php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #63005 Segfault on PHP 5.4.6+ and APC 3.1.13
Submitted: 2012-09-04 02:30 UTC Modified: 2012-10-25 13:18 UTC
Votes:2
Avg. Score:4.0 ± 1.0
Reproduced:2 of 2 (100.0%)
Same Version:2 (100.0%)
Same OS:2 (100.0%)
From: brian at crowdtwist dot com Assigned: gopalv
Status: Closed Package: APC (PECL)
PHP Version: 5.4Git-2012-09-04 (snap) OS: Ubuntu 11.10
Private report: No CVE-ID:
 [2012-09-04 02:30 UTC] brian at crowdtwist dot com
Description:
------------
Our application is generally of a large, complex size.  The particular problem 
we're seeing is with a header("Location: ...") call.  After the header() and 
exit() call, Apache/PHP segfaults.  See backtrace below.

The code in question works as expected with APC removed.

This has been a problem for us since PHP 5.4.5 and APC 3.1.11.  The same segfault 
occurs on PHP 5.4's snapshot from 9/3/2012, with APC's 3.1.13 release, also from 
9/3/2012.

I've been unable to reproduce this problem with PHP compiled with --enable-debug, 
so I'm only able to include a gdb backtrace here.

This is the only problem preventing us from upgrading to PHP 5.4 across the board, 
so we're quite invested in helping out with this all that we can.  Any inquiries 
for additional information will be responded to promptly.

Test script:
---------------
The function in our code base where the segfault is occurring is as follows.  Note that the header() and exit() calls are made.  I've changed the function name itself and the exception class in order to not divulge and parts of our code base, though.

function perform_redirect($url)
{
    if (headers_sent($file_name, $line_number))
    {
        throw new Exception("cannot redirect; headers have already been sent");
    }

    header("Location: $url");
    exit;
}

An example $url value looks like:


http://foo.example.org/imported-friends-members/5e89175049be40ba5b000674ee54b0CT-3376354d2ded41a9aeb56a3f74d2d36afb816fCT

Expected result:
----------------
End user should be redirected to the given absolute URL in $url.

Actual result:
--------------
Segfault occurs, only when APC is installed and enabled.  See below:

root@dev:~# gdb /usr/sbin/apache2
GNU gdb (Ubuntu/Linaro 7.3-0ubuntu2) 7.3-2011.08
Copyright (C) 2011 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
For bug reporting instructions, please see:
<http://bugs.launchpad.net/gdb-linaro/>...
Reading symbols from /usr/sbin/apache2...done.
(gdb) run -X
Starting program: /usr/sbin/apache2 -X
[Thread debugging using libthread_db enabled]
[New Thread 0x7ffff7dc46e0 (LWP 27415)]

Program received signal SIGSEGV, Segmentation fault.
zend_mm_remove_from_free_list (heap=0x7ffff825ad60, mm_block=0x7ffff881c8d0) at 
/home/bdeshong/apc_test/php5.4-201209040130/Zend/zend_alloc.c:833
833			if (UNEXPECTED(prev->next_free_block != mm_block) || 
UNEXPECTED(next->prev_free_block != mm_block)) {
(gdb) bt
#0  zend_mm_remove_from_free_list (heap=0x7ffff825ad60, mm_block=0x7ffff881c8d0) 
at /home/bdeshong/apc_test/php5.4-201209040130/Zend/zend_alloc.c:833
#1  0x00007ffff3d1d320 in _zend_mm_free_int (heap=0x7ffff825ad60, 
p=0x7ffff881c888) at /home/bdeshong/apc_test/php5.4-
201209040130/Zend/zend_alloc.c:2101
#2  0x00007ffff3d57e8e in zend_hash_destroy (ht=0x7ffff881c9e8) at 
/home/bdeshong/apc_test/php5.4-201209040130/Zend/zend_hash.c:565
#3  0x00007ffff3d47893 in _zval_dtor_func (zvalue=0x7ffff87c38c8) at 
/home/bdeshong/apc_test/php5.4-201209040130/Zend/zend_variables.c:43
#4  0x00007ffff3d386e0 in _zval_dtor (zvalue=<optimized out>) at 
/home/bdeshong/apc_test/php5.4-201209040130/Zend/zend_variables.h:35
#5  _zval_ptr_dtor (zval_ptr=0x7ffff87f5e58) at /home/bdeshong/apc_test/php5.4-
201209040130/Zend/zend_execute_API.c:438
#6  _zval_ptr_dtor (zval_ptr=0x7ffff87f5e58) at /home/bdeshong/apc_test/php5.4-
201209040130/Zend/zend_execute_API.c:427
#7  0x00007fffef5f835f in apc_free_class_entry_after_execution 
(src=0x7ffff87b4960, tsrm_ls=<optimized out>) at /home/bdeshong/apc_test/APC-
3.1.13/apc_compile.c:2003
#8  0x00007fffef5fbfa2 in apc_deactivate (tsrm_ls=0x7ffff8257d30) at 
/home/bdeshong/apc_test/APC-3.1.13/apc_main.c:948
#9  apc_request_shutdown (tsrm_ls=0x7ffff8257d30) at /home/bdeshong/apc_test/APC-
3.1.13/apc_main.c:1042
#10 0x00007fffef5ef443 in zm_deactivate_apc (type=<optimized out>, module_number=
<optimized out>, tsrm_ls=<optimized out>) at /home/bdeshong/apc_test/APC-
3.1.13/php_apc.c:407
#11 0x00007ffff3d51110 in zend_deactivate_modules (tsrm_ls=0x7ffff8257d30) at 
/home/bdeshong/apc_test/php5.4-201209040130/Zend/zend_API.c:2333
#12 0x00007ffff3cdab78 in php_request_shutdown (dummy=<optimized out>) at 
/home/bdeshong/apc_test/php5.4-201209040130/main/main.c:1750
#13 0x00007ffff3e0495f in php_apache_request_dtor (r=<optimized out>, tsrm_ls=
<optimized out>) at /home/bdeshong/apc_test/php5.4-
201209040130/sapi/apache2handler/sapi_apache2.c:507
#14 php_handler (r=0x7ffff7dad0a0) at /home/bdeshong/apc_test/php5.4-
201209040130/sapi/apache2handler/sapi_apache2.c:679
#15 0x00007ffff7fd52d8 in ap_run_handler (r=0x7ffff7dad0a0) at 
/build/buildd/apache2-2.2.20/server/config.c:159
#16 0x00007ffff7fd574e in ap_invoke_handler (r=0x7ffff7dad0a0) at 
/build/buildd/apache2-2.2.20/server/config.c:377
#17 0x00007ffff7fe52c0 in ap_process_request (r=0x7ffff7dad0a0) at 
/build/buildd/apache2-2.2.20/modules/http/http_request.c:282
#18 0x00007ffff7fe2138 in ap_process_http_connection (c=0x7ffff7dd1290) at 
/build/buildd/apache2-2.2.20/modules/http/http_core.c:190
#19 0x00007ffff7fdbd78 in ap_run_process_connection (c=0x7ffff7dd1290) at 
/build/buildd/apache2-2.2.20/server/connection.c:43
#20 0x00007ffff7fe9ec0 in child_main (child_num_arg=<optimized out>) at 
/build/buildd/apache2-2.2.20/server/mpm/prefork/prefork.c:667
#21 0x00007ffff7fea5e6 in make_child (s=0x7ffff7f807f8, slot=0) at 
/build/buildd/apache2-2.2.20/server/mpm/prefork/prefork.c:712
#22 0x00007ffff7feadb3 in ap_mpm_run (_pconf=<optimized out>, plog=<optimized 
out>, s=<optimized out>) at /build/buildd/apache2-
2.2.20/server/mpm/prefork/prefork.c:988
#23 0x00007ffff7fc03ca in main (argc=2, argv=0x7fffffffe6a8) at 
/build/buildd/apache2-2.2.20/server/main.c:741

phpinfo generated from CLI.  Note that I've removed some values, such as 
environment variables, for security reasons.

root@dev:~# /opt/php/bin/php -i
phpinfo()
PHP Version => 5.5.0-dev

System => Linux dev 3.0.0-12-generic #20-Ubuntu SMP Fri Oct 7 14:56:25 UTC 2011 
x86_64
Build Date => Sep  3 2012 21:45:44
Configure Command =>  './configure'  '--prefix=/opt/php' '--with-config-file-
path=/path/to/config' '--with-apxs2=/usr/bin/apxs2' '--enable-fileinfo' '--enable-
ftp' '--enable-json' '--enable-soap' '--enable-sockets' '--with-curl' '--with-
mhash' '--with-mcrypt' '--with-openssl' '--with-tidy'
Server API => Command Line Interface
Virtual Directory Support => enabled
Configuration File (php.ini) Path => /path/to/config
Loaded Configuration File => /path/to/config/php.ini
Scan this dir for additional .ini files => (none)
Additional .ini files parsed => (none)
PHP API => 20100412
PHP Extension => 20100525
Zend Extension => 220100525
Zend Extension Build => API220100525,TS
PHP Extension Build => API20100525,TS
Debug Build => no
Thread Safety => enabled
Zend Signal Handling => disabled
Zend Memory Manager => enabled
Zend Multibyte Support => disabled
IPv6 Support => enabled
DTrace Support => disabled

Registered PHP Streams => https, ftps, php, file, glob, data, http, ftp, phar
Registered Stream Socket Transports => tcp, udp, unix, udg, ssl, sslv3, tls
Registered Stream Filters => convert.iconv.*, mcrypt.*, mdecrypt.*, string.rot13, 
string.toupper, string.tolower, string.strip_tags, convert.*, consumed, dechunk

This program makes use of the Zend Scripting Language Engine:
Zend Engine v2.4.0, Copyright (c) 1998-2012 Zend Technologies


 _______________________________________________________________________


Configuration

apc

APC Support => disabled
Version => 3.1.13
APC Debugging => Disabled
MMAP Support => Enabled
MMAP File Mask => /tmp/apc.XXXXXX
Locking type => pthread mutex Locks
Serialization Support => broken
Revision => $Revision: 327136 $
Build Date => Sep  3 2012 21:48:19

Directive => Local Value => Master Value
apc.cache_by_default => On => On
apc.canonicalize => On => On
apc.coredump_unmap => Off => Off
apc.enable_cli => Off => Off
apc.enabled => On => On
apc.file_md5 => Off => Off
apc.file_update_protection => 2 => 2
apc.filters => no value => no value
apc.gc_ttl => 3600 => 3600
apc.include_once_override => On => On
apc.lazy_classes => Off => Off
apc.lazy_functions => Off => Off
apc.max_file_size => 1M => 1M
apc.mmap_file_mask => /tmp/apc.XXXXXX => /tmp/apc.XXXXXX
apc.num_files_hint => 2048 => 2048
apc.preload_path => no value => no value
apc.report_autofilter => Off => Off
apc.rfc1867 => Off => Off
apc.rfc1867_freq => 0 => 0
apc.rfc1867_name => APC_UPLOAD_PROGRESS => APC_UPLOAD_PROGRESS
apc.rfc1867_prefix => upload_ => upload_
apc.rfc1867_ttl => 3600 => 3600
apc.serializer => default => default
apc.shm_segments => 1 => 1
apc.shm_size => 128M => 128M
apc.shm_strings_buffer => 4M => 4M
apc.slam_defense => On => On
apc.stat => On => On
apc.stat_ctime => On => On
apc.ttl => 0 => 0
apc.use_request_time => On => On
apc.user_entries_hint => 4096 => 4096
apc.user_ttl => 0 => 0
apc.write_lock => On => On

Core

PHP Version => 5.5.0-dev

Directive => Local Value => Master Value
allow_url_fopen => Off => Off
allow_url_include => Off => Off
always_populate_raw_post_data => Off => Off
arg_separator.input => & => &
arg_separator.output => & => &
asp_tags => Off => Off
auto_append_file => no value => no value
auto_globals_jit => Off => Off
auto_prepend_file => /opt/iotk/app/core/api/config.php => 
/opt/iotk/app/core/api/config.php
browscap => no value => no value
default_charset => no value => no value
default_mimetype => text/html => text/html
disable_classes => no value => no value
disable_functions => no value => no value
display_errors => STDOUT => STDOUT
display_startup_errors => On => On
doc_root => no value => no value
docref_ext => no value => no value
docref_root => no value => no value
enable_dl => Off => Off
enable_post_data_reading => On => On
error_append_string => no value => no value
error_log => /var/log/php_error_log => /var/log/php_error_log
error_prepend_string => no value => no value
error_reporting => 32767 => 32767
exit_on_timeout => Off => Off
expose_php => Off => Off
extension_dir => /opt/php/lib/php/extensions/no-debug-zts-20100525 => 
/opt/php/lib/php/extensions/no-debug-zts-20100525
file_uploads => On => On
highlight.comment => <font style="color: #FF8000">#FF8000</font> => <font 
style="color: #FF8000">#FF8000</font>
highlight.default => <font style="color: #0000BB">#0000BB</font> => <font 
style="color: #0000BB">#0000BB</font>
highlight.html => <font style="color: #000000">#000000</font> => <font 
style="color: #000000">#000000</font>
highlight.keyword => <font style="color: #007700">#007700</font> => <font 
style="color: #007700">#007700</font>
highlight.string => <font style="color: #DD0000">#DD0000</font> => <font 
style="color: #DD0000">#DD0000</font>
html_errors => Off => Off
ignore_repeated_errors => Off => Off
ignore_repeated_source => Off => Off
ignore_user_abort => Off => Off
implicit_flush => On => On
include_path => .:/opt/php/lib/php => .:/opt/php/lib/php
log_errors => On => On
log_errors_max_len => 0 => 0
mail.add_x_header => Off => Off
mail.force_extra_parameters => no value => no value
mail.log => no value => no value
max_execution_time => 0 => 0
max_file_uploads => 20 => 20
max_input_nesting_level => 64 => 64
max_input_time => -1 => -1
max_input_vars => 1000 => 1000
memory_limit => 150M => 150M
open_basedir => no value => no value
output_buffering => 0 => 0
output_handler => no value => no value
post_max_size => 55M => 55M
precision => 14 => 14
realpath_cache_size => 16K => 16K
realpath_cache_ttl => 120 => 120
register_argc_argv => On => On
report_memleaks => On => On
report_zend_debug => Off => Off
request_order => no value => no value
sendmail_from => no value => no value
sendmail_path => /usr/sbin/sendmail -t -i -O DeliveryMode=q => /usr/sbin/sendmail 
-t -i -O DeliveryMode=q
serialize_precision => 17 => 17
short_open_tag => On => On
SMTP => localhost => localhost
smtp_port => 25 => 25
sql.safe_mode => Off => Off
track_errors => On => On
unserialize_callback_func => no value => no value
upload_max_filesize => 50M => 50M
upload_tmp_dir => no value => no value
user_dir => no value => no value
user_ini.cache_ttl => 300 => 300
user_ini.filename => .user.ini => .user.ini
variables_order => GPCS => GPCS
xmlrpc_error_number => 0 => 0
xmlrpc_errors => Off => Off
zend.detect_unicode => On => On
zend.enable_gc => On => On
zend.multibyte => Off => Off
zend.script_encoding => no value => no value

ctype

ctype functions => enabled

curl

cURL support => enabled
cURL Information => 7.21.6
Age => 3
Features
AsynchDNS => No
CharConv => No
Debug => No
GSS-Negotiate => Yes
IDN => Yes
IPv6 => Yes
krb4 => No
Largefile => Yes
libz => Yes
NTLM => Yes
SPNEGO => No
SSL => Yes
SSPI => No
TLS-SRP => No
Protocols => dict, file, ftp, ftps, gopher, http, https, imap, imaps, ldap, pop3, 
pop3s, rtmp, rtsp, smtp, smtps, telnet, tftp
Host => x86_64-pc-linux-gnu
SSL Version => OpenSSL/1.0.0e
ZLib Version => 1.2.3.4

date

date/time support => enabled
"Olson" Timezone Database Version => 2012.3
Timezone Database => internal

Warning: Unknown: It is not safe to rely on the system's timezone settings. You 
are *required* to use the date.timezone setting or the date_default_timezone_set() 
function. In case you used any of those methods and you are still getting this 
warning, you most likely misspelled the timezone identifier. We selected the 
timezone 'UTC' for now, but please set date.timezone to select your timezone. in 
Unknown on line 0
Default timezone => UTC

Directive => Local Value => Master Value
date.default_latitude => 31.7667 => 31.7667
date.default_longitude => 35.2333 => 35.2333
date.sunrise_zenith => 90.583333 => 90.583333
date.sunset_zenith => 90.583333 => 90.583333
date.timezone => no value => no value

dom

DOM/XML => enabled
DOM/XML API Version => 20031129
libxml Version => 2.7.8
HTML Support => enabled
XPath Support => enabled
XPointer Support => enabled
Schema Support => enabled
RelaxNG Support => enabled

ereg

Regex Library => Bundled library enabled

fileinfo

fileinfo support => enabled
version => 1.0.5-dev

filter

Input Validation and Filtering => enabled
Revision => $Id: e523cdc8829892d1b4f9cb7c3c57b2ba1c36b9ea $

Directive => Local Value => Master Value
filter.default => unsafe_raw => unsafe_raw
filter.default_flags => no value => no value

ftp

FTP support => enabled

hash

hash support => enabled
Hashing Engines => md2 md4 md5 sha1 sha224 sha256 sha384 sha512 ripemd128 
ripemd160 ripemd256 ripemd320 whirlpool tiger128,3 tiger160,3 tiger192,3 
tiger128,4 tiger160,4 tiger192,4 snefru snefru256 gost adler32 crc32 crc32b fnv132 
fnv164 joaat haval128,3 haval160,3 haval192,3 haval224,3 haval256,3 haval128,4 
haval160,4 haval192,4 haval224,4 haval256,4 haval128,5 haval160,5 haval192,5 
haval224,5 haval256,5 

iconv

iconv support => enabled
iconv implementation => glibc
iconv library version => 2.13

Directive => Local Value => Master Value
iconv.input_encoding => ISO-8859-1 => ISO-8859-1
iconv.internal_encoding => ISO-8859-1 => ISO-8859-1
iconv.output_encoding => ISO-8859-1 => ISO-8859-1

json

json support => enabled
json version => 1.2.1

libxml

libXML support => active
libXML Compiled Version => 2.7.8
libXML Loaded Version => 20708
libXML streams => enabled

mcrypt

mcrypt support => enabled
mcrypt_filter support => enabled
Version => 2.5.8
Api No => 20021217
Supported ciphers => cast-128 gost rijndael-128 twofish arcfour cast-256 loki97 
rijndael-192 saferplus wake blowfish-compat des rijndael-256 serpent xtea blowfish 
enigma rc2 tripledes 
Supported modes => cbc cfb ctr ecb ncfb nofb ofb stream 

Directive => Local Value => Master Value
mcrypt.algorithms_dir => no value => no value
mcrypt.modes_dir => no value => no value

memcache

memcache support => enabled
Version => 3.0.6
Revision => $Revision: 310129 $

Directive => Local Value => Master Value
memcache.allow_failover => 1 => 1
memcache.chunk_size => 32768 => 32768
memcache.compress_threshold => 20000 => 20000
memcache.default_port => 11211 => 11211
memcache.hash_function => crc32 => crc32
memcache.hash_strategy => consistent => consistent
memcache.lock_timeout => 15 => 15
memcache.max_failover_attempts => 20 => 20
memcache.protocol => ascii => ascii
memcache.redundancy => 1 => 1
memcache.session_redundancy => 2 => 2

mhash

MHASH support => Enabled
MHASH API Version => Emulated Support

oci8

OCI8 Support => enabled
Version => 1.4.7
Revision => $Revision: 321634 $
Active Persistent Connections => 0
Active Connections => 0
Oracle Run-time Client Library Version => 11.1.0.6.0
Oracle Version => 11.1
Compile-time ORACLE_HOME => /opt/oracle/product/live/db
Libraries Used => -Wl,-rpath,/opt/oracle/product/live/db/lib -
L/opt/oracle/product/live/db/lib  -lclntsh
Temporary Lob support => enabled
Collections support => enabled

Directive => Local Value => Master Value
oci8.connection_class => no value => no value
oci8.default_prefetch => 100 => 100
oci8.events => Off => Off
oci8.max_persistent => -1 => -1
oci8.old_oci_close_semantics => Off => Off
oci8.persistent_timeout => 120 => 120
oci8.ping_interval => -1 => -1
oci8.privileged_connect => On => On
oci8.statement_cache_size => 0 => 0

openssl

OpenSSL support => enabled
OpenSSL Library Version => OpenSSL 1.0.0e 6 Sep 2011
OpenSSL Header Version => OpenSSL 1.0.0e 6 Sep 2011

pcre

PCRE (Perl Compatible Regular Expressions) Support => enabled
PCRE Library Version => 8.12 2011-01-15

Directive => Local Value => Master Value
pcre.backtrack_limit => 1000000 => 1000000
pcre.recursion_limit => 100000 => 100000

PDO

PDO support => enabled
PDO drivers => sqlite

pdo_sqlite

PDO Driver for SQLite 3.x => enabled
SQLite Library => 3.7.7.1

Phar

Phar: PHP Archive support => enabled
Phar EXT version => 2.0.1
Phar API version => 1.1.1
SVN revision => $Id: 2a47d3d0354109d8077e34d59f1228ccfd021d59 $
Phar-based phar archives => enabled
Tar-based phar archives => enabled
ZIP-based phar archives => enabled
gzip compression => disabled (install ext/zlib)
bzip2 compression => disabled (install pecl/bz2)
Native OpenSSL support => enabled


Phar based on pear/PHP_Archive, original concept by Davey Shafik.
Phar fully realized by Gregory Beaver and Marcus Boerger.
Portions of tar implementation Copyright (c) 2003-2009 Tim Kientzle.
Directive => Local Value => Master Value
phar.cache_list => no value => no value
phar.readonly => On => On
phar.require_hash => On => On

posix

Revision => $Id: 967584c6fadb3467f31abe8e13caa8764df85867 $

Reflection

Reflection => enabled
Version => $Id: bcdcdaeea3aba34a8083bb62c6eda69ff3c3eab5 $

session

Session Support => enabled
Registered save handlers => files user memcache 
Registered serializer handlers => php php_binary 

Directive => Local Value => Master Value
session.auto_start => Off => Off
session.cache_expire => 180 => 180
session.cache_limiter => nocache => nocache
session.cookie_domain => no value => no value
session.cookie_httponly => Off => Off
session.cookie_lifetime => 0 => 0
session.cookie_path => / => /
session.cookie_secure => Off => Off
session.entropy_file => /dev/urandom => /dev/urandom
session.entropy_length => 32 => 32
session.gc_divisor => 100 => 100
session.gc_maxlifetime => 1440 => 1440
session.gc_probability => 1 => 1
session.hash_bits_per_character => 4 => 4
session.hash_function => 0 => 0
session.name => PHPSESSID => PHPSESSID
session.referer_check => no value => no value
session.save_handler => files => files
session.save_path => no value => no value
session.serialize_handler => php => php
session.upload_progress.cleanup => On => On
session.upload_progress.enabled => On => On
session.upload_progress.freq => 1% => 1%
session.upload_progress.min_freq => 1 => 1
session.upload_progress.name => PHP_SESSION_UPLOAD_PROGRESS => 
PHP_SESSION_UPLOAD_PROGRESS
session.upload_progress.prefix => upload_progress_ => upload_progress_
session.use_cookies => On => On
session.use_only_cookies => On => On
session.use_trans_sid => 0 => 0

SimpleXML

Simplexml support => enabled
Revision => $Id: 7236b8a1b3ceee314ed7ab9e0c582a0e8f048e25 $
Schema support => enabled

soap

Soap Client => enabled
Soap Server => enabled

Directive => Local Value => Master Value
soap.wsdl_cache => 1 => 1
soap.wsdl_cache_dir => /tmp => /tmp
soap.wsdl_cache_enabled => 1 => 1
soap.wsdl_cache_limit => 5 => 5
soap.wsdl_cache_ttl => 86400 => 86400

sockets

Sockets Support => enabled

SPL

SPL support => enabled
Interfaces => Countable, OuterIterator, RecursiveIterator, SeekableIterator, 
SplObserver, SplSubject
Classes => AppendIterator, ArrayIterator, ArrayObject, BadFunctionCallException, 
BadMethodCallException, CachingIterator, CallbackFilterIterator, 
DirectoryIterator, DomainException, EmptyIterator, FilesystemIterator, 
FilterIterator, GlobIterator, InfiniteIterator, InvalidArgumentException, 
IteratorIterator, LengthException, LimitIterator, LogicException, 
MultipleIterator, NoRewindIterator, OutOfBoundsException, OutOfRangeException, 
OverflowException, ParentIterator, RangeException, RecursiveArrayIterator, 
RecursiveCachingIterator, RecursiveCallbackFilterIterator, 
RecursiveDirectoryIterator, RecursiveFilterIterator, RecursiveIteratorIterator, 
RecursiveRegexIterator, RecursiveTreeIterator, RegexIterator, RuntimeException, 
SplDoublyLinkedList, SplFileInfo, SplFileObject, SplFixedArray, SplHeap, 
SplMinHeap, SplMaxHeap, SplObjectStorage, SplPriorityQueue, SplQueue, SplStack, 
SplTempFileObject, UnderflowException, UnexpectedValueException

sqlite3

SQLite3 support => enabled
SQLite3 module version => 0.7-dev
SQLite Library => 3.7.7.1

Directive => Local Value => Master Value
sqlite3.extension_dir => no value => no value

standard

Dynamic Library Support => enabled
Path to sendmail => /usr/sbin/sendmail -t -i -O DeliveryMode=q

Directive => Local Value => Master Value
assert.active => 1 => 1
assert.bail => 0 => 0
assert.callback => no value => no value
assert.quiet_eval => 0 => 0
assert.warning => 1 => 1
auto_detect_line_endings => 0 => 0
default_socket_timeout => 60 => 60
from => no value => no value
url_rewriter.tags => a=href,area=href,frame=src,form=,fieldset= => 
a=href,area=href,frame=src,form=,fieldset=
user_agent => no value => no value

tidy

Tidy support => enabled
libTidy Release => 25 March 2009
Extension Version => 2.0 ($Id$)

Directive => Local Value => Master Value
tidy.clean_output => 0 => 0
tidy.default_config => no value => no value

tokenizer

Tokenizer Support => enabled

xml

XML Support => active
XML Namespace Support => active
libxml2 Version => 2.7.8

xmlreader

XMLReader => enabled

xmlwriter

XMLWriter => enabled

Additional Modules

Module Name

Environment

Variable => Value

[removed for security reasons]

PHP Variables

[removed for security reasons]


_SERVER["argc"] => 0

PHP License
This program is free software; you can redistribute it and/or modify
it under the terms of the PHP License as published by the PHP Group
and included in the distribution in the file:  LICENSE

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

If you did not receive a copy of the PHP license, or have any
questions about PHP licensing, please contact license@php.net.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-09-04 02:53 UTC] rasmus@php.net
-Status: Open +Status: Feedback
 [2012-09-04 02:53 UTC] rasmus@php.net
Can you provide a small standalone script/scripts that we can use to try to 
reproduce this or does it only happen when your entire app is involved?
 [2012-09-04 03:01 UTC] brian at crowdtwist dot com
I setup a test script tonight with just a redirect and exit, but was unable to 
reproduce the problem with a simple example.

I can work backwards up the stack of what's occurring in our application to put 
together a test script.  Can probably add a script for consistent reproduction 
sometime this week.

For context, this is occurring for us in a Google OAuth flow once the end user 
grants us access to their Google Contacts data, we retrieve their contacts' 
data, then redirect to a separate page on our end that displays a list of 
contacts to the end user.

Should be able to add a test script soon.
 [2012-09-04 03:01 UTC] brian at crowdtwist dot com
-Status: Feedback +Status: Open
 [2012-09-09 05:16 UTC] brian at crowdtwist dot com
Just an update that I was working this issue tonight, still don't have a 
standalone script ready to reproduce the issue.

Have recompiled APC with debug mode enabled in order to identify the problematic 
class and property in our code that's causing the segfault.  I know it's 
occurring on apc_free_class_entry_after_execution()'s call of zval_ptr_dtor() 
for the class's default properties -- just have to determine which class and 
which property.

So, still on it.  Update soon...
 [2012-09-10 03:37 UTC] brian at crowdtwist dot com
I've now got a script that can be used to reliably reproduce this issue.  Steps 
are as follows:

1) Download the latest Zend Framework 1 stable release, 1.12.0
2) Untar and place it somewhere, i.e. /tmp
3) Run the script below from under Apache (reproduction done with 2.2.20 on 
Ubuntu)
4) Note that the first request will succeed, returning response of "is valid? 1"
5) Any subsequent requests will end in a segfault, with no response returned

<?php
ini_set('include_path', '/tmp/ZendFramework-1.12.0/library/');
ini_set('display_errors', false);

require_once 'Zend/Validate/Hostname.php';

$v = new Zend_Validate_Hostname(Zend_Validate_Hostname::ALLOW_ALL);
$isValid = $v->isValid('example.org');

echo "is valid?" . ((int) $isValid);


I found that the segfault occurred when attempting to free one of the arrays 
defined in Zend_Validate_Hostname,  I wasn't able to narrow it down to which 
specific data member the segfault occurred on, but there are only a few.  You're 
obviously more well-versed in C-level debugging than I am!

Zend_Validate_Hostname contains a number of arrays for things like valid TLDs, and 
valid IDNs.  Some associative arrays are present with Unicode string key values, 
too.

Hope this helps!  Happy to provide more information if needed.
 [2012-09-10 07:33 UTC] laruence@php.net
I can not reproduce this, neither apache nor cgi. with the latest apc snapshot..

could you please try with the apc-svn-snapshot?
 [2012-09-10 07:33 UTC] laruence@php.net
-Status: Open +Status: Feedback
 [2012-09-10 08:00 UTC] laruence@php.net
oops, it happen suddenly, looks like related to "apc.include_once_override". will 
dig deepy..

please disable that option, and try again...

thanks
 [2012-09-10 17:25 UTC] brian at crowdtwist dot com
Even after disabling apc.include_once_override, the segfault is still occurring 
based on the reproduction steps.
 [2012-09-11 06:16 UTC] laruence@php.net
I can only reproduce this with "include_once_override" on , and got something like: 

[Tue Sep 11 14:13:15 2012] [error] [client 10.229.11.251] PHP Fatal error:  require() [<a 
href='function.require'>function.require</a>]: Cannot redeclare class zend_validate_interface in 
/home/huixinchen/packages/ZendFramework-1.12.0/library/Zend/Validate/Abstract.php on line 25
[Tue Sep 11 14:13:16 2012] [notice] child pid 12372 exit signal Segmentation fault (11), possible coredump in 
/home/huixinchen/local/httpd/
 [2012-09-11 08:51 UTC] laruence@php.net
-Assigned To: +Assigned To: laruene
 [2012-09-11 08:51 UTC] laruence@php.net
/* assign to myself, then I can be noticed when got new comments. */

brian, could you paste the new backtrace after you disabled the 
'include_once_override' option?
 [2012-09-11 13:14 UTC] brian at crowdtwist dot com
Sure, updated backtrace below.  This is with apc.include_once_override = 0:

Program received signal SIGSEGV, Segmentation fault.
zend_mm_remove_from_free_list (heap=0x7ffff825ad60, mm_block=0x7ffffaecec50)
    at /home/bdeshong/apc_test/php5.4-201209040130/Zend/zend_alloc.c:833
warning: Source file is more recent than executable.
833			if (UNEXPECTED(prev->next_free_block != mm_block) || 
UNEXPECTED(next->prev_free_block != mm_block)) {
(gdb) bt
#0  zend_mm_remove_from_free_list (heap=0x7ffff825ad60, mm_block=0x7ffffaecec50)
    at /home/bdeshong/apc_test/php5.4-201209040130/Zend/zend_alloc.c:833
#1  0x00007ffff3d1d320 in _zend_mm_free_int (heap=0x7ffff825ad60, 
p=0x7ffffaecec08)
    at /home/bdeshong/apc_test/php5.4-201209040130/Zend/zend_alloc.c:2101
#2  0x00007ffff3d57e8e in zend_hash_destroy (ht=0x7ffffaecf178)
    at /home/bdeshong/apc_test/php5.4-201209040130/Zend/zend_hash.c:565
#3  0x00007ffff3d47893 in _zval_dtor_func (zvalue=0x7ffff89fba40)
    at /home/bdeshong/apc_test/php5.4-201209040130/Zend/zend_variables.c:43
#4  0x00007ffff3d386e0 in _zval_dtor (zvalue=<optimized out>)
    at /home/bdeshong/apc_test/php5.4-201209040130/Zend/zend_variables.h:35
#5  _zval_ptr_dtor (zval_ptr=0x7ffffaea0aa0) at /home/bdeshong/apc_test/php5.4-
201209040130/Zend/zend_execute_API.c:438
#6  _zval_ptr_dtor (zval_ptr=0x7ffffaea0aa0) at /home/bdeshong/apc_test/php5.4-
201209040130/Zend/zend_execute_API.c:427
#7  0x00007fffef5f835f in apc_free_class_entry_after_execution 
(src=0x7ffffae63220, tsrm_ls=<optimized out>)
    at /home/bdeshong/apc_test/APC-3.1.13/apc_compile.c:2009
#8  0x00007fffef5fbfa2 in apc_deactivate (tsrm_ls=0x7ffff8257d30) at 
/home/bdeshong/apc_test/APC-3.1.13/apc_main.c:948
#9  apc_request_shutdown (tsrm_ls=0x7ffff8257d30) at /home/bdeshong/apc_test/APC-
3.1.13/apc_main.c:1042
#10 0x00007fffef5ef443 in zm_deactivate_apc (type=<optimized out>, module_number=
<optimized out>, tsrm_ls=<optimized out>)
    at /home/bdeshong/apc_test/APC-3.1.13/php_apc.c:407
#11 0x00007ffff3d51110 in zend_deactivate_modules (tsrm_ls=0x7ffff8257d30)
    at /home/bdeshong/apc_test/php5.4-201209040130/Zend/zend_API.c:2333
#12 0x00007ffff3cdab78 in php_request_shutdown (dummy=<optimized out>)
    at /home/bdeshong/apc_test/php5.4-201209040130/main/main.c:1750
#13 0x00007ffff3e0495f in php_apache_request_dtor (r=<optimized out>, tsrm_ls=
<optimized out>)
    at /home/bdeshong/apc_test/php5.4-
201209040130/sapi/apache2handler/sapi_apache2.c:507
#14 php_handler (r=0x7ffff7dab0a0) at /home/bdeshong/apc_test/php5.4-
201209040130/sapi/apache2handler/sapi_apache2.c:679
#15 0x00007ffff7fd52d8 in ap_run_handler (r=0x7ffff7dab0a0) at 
/build/buildd/apache2-2.2.20/server/config.c:159
#16 0x00007ffff7fd574e in ap_invoke_handler (r=0x7ffff7dab0a0) at 
/build/buildd/apache2-2.2.20/server/config.c:377
#17 0x00007ffff7fe52c0 in ap_process_request (r=0x7ffff7dab0a0)
    at /build/buildd/apache2-2.2.20/modules/http/http_request.c:282
#18 0x00007ffff7fe2138 in ap_process_http_connection (c=0x7ffff7dd1290)
    at /build/buildd/apache2-2.2.20/modules/http/http_core.c:190
#19 0x00007ffff7fdbd78 in ap_run_process_connection (c=0x7ffff7dd1290)
    at /build/buildd/apache2-2.2.20/server/connection.c:43
#20 0x00007ffff7fe9ec0 in child_main (child_num_arg=<optimized out>)
    at /build/buildd/apache2-2.2.20/server/mpm/prefork/prefork.c:667
#21 0x00007ffff7fea5e6 in make_child (s=0x7ffff7f807f8, slot=0)
    at /build/buildd/apache2-2.2.20/server/mpm/prefork/prefork.c:712
#22 0x00007ffff7feadb3 in ap_mpm_run (_pconf=<optimized out>, plog=<optimized 
out>, s=<optimized out>)
    at /build/buildd/apache2-2.2.20/server/mpm/prefork/prefork.c:988
#23 0x00007ffff7fc03ca in main (argc=2, argv=0x7fffffffe6a8) at 
/build/buildd/apache2-2.2.20/server/main.c:741
 [2012-09-11 13:16 UTC] brian at crowdtwist dot com
Er, sorry, disregard my comment from 2012-09-11 13:14 UTC.

This is the backtrace using the reproduction script included in this bug report, 
with apc.include_once_override = 0.

Program received signal SIGSEGV, Segmentation fault.
_zend_mm_free_int (heap=0x7ffff825ad30, p=0x7ffffb915498) at 
/home/bdeshong/apc_test/php5.4-201209040130/Zend/zend_alloc.c:2100
warning: Source file is more recent than executable.
2100		if (ZEND_MM_IS_FREE_BLOCK(next_block)) {
(gdb) bt
#0  _zend_mm_free_int (heap=0x7ffff825ad30, p=0x7ffffb915498) at 
/home/bdeshong/apc_test/php5.4-201209040130/Zend/zend_alloc.c:2100
#1  0x00007ffff3d596dd in zend_hash_update_current_key_ex (ht=0x7ffffb915390, 
key_type=1, str_index=0x7ffffb268f80 "hostnameDashCharacter", str_length=22, 
num_index=0, 
    mode=<optimized out>, pos=0x0) at /home/bdeshong/apc_test/php5.4-
201209040130/Zend/zend_hash.c:1394
#2  0x00007ffff3d39e9b in zend_symtable_update_current_key_ex (pos=0x0, mode=1, 
nKeyLength=<optimized out>, arKey=<optimized out>, ht=<optimized out>)
    at /home/bdeshong/apc_test/php5.4-201209040130/Zend/zend_hash.h:378
#3  zval_update_constant_ex (pp=0x7ffffb93d9f8, arg=<optimized out>, scope=0x0, 
tsrm_ls=0x7ffff8257d00) at /home/bdeshong/apc_test/php5.4-
201209040130/Zend/zend_execute_API.c:662
#4  0x00007ffff3d4ce6d in zend_update_class_constants (class_type=0x7ffffb915120, 
tsrm_ls=0x7ffff8257d00) at /home/bdeshong/apc_test/php5.4-
201209040130/Zend/zend_API.c:1037
#5  0x00007ffff3d4d2f8 in _object_and_properties_init (arg=0x7ffffb93e6c0, 
class_type=0x7ffffb915120, properties=0x0, tsrm_ls=0x7ffff8257d00)
    at /home/bdeshong/apc_test/php5.4-201209040130/Zend/zend_API.c:1124
#6  0x00007ffff3db9fbf in ZEND_NEW_SPEC_HANDLER (execute_data=<optimized out>, 
tsrm_ls=0x7ffff8257d00) at /home/bdeshong/apc_test/php5.4-
201209040130/Zend/zend_vm_execute.h:813
#7  0x00007ffff3db3bd7 in execute (op_array=0x7ffffb93d7d8, 
tsrm_ls=0x7ffff8257d00) at /home/bdeshong/apc_test/php5.4-
201209040130/Zend/zend_vm_execute.h:410
#8  0x00007ffff3d4af0c in zend_execute_scripts (type=8, tsrm_ls=0x7ffff8257d00, 
retval=0x0, file_count=3) at /home/bdeshong/apc_test/php5.4-
201209040130/Zend/zend.c:1279
#9  0x00007ffff3cdc0b3 in php_execute_script (primary_file=0x7fffffffe130, 
tsrm_ls=0x7ffff8257d00) at /home/bdeshong/apc_test/php5.4-
201209040130/main/main.c:2473
#10 0x00007ffff3e04a92 in php_handler (r=0x7ffff7dc50a0) at 
/home/bdeshong/apc_test/php5.4-201209040130/sapi/apache2handler/sapi_apache2.c:667
#11 0x00007ffff7fd52d8 in ap_run_handler (r=0x7ffff7dc50a0) at 
/build/buildd/apache2-2.2.20/server/config.c:159
#12 0x00007ffff7fd574e in ap_invoke_handler (r=0x7ffff7dc50a0) at 
/build/buildd/apache2-2.2.20/server/config.c:377
#13 0x00007ffff7fe52c0 in ap_process_request (r=0x7ffff7dc50a0) at 
/build/buildd/apache2-2.2.20/modules/http/http_request.c:282
#14 0x00007ffff7fe2138 in ap_process_http_connection (c=0x7ffff7dd1290) at 
/build/buildd/apache2-2.2.20/modules/http/http_core.c:190
#15 0x00007ffff7fdbd78 in ap_run_process_connection (c=0x7ffff7dd1290) at 
/build/buildd/apache2-2.2.20/server/connection.c:43
#16 0x00007ffff7fe9ec0 in child_main (child_num_arg=<optimized out>) at 
/build/buildd/apache2-2.2.20/server/mpm/prefork/prefork.c:667
#17 0x00007ffff7fea5e6 in make_child (s=0x7ffff7f807f8, slot=0) at 
/build/buildd/apache2-2.2.20/server/mpm/prefork/prefork.c:712
#18 0x00007ffff7feadb3 in ap_mpm_run (_pconf=<optimized out>, plog=<optimized 
out>, s=<optimized out>) at /build/buildd/apache2-
2.2.20/server/mpm/prefork/prefork.c:988
#19 0x00007ffff7fc03ca in main (argc=2, argv=0x7fffffffe6a8) at 
/build/buildd/apache2-2.2.20/server/main.c:741
 [2012-09-11 15:30 UTC] gopalv@php.net
I have preliminary patch for testing 

http://notmysock.org/code/pecl-63005.patch

For reference, the following lines in zend_compile.c is indicative of the issue

ce->default_static_members_count += parent_ce->default_static_members_count;
 [2012-09-11 16:01 UTC] laruence@php.net
brian, could you please test with the patch provided by gopalv? thanks
 [2012-09-11 16:09 UTC] brian at crowdtwist dot com
-Status: Feedback +Status: Assigned
 [2012-09-11 16:09 UTC] brian at crowdtwist dot com
Applied patch against a checkout of APC trunk, still received segfault on the 
second and subsequent requests of the test script.  See backtrace:
Program received signal SIGSEGV, Segmentation fault.
_zend_mm_free_int (heap=0x7ffff825ad70, p=0x7ffffad6c3f8) at 
/home/bdeshong/apc_test/php5.4-201209040130/Zend/zend_alloc.c:2100
warning: Source file is more recent than executable.
2100		if (ZEND_MM_IS_FREE_BLOCK(next_block)) {
(gdb) bt
#0  _zend_mm_free_int (heap=0x7ffff825ad70, p=0x7ffffad6c3f8) at 
/home/bdeshong/apc_test/php5.4-201209040130/Zend/zend_alloc.c:2100
#1  0x00007ffff3d596dd in zend_hash_update_current_key_ex (ht=0x7ffffad6c2f0, 
key_type=1, str_index=0x7ffffb737fc8 "hostnameDashCharacter", str_length=22, 
num_index=0, 
    mode=<optimized out>, pos=0x0) at /home/bdeshong/apc_test/php5.4-
201209040130/Zend/zend_hash.c:1394
#2  0x00007ffff3d39e9b in zend_symtable_update_current_key_ex (pos=0x0, mode=1, 
nKeyLength=<optimized out>, arKey=<optimized out>, ht=<optimized out>)
    at /home/bdeshong/apc_test/php5.4-201209040130/Zend/zend_hash.h:378
#3  zval_update_constant_ex (pp=0x7ffffad948f8, arg=<optimized out>, scope=0x0, 
tsrm_ls=0x7ffff8257d40) at /home/bdeshong/apc_test/php5.4-
201209040130/Zend/zend_execute_API.c:662
#4  0x00007ffff3d4ce6d in zend_update_class_constants (class_type=0x7ffffad6c080, 
tsrm_ls=0x7ffff8257d40) at /home/bdeshong/apc_test/php5.4-
201209040130/Zend/zend_API.c:1037
#5  0x00007ffff3d4d2f8 in _object_and_properties_init (arg=0x7ffffb737ed0, 
class_type=0x7ffffad6c080, properties=0x0, tsrm_ls=0x7ffff8257d40)
    at /home/bdeshong/apc_test/php5.4-201209040130/Zend/zend_API.c:1124
#6  0x00007ffff3db9fbf in ZEND_NEW_SPEC_HANDLER (execute_data=<optimized out>, 
tsrm_ls=0x7ffff8257d40) at /home/bdeshong/apc_test/php5.4-
201209040130/Zend/zend_vm_execute.h:813
#7  0x00007ffff3db3bd7 in execute (op_array=0x7ffffad946d8, 
tsrm_ls=0x7ffff8257d40) at /home/bdeshong/apc_test/php5.4-
201209040130/Zend/zend_vm_execute.h:410
#8  0x00007ffff3d4af0c in zend_execute_scripts (type=8, tsrm_ls=0x7ffff8257d40, 
retval=0x0, file_count=3) at /home/bdeshong/apc_test/php5.4-
201209040130/Zend/zend.c:1279
#9  0x00007ffff3cdc0b3 in php_execute_script (primary_file=0x7fffffffe130, 
tsrm_ls=0x7ffff8257d40) at /home/bdeshong/apc_test/php5.4-
201209040130/main/main.c:2473
#10 0x00007ffff3e04a92 in php_handler (r=0x7ffff7dc70a0) at 
/home/bdeshong/apc_test/php5.4-201209040130/sapi/apache2handler/sapi_apache2.c:667
#11 0x00007ffff7fd52d8 in ap_run_handler (r=0x7ffff7dc70a0) at 
/build/buildd/apache2-2.2.20/server/config.c:159
#12 0x00007ffff7fd574e in ap_invoke_handler (r=0x7ffff7dc70a0) at 
/build/buildd/apache2-2.2.20/server/config.c:377
#13 0x00007ffff7fe52c0 in ap_process_request (r=0x7ffff7dc70a0) at 
/build/buildd/apache2-2.2.20/modules/http/http_request.c:282
#14 0x00007ffff7fe2138 in ap_process_http_connection (c=0x7ffff7dd1290) at 
/build/buildd/apache2-2.2.20/modules/http/http_core.c:190
#15 0x00007ffff7fdbd78 in ap_run_process_connection (c=0x7ffff7dd1290) at 
/build/buildd/apache2-2.2.20/server/connection.c:43
#16 0x00007ffff7fe9ec0 in child_main (child_num_arg=<optimized out>) at 
/build/buildd/apache2-2.2.20/server/mpm/prefork/prefork.c:667
#17 0x00007ffff7fea5e6 in make_child (s=0x7ffff7f807f8, slot=0) at 
/build/buildd/apache2-2.2.20/server/mpm/prefork/prefork.c:712
#18 0x00007ffff7feadb3 in ap_mpm_run (_pconf=<optimized out>, plog=<optimized 
out>, s=<optimized out>) at /build/buildd/apache2-
2.2.20/server/mpm/prefork/prefork.c:988
#19 0x00007ffff7fc03ca in main (argc=2, argv=0x7fffffffe6a8) at 
/build/buildd/apache2-2.2.20/server/main.c:741
 [2012-09-12 12:48 UTC] gopalv@php.net
Ok, maybe that's not enough to fix it - but since you have a working and reproducible test-case, I'd like some more info about this bug.

I'm guessing you're on the regular apache mod_php5. 

We need valgrind to debug this, so switch over to root and run

# USE_ZEND_ALLOC=0 APACHE_RUN_USER=apache APACHE_RUN_GROUP=gopal  valgrind --tool=memcheck  --log-file=63005.log apache2 -X

that should start apache2 in single process mode and disable the zend_mm_heap* stuff.

Hopefully, we'll see something like "pointer freed at <file> was already feed at <other-file>".
 [2012-09-12 13:00 UTC] gopalv@php.net
Got myself a new build and tried to do this myself 

==6344== Invalid write of size 1
==6344==    at 0x4026964: memcpy (mc_replace_strmem.c:497)
==6344==    by 0x8345D54: zend_hash_update_current_key_ex (string3.h:52)
==6344==    by 0x832A1D5: zval_update_constant_ex (zend_hash.h:378)
==6344==    by 0x832A3D6: zval_update_constant (zend_execute_API.c:704)
==6344==    by 0x833FDBB: zend_update_class_constants (zend_API.c:1037)
==6344==    by 0x83400B2: _object_and_properties_init (zend_API.c:1119)
==6344==    by 0x8340196: _object_init_ex (zend_API.c:1139)
==6344==    by 0x838D4D7: ZEND_NEW_SPEC_HANDLER (zend_vm_execute.h:813)
==6344==    by 0x83A65F7: execute (zend_vm_execute.h:410)
==6344==    by 0x83365E0: zend_execute_scripts (zend.c:1272)
==6344==    by 0x82CE54A: php_execute_script (main.c:2473)
==6344==    by 0x83F0F2F: main (cgi_main.c:2421)
==6344==  Address 0x4c0953c is 0 bytes after a block of size 36 alloc'd
==6344==    at 0x4024F20: malloc (vg_replace_malloc.c:236)
==6344==    by 0x4C97B3C: apc_php_malloc (apc_zend.c:38)
==6344==    by 0x4C99250: apc_unpool_alloc (apc_pool.c:90)
==6344==    by 0x4C9952B: apc_pmemcpy (apc_pool.c:494)
==6344==    by 0x4C93AED: my_copy_hashtable_ex (apc_compile.c:1018)
==6344==    by 0x4C93EB6: my_copy_zval (apc_compile.c:359)
==6344==    by 0x4C8FC8E: my_copy_zval_ptr (apc_compile.c:225)
==6344==    by 0x4C931AC: apc_copy_class_entry_for_execution (apc_compile.c:1853)
==6344==    by 0x4C94517: install_class (apc_main.c:147)
==6344==    by 0x4C958EA: my_compile_file (apc_main.c:327)
==6344==    by 0x81C9FFB: phar_compile_file (phar.c:3391)
==6344==    by 0x8387A4E: ZEND_INCLUDE_OR_EVAL_SPEC_CONST_HANDLER (zend_vm_execute.h:2572)

That screams out that I have an off-by-one error. Continuing to debug.
 [2012-09-12 13:39 UTC] gopalv@php.net
This is the other missing component of the fix

http://notmysock.org/code/pecl-63005-2.patch

Please test & respond. I'm working on refining both these patches & committing them independently.
 [2012-09-12 14:47 UTC] danbrown@php.net
-Assigned To: laruene +Assigned To: laruence
 [2012-09-12 14:47 UTC] danbrown@php.net
Updating to fix assignment ('laruene' should be 'laruence').
 [2012-09-13 02:03 UTC] brian at crowdtwist dot com
I applied each patch file, in order, and still get a segfault with the 
reproduction script.  See backtrace below.

Still need me to run valgrind on my end?

Program received signal SIGSEGV, Segmentation fault.
zval_update_constant_ex (pp=0x7ffffb9a8968, arg=0x1, scope=0x0, 
tsrm_ls=0x7ffff8257d30) at /home/bdeshong/apc_test/php5.4-
201209040130/Zend/zend_execute_API.c:501
501		if (IS_CONSTANT_VISITED(p)) {
(gdb) 
(gdb) 
(gdb) 
(gdb) bt
#0  zval_update_constant_ex (pp=0x7ffffb9a8968, arg=0x1, scope=0x0, 
tsrm_ls=0x7ffff8257d30) at /home/bdeshong/apc_test/php5.4-
201209040130/Zend/zend_execute_API.c:501
#1  0x00007ffff3d4d0a5 in zend_update_class_constants (class_type=0x7ffffb9a6818, 
tsrm_ls=0x7ffff8257d30) at /home/bdeshong/apc_test/php5.4-
201209040130/Zend/zend_API.c:1078
#2  0x00007ffff3d4d2f8 in _object_and_properties_init (arg=0x7ffffb9b7c90, 
class_type=0x7ffffb9a6818, properties=0x0, tsrm_ls=0x7ffff8257d30)
    at /home/bdeshong/apc_test/php5.4-201209040130/Zend/zend_API.c:1124
#3  0x00007ffff3db9fbf in ZEND_NEW_SPEC_HANDLER (execute_data=<optimized out>, 
tsrm_ls=0x7ffff8257d30)
    at /home/bdeshong/apc_test/php5.4-201209040130/Zend/zend_vm_execute.h:813
#4  0x00007ffff3db3bd7 in execute (op_array=0x7ffffb9a0370, 
tsrm_ls=0x7ffff8257d30) at /home/bdeshong/apc_test/php5.4-
201209040130/Zend/zend_vm_execute.h:410
#5  0x00007ffff3d4af0c in zend_execute_scripts (type=8, tsrm_ls=0x7ffff8257d30, 
retval=0x0, file_count=3) at /home/bdeshong/apc_test/php5.4-
201209040130/Zend/zend.c:1279
#6  0x00007ffff3cdc0b3 in php_execute_script (primary_file=0x7fffffffe130, 
tsrm_ls=0x7ffff8257d30) at /home/bdeshong/apc_test/php5.4-
201209040130/main/main.c:2473
#7  0x00007ffff3e04a92 in php_handler (r=0x7ffff7dc70a0) at 
/home/bdeshong/apc_test/php5.4-201209040130/sapi/apache2handler/sapi_apache2.c:667
#8  0x00007ffff7fd52d8 in ap_run_handler (r=0x7ffff7dc70a0) at 
/build/buildd/apache2-2.2.20/server/config.c:159
#9  0x00007ffff7fd574e in ap_invoke_handler (r=0x7ffff7dc70a0) at 
/build/buildd/apache2-2.2.20/server/config.c:377
#10 0x00007ffff7fe52c0 in ap_process_request (r=0x7ffff7dc70a0) at 
/build/buildd/apache2-2.2.20/modules/http/http_request.c:282
#11 0x00007ffff7fe2138 in ap_process_http_connection (c=0x7ffff7dd1290) at 
/build/buildd/apache2-2.2.20/modules/http/http_core.c:190
#12 0x00007ffff7fdbd78 in ap_run_process_connection (c=0x7ffff7dd1290) at 
/build/buildd/apache2-2.2.20/server/connection.c:43
#13 0x00007ffff7fe9ec0 in child_main (child_num_arg=<optimized out>) at 
/build/buildd/apache2-2.2.20/server/mpm/prefork/prefork.c:667
#14 0x00007ffff7fea5e6 in make_child (s=0x7ffff7f807f8, slot=0) at 
/build/buildd/apache2-2.2.20/server/mpm/prefork/prefork.c:712
#15 0x00007ffff7feadb3 in ap_mpm_run (_pconf=<optimized out>, plog=<optimized 
out>, s=<optimized out>) at /build/buildd/apache2-
2.2.20/server/mpm/prefork/prefork.c:988
#16 0x00007ffff7fc03ca in main (argc=2, argv=0x7fffffffe6a8) at 
/build/buildd/apache2-2.2.20/server/main.c:741
 [2012-09-14 03:06 UTC] laruence@php.net
hey, could you paste the full backtrace out?  
gdb> bt full

thanks
 [2012-09-14 21:33 UTC] brian at crowdtwist dot com
Sure, sorry for the delay.  Full backtrace pasted below:

Program received signal SIGSEGV, Segmentation fault.
zend_mm_remove_from_free_list (heap=0x7ffff825ad90, mm_block=0x7ffff881d248) at 
/home/bdeshong/apc_test/php5.4-201209040130/Zend/zend_alloc.c:833
833			if (UNEXPECTED(prev->next_free_block != mm_block) || 
UNEXPECTED(next->prev_free_block != mm_block)) {
(gdb) bt full
#0  zend_mm_remove_from_free_list (heap=0x7ffff825ad90, mm_block=0x7ffff881d248) 
at /home/bdeshong/apc_test/php5.4-201209040130/Zend/zend_alloc.c:833
        next = 0x7fff00000008
#1  0x00007ffff3d1b320 in _zend_mm_free_int (heap=0x7ffff825ad90, 
p=0x7ffff881d200) at /home/bdeshong/apc_test/php5.4-
201209040130/Zend/zend_alloc.c:2101
        mm_block = 0x7ffff881d1f0
        next_block = 0x7ffff881d248
        size = 88
#2  0x00007ffff3d55e8e in zend_hash_destroy (ht=0x7ffff881d360) at 
/home/bdeshong/apc_test/php5.4-201209040130/Zend/zend_hash.c:565
        p = 0x7ffff87e5d40
        q = 0x7ffff881d200
#3  0x00007ffff3d45893 in _zval_dtor_func (zvalue=0x7ffff8777da0) at 
/home/bdeshong/apc_test/php5.4-201209040130/Zend/zend_variables.c:43
        tsrm_ls = <optimized out>
#4  0x00007ffff3d366e0 in _zval_dtor (zvalue=<optimized out>) at 
/home/bdeshong/apc_test/php5.4-201209040130/Zend/zend_variables.h:35
No locals.
#5  _zval_ptr_dtor (zval_ptr=0x7ffff87f5ea8) at /home/bdeshong/apc_test/php5.4-
201209040130/Zend/zend_execute_API.c:438
        tsrm_ls = <optimized out>
#6  _zval_ptr_dtor (zval_ptr=0x7ffff87f5ea8) at /home/bdeshong/apc_test/php5.4-
201209040130/Zend/zend_execute_API.c:427
No locals.
#7  0x00007fffef5f635f in apc_free_class_entry_after_execution 
(src=0x7ffff87b2f40, tsrm_ls=<optimized out>) at /home/bdeshong/apc_test/APC-
3.1.13/apc_compile.c:2003
        i = <optimized out>
#8  0x00007fffef5f9fa2 in apc_deactivate (tsrm_ls=0x7ffff8257d60) at 
/home/bdeshong/apc_test/APC-3.1.13/apc_main.c:948
        zce = 0x7ffff87b2f40
        centry = 0x7fffffffdd88
        pzce = 0x7ffffb2a6698
        i = <optimized out>
        cache_entry = 0x7fffe7817320
#9  apc_request_shutdown (tsrm_ls=0x7ffff8257d60) at /home/bdeshong/apc_test/APC-
3.1.13/apc_main.c:1042
No locals.
#10 0x00007fffef5ed443 in zm_deactivate_apc (type=<optimized out>, module_number=
<optimized out>, tsrm_ls=<optimized out>) at /home/bdeshong/apc_test/APC-
3.1.13/php_apc.c:407
No locals.
#11 0x00007ffff3d4f110 in zend_deactivate_modules (tsrm_ls=0x7ffff8257d60) at 
/home/bdeshong/apc_test/php5.4-201209040130/Zend/zend_API.c:2333
        module = <optimized out>
        p = 0x7ffff8452648
        __orig_bailout = 0x0
        __bailout = {{__jmpbuf = {140737291344124, 6004566596378053229, 
140737351700640, 0, -4294967295, 1, 6004590218533030509, 6004581069074221677}, 
__mask_was_saved = 0, 
            __saved_mask = {__val = {140737488346792, 0, 140737287887829, 6, 
1602212543236708864, 0, 140737356597568, 140737351700640, 0, 
18446744069414584321, 1, 140737488346928, 
                140737284119892, 0, 0, 0}}}}
#12 0x00007ffff3cd8b78 in php_request_shutdown (dummy=<optimized out>) at 
/home/bdeshong/apc_test/php5.4-201209040130/main/main.c:1750
        report_memleaks = 1 '\001'
        tsrm_ls = 0x7ffff8257d60
#13 0x00007ffff3e0295f in php_apache_request_dtor (r=<optimized out>, tsrm_ls=
<optimized out>) at /home/bdeshong/apc_test/php5.4-
201209040130/sapi/apache2handler/sapi_apache2.c:507
No locals.
#14 php_handler (r=0x7ffff7dad0a0) at /home/bdeshong/apc_test/php5.4-
201209040130/sapi/apache2handler/sapi_apache2.c:679
        ctx = 0x7ffff7daecd0
        conf = 0x7ffff7f31220
        brigade = 0x7ffff7daf960
        bucket = <optimized out>
        rv = <optimized out>
        parent_req = 0x0
        tsrm_ls = 0x7ffff8257d60
#15 0x00007ffff7fd5368 in ap_run_handler (r=0x7ffff7dad0a0) at 
/build/buildd/apache2-2.2.20/server/config.c:159
        pHook = <optimized out>
        n = <optimized out>
        rv = <optimized out>
#16 0x00007ffff7fd57de in ap_invoke_handler (r=0x7ffff7dad0a0) at 
/build/buildd/apache2-2.2.20/server/config.c:377
        handler = <optimized out>
        p = <optimized out>
        result = <optimized out>
        old_handler = 0x0
        ignore = <optimized out>
#17 0x00007ffff7fe5360 in ap_process_request (r=0x7ffff7dad0a0) at 
/build/buildd/apache2-2.2.20/modules/http/http_request.c:282
        access_status = <optimized out>
#18 0x00007ffff7fe21d8 in ap_process_http_connection (c=0x7ffff7dd1290) at 
/build/buildd/apache2-2.2.20/modules/http/http_core.c:190
        r = 0x7ffff7dad0a0
        csd = 0x0
#19 0x00007ffff7fdbe08 in ap_run_process_connection (c=0x7ffff7dd1290) at 
/build/buildd/apache2-2.2.20/server/connection.c:43
        pHook = <optimized out>
        n = <optimized out>
        rv = <optimized out>
#20 0x00007ffff7fe9f60 in child_main (child_num_arg=<optimized out>) at 
/build/buildd/apache2-2.2.20/server/mpm/prefork/prefork.c:667
        current_conn = 0x7ffff7dd1290
        csd = 0x7ffff7dd10a0
        ptrans = 0x7ffff7dd1028
        allocator = 0x7ffff852abd0
        status = <optimized out>
        i = <optimized out>
        lr = <optimized out>
        pollset = 0x7ffff7dd3130
---Type <return> to continue, or q <return> to quit---
        sbh = 0x7ffff7dd3128
        bucket_alloc = 0x7ffff7dcd028
        last_poll_idx = 1
#21 0x00007ffff7fea686 in make_child (s=0x7ffff7f807f8, slot=0) at 
/build/buildd/apache2-2.2.20/server/mpm/prefork/prefork.c:712
No locals.
#22 0x00007ffff7feae53 in ap_mpm_run (_pconf=<optimized out>, plog=<optimized 
out>, s=<optimized out>) at /build/buildd/apache2-
2.2.20/server/mpm/prefork/prefork.c:988
        index = <optimized out>
        remaining_children_to_start = <optimized out>
        rv = <optimized out>
#23 0x00007ffff7fc03ca in main (argc=2, argv=0x7fffffffe6a8) at 
/build/buildd/apache2-2.2.20/server/main.c:741
        c = 88 'X'
        configtestonly = <optimized out>
        confname = 0x7ffff7fecceb "apache2.conf"
        def_server_root = 0x7ffff7feccde "/etc/apache2"
        temp_error_log = 0x0
        error = <optimized out>
        process = 0x7ffff7f88118
        server_conf = 0x7ffff7f807f8
        pglobal = <optimized out>
        pconf = 0x7ffff7f86028
        plog = 0x7ffff7f4b028
        ptemp = 0x7ffff7f7e028
        pcommands = 0x7ffff7f84028
        opt = 0x7ffff7f84118
        rv = 0
        mod = <optimized out>
        optarg = 0x0
        signal_server = <optimized out>
 [2012-09-17 02:48 UTC] debian at michael-neubert dot de
Hello,

since PHP 5.3.15 we have also segmentation faults when using xcache PHP module in 
combination with ionCubeLoader PHP module. 5.3.14 is not affected. Without loading 
xcache PHP module everything works also fine for us in 5.3.15 - 5.3.17.

Maybe this helps to find a testcase.

Best wishes
Michael
 [2012-09-24 14:59 UTC] brian at crowdtwist dot com
Any update on this by chance?  Perhaps you need additional information beyond my 
last full backtrace that I added?

I ask sheerly because this is the only issue keeping us from rolling out 5.4 in 
our Production environment.

Thanks again!  Let me know what else I might be able to provide to keep this 
moving.
 [2012-09-24 15:09 UTC] rasmus@php.net
Not much to go on without a reproducing script.
 [2012-09-24 15:17 UTC] brian at crowdtwist dot com
I was going back and forth with gopalv@php.net and laruence@php.net on this, and 
provided a reproduction script a few weeks ago.  One or both of them was able to 
reproduce it.

They had seen the issue and provided two patches thus far, which I had tested and 
sent backtraces after still seeing segfaults.

So, a fix was definitely in the works.  Things just seemed to have gone cold 
since 9/14 when I was asked for and provided a backtrace.
 [2012-09-24 15:21 UTC] rasmus@php.net
Ah, I missed that you provided a test script. Then it is just a matter of waiting 
for someone to find some time to look at it.
 [2012-09-24 15:28 UTC] brian at crowdtwist dot com
Sounds good, just wanted to give the ticket a little nudge.  Thanks!  Appreciate 
the help from everyone, too.
 [2012-09-24 20:43 UTC] gopalv@php.net
The nudge has been duly noted.

Are you sure the patches I put up didn't help at all? In my local reproducible 
tests, they fixed the SEGV.
 [2012-09-24 20:59 UTC] brian at crowdtwist dot com
I'll try again with clean snapshots and both patches applied.  Stay tuned...
 [2012-09-25 18:07 UTC] brian at crowdtwist dot com
Using:

- PHP snap php5.4-201209251730
- APC from trunk with patches pecl-63005.patch and pecl-63005-2.patch applied

The same reproduction script still segfaults on the second request via Apache.

Full backtrace below:


(gdb) run -X
Starting program: /usr/sbin/apache2 -X
[Thread debugging using libthread_db enabled]

Program received signal SIGSEGV, Segmentation fault.
zval_update_constant_ex (pp=0x7ffff85c6968, arg=0x1, scope=0x0, 
tsrm_ls=0x7ffff8257a50) at /home/bdeshong/apc_test/php5.4-
201209251730/Zend/zend_execute_API.c:501
501		if (IS_CONSTANT_VISITED(p)) {
(gdb) bt full
#0  zval_update_constant_ex (pp=0x7ffff85c6968, arg=0x1, scope=0x0, 
tsrm_ls=0x7ffff8257a50) at /home/bdeshong/apc_test/php5.4-
201209251730/Zend/zend_execute_API.c:501
        p = 0x0
        inline_change = 1 '\001'
        const_value = {value = {lval = 140737360255880, dval = 
6.9533494788813535e-310, str = {val = 0x7ffff85d5b88 " \\]\370\377\177", len = 
12}, ht = 0x7ffff85d5b88, obj = {handle = 4166867848, handlers = 0xc}}, 
          refcount__gc = 1, type = 6 '\006', is_ref__gc = 0 '\000'}
        colon = <optimized out>
#1  0x00007ffff3d49ae5 in zend_update_class_constants (class_type=0x7ffff85c4890, 
tsrm_ls=0x7ffff8257a50) at /home/bdeshong/apc_test/php5.4-
201209251730/Zend/zend_API.c:1078
        scope = 0x7ffff825bb10
        old_scope = 0x7ffff85a1a08
        i = <optimized out>
#2  0x00007ffff3d49d38 in _object_and_properties_init (arg=0x7ffff85d5ba8, 
class_type=0x7ffff85c4890, properties=0x0, tsrm_ls=0x7ffff8257a50) at 
/home/bdeshong/apc_test/php5.4-201209251730/Zend/zend_API.c:1124
        object = <optimized out>
#3  0x00007ffff3db69ff in ZEND_NEW_SPEC_HANDLER (execute_data=<optimized out>, 
tsrm_ls=0x7ffff8257a50) at /home/bdeshong/apc_test/php5.4-
201209251730/Zend/zend_vm_execute.h:813
        opline = 0x7fffe4cd9d00
        object_zval = 0x7ffff85d5ba8
        constructor = <optimized out>
#4  0x00007ffff3db0617 in execute (op_array=0x7ffff85be2b8, 
tsrm_ls=0x7ffff8257a50) at /home/bdeshong/apc_test/php5.4-
201209251730/Zend/zend_vm_execute.h:410
        ret = <optimized out>
        execute_data = 0x7ffff7e38a50
        nested = 1 '\001'
        original_in_execution = 0 '\000'
#5  0x00007ffff3d4794c in zend_execute_scripts (type=8, tsrm_ls=0x7ffff8257a50, 
retval=0x0, file_count=3) at /home/bdeshong/apc_test/php5.4-
201209251730/Zend/zend.c:1279
        files = {{gp_offset = 48, fp_offset = 32767, overflow_arg_area = 
0x7fffffffbdf0, reg_save_area = 0x7fffffffbd80}}
        i = <optimized out>
        file_handle = 0x7fffffffe130
        orig_op_array = 0x0
        orig_retval_ptr_ptr = 0x0
#6  0x00007ffff3cd8af3 in php_execute_script (primary_file=0x7fffffffe130, 
tsrm_ls=0x7ffff8257a50) at /home/bdeshong/apc_test/php5.4-
201209251730/main/main.c:2473
        realfile = 
"\f\000\000\000\000\000\000\000h\000\000\000\001\000\000\000\060\001\000\000\000\
000\000\000\300\302D\370\377\177", '\000' <repeats 18 times>"\340, 
\356Q\370\377\177\000\000x\320\377\377\377\177\000\000h\000\000\000\000\000\000\0
00zN\325\363\377\177\000\000x\320\377\377\377\177\000\000\001\000\000\000\377\177
\000\000\034\332A\364\377\177\000\000P#&\370\377\177\000\000\034\332A\364\377\177
\000\000'\026\315\363\377\177\000\000\005\000\000\000\000\000\000\000'\026\315\36
3\377\177\000\000\001\000\000\000\000\000\000\000\020\321\377\377\377\177\000\000
\020\321\377\377\377\177\000\000\250\211\343\367\377\177\000\000\001\000\000\000\
000\000\000\000\200\321\377\377\377\177\000\000\370\a\370\367\377\177\000\000<\25
1\321\363\377\177\000\000\001\000\000\000\000\000\000\000 
`\343\367\377\177\000\000\370\323\377\377\377\177\000\000\200\252%\370\377\177\00
0\000\020`\343\367\377\177\000\000`o%\370\377\177\000\000\000\000\000\000\000\000
\000\000\370\a\370\367\377\177\000\000(`\370\367\377\177\000\000\335\300\321\363\
377\177\000\000\017\n\000\000\001\000\000\000\230\322\377\377\377\177"...
        __orig_bailout = 0x7fffffffe060
        __bailout = {{__jmpbuf = {140737291344412, 1530100122164555146, 
140737351835808, 0, -4294967295, 1, 1530100125039750538, 1530126082340580746}, 
__mask_was_saved = 0, __saved_mask = {__val = {0, 140737342304792, 
                0, 140737351828920, 140737346904690, 0, 140737351828920, 
140737488342784, 140737283692071, 140737356596960, 140737283988752, 
140737356593744, 140737291344264, 140737291343968, 140737356593744, 
                140737291344264}}}}
        prepend_file_p = <optimized out>
        append_file_p = 0x0
        prepend_file = {type = ZEND_HANDLE_FILENAME, filename = 0x7ffff8266390 
"/opt/iotk/app/core/api/config.php", opened_path = 0x0, handle = {fd = 0, fp = 
0x0, stream = {handle = 0x0, isatty = 0, mmap = {len = 0, 
                pos = 0, map = 0x0, buf = 0x0, old_handle = 0x0, old_closer = 0}, 
reader = 0, fsizer = 0, closer = 0}}, free_filename = 0 '\000'}
        append_file = {type = ZEND_HANDLE_FILENAME, filename = 0x0, opened_path = 
0x0, handle = {fd = 0, fp = 0x0, stream = {handle = 0x0, isatty = 0, mmap = {len 
= 0, pos = 0, map = 0x0, buf = 0x0, old_handle = 0x0, 
                old_closer = 0}, reader = 0, fsizer = 0, closer = 0}}, 
free_filename = 0 '\000'}
        old_cwd = 0x7fffffffbe00 "/root"
        use_heap = 0 '\000'
        retval = 0
#7  0x00007ffff3e014d2 in php_handler (r=0x7ffff7dce0a0) at 
/home/bdeshong/apc_test/php5.4-
201209251730/sapi/apache2handler/sapi_apache2.c:667
        zfd = {type = ZEND_HANDLE_FILENAME, filename = 0x7ffff7dcc790 
"/opt/crowdtwist/app/pages/repro.html", opened_path = 0x0, handle = {fd = 
-136527872, fp = 0x7ffff7dcc000, stream = {handle = 0x7ffff7dcc000, 
              isatty = -136521872, mmap = {len = 140737351835808, pos = 8, map = 
0x7ffff7f38430, buf = 0x0, old_handle = 0x7ffff7fdec11, old_closer = 
0x7fffffffe1d8}, reader = 0x7ffff7dcd2d0, 
              fsizer = 0x7ffff8204ee4 <ap_extended_status>, closer = 
0x7ffff7dce328}}, free_filename = 0 '\000'}
        __orig_bailout = 0x0
        __bailout = {{__jmpbuf = {140737356596784, -1530100122826674806, 
140737351835808, 0, -4294967295, 1, 1530100122162457994, 1530126335610875274}, 
__mask_was_saved = 0, __saved_mask = {__val = {140737351832848, 
                140737351832852, 140737351835688, 140737351832848, 
140737351839336, 140737488347424, 140737344613878, 140737488347488, 
140737344621638, 40, 140737351835688, 140737306340392, 140737351839336, 40, 
                140737351827456, 40}}}}
        ctx = 0x7ffff7dcd798
        conf = 0x7ffff7f31220
        brigade = 0x7ffff7dd04d8
        bucket = <optimized out>
        rv = <optimized out>
        parent_req = 0x0
        tsrm_ls = 0x7ffff8257a50
#8  0x00007ffff7fd5368 in ap_run_handler (r=0x7ffff7dce0a0) at 
/build/buildd/apache2-2.2.20/server/config.c:159
        pHook = <optimized out>
        n = <optimized out>
        rv = <optimized out>
#9  0x00007ffff7fd57de in ap_invoke_handler (r=0x7ffff7dce0a0) at 
/build/buildd/apache2-2.2.20/server/config.c:377
        handler = <optimized out>
        p = <optimized out>
        result = <optimized out>
        old_handler = 0x0
        ignore = <optimized out>
#10 0x00007ffff7fe5360 in ap_process_request (r=0x7ffff7dce0a0) at 
/build/buildd/apache2-2.2.20/modules/http/http_request.c:282
---Type <return> to continue, or q <return> to quit---
        access_status = <optimized out>
#11 0x00007ffff7fe21d8 in ap_process_http_connection (c=0x7ffff7dd8290) at 
/build/buildd/apache2-2.2.20/modules/http/http_core.c:190
        r = 0x7ffff7dce0a0
        csd = 0x0
#12 0x00007ffff7fdbe08 in ap_run_process_connection (c=0x7ffff7dd8290) at 
/build/buildd/apache2-2.2.20/server/connection.c:43
        pHook = <optimized out>
        n = <optimized out>
        rv = <optimized out>
#13 0x00007ffff7fe9f60 in child_main (child_num_arg=<optimized out>) at 
/build/buildd/apache2-2.2.20/server/mpm/prefork/prefork.c:667
        current_conn = 0x7ffff7dd8290
        csd = 0x7ffff7dd80a0
        ptrans = 0x7ffff7dd8028
        allocator = 0x7ffff852aae0
        status = <optimized out>
        i = <optimized out>
        lr = <optimized out>
        pollset = 0x7ffff7dda130
        sbh = 0x7ffff7dda128
        bucket_alloc = 0x7ffff7dd4028
        last_poll_idx = 1
#14 0x00007ffff7fea686 in make_child (s=0x7ffff7f807f8, slot=0) at 
/build/buildd/apache2-2.2.20/server/mpm/prefork/prefork.c:712
No locals.
#15 0x00007ffff7feae53 in ap_mpm_run (_pconf=<optimized out>, plog=<optimized 
out>, s=<optimized out>) at /build/buildd/apache2-
2.2.20/server/mpm/prefork/prefork.c:988
        index = <optimized out>
        remaining_children_to_start = <optimized out>
        rv = <optimized out>
#16 0x00007ffff7fc03ca in main (argc=2, argv=0x7fffffffe6a8) at 
/build/buildd/apache2-2.2.20/server/main.c:741
        c = 88 'X'
        configtestonly = <optimized out>
        confname = 0x7ffff7fecceb "apache2.conf"
        def_server_root = 0x7ffff7feccde "/etc/apache2"
        temp_error_log = 0x0
        error = <optimized out>
        process = 0x7ffff7f88118
        server_conf = 0x7ffff7f807f8
        pglobal = <optimized out>
        pconf = 0x7ffff7f86028
        plog = 0x7ffff7f4b028
        ptemp = 0x7ffff7f7e028
        pcommands = 0x7ffff7f84028
        opt = 0x7ffff7f84118
        rv = 0
        mod = <optimized out>
        optarg = 0x0
        signal_server = <optimized out>
 [2012-10-15 23:46 UTC] brian at crowdtwist dot com
I'll rebuild this week with the latest snap and APC trunk, see if my mileage is 
varying since I last tried on 9/25.
 [2012-10-23 07:41 UTC] thomas at partyflock dot nl
I was one of the 'Reproduced' count.

It's not happening for me anymore. All fine now, even with 
apc.include_once_override set to 'on'.

I am using latest PHP and APC from debian wheezy.
 [2012-10-24 21:44 UTC] brian at crowdtwist dot com
I was able to reproduce this again with:

- php5.4-201210242030
- APC from trunk as of 10/24/2012 ~4:15 PM ET
- include_once_override both on and off -- makes no difference
- NOT using the two patch files posted to this bug


In the reproduction script above, if I comment out line #66 of /tmp/ZendFramework-
1.12.0/library/Zend/Validate/Hostname.php and re-run with GDB, I no longer get a 
segfault.

66: //self::INVALID                 => "Invalid type given. String expected",

See full backtrace, and how it references "hostnameDashCharacter", the value of 
the self::INVALID_DASH constant referenced directly beneath line 66.

Starting program: /usr/sbin/apache2 -X
[Thread debugging using libthread_db enabled]

Program received signal SIGSEGV, Segmentation fault.
_zend_mm_free_int (heap=0x7ffff825b100, p=0x7ffffa0f6350) at 
/home/bdeshong/apc_test/php5.4-201210242030/Zend/zend_alloc.c:2100
2100		if (ZEND_MM_IS_FREE_BLOCK(next_block)) {
(gdb) bt f
#0  _zend_mm_free_int (heap=0x7ffff825b100, p=0x7ffffa0f6350) at 
/home/bdeshong/apc_test/php5.4-201210242030/Zend/zend_alloc.c:2100
        mm_block = 0x7ffffa0f6340
        next_block = 0x656de16e6e82d2a8
        size = 7308604897320202088
#1  0x00007ffff3d5611d in zend_hash_update_current_key_ex (ht=0x7ffffa0f61d8, 
key_type=1, str_index=0x7ffff87675e8 "hostnameDashCharacter", str_length=22, 
    num_index=0, mode=<optimized out>, pos=0x0) at /home/bdeshong/apc_test/php5.4-
201210242030/Zend/zend_hash.c:1394
        q = 0x7ffff8767610
        p = <optimized out>
        q = <optimized out>
        h = 4521464511699882929
#2  0x00007ffff3d368db in zend_symtable_update_current_key_ex (pos=0x0, mode=1, 
nKeyLength=<optimized out>, arKey=<optimized out>, ht=<optimized out>)
    at /home/bdeshong/apc_test/php5.4-201210242030/Zend/zend_hash.h:378
No locals.
#3  zval_update_constant_ex (pp=0x7ffff8764ba0, arg=<optimized out>, scope=0x0, 
tsrm_ls=0x7ffff82580d0)
    at /home/bdeshong/apc_test/php5.4-201210242030/Zend/zend_execute_API.c:662
        num_index = 140737356595408
        ret = <optimized out>
        element = 0x7ffffa0f63a8
        new_val = <optimized out>
        str_index = 0x7ffff7e5d138 "self::INVALID_DASH"
        str_index_len = 21
        p = 0x7ffffa0edf30
        inline_change = <optimized out>
        const_value = {value = {lval = 140737361901032, dval = 
6.9533495601626621e-310, str = {val = 0x7ffff87675e8 "hostnameDashCharacter", len 
= 21}, 
            ht = 0x7ffff87675e8, obj = {handle = 4168513000, handlers = 0x15}}, 
refcount__gc = 1, type = 6 '\006', is_ref__gc = 0 '\000'}
        colon = <optimized out>
#4  0x00007ffff3d498ad in zend_update_class_constants (class_type=0x7ffffa0f5f48, 
tsrm_ls=0x7ffff82580d0)
    at /home/bdeshong/apc_test/php5.4-201210242030/Zend/zend_API.c:1037
        scope = 0x7ffff825c190
        old_scope = 0x0
        i = <optimized out>
#5  0x00007ffff3d49d38 in _object_and_properties_init (arg=0x7ffff87674f0, 
class_type=0x7ffffa0f5f48, properties=0x0, tsrm_ls=0x7ffff82580d0)
    at /home/bdeshong/apc_test/php5.4-201210242030/Zend/zend_API.c:1124
        object = <optimized out>
#6  0x00007ffff3db69ff in ZEND_NEW_SPEC_HANDLER (execute_data=<optimized out>, 
tsrm_ls=0x7ffff82580d0)
    at /home/bdeshong/apc_test/php5.4-201210242030/Zend/zend_vm_execute.h:813
        opline = 0x7fffe4aa7f78
        object_zval = 0x7ffff87674f0
        constructor = <optimized out>
#7  0x00007ffff3db0617 in execute (op_array=0x7ffff8764980, 
tsrm_ls=0x7ffff82580d0) at /home/bdeshong/apc_test/php5.4-
201210242030/Zend/zend_vm_execute.h:410
        ret = <optimized out>
        execute_data = 0x7ffff7e22060
        nested = 1 '\001'
        original_in_execution = 0 '\000'
#8  0x00007ffff3d4794c in zend_execute_scripts (type=8, tsrm_ls=0x7ffff82580d0, 
retval=0x0, file_count=3)
    at /home/bdeshong/apc_test/php5.4-201210242030/Zend/zend.c:1279
        files = {{gp_offset = 48, fp_offset = 32767, overflow_arg_area = 
0x7fffffffbdf0, reg_save_area = 0x7fffffffbd80}}
---Type <return> to continue, or q <return> to quit---
        i = <optimized out>
        file_handle = 0x7fffffffe130
        orig_op_array = 0x0
        orig_retval_ptr_ptr = 0x0
#9  0x00007ffff3cd8af3 in php_execute_script (primary_file=0x7fffffffe130, 
tsrm_ls=0x7ffff82580d0) at /home/bdeshong/apc_test/php5.4-
201210242030/main/main.c:2473
        realfile = 
"\024\000\000\000\000\000\000\000h\000\000\000\001\000\000\000\070\001\000\000\000
\000\000\000\260>E\370\377\177", '\000' <repeats 18 times>, " 
%T\370\377\177\000\000x\320\377\377\377\177\000\000h\000\000\000\000\000\000\000zN
\325\363\377\177\000\000x\320\377\377\377\177\000\000\001\000\000\000\377\177\000\
000\034\332A\364\377\177\000\000\320)&\370\377\177\000\000\034\332A\364\377\177\00
0\000'\026\315\363\377\177\000\000\005\000\000\000\000\000\000\000'\026\315\363\37
7\177\000\000\001\000\000\000\000\000\000\000\020\321\377\377\377\177\000\000\020\
321\377\377\377\177\000\000\310*\342\367\377\177\000\000\001\000\000\000\000\000\0
00\000\200\321\377\377\377\177\000\000\370\a\370\367\377\177\000\000<\251\321\363\
377\177\000\000\001\000\000\000\000\000\000\000 
\000\342\367\377\177\000\000\370\323\377\377\377\177\000\000\000\261%\370\377\177\
000\000\020\000\342\367\377\177\000\000\340u%\370\377\177\000\000\000\000\000\000\
000\000\000\000\370\a\370\367\377\177\000\000(`\370\367\377\177\000\000\335\300\32
1\363\377\177\000\000\021\n\000\000\001\000\000\000\230"...
        __orig_bailout = 0x7fffffffe060
        __bailout = {{__jmpbuf = {140737291344412, -4596429897394628586, 
140737351745696, 0, -4294967295, 1, -4596429896209737706, -4596438847317813226}, 
            __mask_was_saved = 0, __saved_mask = {__val = {0, 140737342304704, 0, 
140737351738808, 140737346904690, 0, 140737351738808, 140737488342784, 
                140737283692071, 140737356598624, 140737283988752, 
140737356595408, 140737291344264, 140737291343968, 140737356595408, 
140737291344264}}}}
        prepend_file_p = <optimized out>
        append_file_p = 0x0
        prepend_file = {type = ZEND_HANDLE_FILENAME, filename = 0x7ffff8266a10 
"/opt/crowdtwist/app/core/api/config.php", opened_path = 0x0, handle = {fd = 0, 
            fp = 0x0, stream = {handle = 0x0, isatty = 0, mmap = {len = 0, pos = 
0, map = 0x0, buf = 0x0, old_handle = 0x0, old_closer = 0}, reader = 0, fsizer = 
0, 
              closer = 0}}, free_filename = 0 '\000'}
        append_file = {type = ZEND_HANDLE_FILENAME, filename = 0x0, opened_path = 
0x0, handle = {fd = 0, fp = 0x0, stream = {handle = 0x0, isatty = 0, mmap = {
                len = 0, pos = 0, map = 0x0, buf = 0x0, old_handle = 0x0, 
old_closer = 0}, reader = 0, fsizer = 0, closer = 0}}, free_filename = 0 '\000'}
        old_cwd = 0x7fffffffbe00 "/root"
        use_heap = 0 '\000'
        retval = 0
#10 0x00007ffff3e014d2 in php_handler (r=0x7ffff7db80a0) at 
/home/bdeshong/apc_test/php5.4-201210242030/sapi/apache2handler/sapi_apache2.c:667
        zfd = {type = ZEND_HANDLE_FILENAME, filename = 0x7ffff7db6860 
"/opt/crowdtwist/app/pages/repro.html", opened_path = 0x0, handle = {fd = 
-136617984, 
            fp = 0x7ffff7db6000, stream = {handle = 0x7ffff7db6000, isatty = 
-136611776, mmap = {len = 140737351745696, pos = 8, map = 0x7ffff7f38430, buf = 
0x0, 
                old_handle = 0x7ffff7fdec11, old_closer = 0x7fffffffe1d8}, reader 
= 0x7ffff7db73a0, fsizer = 0x7ffff8204ee4 <ap_extended_status>, 
              closer = 0x7ffff7db8328}}, free_filename = 0 '\000'}
        __orig_bailout = 0x0
        __bailout = {{__jmpbuf = {140737356598448, 4596429898289698838, 
140737351745696, 0, -4294967295, 1, -4596429897392531434, -4596438662779578346}, 
            __mask_was_saved = 0, __saved_mask = {__val = {140737351742944, 
140737351742948, 140737351745576, 140737351742944, 140737351749224, 
140737488347424, 
                140737344613878, 140737488347488, 140737344621638, 40, 
140737351745576, 140737306340392, 140737351749224, 40, 140737351737344, 40}}}}
        ctx = 0x7ffff7db7868
        conf = 0x7ffff7f31220
        brigade = 0x7ffff7dba4d8
        bucket = <optimized out>
        rv = <optimized out>
        parent_req = 0x0
        tsrm_ls = 0x7ffff82580d0
#11 0x00007ffff7fd5368 in ap_run_handler (r=0x7ffff7db80a0) at 
/build/buildd/apache2-2.2.20/server/config.c:159
        pHook = <optimized out>
        n = <optimized out>
        rv = <optimized out>
#12 0x00007ffff7fd57de in ap_invoke_handler (r=0x7ffff7db80a0) at 
/build/buildd/apache2-2.2.20/server/config.c:377
---Type <return> to continue, or q <return> to quit---
        handler = <optimized out>
        p = <optimized out>
        result = <optimized out>
        old_handler = 0x0
        ignore = <optimized out>
#13 0x00007ffff7fe5360 in ap_process_request (r=0x7ffff7db80a0) at 
/build/buildd/apache2-2.2.20/modules/http/http_request.c:282
        access_status = <optimized out>
#14 0x00007ffff7fe21d8 in ap_process_http_connection (c=0x7ffff7dc2290) at 
/build/buildd/apache2-2.2.20/modules/http/http_core.c:190
        r = 0x7ffff7db80a0
        csd = 0x0
#15 0x00007ffff7fdbe08 in ap_run_process_connection (c=0x7ffff7dc2290) at 
/build/buildd/apache2-2.2.20/server/connection.c:43
        pHook = <optimized out>
        n = <optimized out>
        rv = <optimized out>
#16 0x00007ffff7fe9f60 in child_main (child_num_arg=<optimized out>) at 
/build/buildd/apache2-2.2.20/server/mpm/prefork/prefork.c:667
        current_conn = 0x7ffff7dc2290
        csd = 0x7ffff7dc20a0
        ptrans = 0x7ffff7dc2028
        allocator = 0x7ffff854eb70
        status = <optimized out>
        i = <optimized out>
        lr = <optimized out>
        pollset = 0x7ffff7dc4130
        sbh = 0x7ffff7dc4128
        bucket_alloc = 0x7ffff7dbe028
        last_poll_idx = 1
#17 0x00007ffff7fea686 in make_child (s=0x7ffff7f807f8, slot=0) at 
/build/buildd/apache2-2.2.20/server/mpm/prefork/prefork.c:712
No locals.
#18 0x00007ffff7feae53 in ap_mpm_run (_pconf=<optimized out>, plog=<optimized 
out>, s=<optimized out>)
    at /build/buildd/apache2-2.2.20/server/mpm/prefork/prefork.c:988
        index = <optimized out>
        remaining_children_to_start = <optimized out>
        rv = <optimized out>
#19 0x00007ffff7fc03ca in main (argc=2, argv=0x7fffffffe6a8) at 
/build/buildd/apache2-2.2.20/server/main.c:741
        c = 88 'X'
        configtestonly = <optimized out>
        confname = 0x7ffff7fecceb "apache2.conf"
        def_server_root = 0x7ffff7feccde "/etc/apache2"
        temp_error_log = 0x0
        error = <optimized out>
        process = 0x7ffff7f88118
        server_conf = 0x7ffff7f807f8
        pglobal = <optimized out>
        pconf = 0x7ffff7f86028
        plog = 0x7ffff7f4b028
        ptemp = 0x7ffff7f7e028
        pcommands = 0x7ffff7f84028
---Type <return> to continue, or q <return> to quit---
        opt = 0x7ffff7f84118
        rv = 0
        mod = <optimized out>
        optarg = 0x0
        signal_server = <optimized out>


*** WITH THE TWO PATCH FILES APPLIED: ***

If I apply both of the attached patch files, AND have line #66 commented out, I 
get a different segfault on the second request.  Full backtrace below:

(gdb) bt f
#0  zval_update_constant_ex (pp=0x7ffff9c7e630, arg=0x1, scope=0x0, 
tsrm_ls=0x7ffff82580f0)
    at /home/bdeshong/apc_test/php5.4-201210242030/Zend/zend_execute_API.c:501
        p = 0x0
        inline_change = 1 '\001'
        const_value = {value = {lval = 140737384077344, dval = 
6.9533506558180531e-310, str = {val = 0x7ffff9c8d820 "\270\330\310\371\377\177", 
len = 12}, 
            ht = 0x7ffff9c8d820, obj = {handle = 4190689312, handlers = 
0x7fff0000000c}}, refcount__gc = 1, type = 6 '\006', is_ref__gc = 0 '\000'}
        colon = <optimized out>
#1  0x00007ffff3d49ae5 in zend_update_class_constants (class_type=0x7ffff9c7c4b0, 
tsrm_ls=0x7ffff82580f0)
    at /home/bdeshong/apc_test/php5.4-201210242030/Zend/zend_API.c:1078
        scope = 0x7ffff825c1b0
        old_scope = 0x7ffff9c59710
        i = <optimized out>
#2  0x00007ffff3d49d38 in _object_and_properties_init (arg=0x7ffff9c8d840, 
class_type=0x7ffff9c7c4b0, properties=0x0, tsrm_ls=0x7ffff82580f0)
    at /home/bdeshong/apc_test/php5.4-201210242030/Zend/zend_API.c:1124
        object = <optimized out>
#3  0x00007ffff3db69ff in ZEND_NEW_SPEC_HANDLER (execute_data=<optimized out>, 
tsrm_ls=0x7ffff82580f0)
    at /home/bdeshong/apc_test/php5.4-201210242030/Zend/zend_vm_execute.h:813
        opline = 0x7fffe4aaae90
        object_zval = 0x7ffff9c8d840
        constructor = <optimized out>
#4  0x00007ffff3db0617 in execute (op_array=0x7ffff9c76008, 
tsrm_ls=0x7ffff82580f0) at /home/bdeshong/apc_test/php5.4-
201210242030/Zend/zend_vm_execute.h:410
        ret = <optimized out>
        execute_data = 0x7ffff7e22a50
        nested = 1 '\001'
        original_in_execution = 0 '\000'
#5  0x00007ffff3d4794c in zend_execute_scripts (type=8, tsrm_ls=0x7ffff82580f0, 
retval=0x0, file_count=3)
    at /home/bdeshong/apc_test/php5.4-201210242030/Zend/zend.c:1279
        files = {{gp_offset = 48, fp_offset = 32767, overflow_arg_area = 
0x7fffffffbdf0, reg_save_area = 0x7fffffffbd80}}
        i = <optimized out>
        file_handle = 0x7fffffffe130
        orig_op_array = 0x0
        orig_retval_ptr_ptr = 0x0
#6  0x00007ffff3cd8af3 in php_execute_script (primary_file=0x7fffffffe130, 
tsrm_ls=0x7ffff82580f0) at /home/bdeshong/apc_test/php5.4-
201210242030/main/main.c:2473
        realfile = 
"\024\000\000\000\000\000\000\000h\000\000\000\001\000\000\000\070\001\000\000\000
\000\000\000\320>E\370\377\177", '\000' <repeats 18 times>, 
"@%T\370\377\177\000\000x\320\377\377\377\177\000\000h\000\000\000\000\000\000\000
zN\325\363\377\177\000\000x\320\377\377\377\177\000\000\001\000\000\000\377\177\00
0\000\034\332A\364\377\177\000\000\360)&\370\377\177\000\000\034\332A\364\377\177\
000\000'\026\315\363\377\177\000\000\005\000\000\000\000\000\000\000'\026\315\363\
377\177\000\000\001\000\000\000\000\000\000\000\020\321\377\377\377\177\000\000\02
0\321\377\377\377\177\000\000\310*\342\367\377\177\000\000\001\000\000\000\000\000
\000\000\200\321\377\377\377\177\000\000\370\a\370\367\377\177\000\000<\251\321\36
3\377\177\000\000\001\000\000\000\000\000\000\000 
\000\342\367\377\177\000\000\370\323\377\377\377\177\000\000 
\261%\370\377\177\000\000\020\000\342\367\377\177\000\000\000v%\370\377\177\000\00
0\000\000\000\000\000\000\000\000\370\a\370\367\377\177\000\000(`\370\367\377\177\
000\000\335\300\321\363\377\177\000\000\021\n\000\000\001"...
        __orig_bailout = 0x7fffffffe060
        __bailout = {{__jmpbuf = {140737291344412, 8262864989161079751, 
140737351745696, 0, -4294967295, 1, 8262864987154105287, 8262855760097788871}, 
            __mask_was_saved = 0, __saved_mask = {__val = {0, 140737342304704, 0, 
140737351738808, 140737346904690, 0, 140737351738808, 140737488342784, 
                140737283692071, 140737356598656, 140737283988752, 
140737356595440, 140737291344264, 140737291343968, 140737356595440, 
140737291344264}}}}
        prepend_file_p = <optimized out>
        append_file_p = 0x0
        prepend_file = {type = ZEND_HANDLE_FILENAME, filename = 0x7ffff8266a30 
"/opt/crowdtwist/app/core/api/config.php", opened_path = 0x0, handle = {fd = 0, 
---Type <return> to continue, or q <return> to quit---
            fp = 0x0, stream = {handle = 0x0, isatty = 0, mmap = {len = 0, pos = 
0, map = 0x0, buf = 0x0, old_handle = 0x0, old_closer = 0}, reader = 0, fsizer = 
0, 
              closer = 0}}, free_filename = 0 '\000'}
        append_file = {type = ZEND_HANDLE_FILENAME, filename = 0x0, opened_path = 
0x0, handle = {fd = 0, fp = 0x0, stream = {handle = 0x0, isatty = 0, mmap = {
                len = 0, pos = 0, map = 0x0, buf = 0x0, old_handle = 0x0, 
old_closer = 0}, reader = 0, fsizer = 0, closer = 0}}, free_filename = 0 '\000'}
        old_cwd = 0x7fffffffbe00 "/root"
        use_heap = 0 '\000'
        retval = 0
#7  0x00007ffff3e014d2 in php_handler (r=0x7ffff7db80a0) at 
/home/bdeshong/apc_test/php5.4-201210242030/sapi/apache2handler/sapi_apache2.c:667
        zfd = {type = ZEND_HANDLE_FILENAME, filename = 0x7ffff7db6860 
"/opt/crowdtwist/app/pages/repro.html", opened_path = 0x0, handle = {fd = 
-136617984, 
            fp = 0x7ffff7db6000, stream = {handle = 0x7ffff7db6000, isatty = 
-136611776, mmap = {len = 140737351745696, pos = 8, map = 0x7ffff7f38430, buf = 
0x0, 
                old_handle = 0x7ffff7fdec11, old_closer = 0x7fffffffe1d8}, reader 
= 0x7ffff7db73a0, fsizer = 0x7ffff8204ee4 <ap_extended_status>, 
              closer = 0x7ffff7db8328}}, free_filename = 0 '\000'}
        __orig_bailout = 0x0
        __bailout = {{__jmpbuf = {140737356598480, -8262864989368269881, 
140737351745696, 0, -4294967295, 1, 8262864989158982599, 8262856073482683335}, 
            __mask_was_saved = 0, __saved_mask = {__val = {140737351742944, 
140737351742948, 140737351745576, 140737351742944, 140737351749224, 
140737488347424, 
                140737344613878, 140737488347488, 140737344621638, 40, 
140737351745576, 140737306340392, 140737351749224, 40, 140737351737344, 40}}}}
        ctx = 0x7ffff7db7868
        conf = 0x7ffff7f31220
        brigade = 0x7ffff7dba4d8
        bucket = <optimized out>
        rv = <optimized out>
        parent_req = 0x0
        tsrm_ls = 0x7ffff82580f0
#8  0x00007ffff7fd5368 in ap_run_handler (r=0x7ffff7db80a0) at 
/build/buildd/apache2-2.2.20/server/config.c:159
        pHook = <optimized out>
        n = <optimized out>
        rv = <optimized out>
#9  0x00007ffff7fd57de in ap_invoke_handler (r=0x7ffff7db80a0) at 
/build/buildd/apache2-2.2.20/server/config.c:377
        handler = <optimized out>
        p = <optimized out>
        result = <optimized out>
        old_handler = 0x0
        ignore = <optimized out>
#10 0x00007ffff7fe5360 in ap_process_request (r=0x7ffff7db80a0) at 
/build/buildd/apache2-2.2.20/modules/http/http_request.c:282
        access_status = <optimized out>
#11 0x00007ffff7fe21d8 in ap_process_http_connection (c=0x7ffff7dc2290) at 
/build/buildd/apache2-2.2.20/modules/http/http_core.c:190
        r = 0x7ffff7db80a0
        csd = 0x0
#12 0x00007ffff7fdbe08 in ap_run_process_connection (c=0x7ffff7dc2290) at 
/build/buildd/apache2-2.2.20/server/connection.c:43
        pHook = <optimized out>
        n = <optimized out>
        rv = <optimized out>
#13 0x00007ffff7fe9f60 in child_main (child_num_arg=<optimized out>) at 
/build/buildd/apache2-2.2.20/server/mpm/prefork/prefork.c:667
        current_conn = 0x7ffff7dc2290
        csd = 0x7ffff7dc20a0
        ptrans = 0x7ffff7dc2028
        allocator = 0x7ffff854eb90
---Type <return> to continue, or q <return> to quit---
        status = <optimized out>
        i = <optimized out>
        lr = <optimized out>
        pollset = 0x7ffff7dc4130
        sbh = 0x7ffff7dc4128
        bucket_alloc = 0x7ffff7dbe028
        last_poll_idx = 1
#14 0x00007ffff7fea686 in make_child (s=0x7ffff7f807f8, slot=0) at 
/build/buildd/apache2-2.2.20/server/mpm/prefork/prefork.c:712
No locals.
#15 0x00007ffff7feae53 in ap_mpm_run (_pconf=<optimized out>, plog=<optimized 
out>, s=<optimized out>)
    at /build/buildd/apache2-2.2.20/server/mpm/prefork/prefork.c:988
        index = <optimized out>
        remaining_children_to_start = <optimized out>
        rv = <optimized out>
#16 0x00007ffff7fc03ca in main (argc=2, argv=0x7fffffffe6a8) at 
/build/buildd/apache2-2.2.20/server/main.c:741
        c = 88 'X'
        configtestonly = <optimized out>
        confname = 0x7ffff7fecceb "apache2.conf"
        def_server_root = 0x7ffff7feccde "/etc/apache2"
        temp_error_log = 0x0
        error = <optimized out>
        process = 0x7ffff7f88118
        server_conf = 0x7ffff7f807f8
        pglobal = <optimized out>
        pconf = 0x7ffff7f86028
        plog = 0x7ffff7f4b028
        ptemp = 0x7ffff7f7e028
        pcommands = 0x7ffff7f84028
        opt = 0x7ffff7f84118
        rv = 0
        mod = <optimized out>
        optarg = 0x0
        signal_server = <optimized out>


Let me know what you think?  Hope this helps!
 [2012-10-25 09:06 UTC] gopalv@php.net
-Assigned To: laruence +Assigned To: gopalv
 [2012-10-25 09:06 UTC] gopalv@php.net
I'm on this. 

Will be looking into this on Thursday & will be on IRC all day (in case you want 
to ping me & debug it live).
 [2012-10-25 12:39 UTC] brian at crowdtwist dot com
Hey Gopal, sounds good.  I'm bdeshong on Freenode, will be hanging around all day.  
Ping me anytime -- happy to debug this with you live.
 [2012-10-25 13:18 UTC] gopalv@php.net
Fixed in svn

http://news.php.net/php.pecl.cvs/19064

will be available in the next release.
 [2012-10-25 13:18 UTC] gopalv@php.net
-Status: Assigned +Status: Closed
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Thu Apr 17 12:01:59 2014 UTC