php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #63407 segmentation fault in zval_mark_grey()
Submitted: 2012-10-31 22:55 UTC Modified: 2013-02-18 00:36 UTC
From: berdir@php.net Assigned:
Status: No Feedback Package: Reproducible crash
PHP Version: 5.4.8 OS: linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
Have you experienced this issue?
Rate the importance of this bug to you:

 [2012-10-31 22:55 UTC] berdir@php.net 
Description:
------------
I'm experiencing segfaults in the mentioned function while working on Drupal 8. 
Here's what I found out so far:

- Happens both with the default ubuntu 12.04 php 5.3.10 and php 5.4.8 from 
https://launchpad.net/~ondrej/+archive/php5
- See http://drupal.org/node/512026#comment-6673974 for the backtrace
- Happens both on my local installation and our automated testbots
- The segfault does not happen if zend.enable_gc is Off.

It's non-trivial to set up, see "script" below, so just tell me what commands to 
run in gdb to give you additional information if required.

Test script:
---------------
git clone git@git.drupal.org:project/drupal.git --branch=8.x
# Install Drupal, enable Testing module.
wget http://drupal.org/files/form-state-keyvalue-512026-98.patch
git apply form-state-keyvalue-512026-98.patch

php core/scripts/run-tests.sh --class "Drupal\views\Tests\Handler\FilterStringTest"


Expected result:
----------------
Drupal test run
---------------

Tests to be run:
 -  (Drupal\views\Tests\Handler\FilterStringTest)

Test run started:
 Wednesday, October 31, 2012 - 23:50

Test summary
------------

Filter: String n passes, 0 fails, and 0 exception

Test run duration: n sec

Actual result:
--------------
Drupal test run
---------------

Tests to be run:
 -  (Drupal\views\Tests\Handler\FilterStringTest)

Test run started:
 Wednesday, October 31, 2012 - 23:50

Test summary
------------

Segmentation fault (core dumped)
FATAL Drupal\views\Tests\Handler\FilterStringTest: test runner returned a non-
zero error code (139).
- Found database prefix 'simpletest916618' for test ID 372.
- Removed test files directory.
- Removed 43 leftover tables.

Test run duration: 11 sec

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-11-01 02:23 UTC] laruence@php.net
-Status: Open +Status: Feedback
 [2012-11-01 02:23 UTC] laruence@php.net 
Please try using this snapshot:

  http://snaps.php.net/php5.4-latest.tar.gz
 
For Windows:

  http://windows.php.net/snapshots/

there is a knew issue of segfault caused by traits alias.

please try with the 5.4-snapshot
 [2012-11-02 01:41 UTC] berdir@php.net 
Tried that, still crashes, although now it seems to happen on the line below?

Updated gdb backtrace. Do you need something else?

Program received signal SIGSEGV, Segmentation fault.
zval_mark_grey (pz=0x1a9fafa00) at .../php5.4-201211020030/Zend/zend_gc.c:426
426				if (Z_TYPE_P(pz) != IS_ARRAY || Z_ARRVAL_P(pz) 
!= &EG(symbol_table)) {
(gdb) bt
#0  zval_mark_grey (pz=0x1a9fafa00) at .../php5.4-
201211020030/Zend/zend_gc.c:426
#1  0x00000000007e43a4 in zval_mark_grey (pz=<optimized out>) at .../php5.4-
201211020030/Zend/zend_gc.c:432
#2  0x00000000007e43a4 in zval_mark_grey (pz=<optimized out>) at .../php5.4-
201211020030/Zend/zend_gc.c:432
#3  0x00000000007e43a4 in zval_mark_grey (pz=<optimized out>) at .../php5.4-
201211020030/Zend/zend_gc.c:432
#4  0x00000000007e43dd in zval_mark_grey (pz=<optimized out>) at .../php5.4-
201211020030/Zend/zend_gc.c:407
#5  0x00000000007e51f5 in gc_mark_roots () at .../php5.4-
201211020030/Zend/zend_gc.c:501
#6  gc_collect_cycles () at .../php5.4-201211020030/Zend/zend_gc.c:793
#7  0x00000000007e5584 in gc_zval_possible_root (zv=<optimized out>) at 
.../php5.4-201211020030/Zend/zend_gc.c:166
#8  0x00000000007d4138 in zend_hash_destroy (ht=0x214ea30) at .../php5.4-
201211020030/Zend/zend_hash.c:560
#9  0x00000000007c5787 in _zval_dtor_func (zvalue=0x1db4ba0) at .../php5.4-
201211020030/Zend/zend_variables.c:43
#10 0x000000000086ca10 in _zval_dtor (zvalue=0x1db4ba0) at .../php5.4-
201211020030/Zend/zend_variables.h:35
#11 i_zval_ptr_dtor (zval_ptr=0x1db4ba0) at .../php5.4-
201211020030/Zend/zend_execute.h:87
#12 zend_vm_stack_clear_multiple () at .../php5.4-
201211020030/Zend/zend_execute.h:339
#13 zend_do_fcall_common_helper_SPEC (execute_data=<optimized out>) at 
.../php5.4-201211020030/Zend/zend_vm_execute.h:736
#14 0x0000000000826cdf in execute (op_array=0x1174570) at .../php5.4-
201211020030/Zend/zend_vm_execute.h:410
#15 0x00000000007c7ea9 in zend_execute_scripts (type=8, retval=0x0, 
file_count=3) at .../php5.4-201211020030/Zend/zend.c:1279
#16 0x0000000000767763 in php_execute_script (primary_file=0x7fffffffcd80) at 
.../php5.4-201211020030/main/main.c:2473
#17 0x000000000086f45f in do_cli (argc=10, argv=0x7fffffffe168) at .../php5.4-
201211020030/sapi/cli/php_cli.c:988
#18 0x0000000000435dce in main (argc=10, argv=0x7fffffffe168) at .../php5.4-
201211020030/sapi/cli/php_cli.c:1364
 [2012-11-02 03:37 UTC] laruence@php.net 
I can not reproduce this segfault according to your test steps...
 [2013-02-18 00:36 UTC] php-bugs at lists dot php dot net 
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Open". Thank you.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sat May 04 16:01:31 2024 UTC