php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #75502 Segmentation fault in zend_string_release
Submitted: 2017-11-08 15:58 UTC Modified: 2017-11-13 09:58 UTC
From: cristian dot pop at softwire dot com Assigned:
Status: Closed Package: Reproducible crash
PHP Version: 7.1.11 OS: CentOS 7.4
Private report: No CVE-ID: None
 [2017-11-08 15:58 UTC] cristian dot pop at softwire dot com
Description:
------------
I'm getting consistent segmentation fault errors when running a PHP script via CLI, running PHP 7.1.11 (with Zend Framework 1.12.20) and Apache 2.4.6. The script was developed on another box running PHP 5.4, and it still runs without issues on the older version.

Unfortunately, I've not been able to come up with a minimal reproducible example, as I couldn't isolate precisely which section of the script is the culprit. Debugging the script in IntelliJ didn't help, as the segfault seems to be thrown during zend_shutdown(). There are multiple, distinct, sections in that script that can be blindly commented out to stop the segfaults from occurring (though rendering the script useless).

It might have something to do with the complexity of the script or how much "work" it's doing, but I have other similar scripts that take a long time to complete (up to a minute), and this is the only one throwing a segmentation fault on every run.

Running the script with USE_ZEND_ALLOC=0 seems to help (no more segfaults), and (bizarrely) so does setting zfDebug.enabled to TRUE in my application.ini. I'm worried about using these workarounds in a production environment though, as long as I still don't know what the underlying cause is.

Here's the gdb backtrace from the core dump generated (I noticed it's somewhat similar to an older bug affecting PHP 7.0.3 https://bugs.php.net/bug.php?id=71662):

#0  zend_string_release (s=0x7ff9aa940660) at /usr/src/debug/php-7.1.11/Zend/zend_string.h:270
#1  zend_hash_destroy (ht=0x55ee0879af10) at /usr/src/debug/php-7.1.11/Zend/zend_hash.c:1248
#2  0x00007ff9b90b7e8e in delete_type_persistent (zv=<optimized out>) at /usr/src/debug/php-7.1.11/ext/soap/php_schema.c:2459
#3  0x000055ee06d40bf5 in zend_hash_destroy (ht=0x55ee08777400) at /usr/src/debug/php-7.1.11/Zend/zend_hash.c:1235
#4  0x00007ff9b90bf031 in delete_psdl_int (p=<optimized out>) at /usr/src/debug/php-7.1.11/ext/soap/php_sdl.c:3130
#5  0x00007ff9b90bf09f in delete_psdl (zv=0x55ee08a07a40) at /usr/src/debug/php-7.1.11/ext/soap/php_sdl.c:3150
#6  0x000055ee06d40c96 in zend_hash_destroy (ht=0x55ee0877bbf0) at /usr/src/debug/php-7.1.11/Zend/zend_hash.c:1246
#7  0x00007ff9b908f8c9 in zm_shutdown_soap (type=<optimized out>, module_number=33) at /usr/src/debug/php-7.1.11/ext/soap/soap.c:598
#8  0x000055ee06d35eb7 in module_destructor (module=module@entry=0x55ee0854c760) at /usr/src/debug/php-7.1.11/Zend/zend_API.c:2501
#9  0x000055ee06d2e60c in module_destructor_zval (zv=<optimized out>) at /usr/src/debug/php-7.1.11/Zend/zend.c:633
#10 0x000055ee06d41791 in _zend_hash_del_el_ex (prev=<optimized out>, p=<optimized out>, idx=<optimized out>, ht=<optimized out>)
    at /usr/src/debug/php-7.1.11/Zend/zend_hash.c:997
#11 _zend_hash_del_el (p=0x55ee0854ec30, idx=32, ht=0x55ee07155420 <module_registry>) at /usr/src/debug/php-7.1.11/Zend/zend_hash.c:1020
#12 zend_hash_graceful_reverse_destroy (ht=ht@entry=0x55ee07155420 <module_registry>) at /usr/src/debug/php-7.1.11/Zend/zend_hash.c:1476
#13 0x000055ee06d342dc in zend_destroy_modules () at /usr/src/debug/php-7.1.11/Zend/zend_API.c:1978
#14 0x000055ee06d2f1f1 in zend_shutdown () at /usr/src/debug/php-7.1.11/Zend/zend.c:876
#15 0x000055ee06ccb1ab in php_module_shutdown () at /usr/src/debug/php-7.1.11/main/main.c:2445
#16 0x000055ee06b5c76c in main (argc=2, argv=0x55ee08542c10) at /usr/src/debug/php-7.1.11/sapi/cli/php_cli.c:1396


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2017-11-08 16:06 UTC] nikic@php.net
Can you please run your application through valgrind (using "USE_ZEND_ALLOC=0 valgrind php script.php your_args") and post the resulting log?
 [2017-11-08 22:06 UTC] cristian dot pop at softwire dot com
Running the script through valgrind without any flags didn't return too much info, so I assume you meant I should run it through valgrind --leak-check=full:

==2682== Memcheck, a memory error detector
==2682== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==2682== Using Valgrind-3.12.0 and LibVEX; rerun with -h for copyright info
==2682== Command: php ./cli/cron/noShowsUpdateJob.php
==2682==
==2682==
==2682== HEAP SUMMARY:
==2682==     in use at exit: 117,090 bytes in 1,581 blocks
==2682==   total heap usage: 865,773 allocs, 864,192 frees, 109,576,288 bytes allocated
==2682==
==2682== 8 bytes in 1 blocks are definitely lost in loss record 20 of 135
==2682==    at 0x4C29BE3: malloc (vg_replace_malloc.c:299)
==2682==    by 0x1AA6D868: ???
==2682==    by 0x1AA7C68B: ???
==2682==    by 0x1AA6BEC6: ???
==2682==    by 0x400F502: call_init (dl-init.c:82)
==2682==    by 0x400F502: _dl_init (dl-init.c:131)
==2682==    by 0x4013C15: dl_open_worker (dl-open.c:560)
==2682==    by 0x400F313: _dl_catch_error (dl-error.c:177)
==2682==    by 0x401330A: _dl_open (dl-open.c:650)
==2682==    by 0x633DFBA: dlopen_doit (dlopen.c:66)
==2682==    by 0x400F313: _dl_catch_error (dl-error.c:177)
==2682==    by 0x633E5BC: _dlerror_run (dlerror.c:163)
==2682==    by 0x633E050: dlopen@@GLIBC_2.2.5 (dlopen.c:87)
==2682==
==2682== 16 bytes in 1 blocks are definitely lost in loss record 27 of 135
==2682==    at 0x4C29BE3: malloc (vg_replace_malloc.c:299)
==2682==    by 0x1A438A18: ???
==2682==    by 0x1A438A4D: ???
==2682==    by 0x1A438859: ???
==2682==    by 0x1A43A0EB: ???
==2682==    by 0x1944C561: ???
==2682==    by 0x1944D1BC: ???
==2682==    by 0x1944774E: ???
==2682==    by 0x18DC5C01: ???
==2682==    by 0x3AEF3D: zend_startup_module_ex (zend_API.c:1843)
==2682==    by 0x3AEFEB: zend_startup_module_zval (zend_API.c:1858)
==2682==    by 0x3BC949: zend_hash_apply (zend_hash.c:1507)
==2682==
==2682== 24 bytes in 1 blocks are definitely lost in loss record 47 of 135
==2682==    at 0x4C2B975: calloc (vg_replace_malloc.c:711)
==2682==    by 0x11E7135E: ???
==2682==    by 0x11E7E3DE: ???
==2682==    by 0x10A0E7D4: ???
==2682==    by 0x109F61C4: ???
==2682==    by 0x107BD3C7: ???
==2682==    by 0x3AEF3D: zend_startup_module_ex (zend_API.c:1843)
==2682==    by 0x3AEFEB: zend_startup_module_zval (zend_API.c:1858)
==2682==    by 0x3BC949: zend_hash_apply (zend_hash.c:1507)
==2682==    by 0x3AF2A9: zend_startup_modules (zend_API.c:1969)
==2682==    by 0x345A62: php_module_startup (main.c:2300)
==2682==    by 0x450BBC: php_cli_startup (php_cli.c:427)
==2682==
==2682== 24 bytes in 1 blocks are definitely lost in loss record 48 of 135
==2682==    at 0x4C29BE3: malloc (vg_replace_malloc.c:299)
==2682==    by 0x11E7E182: ???
==2682==    by 0x11E7E3E8: ???
==2682==    by 0x10A0E7D4: ???
==2682==    by 0x109F61C4: ???
==2682==    by 0x107BD3C7: ???
==2682==    by 0x3AEF3D: zend_startup_module_ex (zend_API.c:1843)
==2682==    by 0x3AEFEB: zend_startup_module_zval (zend_API.c:1858)
==2682==    by 0x3BC949: zend_hash_apply (zend_hash.c:1507)
==2682==    by 0x3AF2A9: zend_startup_modules (zend_API.c:1969)
==2682==    by 0x345A62: php_module_startup (main.c:2300)
==2682==    by 0x450BBC: php_cli_startup (php_cli.c:427)
==2682==
==2682== 24 bytes in 1 blocks are definitely lost in loss record 49 of 135
==2682==    at 0x4C29BE3: malloc (vg_replace_malloc.c:299)
==2682==    by 0xFB5FDCD: ???
==2682==    by 0xFB5F113: ???
==2682==    by 0x3B0FAF: zend_activate_modules (zend_API.c:2539)
==2682==    by 0x3449F7: php_request_startup (main.c:1698)
==2682==    by 0x451882: do_cli (php_cli.c:964)
==2682==    by 0x1D7829: main (php_cli.c:1381)
==2682==
==2682== 46 (40 direct, 6 indirect) bytes in 1 blocks are definitely lost in loss record 78 of 135
==2682==    at 0x4C2B975: calloc (vg_replace_malloc.c:711)
==2682==    by 0x11E786B1: ???
==2682==    by 0x11E7E3B9: ???
==2682==    by 0x10A0E7D4: ???
==2682==    by 0x109F61C4: ???
==2682==    by 0x107BD3C7: ???
==2682==    by 0x3AEF3D: zend_startup_module_ex (zend_API.c:1843)
==2682==    by 0x3AEFEB: zend_startup_module_zval (zend_API.c:1858)
==2682==    by 0x3BC949: zend_hash_apply (zend_hash.c:1507)
==2682==    by 0x3AF2A9: zend_startup_modules (zend_API.c:1969)
==2682==    by 0x345A62: php_module_startup (main.c:2300)
==2682==    by 0x450BBC: php_cli_startup (php_cli.c:427)
==2682==
==2682== 64 bytes in 1 blocks are definitely lost in loss record 80 of 135
==2682==    at 0x4C2B975: calloc (vg_replace_malloc.c:711)
==2682==    by 0x11E77A86: ???
==2682==    by 0x11E7E39D: ???
==2682==    by 0x10A0E7D4: ???
==2682==    by 0x109F61C4: ???
==2682==    by 0x107BD3C7: ???
==2682==    by 0x3AEF3D: zend_startup_module_ex (zend_API.c:1843)
==2682==    by 0x3AEFEB: zend_startup_module_zval (zend_API.c:1858)
==2682==    by 0x3BC949: zend_hash_apply (zend_hash.c:1507)
==2682==    by 0x3AF2A9: zend_startup_modules (zend_API.c:1969)
==2682==    by 0x345A62: php_module_startup (main.c:2300)
==2682==    by 0x450BBC: php_cli_startup (php_cli.c:427)
==2682==
==2682== 88 (48 direct, 40 indirect) bytes in 1 blocks are definitely lost in loss record 84 of 135
==2682==    at 0x4C29BE3: malloc (vg_replace_malloc.c:299)
==2682==    by 0x11E70EF9: ???
==2682==    by 0x11E8AC76: ???
==2682==    by 0x11E8AD80: ???
==2682==    by 0x11E7E3A4: ???
==2682==    by 0x10A0E7D4: ???
==2682==    by 0x109F61C4: ???
==2682==    by 0x107BD3C7: ???
==2682==    by 0x3AEF3D: zend_startup_module_ex (zend_API.c:1843)
==2682==    by 0x3AEFEB: zend_startup_module_zval (zend_API.c:1858)
==2682==    by 0x3BC949: zend_hash_apply (zend_hash.c:1507)
==2682==    by 0x3AF2A9: zend_startup_modules (zend_API.c:1969)
==2682==
==2682== 88 (48 direct, 40 indirect) bytes in 1 blocks are definitely lost in loss record 85 of 135
==2682==    at 0x4C29BE3: malloc (vg_replace_malloc.c:299)
==2682==    by 0x11E70EF9: ???
==2682==    by 0x11E8AC76: ???
==2682==    by 0x11E8AD9E: ???
==2682==    by 0x11E7E3A4: ???
==2682==    by 0x10A0E7D4: ???
==2682==    by 0x109F61C4: ???
==2682==    by 0x107BD3C7: ???
==2682==    by 0x3AEF3D: zend_startup_module_ex (zend_API.c:1843)
==2682==    by 0x3AEFEB: zend_startup_module_zval (zend_API.c:1858)
==2682==    by 0x3BC949: zend_hash_apply (zend_hash.c:1507)
==2682==    by 0x3AF2A9: zend_startup_modules (zend_API.c:1969)
==2682==
==2682== 88 (48 direct, 40 indirect) bytes in 1 blocks are definitely lost in loss record 86 of 135
==2682==    at 0x4C29BE3: malloc (vg_replace_malloc.c:299)
==2682==    by 0x11E70EF9: ???
==2682==    by 0x11E8AC76: ???
==2682==    by 0x11E8ADBC: ???
==2682==    by 0x11E7E3A4: ???
==2682==    by 0x10A0E7D4: ???
==2682==    by 0x109F61C4: ???
==2682==    by 0x107BD3C7: ???
==2682==    by 0x3AEF3D: zend_startup_module_ex (zend_API.c:1843)
==2682==    by 0x3AEFEB: zend_startup_module_zval (zend_API.c:1858)
==2682==    by 0x3BC949: zend_hash_apply (zend_hash.c:1507)
==2682==    by 0x3AF2A9: zend_startup_modules (zend_API.c:1969)
==2682==
==2682== 104 (88 direct, 16 indirect) bytes in 1 blocks are definitely lost in loss record 88 of 135
==2682==    at 0x4C29BE3: malloc (vg_replace_malloc.c:299)
==2682==    by 0x1A438A18: ???
==2682==    by 0x1A438A4D: ???
==2682==    by 0x1A43B1EF: ???
==2682==    by 0x1A43B67E: ???
==2682==    by 0x1A438957: ???
==2682==    by 0x1944C561: ???
==2682==    by 0x1944D1BC: ???
==2682==    by 0x1944774E: ???
==2682==    by 0x18DC5C01: ???
==2682==    by 0x3AEF3D: zend_startup_module_ex (zend_API.c:1843)
==2682==    by 0x3AEFEB: zend_startup_module_zval (zend_API.c:1858)
==2682==
==2682== 168 bytes in 1 blocks are definitely lost in loss record 94 of 135
==2682==    at 0x4C2B975: calloc (vg_replace_malloc.c:711)
==2682==    by 0x11E86DEC: ???
==2682==    by 0x11E7DB08: ???
==2682==    by 0x11E7E36E: ???
==2682==    by 0x10A0E7D4: ???
==2682==    by 0x109F61C4: ???
==2682==    by 0x107BD3C7: ???
==2682==    by 0x3AEF3D: zend_startup_module_ex (zend_API.c:1843)
==2682==    by 0x3AEFEB: zend_startup_module_zval (zend_API.c:1858)
==2682==    by 0x3BC949: zend_hash_apply (zend_hash.c:1507)
==2682==    by 0x3AF2A9: zend_startup_modules (zend_API.c:1969)
==2682==    by 0x345A62: php_module_startup (main.c:2300)
==2682==
==2682== 168 bytes in 1 blocks are definitely lost in loss record 95 of 135
==2682==    at 0x4C2B975: calloc (vg_replace_malloc.c:711)
==2682==    by 0x11E86DEC: ???
==2682==    by 0x11E73CC9: ???
==2682==    by 0x11E7E374: ???
==2682==    by 0x10A0E7D4: ???
==2682==    by 0x109F61C4: ???
==2682==    by 0x107BD3C7: ???
==2682==    by 0x3AEF3D: zend_startup_module_ex (zend_API.c:1843)
==2682==    by 0x3AEFEB: zend_startup_module_zval (zend_API.c:1858)
==2682==    by 0x3BC949: zend_hash_apply (zend_hash.c:1507)
==2682==    by 0x3AF2A9: zend_startup_modules (zend_API.c:1969)
==2682==    by 0x345A62: php_module_startup (main.c:2300)
==2682==
==2682== 168 bytes in 1 blocks are definitely lost in loss record 96 of 135
==2682==    at 0x4C2B975: calloc (vg_replace_malloc.c:711)
==2682==    by 0x11E86DEC: ???
==2682==    by 0x11E7E37E: ???
==2682==    by 0x10A0E7D4: ???
==2682==    by 0x109F61C4: ???
==2682==    by 0x107BD3C7: ???
==2682==    by 0x3AEF3D: zend_startup_module_ex (zend_API.c:1843)
==2682==    by 0x3AEFEB: zend_startup_module_zval (zend_API.c:1858)
==2682==    by 0x3BC949: zend_hash_apply (zend_hash.c:1507)
==2682==    by 0x3AF2A9: zend_startup_modules (zend_API.c:1969)
==2682==    by 0x345A62: php_module_startup (main.c:2300)
==2682==    by 0x450BBC: php_cli_startup (php_cli.c:427)
==2682==
==2682== 168 bytes in 1 blocks are definitely lost in loss record 97 of 135
==2682==    at 0x4C2B975: calloc (vg_replace_malloc.c:711)
==2682==    by 0x11E86DEC: ???
==2682==    by 0x11E77BC8: ???
==2682==    by 0x11E7E39D: ???
==2682==    by 0x10A0E7D4: ???
==2682==    by 0x109F61C4: ???
==2682==    by 0x107BD3C7: ???
==2682==    by 0x3AEF3D: zend_startup_module_ex (zend_API.c:1843)
==2682==    by 0x3AEFEB: zend_startup_module_zval (zend_API.c:1858)
==2682==    by 0x3BC949: zend_hash_apply (zend_hash.c:1507)
==2682==    by 0x3AF2A9: zend_startup_modules (zend_API.c:1969)
==2682==    by 0x345A62: php_module_startup (main.c:2300)
==2682==
==2682== 168 bytes in 1 blocks are definitely lost in loss record 98 of 135
==2682==    at 0x4C2B975: calloc (vg_replace_malloc.c:711)
==2682==    by 0x11E86DEC: ???
==2682==    by 0x11E8AD63: ???
==2682==    by 0x11E7E3A4: ???
==2682==    by 0x10A0E7D4: ???
==2682==    by 0x109F61C4: ???
==2682==    by 0x107BD3C7: ???
==2682==    by 0x3AEF3D: zend_startup_module_ex (zend_API.c:1843)
==2682==    by 0x3AEFEB: zend_startup_module_zval (zend_API.c:1858)
==2682==    by 0x3BC949: zend_hash_apply (zend_hash.c:1507)
==2682==    by 0x3AF2A9: zend_startup_modules (zend_API.c:1969)
==2682==    by 0x345A62: php_module_startup (main.c:2300)
==2682==
==2682== 168 bytes in 1 blocks are definitely lost in loss record 99 of 135
==2682==    at 0x4C2B975: calloc (vg_replace_malloc.c:711)
==2682==    by 0x11E86DEC: ???
==2682==    by 0x11E710D0: ???
==2682==    by 0x11E8AD6F: ???
==2682==    by 0x11E7E3A4: ???
==2682==    by 0x10A0E7D4: ???
==2682==    by 0x109F61C4: ???
==2682==    by 0x107BD3C7: ???
==2682==    by 0x3AEF3D: zend_startup_module_ex (zend_API.c:1843)
==2682==    by 0x3AEFEB: zend_startup_module_zval (zend_API.c:1858)
==2682==    by 0x3BC949: zend_hash_apply (zend_hash.c:1507)
==2682==    by 0x3AF2A9: zend_startup_modules (zend_API.c:1969)
==2682==
==2682== 168 bytes in 1 blocks are definitely lost in loss record 100 of 135
==2682==    at 0x4C2B975: calloc (vg_replace_malloc.c:711)
==2682==    by 0x11E86DEC: ???
==2682==    by 0x11E7F6D8: ???
==2682==    by 0x11E7E3A9: ???
==2682==    by 0x10A0E7D4: ???
==2682==    by 0x109F61C4: ???
==2682==    by 0x107BD3C7: ???
==2682==    by 0x3AEF3D: zend_startup_module_ex (zend_API.c:1843)
==2682==    by 0x3AEFEB: zend_startup_module_zval (zend_API.c:1858)
==2682==    by 0x3BC949: zend_hash_apply (zend_hash.c:1507)
==2682==    by 0x3AF2A9: zend_startup_modules (zend_API.c:1969)
==2682==    by 0x345A62: php_module_startup (main.c:2300)
==2682==
==2682== 168 bytes in 1 blocks are definitely lost in loss record 101 of 135
==2682==    at 0x4C2B975: calloc (vg_replace_malloc.c:711)
==2682==    by 0x11E86DEC: ???
==2682==    by 0x11E84D48: ???
==2682==    by 0x11E7E3AE: ???
==2682==    by 0x10A0E7D4: ???
==2682==    by 0x109F61C4: ???
==2682==    by 0x107BD3C7: ???
==2682==    by 0x3AEF3D: zend_startup_module_ex (zend_API.c:1843)
==2682==    by 0x3AEFEB: zend_startup_module_zval (zend_API.c:1858)
==2682==    by 0x3BC949: zend_hash_apply (zend_hash.c:1507)
==2682==    by 0x3AF2A9: zend_startup_modules (zend_API.c:1969)
==2682==    by 0x345A62: php_module_startup (main.c:2300)
==2682==
==2682== 168 bytes in 1 blocks are definitely lost in loss record 102 of 135
==2682==    at 0x4C2B975: calloc (vg_replace_malloc.c:711)
==2682==    by 0x11E86DEC: ???
==2682==    by 0x11E74125: ???
==2682==    by 0x11E7E3B4: ???
==2682==    by 0x10A0E7D4: ???
==2682==    by 0x109F61C4: ???
==2682==    by 0x107BD3C7: ???
==2682==    by 0x3AEF3D: zend_startup_module_ex (zend_API.c:1843)
==2682==    by 0x3AEFEB: zend_startup_module_zval (zend_API.c:1858)
==2682==    by 0x3BC949: zend_hash_apply (zend_hash.c:1507)
==2682==    by 0x3AF2A9: zend_startup_modules (zend_API.c:1969)
==2682==    by 0x345A62: php_module_startup (main.c:2300)
==2682==
==2682== 168 bytes in 1 blocks are definitely lost in loss record 103 of 135
==2682==    at 0x4C2B975: calloc (vg_replace_malloc.c:711)
==2682==    by 0x11E87289: ???
==2682==    by 0x11E87378: ???
==2682==    by 0x11E7876B: ???
==2682==    by 0x11E7E3B9: ???
==2682==    by 0x10A0E7D4: ???
==2682==    by 0x109F61C4: ???
==2682==    by 0x107BD3C7: ???
==2682==    by 0x3AEF3D: zend_startup_module_ex (zend_API.c:1843)
==2682==    by 0x3AEFEB: zend_startup_module_zval (zend_API.c:1858)
==2682==    by 0x3BC949: zend_hash_apply (zend_hash.c:1507)
==2682==    by 0x3AF2A9: zend_startup_modules (zend_API.c:1969)
==2682==
==2682== 168 bytes in 1 blocks are definitely lost in loss record 104 of 135
==2682==    at 0x4C2B975: calloc (vg_replace_malloc.c:711)
==2682==    by 0x11E86DEC: ???
==2682==    by 0x11E7B418: ???
==2682==    by 0x11E7E3D9: ???
==2682==    by 0x10A0E7D4: ???
==2682==    by 0x109F61C4: ???
==2682==    by 0x107BD3C7: ???
==2682==    by 0x3AEF3D: zend_startup_module_ex (zend_API.c:1843)
==2682==    by 0x3AEFEB: zend_startup_module_zval (zend_API.c:1858)
==2682==    by 0x3BC949: zend_hash_apply (zend_hash.c:1507)
==2682==    by 0x3AF2A9: zend_startup_modules (zend_API.c:1969)
==2682==    by 0x345A62: php_module_startup (main.c:2300)
==2682==
==2682== 168 bytes in 1 blocks are definitely lost in loss record 105 of 135
==2682==    at 0x4C2B975: calloc (vg_replace_malloc.c:711)
==2682==    by 0x11E86DEC: ???
==2682==    by 0x11E7B424: ???
==2682==    by 0x11E7E3D9: ???
==2682==    by 0x10A0E7D4: ???
==2682==    by 0x109F61C4: ???
==2682==    by 0x107BD3C7: ???
==2682==    by 0x3AEF3D: zend_startup_module_ex (zend_API.c:1843)
==2682==    by 0x3AEFEB: zend_startup_module_zval (zend_API.c:1858)
==2682==    by 0x3BC949: zend_hash_apply (zend_hash.c:1507)
==2682==    by 0x3AF2A9: zend_startup_modules (zend_API.c:1969)
==2682==    by 0x345A62: php_module_startup (main.c:2300)
==2682==
==2682== 168 bytes in 1 blocks are definitely lost in loss record 106 of 135
==2682==    at 0x4C2B975: calloc (vg_replace_malloc.c:711)
==2682==    by 0x11E86DEC: ???
==2682==    by 0x11E71348: ???
==2682==    by 0x11E7E3DE: ???
==2682==    by 0x10A0E7D4: ???
==2682==    by 0x109F61C4: ???
==2682==    by 0x107BD3C7: ???
==2682==    by 0x3AEF3D: zend_startup_module_ex (zend_API.c:1843)
==2682==    by 0x3AEFEB: zend_startup_module_zval (zend_API.c:1858)
==2682==    by 0x3BC949: zend_hash_apply (zend_hash.c:1507)
==2682==    by 0x3AF2A9: zend_startup_modules (zend_API.c:1969)
==2682==    by 0x345A62: php_module_startup (main.c:2300)
==2682==
==2682== 168 bytes in 1 blocks are definitely lost in loss record 107 of 135
==2682==    at 0x4C2B975: calloc (vg_replace_malloc.c:711)
==2682==    by 0x11E86DEC: ???
==2682==    by 0x11E8E217: ???
==2682==    by 0x10A0E7D4: ???
==2682==    by 0x109F61C4: ???
==2682==    by 0x107BD3C7: ???
==2682==    by 0x3AEF3D: zend_startup_module_ex (zend_API.c:1843)
==2682==    by 0x3AEFEB: zend_startup_module_zval (zend_API.c:1858)
==2682==    by 0x3BC949: zend_hash_apply (zend_hash.c:1507)
==2682==    by 0x3AF2A9: zend_startup_modules (zend_API.c:1969)
==2682==    by 0x345A62: php_module_startup (main.c:2300)
==2682==    by 0x450BBC: php_cli_startup (php_cli.c:427)
==2682==
==2682== 168 bytes in 1 blocks are definitely lost in loss record 108 of 135
==2682==    at 0x4C2B975: calloc (vg_replace_malloc.c:711)
==2682==    by 0x11E87289: ???
==2682==    by 0x11E8E223: ???
==2682==    by 0x10A0E7D4: ???
==2682==    by 0x109F61C4: ???
==2682==    by 0x107BD3C7: ???
==2682==    by 0x3AEF3D: zend_startup_module_ex (zend_API.c:1843)
==2682==    by 0x3AEFEB: zend_startup_module_zval (zend_API.c:1858)
==2682==    by 0x3BC949: zend_hash_apply (zend_hash.c:1507)
==2682==    by 0x3AF2A9: zend_startup_modules (zend_API.c:1969)
==2682==    by 0x345A62: php_module_startup (main.c:2300)
==2682==    by 0x450BBC: php_cli_startup (php_cli.c:427)
==2682==
==2682== 168 bytes in 1 blocks are definitely lost in loss record 109 of 135
==2682==    at 0x4C29BE3: malloc (vg_replace_malloc.c:299)
==2682==    by 0x37FC38: __zend_malloc (zend_alloc.c:2820)
==2682==    by 0x3E4717: zend_objects_new (zend_objects.c:171)
==2682==    by 0x3AD040: _object_and_properties_init (zend_API.c:1295)
==2682==    by 0x44A7E5: ZEND_NEW_SPEC_UNUSED_HANDLER (zend_vm_execute.h:27941)
==2682==    by 0x3F458A: execute_ex (zend_vm_execute.h:429)
==2682==    by 0xFB5CD05: ???
==2682==    by 0x44D63D: ZEND_DO_FCALL_SPEC_RETVAL_USED_HANDLER (zend_vm_execute.h:1076)
==2682==    by 0x3F458A: execute_ex (zend_vm_execute.h:429)
==2682==    by 0xFB5CD05: ???
==2682==    by 0x44DBCB: ZEND_DO_FCALL_SPEC_RETVAL_UNUSED_HANDLER (zend_vm_execute.h:949)
==2682==    by 0x3F458A: execute_ex (zend_vm_execute.h:429)
==2682==
==2682== 176 (16 direct, 160 indirect) bytes in 1 blocks are definitely lost in loss record 112 of 135
==2682==    at 0x4C29BE3: malloc (vg_replace_malloc.c:299)
==2682==    by 0x1A43C41D: ???
==2682==    by 0x1A438B94: ???
==2682==    by 0x1A43A003: ???
==2682==    by 0x1A438966: ???
==2682==    by 0x1944C561: ???
==2682==    by 0x1944D1BC: ???
==2682==    by 0x1944774E: ???
==2682==    by 0x18DC5C01: ???
==2682==    by 0x3AEF3D: zend_startup_module_ex (zend_API.c:1843)
==2682==    by 0x3AEFEB: zend_startup_module_zval (zend_API.c:1858)
==2682==    by 0x3BC949: zend_hash_apply (zend_hash.c:1507)
==2682==
==2682== 216 bytes in 1 blocks are definitely lost in loss record 114 of 135
==2682==    at 0x4C29BE3: malloc (vg_replace_malloc.c:299)
==2682==    by 0x37FC38: __zend_malloc (zend_alloc.c:2820)
==2682==    by 0x3E4717: zend_objects_new (zend_objects.c:171)
==2682==    by 0x3AD040: _object_and_properties_init (zend_API.c:1295)
==2682==    by 0x44AD3B: ZEND_NEW_SPEC_CONST_HANDLER (zend_vm_execute.h:3217)
==2682==    by 0x3F458A: execute_ex (zend_vm_execute.h:429)
==2682==    by 0xFB5CD05: ???
==2682==    by 0x44D63D: ZEND_DO_FCALL_SPEC_RETVAL_USED_HANDLER (zend_vm_execute.h:1076)
==2682==    by 0x3F458A: execute_ex (zend_vm_execute.h:429)
==2682==    by 0xFB5CD05: ???
==2682==    by 0x44DBCB: ZEND_DO_FCALL_SPEC_RETVAL_UNUSED_HANDLER (zend_vm_execute.h:949)
==2682==    by 0x3F458A: execute_ex (zend_vm_execute.h:429)
==2682==
==2682== 232 (64 direct, 168 indirect) bytes in 1 blocks are definitely lost in loss record 115 of 135
==2682==    at 0x4C29BE3: malloc (vg_replace_malloc.c:299)
==2682==    by 0x11E86E92: ???
==2682==    by 0x11E8D3B0: ???
==2682==    by 0x11E7E393: ???
==2682==    by 0x10A0E7D4: ???
==2682==    by 0x109F61C4: ???
==2682==    by 0x107BD3C7: ???
==2682==    by 0x3AEF3D: zend_startup_module_ex (zend_API.c:1843)
==2682==    by 0x3AEFEB: zend_startup_module_zval (zend_API.c:1858)
==2682==    by 0x3BC949: zend_hash_apply (zend_hash.c:1507)
==2682==    by 0x3AF2A9: zend_startup_modules (zend_API.c:1969)
==2682==    by 0x345A62: php_module_startup (main.c:2300)
==2682==
==2682== 232 (64 direct, 168 indirect) bytes in 1 blocks are definitely lost in loss record 116 of 135
==2682==    at 0x4C29BE3: malloc (vg_replace_malloc.c:299)
==2682==    by 0x11E86E92: ???
==2682==    by 0x11E8AD57: ???
==2682==    by 0x11E7E3A4: ???
==2682==    by 0x10A0E7D4: ???
==2682==    by 0x109F61C4: ???
==2682==    by 0x107BD3C7: ???
==2682==    by 0x3AEF3D: zend_startup_module_ex (zend_API.c:1843)
==2682==    by 0x3AEFEB: zend_startup_module_zval (zend_API.c:1858)
==2682==    by 0x3BC949: zend_hash_apply (zend_hash.c:1507)
==2682==    by 0x3AF2A9: zend_startup_modules (zend_API.c:1969)
==2682==    by 0x345A62: php_module_startup (main.c:2300)
==2682==
==2682== 232 (64 direct, 168 indirect) bytes in 1 blocks are definitely lost in loss record 117 of 135
==2682==    at 0x4C29BE3: malloc (vg_replace_malloc.c:299)
==2682==    by 0x11E86E92: ???
==2682==    by 0x11E7E3CD: ???
==2682==    by 0x10A0E7D4: ???
==2682==    by 0x109F61C4: ???
==2682==    by 0x107BD3C7: ???
==2682==    by 0x3AEF3D: zend_startup_module_ex (zend_API.c:1843)
==2682==    by 0x3AEFEB: zend_startup_module_zval (zend_API.c:1858)
==2682==    by 0x3BC949: zend_hash_apply (zend_hash.c:1507)
==2682==    by 0x3AF2A9: zend_startup_modules (zend_API.c:1969)
==2682==    by 0x345A62: php_module_startup (main.c:2300)
==2682==    by 0x450BBC: php_cli_startup (php_cli.c:427)
==2682==
==2682== 280 bytes in 1 blocks are definitely lost in loss record 118 of 135
==2682==    at 0x4C29BE3: malloc (vg_replace_malloc.c:299)
==2682==    by 0x37FC38: __zend_malloc (zend_alloc.c:2820)
==2682==    by 0x3E4717: zend_objects_new (zend_objects.c:171)
==2682==    by 0x3AD040: _object_and_properties_init (zend_API.c:1295)
==2682==    by 0x44AA79: ZEND_NEW_SPEC_VAR_HANDLER (zend_vm_execute.h:16310)
==2682==    by 0x3F458A: execute_ex (zend_vm_execute.h:429)
==2682==    by 0xFB5CD05: ???
==2682==    by 0x44DBCB: ZEND_DO_FCALL_SPEC_RETVAL_UNUSED_HANDLER (zend_vm_execute.h:949)
==2682==    by 0x3F458A: execute_ex (zend_vm_execute.h:429)
==2682==    by 0xFB5CD05: ???
==2682==    by 0x44DBCB: ZEND_DO_FCALL_SPEC_RETVAL_UNUSED_HANDLER (zend_vm_execute.h:949)
==2682==    by 0x3F458A: execute_ex (zend_vm_execute.h:429)
==2682==
==2682== 319 (24 direct, 295 indirect) bytes in 1 blocks are definitely lost in loss record 119 of 135
==2682==    at 0x4C2B975: calloc (vg_replace_malloc.c:711)
==2682==    by 0x11E73DA0: ???
==2682==    by 0x11E7E341: ???
==2682==    by 0x10A0E7D4: ???
==2682==    by 0x109F61C4: ???
==2682==    by 0x107BD3C7: ???
==2682==    by 0x3AEF3D: zend_startup_module_ex (zend_API.c:1843)
==2682==    by 0x3AEFEB: zend_startup_module_zval (zend_API.c:1858)
==2682==    by 0x3BC949: zend_hash_apply (zend_hash.c:1507)
==2682==    by 0x3AF2A9: zend_startup_modules (zend_API.c:1969)
==2682==    by 0x345A62: php_module_startup (main.c:2300)
==2682==    by 0x450BBC: php_cli_startup (php_cli.c:427)
==2682==
==2682== 1,024 bytes in 1 blocks are definitely lost in loss record 123 of 135
==2682==    at 0x4C2B975: calloc (vg_replace_malloc.c:711)
==2682==    by 0x11E78292: ???
==2682==    by 0x11E7E369: ???
==2682==    by 0x10A0E7D4: ???
==2682==    by 0x109F61C4: ???
==2682==    by 0x107BD3C7: ???
==2682==    by 0x3AEF3D: zend_startup_module_ex (zend_API.c:1843)
==2682==    by 0x3AEFEB: zend_startup_module_zval (zend_API.c:1858)
==2682==    by 0x3BC949: zend_hash_apply (zend_hash.c:1507)
==2682==    by 0x3AF2A9: zend_startup_modules (zend_API.c:1969)
==2682==    by 0x345A62: php_module_startup (main.c:2300)
==2682==    by 0x450BBC: php_cli_startup (php_cli.c:427)
==2682==
==2682== 1,608 (264 direct, 1,344 indirect) bytes in 1 blocks are definitely lost in loss record 126 of 135
==2682==    at 0x4C2B975: calloc (vg_replace_malloc.c:711)
==2682==    by 0x11E7799D: ???
==2682==    by 0x11E7E39D: ???
==2682==    by 0x10A0E7D4: ???
==2682==    by 0x109F61C4: ???
==2682==    by 0x107BD3C7: ???
==2682==    by 0x3AEF3D: zend_startup_module_ex (zend_API.c:1843)
==2682==    by 0x3AEFEB: zend_startup_module_zval (zend_API.c:1858)
==2682==    by 0x3BC949: zend_hash_apply (zend_hash.c:1507)
==2682==    by 0x3AF2A9: zend_startup_modules (zend_API.c:1969)
==2682==    by 0x345A62: php_module_startup (main.c:2300)
==2682==    by 0x450BBC: php_cli_startup (php_cli.c:427)
==2682==
==2682== LEAK SUMMARY:
==2682==    definitely lost: 5,136 bytes in 36 blocks
==2682==    indirectly lost: 2,445 bytes in 41 blocks
==2682==      possibly lost: 0 bytes in 0 blocks
==2682==    still reachable: 109,509 bytes in 1,504 blocks
==2682==         suppressed: 0 bytes in 0 blocks
==2682== Reachable blocks (those to which a pointer was found) are not shown.
==2682== To see them, rerun with: --leak-check=full --show-leak-kinds=all
==2682==
==2682== For counts of detected and suppressed errors, rerun with: -v
==2682== ERROR SUMMARY: 36 errors from 36 contexts (suppressed: 0 from 0)
 [2017-11-13 01:16 UTC] rasmus@php.net
We don't care about leaks in this case. We are looking for the invalid read/write that is causing the segfault and it doesn't seem to have happened on that Valgrind run you did. Try this little memcheck wrapper script:

#!/bin/bash
USE_ZEND_ALLOC=0 valgrind --tool=memcheck --leak-check=no --track-origins=yes --num-callers=30 --show-reachable=no "$@"
 [2017-11-13 09:58 UTC] cristian dot pop at softwire dot com
Sorry about that, unwarranted assumption on my part about the memory leaks. I tried running your wrapper script with USE_ZEND_ALLOC=0, but there were no segfaults.

Switching to USE_ZEND_ALLOC=1 however, I did get a segfault (and this is consistent with the results I get running my PHP script outside of valgrind). Here is the output (with USE_ZEND_ALLOC=1):

==5171== Memcheck, a memory error detector
==5171== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==5171== Using Valgrind-3.12.0 and LibVEX; rerun with -h for copyright info
==5171== Command: php ./cli/cron/noShowsUpdateJob.php
==5171==
==5171== Invalid read of size 1
==5171==    at 0x3BBC9F: UnknownInlinedFun (zend_string.h:270)
==5171==    by 0x3BBC9F: zend_hash_destroy (zend_hash.c:1248)
==5171==    by 0x1675EE8D: delete_type_persistent (php_schema.c:2459)
==5171==    by 0x3BBBF4: zend_hash_destroy (zend_hash.c:1235)
==5171==    by 0x16766030: delete_psdl_int.isra.13 (php_sdl.c:3130)
==5171==    by 0x1676609E: delete_psdl (php_sdl.c:3150)
==5171==    by 0x3BBC95: zend_hash_destroy (zend_hash.c:1246)
==5171==    by 0x167368C8: zm_shutdown_soap (soap.c:598)
==5171==    by 0x3B0EB6: module_destructor (zend_API.c:2501)
==5171==    by 0x3A960B: module_destructor_zval (zend.c:633)
==5171==    by 0x3BC790: _zend_hash_del_el_ex (zend_hash.c:997)
==5171==    by 0x3BC790: _zend_hash_del_el (zend_hash.c:1020)
==5171==    by 0x3BC790: zend_hash_graceful_reverse_destroy (zend_hash.c:1476)
==5171==    by 0x3AA1F0: zend_shutdown (zend.c:876)
==5171==    by 0x3461AA: php_module_shutdown (main.c:2445)
==5171==    by 0x1D776B: main (php_cli.c:1396)
==5171==  Address 0x26940665 is not stack'd, malloc'd or (recently) free'd
==5171==
==5171==
==5171== Process terminating with default action of signal 11 (SIGSEGV)
==5171==  Access not within mapped region at address 0x26940665
==5171==    at 0x3BBC9F: UnknownInlinedFun (zend_string.h:270)
==5171==    by 0x3BBC9F: zend_hash_destroy (zend_hash.c:1248)
==5171==    by 0x1675EE8D: delete_type_persistent (php_schema.c:2459)
==5171==    by 0x3BBBF4: zend_hash_destroy (zend_hash.c:1235)
==5171==    by 0x16766030: delete_psdl_int.isra.13 (php_sdl.c:3130)
==5171==    by 0x1676609E: delete_psdl (php_sdl.c:3150)
==5171==    by 0x3BBC95: zend_hash_destroy (zend_hash.c:1246)
==5171==    by 0x167368C8: zm_shutdown_soap (soap.c:598)
==5171==    by 0x3B0EB6: module_destructor (zend_API.c:2501)
==5171==    by 0x3A960B: module_destructor_zval (zend.c:633)
==5171==    by 0x3BC790: _zend_hash_del_el_ex (zend_hash.c:997)
==5171==    by 0x3BC790: _zend_hash_del_el (zend_hash.c:1020)
==5171==    by 0x3BC790: zend_hash_graceful_reverse_destroy (zend_hash.c:1476)
==5171==    by 0x3AA1F0: zend_shutdown (zend.c:876)
==5171==    by 0x3461AA: php_module_shutdown (main.c:2445)
==5171==    by 0x1D776B: main (php_cli.c:1396)
==5171==  If you believe this happened as a result of a stack
==5171==  overflow in your program's main thread (unlikely but
==5171==  possible), you can try to increase the size of the
==5171==  main thread stack using the --main-stacksize= flag.
==5171==  The main thread stack size used in this run was 8388608.
==5171==
==5171== HEAP SUMMARY:
==5171==     in use at exit: 4,152,094 bytes in 41,968 blocks
==5171==   total heap usage: 2,396,103 allocs, 2,354,135 frees, 77,692,281 bytes allocated
==5171==
==5171== For a detailed leak analysis, rerun with: --leak-check=full
==5171==
==5171== For counts of detected and suppressed errors, rerun with: -v
==5171== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
 [2018-01-01 20:31 UTC] nikic@php.net
Automatic comment on behalf of nikita.ppv@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=d534d59bd81798a9dfb0dd7bed2f0d1afe63fca6
Log: Fixed bug #75502
 [2018-01-01 20:31 UTC] nikic@php.net
-Status: Open +Status: Closed
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Nov 23 07:01:29 2024 UTC