php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #61653 Segfault on event_free()
Submitted: 2012-04-06 15:40 UTC Modified: 2012-04-06 21:44 UTC
From: harvey dot robin at gmail dot com Assigned: tony2001 (profile)
Status: Closed Package: libevent (PECL)
PHP Version: Irrelevant OS: Linux, Ubuntu 11.10
Private report: No CVE-ID: None
 [2012-04-06 15:40 UTC] harvey dot robin at gmail dot com
Description:
------------
Reproducible segfault when using event_free()

Test script:
---------------
https://gist.github.com/2320754

Expected result:
----------------
php test.php 
[http] Reads response (336):
HTTP/1.1 200 OK
[http] Reads response (417):
HTTP/1.1 301 Moved Permanently




Actual result:
--------------
Test script to reproduce:

https://gist.github.com/2320754

robin@robin-desktop:php-libevent$ gdb /usr/bin/php
GNU gdb (Ubuntu/Linaro 7.3-0ubuntu2) 7.3-2011.08
Copyright (C) 2011 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
For bug reporting instructions, please see:
<http://bugs.launchpad.net/gdb-linaro/>...
Reading symbols from /usr/bin/php...Reading symbols from /usr/lib/debug/usr/bin/php5...done.
done.
(gdb) run test.php
Starting program: /usr/bin/php test.php
[Thread debugging using libthread_db enabled]
[New Thread 0x7fffe94bc700 (LWP 23184)]
[Thread 0x7fffe94bc700 (LWP 23184) exited]
[http] Reads response (336):
HTTP/1.1 200 OK
[http] Reads response (484):
HTTP/1.1 301 Moved Permanently

Program received signal SIGSEGV, Segmentation fault.
0x0000000000000000 in ?? ()
(gdb) bt
#0  0x0000000000000000 in ?? ()
#1  0x00007fffec582d3c in event_base_loop () from /usr/lib/libevent-2.0.so.5
#2  0x00007fffec7be310 in zif_event_base_loop (ht=<optimized out>, return_value=0x110c2e0, return_value_ptr=<optimized out>, this_ptr=<optimized out>, 
    return_value_used=<optimized out>) at /tmp/pear/temp/libevent/libevent.c:405
#3  0x000000000070c72d in zend_do_fcall_common_helper_SPEC (execute_data=0x7ffff7ec6430) at /build/buildd/php5-5.3.6/Zend/zend_vm_execute.h:316
#4  0x00000000006bd51b in execute (op_array=0x110a610) at /build/buildd/php5-5.3.6/Zend/zend_vm_execute.h:107
#5  0x0000000000698b70 in zend_execute_scripts (type=1528496254, retval=0x87e363b32, file_count=3) at /build/buildd/php5-5.3.6/Zend/zend.c:1266
#6  0x0000000000645913 in php_execute_script (primary_file=0x7ffff7de9fe4) at /build/buildd/php5-5.3.6/main/main.c:2297
#7  0x000000000042c53e in main (argc=32767, argv=0x7fffffffe421) at /build/buildd/php5-5.3.6/sapi/cli/php_cli.c:1197


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-04-06 21:31 UTC] tony2001@php.net
Automatic comment from SVN on behalf of tony2001
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=324932
Log: fix bug #61653 (Segfault on event_free())
 [2012-04-06 21:31 UTC] tony2001@php.net
-Status: Open +Status: Feedback
 [2012-04-06 21:31 UTC] tony2001@php.net
This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.

 For Windows:

http://windows.php.net/snapshots/
 
Thank you for the report, and for helping us make PHP better.

Please try this patch:
 [2012-04-06 21:44 UTC] tony2001@php.net
-Status: Feedback +Status: Closed -Assigned To: +Assigned To: tony2001
 [2013-05-22 11:09 UTC] tony2001@php.net
Automatic comment on behalf of tony@daylessday.org
Revision: http://git.php.net/?p=pecl/event/libevent.git;a=commit;h=84c33e0657a23fc0777bb654b4dc60691610fe76
Log: fix bug #61653 (Segfault on event_free())
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Sun Nov 19 01:31:42 2017 UTC