|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2014-09-30 23:01 UTC] aharvey@php.net
-PHP Version: master-Git-2014-09-30 (Git)
+PHP Version: 5.6.0
[2014-10-15 16:04 UTC] tyrael@php.net
-Assigned To:
+Assigned To: dmitry
[2014-10-15 16:57 UTC] dmitry@php.net
[2015-04-06 19:57 UTC] dmitry@php.net
-Status: Assigned
+Status: Feedback
[2015-04-06 19:57 UTC] dmitry@php.net
[2015-04-19 04:22 UTC] php-bugs at lists dot php dot net
|
|||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Fri May 09 08:01:35 2025 UTC |
Description: ------------ In php 5.6.0 (that's all I've looked at), the opcache related function accel_new_interned_string does no interning, and returns the argument string if compiled for ZTS. Unfortunately, the related free-like function accel_clean_non_persistent_constant doesn't special case for ZTS, and still appears to free as if the string were created by internment. If you compile php 5.6 in ZTS mode, using a modern gcc (such as 4.9.1) which supports -fsanitize=address (aka "asan"), and then run in cgi mode, you'll see that the asan runtime system reports an illegal free stemming from the call to accell_clean_non_persistent_constant Here's a gdb backtrace:#0 0x00007f909ae21bb9 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56 #1 0x00007f909ae24fc8 in __GI_abort () at abort.c:89 #2 0x00007f909ae5ee14 in __libc_message (do_abort=do_abort@entry=1, fmt=fmt@entry=0x7f909af6d668 "*** Error in `%s': %s: 0x%s ***\n") at ../sysdeps/posix/libc_fatal.c:175 #3 0x00007f909ae69b77 in malloc_printerr (action=<optimized out>, str=0x7f909af6d9e8 "munmap_chunk(): invalid pointer", ptr=<optimized out>) at malloc.c:4996 #4 0x00007f909453be00 in accel_clean_non_persistent_constant (c=0x604000048850, tsrm_ls=0x60300000efb0) at /opt/nr/lamp/build/php-5.6.0-zts/ext/opcache/ZendAccelerator.c:2327 #5 0x00007f909eebe633 in zend_hash_reverse_apply (ht=0x607000054bf0, apply_func=0x7f909453bdcb <accel_clean_non_persistent_constant>, tsrm_ls=0x60300000efb0) at /opt/nr/lamp/build/php-5.6.0-zts/Zend/zend_hash.c:729 #6 0x00007f909453c2d2 in zend_accel_fast_shutdown (tsrm_ls=0x60300000efb0) at /opt/nr/lamp/build/php-5.6.0-zts/ext/opcache/ZendAccelerator.c:2360 #7 0x00007f909453c3fc in accel_deactivate () at /opt/nr/lamp/build/php-5.6.0-zts/ext/opcache/ZendAccelerator.c:2385 #8 0x00007f909ee322b3 in zend_extension_deactivator (extension=0x611000073550, tsrm_ls=0x60300000efb0) at /opt/nr/lamp/build/php-5.6.0-zts/Zend/zend_execute_API.c:101 #9 0x00007f909ee4bbc0 in zend_llist_apply (l=0x7f90a0ec4b20 <zend_extensions>, func=0x7f909ee32267 <zend_extension_deactivator>, tsrm_ls=0x60300000efb0) at /opt/nr/lamp/build/php-5.6.0-zts/Zend/zend_llist.c:191 #10 0x00007f909ee3468f in shutdown_executor (tsrm_ls=0x60300000efb0) at /opt/nr/lamp/build/php-5.6.0-zts/Zend/zend_execute_API.c:246 #11 0x00007f909ee7d4ec in zend_deactivate (tsrm_ls=0x60300000efb0) at /opt/nr/lamp/build/php-5.6.0-zts/Zend/zend.c:949 #12 0x00007f909ec65e65 in php_request_shutdown (dummy=0x0) at /opt/nr/lamp/build/php-5.6.0-zts/main/main.c:1884 #13 0x00007f909f2504a5 in main (argc=5, argv=0x7fff9fe0bdc8) at /opt/nr/lamp/build/php-5.6.0-zts/sapi/cgi/cgi_main.c:2508