|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
[2012-09-23 06:48 UTC] remi@php.net
Description:
------------
php segfault when using memcache and object serialization.
(gdb) bt
#0 zend_mm_remove_from_free_list (heap=0xbae2d0, mm_block=0x7ffff7fc01d7) at /usr/src/debug/php-5.4.7/Zend/zend_alloc.c:833
#1 0x000000000059c660 in _zend_mm_free_int (heap=0xbae2d0, p=0x7ffff7fbd0e7) at /usr/src/debug/php-5.4.7/Zend/zend_alloc.c:2101
#2 0x00000000005e98e3 in zend_objects_store_del_ref_by_handle_ex (handle=11, handlers=<optimized out>)
at /usr/src/debug/php-5.4.7/Zend/zend_objects_API.c:220
#3 0x00000000005e9903 in zend_objects_store_del_ref (zobject=0x7fffffffa5c0) at /usr/src/debug/php-5.4.7/Zend/zend_objects_API.c:172
#4 0x00000000005b429a in _zval_dtor (zvalue=<optimized out>) at /usr/src/debug/php-5.4.7/Zend/zend_variables.h:35
#5 _zval_ptr_dtor (zval_ptr=0x7fffd7015210) at /usr/src/debug/php-5.4.7/Zend/zend_execute_API.c:438
#6 _zval_ptr_dtor (zval_ptr=0x7fffd7015210) at /usr/src/debug/php-5.4.7/Zend/zend_execute_API.c:427
#7 0x00000000005d0a38 in zend_hash_destroy (ht=0x7ffff7fbd1c8) at /usr/src/debug/php-5.4.7/Zend/zend_hash.c:560
#8 0x00000000005e3b3c in zend_object_std_dtor (object=0x7ffff7fbd0e8) at /usr/src/debug/php-5.4.7/Zend/zend_objects.c:44
#9 0x00000000005e3bc9 in zend_objects_free_object_storage (object=0x7ffff7fbd0e8) at /usr/src/debug/php-5.4.7/Zend/zend_objects.c:137
#10 0x00000000005e98e3 in zend_objects_store_del_ref_by_handle_ex (handle=11, handlers=<optimized out>)
at /usr/src/debug/php-5.4.7/Zend/zend_objects_API.c:220
#11 0x00000000005e9903 in zend_objects_store_del_ref (zobject=0x7fffffffa5c0) at /usr/src/debug/php-5.4.7/Zend/zend_objects_API.c:172
#12 0x00000000005b429a in _zval_dtor (zvalue=<optimized out>) at /usr/src/debug/php-5.4.7/Zend/zend_variables.h:35
#13 _zval_ptr_dtor (zval_ptr=0x7fffd7015210) at /usr/src/debug/php-5.4.7/Zend/zend_execute_API.c:438
#14 _zval_ptr_dtor (zval_ptr=0x7fffd7015210) at /usr/src/debug/php-5.4.7/Zend/zend_execute_API.c:427
#15 0x00000000005d0a38 in zend_hash_destroy (ht=0x7ffff7fbd1c8) at /usr/src/debug/php-5.4.7/Zend/zend_hash.c:560
#16 0x00000000005e3b3c in zend_object_std_dtor (object=0x7ffff7fbd0e8) at /usr/src/debug/php-5.4.7/Zend/zend_objects.c:44
#17 0x00000000005e3bc9 in zend_objects_free_object_storage (object=0x7ffff7fbd0e8) at /usr/src/debug/php-5.4.7/Zend/zend_objects.c:137
#18 0x00000000005e98e3 in zend_objects_store_del_ref_by_handle_ex (handle=11, handlers=<optimized out>)
at /usr/src/debug/php-5.4.7/Zend/zend_objects_API.c:220
#19 0x00000000005e9903 in zend_objects_store_del_ref (zobject=0x7fffffffa5c0) at /usr/src/debug/php-5.4.7/Zend/zend_objects_API.c:172
#20 0x00000000005b429a in _zval_dtor (zvalue=<optimized out>) at /usr/src/debug/php-5.4.7/Zend/zend_variables.h:35
#21 _zval_ptr_dtor (zval_ptr=0x7fffd7015210) at /usr/src/debug/php-5.4.7/Zend/zend_execute_API.c:438
#22 _zval_ptr_dtor (zval_ptr=0x7fffd7015210) at /usr/src/debug/php-5.4.7/Zend/zend_execute_API.c:427
#23 0x00000000005d0a38 in zend_hash_destroy (ht=0x7ffff7fbd1c8) at /usr/src/debug/php-5.4.7/Zend/zend_hash.c:560
#24 0x00000000005e3b3c in zend_object_std_dtor (object=0x7ffff7fbd0e8) at /usr/src/debug/php-5.4.7/Zend/zend_objects.c:44
#25 0x00000000005e3bc9 in zend_objects_free_object_storage (object=0x7ffff7fbd0e8) at /usr/src/debug/php-5.4.7/Zend/zend_objects.c:137
#26 0x00000000005e98e3 in zend_objects_store_del_ref_by_handle_ex (handle=11, handlers=<optimized out>)
at /usr/src/debug/php-5.4.7/Zend/zend_objects_API.c:220
#27 0x00000000005e9903 in zend_objects_store_del_ref (zobject=0x7fffffffa5c0) at /usr/src/debug/php-5.4.7/Zend/zend_objects_API.c:172
#28 0x00000000005b429a in _zval_dtor (zvalue=<optimized out>) at /usr/src/debug/php-5.4.7/Zend/zend_variables.h:35
#29 _zval_ptr_dtor (zval_ptr=0x7fffd7015210) at /usr/src/debug/php-5.4.7/Zend/zend_execute_API.c:438
#30 _zval_ptr_dtor (zval_ptr=0x7fffd7015210) at /usr/src/debug/php-5.4.7/Zend/zend_execute_API.c:427
#31 0x00000000005d0a38 in zend_hash_destroy (ht=0x7ffff7fbd1c8) at /usr/src/debug/php-5.4.7/Zend/zend_hash.c:560
#32 0x00000000005e3b3c in zend_object_std_dtor (object=0x7ffff7fbd0e8) at /usr/src/debug/php-5.4.7/Zend/zend_objects.c:44
#33 0x00000000005e3bc9 in zend_objects_free_object_storage (object=0x7ffff7fbd0e8) at /usr/src/debug/php-5.4.7/Zend/zend_objects.c:137
#34 0x00000000005e98e3 in zend_objects_store_del_ref_by_handle_ex (handle=11, handlers=<optimized out>)
Test script:
---------------
<?php
echo "Test: PHP-".phpversion()."/memcache-".phpversion('memcache');
$obj = new StdClass;
$obj->obj = $obj;
$memcache = new Memcache;
$memcache->connect('127.0.0.1', 11211);
$memcache->set('x', $obj, false, 300);
$x = $memcache->get('x'); echo ".";
$x = $memcache->get('x'); echo ".";
$x = $memcache->get('x'); echo ".";
$x = $memcache->get('x'); echo ".";
$x = $memcache->get('x'); echo ".";
$x = $memcache->get('x'); echo ".";
$x = $memcache->get('x'); echo ".";
$x = $memcache->get('x'); echo ".";
$x = $memcache->get('x'); echo ".\n";
Expected result:
----------------
Test: PHP-5.4.7/memcache-3.0.7.........
Actual result:
--------------
Test: PHP-5.4.7/memcache-3.0.7.........
Segmentation fault
Patchesbug63142.diff (last revision 2013-03-19 09:05 UTC by tony2001@php.net)php-pecl-memcache-3.0.5-get-mem-corrupt.patch (last revision 2012-09-23 06:49 UTC by remi@php.net) Pull RequestsHistoryAllCommentsChangesGit/SVN commits
|
|||||||||||||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Tue Oct 28 13:00:01 2025 UTC |
With php 5.4.7 + memcache 3.0.7 + commit 327754 (gdb) run 002.php ... bool(true) bool(true) Program received signal SIGSEGV, Segmentation fault. (gdb) bt #0 zend_std_get_properties (object=0x7fffd0bde618) at /usr/src/debug/php-5.4.7/Zend/zend_object_handlers.c:98 #1 0x000000000053b657 in php_var_dump (struc=0x7ffff7f85428, level=level@entry=1) at /usr/src/debug/php-5.4.7/ext/standard/var.c:129 #2 0x000000000053b9aa in zif_var_dump (ht=<optimized out>, return_value=<optimized out>, return_value_ptr=<optimized out>, this_ptr=<optimized out>, return_value_used=<optimized out>) at /usr/src/debug/php-5.4.7/ext/standard/var.c:183 #3 0x0000000000669db2 in zend_do_fcall_common_helper_SPEC (execute_data=<optimized out>) at /usr/src/debug/php-5.4.7/Zend/zend_vm_execute.h:642 #4 0x0000000000623af7 in execute (op_array=0x7ffff7fbda68) at /usr/src/debug/php-5.4.7/Zend/zend_vm_execute.h:410 #5 0x00000000005c48ec in zend_execute_scripts (type=type@entry=8, retval=retval@entry=0x0, file_count=file_count@entry=3) at /usr/src/debug/php-5.4.7/Zend/zend.c:1286 #6 0x000000000056445d in php_execute_script (primary_file=primary_file@entry=0x7fffffffcba0) at /usr/src/debug/php-5.4.7/main/main.c:2473 #7 0x000000000066c476 in do_cli (argc=2, argv=0x7fffffffe038) at /usr/src/debug/php-5.4.7/sapi/cli/php_cli.c:988 #8 0x000000000042597a in main (argc=2, argv=0x7fffffffe038) at /usr/src/debug/php-5.4.7/sapi/cli/php_cli.c:1364 I can do more test if you need