:410)
==18593==    by 0x67F584: zend_execute_scripts (zend.c:1272)
==18593==    by 0x622108: php_execute_script (main.c:2473)
==18593==    by 0x7253ED: do_cli (php_cli.c:983)
==18593==    by 0x725C9E: main (php_cli.c:1356)
==18593==  Address 0x51e4ce8 is 120 bytes inside a block of size 224 free'd
==18593==    at 0x4A05187: free (vg_replace_malloc.c:325)
==18593==    by 0x6399E0: _php_stream_free (streams.c:536)
==18593==    by 0x4ED3F5: dba_close (dba.c:415)
==18593==    by 0x68D55D: plist_entry_destructor (zend_list.c:209)
==18593==    by 0x689D0E: zend_hash_apply_deleter (zend_hash.c:650)
==18593==    by 0x68B7CB: zend_hash_apply_with_argument (zend_hash.c:743)
==18593==    by 0x68D5ED: list_entry_destructor (zend_list.c:183)
==18593==    by 0x68B3F0: zend_hash_del_key_or_index (zend_hash.c:531)
==18593==    by 0x68D6D6: _zend_list_delete (zend_list.c:57)
==18593==    by 0x4ED35F: zif_dba_close (dba.c:969)
==18593==    by 0x722B82: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:642)
==18593==    by 0x6DD2C4: execute (zend_vm_execute.h:410)
==18593==    by 0x67F584: zend_execute_scripts (zend.c:1272)
==18593==    by 0x622108: php_execute_script (main.c:2473)
==18593==    by 0x7253ED: do_cli (php_cli.c:983)
==18593==    by 0x725C9E: main (php_cli.c:1356)
==18593== 
==18593== Invalid read of size 4
==18593==    at 0x637DD0: _php_stream_seek (streams.c:1214)
==18593==    by 0x4F0492: flatfile_findkey (flatfile.c:172)
==18593==    by 0x4F05DC: flatfile_fetch (flatfile.c:90)
==18593==    by 0x4EF0FD: dba_fetch_flatfile (dba_flatfile.c:70)
==18593==    by 0x4ED1FA: zif_dba_fetch (dba.c:1020)
==18593==    by 0x722B82: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:642)
==18593==    by 0x6DD2C4: execute (zend_vm_execute.h:410)
==18593==    by 0x67F584: zend_execute_scripts (zend.c:1272)
==18593==    by 0x622108: php_execute_script (main.c:2473)
==18593==    by 0x7253ED: do_cli (php_cli.c:983)
==18593==    by 0x725C9E: main (php_cli.c:1356)
==18593==  Address 0x51e4d08 is 152 bytes inside a block of size 224 free'd
==18593==    at 0x4A05187: free (vg_replace_malloc.c:325)
==18593==    by 0x6399E0: _php_stream_free (streams.c:536)
==18593==    by 0x4ED3F5: dba_close (dba.c:415)
==18593==    by 0x68D55D: plist_entry_destructor (zend_list.c:209)
==18593==    by 0x689D0E: zend_hash_apply_deleter (zend_hash.c:650)
==18593==    by 0x68B7CB: zend_hash_apply_with_argument (zend_hash.c:743)
==18593==    by 0x68D5ED: list_entry_destructor (zend_list.c:183)
==18593==    by 0x68B3F0: zend_hash_del_key_or_index (zend_hash.c:531)
==18593==    by 0x68D6D6: _zend_list_delete (zend_list.c:57)
==18593==    by 0x4ED35F: zif_dba_close (dba.c:969)
==18593==    by 0x722B82: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:642)
==18593==    by 0x6DD2C4: execute (zend_vm_execute.h:410)
==18593==    by 0x67F584: zend_execute_scripts (zend.c:1272)
==18593==    by 0x622108: php_execute_script (main.c:2473)
==18593==    by 0x7253ED: do_cli (php_cli.c:983)
==18593==    by 0x725C9E: main (php_cli.c:1356)
==18593== 
==18593== Invalid read of size 8
==18593==    at 0x637DE4: _php_stream_seek (streams.c:1225)
==18593==    by 0x4F0492: flatfile_findkey (flatfile.c:172)
==18593==    by 0x4F05DC: flatfile_fetch (flatfile.c:90)
==18593==    by 0x4EF0FD: dba_fetch_flatfile (dba_flatfile.c:70)
==18593==    by 0x4ED1FA: zif_dba_fetch (dba.c:1020)
==18593==    by 0x722B82: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:642)
==18593==    by 0x6DD2C4: execute (zend_vm_execute.h:410)
==18593==    by 0x67F584: zend_execute_scripts (zend.c:1272)
==18593==    by 0x622108: php_execute_script (main.c:2473)
==18593==    by 0x7253ED: do_cli (php_cli.c:983)
==18593==    by 0x725C9E: main (php_cli.c:1356)
==18593==  Address 0x51e4d10 is 160 bytes inside a block of size 224 free'd
==18593==    at 0x4A05187: free (vg_replace_malloc.c:325)
==18593==    by 0x6399E0: _php_stream_free (streams.c:536)
==18593==    by 0x4ED3F5: dba_close (dba.c:415)
==18593==    by 0x68D55D: plist_entry_destructor (zend_list.c:209)
==18593==    by 0x689D0E: zend_hash_apply_deleter (zend_hash.c:650)
==18593==    by 0x68B7CB: zend_hash_apply_with_argument (zend_hash.c:743)
==18593==    by 0x68D5ED: list_entry_destructor (zend_list.c:183)
==18593==    by 0x68B3F0: zend_hash_del_key_or_index (zend_hash.c:531)
==18593==    by 0x68D6D6: _zend_list_delete (zend_list.c:57)
==18593==    by 0x4ED35F: zif_dba_close (dba.c:969)
==18593==    by 0x722B82: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:642)
==18593==    by 0x6DD2C4: execute (zend_vm_execute.h:410)
==18593==    by 0x67F584: zend_execute_scripts (zend.c:1272)
==18593==    by 0x622108: php_execute_script (main.c:2473)
==18593==    by 0x7253ED: do_cli (php_cli.c:983)
==18593==    by 0x725C9E: main (php_cli.c:1356)
==18593== 
==18593== Invalid read of size 8
==18593==    at 0x637E10: _php_stream_seek (streams.c:1237)
==18593==    by 0x4F0492: flatfile_findkey (flatfile.c:172)
==18593==    by 0x4F05DC: flatfile_fetch (flatfile.c:90)
==18593==    by 0x4EF0FD: dba_fetch_flatfile (dba_flatfile.c:70)
==18593==    by 0x4ED1FA: zif_dba_fetch (dba.c:1020)
==18593==    by 0x722B82: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:642)
==18593==    by 0x6DD2C4: execute (zend_vm_execute.h:410)
==18593==    by 0x67F584: zend_execute_scripts (zend.c:1272)
==18593==    by 0x622108: php_execute_script (main.c:2473)
==18593==    by 0x7253ED: do_cli (php_cli.c:983)
==18593==    by 0x725C9E: main (php_cli.c:1356)
==18593==  Address 0x51e4c70 is 0 bytes inside a block of size 224 free'd
==18593==    at 0x4A05187: free (vg_replace_malloc.c:325)
==18593==    by 0x6399E0: _php_stream_free (streams.c:536)
==18593==    by 0x4ED3F5: dba_close (dba.c:415)
==18593==    by 0x68D55D: plist_entry_destructor (zend_list.c:209)
==18593==    by 0x689D0E: zend_hash_apply_deleter (zend_hash.c:650)
==18593==    by 0x68B7CB: zend_hash_apply_with_argument (zend_hash.c:743)
==18593==    by 0x68D5ED: list_entry_destructor (zend_list.c:183)
==18593==    by 0x68B3F0: zend_hash_del_key_or_index (zend_hash.c:531)
==18593==    by 0x68D6D6: _zend_list_delete (zend_list.c:57)
==18593==    by 0x4ED35F: zif_dba_close (dba.c:969)
==18593==    by 0x722B82: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:642)
==18593==    by 0x6DD2C4: execute (zend_vm_execute.h:410)
==18593==    by 0x67F584: zend_execute_scripts (zend.c:1272)
==18593==    by 0x622108: php_execute_script (main.c:2473)
==18593==    by 0x7253ED: do_cli (php_cli.c:983)
==18593==    by 0x725C9E: main (php_cli.c:1356)
==18593== 
==18593== Invalid read of size 8
==18593==    at 0x637E90: _php_stream_seek (streams.c:1240)
==18593==    by 0x4F0492: flatfile_findkey (flatfile.c:172)
==18593==    by 0x4F05DC: flatfile_fetch (flatfile.c:90)
==18593==    by 0x4EF0FD: dba_fetch_flatfile (dba_flatfile.c:70)
==18593==    by 0x4ED1FA: zif_dba_fetch (dba.c:1020)
==18593==    by 0x722B82: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:642)
==18593==    by 0x6DD2C4: execute (zend_vm_execute.h:410)
==18593==    by 0x67F584: zend_execute_scripts (zend.c:1272)
==18593==    by 0x622108: php_execute_script (main.c:2473)
==18593==    by 0x7253ED: do_cli (php_cli.c:983)
==18593==    by 0x725C9E: main (php_cli.c:1356)
==18593==  Address 0x51e4c98 is 40 bytes inside a block of size 224 free'd
==18593==    at 0x4A05187: free (vg_replace_malloc.c:325)
==18593==    by 0x6399E0: _php_stream_free (streams.c:536)
==18593==    by 0x4ED3F5: dba_close (dba.c:415)
==18593==    by 0x68D55D: plist_entry_destructor (zend_list.c:209)
==18593==    by 0x689D0E: zend_hash_apply_deleter (zend_hash.c:650)
==18593==    by 0x68B7CB: zend_hash_apply_with_argument (zend_hash.c:743)
==18593==    by 0x68D5ED: list_entry_destructor (zend_list.c:183)
==18593==    by 0x68B3F0: zend_hash_del_key_or_index (zend_hash.c:531)
==18593==    by 0x68D6D6: _zend_list_delete (zend_list.c:57)
==18593==    by 0x4ED35F: zif_dba_close (dba.c:969)
==18593==    by 0x722B82: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:642)
==18593==    by 0x6DD2C4: execute (zend_vm_execute.h:410)
==18593==    by 0x67F584: zend_execute_scripts (zend.c:1272)
==18593==    by 0x622108: php_execute_script (main.c:2473)
==18593==    by 0x7253ED: do_cli (php_cli.c:983)
==18593==    by 0x725C9E: main (php_cli.c:1356)
==18593== 
==18593== Invalid read of size 8
==18593==    at 0x63D666: php_stdiop_seek (plain_wrapper.c:454)
==18593==    by 0x637ECA: _php_stream_seek (streams.c:1250)
==18593==    by 0x4F0492: flatfile_findkey (flatfile.c:172)
==18593==    by 0x4F05DC: flatfile_fetch (flatfile.c:90)
==18593==    by 0x4EF0FD: dba_fetch_flatfile (dba_flatfile.c:70)
==18593==    by 0x4ED1FA: zif_dba_fetch (dba.c:1020)
==18593==    by 0x722B82: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:642)
==18593==    by 0x6DD2C4: execute (zend_vm_execute.h:410)
==18593==    by 0x67F584: zend_execute_scripts (zend.c:1272)
==18593==    by 0x622108: php_execute_script (main.c:2473)
==18593==    by 0x7253ED: do_cli (php_cli.c:983)
==18593==    by 0x725C9E: main (php_cli.c:1356)
==18593==  Address 0x51e4c78 is 8 bytes inside a block of size 224 free'd
==18593==    at 0x4A05187: free (vg_replace_malloc.c:325)
==18593==    by 0x6399E0: _php_stream_free (streams.c:536)
==18593==    by 0x4ED3F5: dba_close (dba.c:415)
==18593==    by 0x68D55D: plist_entry_destructor (zend_list.c:209)
==18593==    by 0x689D0E: zend_hash_apply_deleter (zend_hash.c:650)
==18593==    by 0x68B7CB: zend_hash_apply_with_argument (zend_hash.c:743)
==18593==    by 0x68D5ED: list_entry_destructor (zend_list.c:183)
==18593==    by 0x68B3F0: zend_hash_del_key_or_index (zend_hash.c:531)
==18593==    by 0x68D6D6: _zend_list_delete (zend_list.c:57)
==18593==    by 0x4ED35F: zif_dba_close (dba.c:969)
==18593==    by 0x722B82: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:642)
==18593==    by 0x6DD2C4: execute (zend_vm_execute.h:410)
==18593==    by 0x67F584: zend_execute_scripts (zend.c:1272)
==18593==    by 0x622108: php_execute_script (main.c:2473)
==18593==    by 0x7253ED: do_cli (php_cli.c:983)
==18593==    by 0x725C9E: main (php_cli.c:1356)
==18593== 
==18593== Invalid read of size 1
==18593==    at 0x63D66A: php_stdiop_seek (plain_wrapper.c:459)
==18593==    by 0x637ECA: _php_stream_seek (streams.c:1250)
==18593==    by 0x4F0492: flatfile_findkey (flatfile.c:172)
==18593==    by 0x4F05DC: flatfile_fetch (flatfile.c:90)
==18593==    by 0x4EF0FD: dba_fetch_flatfile (dba_flatfile.c:70)
==18593==    by 0x4ED1FA: zif_dba_fetch (dba.c:1020)
==18593==    by 0x722B82: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:642)
==18593==    by 0x6DD2C4: execute (zend_vm_execute.h:410)
==18593==    by 0x67F584: zend_execute_scripts (zend.c:1272)
==18593==    by 0x622108: php_execute_script (main.c:2473)
==18593==    by 0x7253ED: do_cli (php_cli.c:983)
==18593==    by 0x725C9E: main (php_cli.c:1356)
==18593==  Address 0xc is not stack'd, malloc'd or (recently) free'd
==18593== 
==18593== 
==18593== Process terminating with default action of signal 11 (SIGSEGV): dumping core
==18593==  Access not within mapped region at address 0xC
==18593==    at 0x63D66A: php_stdiop_seek (plain_wrapper.c:459)
==18593==    by 0x637ECA: _php_stream_seek (streams.c:1250)
==18593==    by 0x4F0492: flatfile_findkey (flatfile.c:172)
==18593==    by 0x4F05DC: flatfile_fetch (flatfile.c:90)
==18593==    by 0x4EF0FD: dba_fetch_flatfile (dba_flatfile.c:70)
==18593==    by 0x4ED1FA: zif_dba_fetch (dba.c:1020)
==18593==    by 0x722B82: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:642)
==18593==    by 0x6DD2C4: execute (zend_vm_execute.h:410)
==18593==    by 0x67F584: zend_execute_scripts (zend.c:1272)
==18593==    by 0x622108: php_execute_script (main.c:2473)
==18593==    by 0x7253ED: do_cli (php_cli.c:983)
==18593==    by 0x725C9E: main (php_cli.c:1356)
==18593==  If you believe this happened as a result of a stack
==18593==  overflow in your program's main thread (unlikely but
==18593==  possible), you can try to increase the size of the
==18593==  main thread stack using the --main-stacksize= flag.
==18593==  The main thread stack size used in this run was 8388608.
==18593== 
==18593== HEAP SUMMARY:
==18593==     in use at exit: 3,002,667 bytes in 11,181 blocks
==18593==   total heap usage: 11,584 allocs, 403 frees, 3,083,863 bytes allocated
==18593== 
==18593== LEAK SUMMARY:
==18593==    definitely lost: 0 bytes in 0 blocks
==18593==    indirectly lost: 0 bytes in 0 blocks
==18593==      possibly lost: 0 bytes in 0 blocks
==18593==    still reachable: 3,002,667 bytes in 11,181 blocks
==18593==         suppressed: 0 bytes in 0 blocks
==18593== Rerun with --leak-check=full to see details of leaked memory
==18593== 
==18593== For counts of detected and suppressed errors, rerun with: -v
==18593== ERROR SUMMARY: 10 errors from 10 contexts (suppressed: 6 from 4)
 [2012-03-16 19:33 UTC] cjashfor at linux dot vnet dot ibm dot com
From what I can tell from debugging, what's happening is that on the first dba_popen, a dba_info structure is allocated for the first resource.

On the second dba_popen, since it's the same file, the dba_info from the first resource is reused.  I don't know if this alone is a legitimate thing to do, because now two resources are sharing the same dba_info.  At the very least, I would think that some sort of reference counter is need in dba_info to track how many resources are linked to it.

When the first resource is closed, the dba_info structure is free'd at dba.c:dba_close():423.  Consequently, when the second resource is referenced, it's using an already-free'd dba_info structure, and this causes a seg fault.

If it's truly OK to have to resources reference the same dba_info structure, one solution might be to add a reference counter to dba_info, and to set it to 1 on the initial allocation, and increment it when linking to it on subsequent dba_popens.  When closing resources, the reference counter is decremented, and the structure is released only when the count reaches zero.

Any thoughts?
 [2012-03-31 01:37 UTC] yohgaki@php.net
The needs of resource reference counter is pointed out by Stefan Esser many years 
ago.

I'm not sure who is the right person, but I'll assign this to Dmitry for now so 
that someone could take care of this.
 [2012-03-31 01:37 UTC] yohgaki@php.net
-Assigned To: +Assigned To: dmitry
 [2012-05-21 13:54 UTC] dmitry@php.net
-Status: Assigned +Status: Feedback
 [2012-05-21 13:54 UTC] dmitry@php.net
why dba_close() closes a persistent resource?

In comparison mysql_close() doesn't close connection opened using mysql_pconnect() and as result ext/mysql doesn't make this problem.

BTW: ZE resources have refcount, but unfortunately it couldn't help in this case.
 [2013-02-18 00:35 UTC] php-bugs at lists dot php dot net
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Open". Thank you.
 [2013-02-18 19:04 UTC] cjashfor at linux dot vnet dot ibm dot com
This bug should be re-opened because it hasn't been fixed.  I don't know what the correct solution is in the implementation, but the bug shouldn't be closed till it's resolved.
 [2013-05-16 19:02 UTC] aharvey@php.net
Reopening, per bug #51278.
 [2013-05-16 19:02 UTC] aharvey@php.net
-Status: No Feedback +Status: Open -Assigned To: dmitry +Assigned To:
 [2013-12-03 15:13 UTC] mike@php.net
-Summary: Segfault occurs in simple flatfile test +Summary: Segfault with dba_close and dba_popen'ed handles -Status: Open +Status: Verified
 [2016-08-18 09:09 UTC] cmb@php.net
-Assigned To: +Assigned To: cmb
 [2016-08-18 09:09 UTC] cmb@php.net
This issue has already been fixed for PHP 7, see
<http://git.php.net/?p=php-src.git;a=commit;h=fa348dcd>.
 [2017-01-07 15:35 UTC] cmb@php.net
-Status: Verified +Status: Closed
 [2017-01-07 15:35 UTC] cmb@php.net
Since PHP 5.6.30 RC1 has been released[1] no further bug fixes
(unless security related) will go into PHP 5. As this issue has
already been fixed for PHP 7, I'm closing this ticket.

[1] <http://news.php.net/php.internals/97522>
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Dec 03 11:01:29 2024 UTC