php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #76440 free(): invalid pointer
Submitted: 2018-06-10 08:46 UTC Modified: 2020-03-08 10:37 UTC
Votes:3
Avg. Score:3.7 ± 0.9
Reproduced:1 of 3 (33.3%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: spam2 at rhsoft dot net Assigned: krakjoe (profile)
Status: Closed Package: MySQLi related
PHP Version: 7.2Git-2018-06-10 (Git) OS:
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: spam2 at rhsoft dot net
New email:
PHP Version: OS:

 

 [2018-06-10 08:46 UTC] spam2 at rhsoft dot net 
Description:
------------
7.2.7RC1 is fine, but every recent GIT tarball has the same crashes
i have no reproducer because that's the cleanup cronjob from a 250000 LOC codebase over 5 virtual hosts as a daily cronjob

BTW: 7.2.7-dev shoud be 7.2.8-dev now

[root@testserver:~]$ cat messages
Jun 10 10:08:11 testserver php[270845]: free(): invalid pointer
Jun 10 10:08:11 testserver systemd[1]: Started Process Core Dump (PID 270859/UID 0).
Jun 10 10:08:11 testserver systemd-coredump[270860]: Process 270857 (php) of user 4500 dumped core.
Stack trace of thread 270857:
#0  0x00007f934ddbc660 raise (libc.so.6)
#1  0x00007f934ddbdc41 abort (libc.so.6)
#2  0x00007f934ddfef17 __libc_message (libc.so.6)
#3  0x00007f934de0521a malloc_printerr (libc.so.6)
#4  0x00007f934de06d5c _int_free (libc.so.6)
#5  0x00007f934d664b64 n/a (mysqlnd.so)
#6  0x00007f934d663f02 n/a (mysqlnd.so)
#7  0x00007f934d663d56 n/a (mysqlnd.so)
#8  0x00007f934d663d38 n/a (mysqlnd.so)
#9  0x00007f934d663cf2 n/a (mysqlnd.so)
#10 0x00007f934d663a5f n/a (mysqlnd.so)
#11 0x00007f934d63a58a n/a (mysqli.so)
#12 0x00007f934d63a507 n/a (mysqli.so)
#13 0x00005646a56ca880 execute_ex (php)
#14 0x00005646a575623a zend_execute (php)
#15 0x00005646a57473f4 zend_execute_scripts (php)
#16 0x00005646a572e404 php_execute_script (php)
#17 0x00005646a576834c n/a (php)
#18 0x00005646a567e36b n/a (php)
#19 0x00007f934dda8f2a __libc_start_main (libc.so.6)
#20 0x00005646a56e992a _start (php)

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2018-06-10 10:40 UTC] cmb@php.net
-Assigned To: +Assigned To: johannes
 [2018-06-10 10:40 UTC] cmb@php.net 
This might be related to commit d6e81f0[1].  Johannes, could you
have a look at this issue please?

[1] <http://git.php.net/?p=php-src.git;a=commit;h=d6e81f0bfd0cb90586dd83d4fd47a4302605261a>
 [2018-06-12 17:13 UTC] spam2 at rhsoft dot net 
ping

the same with current 7.2 GIT

so now we have a master where opcache crashes and a 7.2 tree which still says it's 7.2.7-dev while the changelog has entries for 7.2.8 crahsing with mysqlnd

gdb don't really help even with a debug build, the only stacktrace i get is from systemd when running as oneshot-service

[root@testserver:~]$ systemctl start contentlounge-cleanup.service
[root@testserver:~]$ cat messages
Jun 12 19:12:34 testserver php[518756]: free(): invalid pointer
Jun 12 19:12:34 testserver systemd[1]: Started Process Core Dump (PID 518763/UID 0).
Jun 12 19:12:34 testserver systemd-coredump[518764]: Process 518762 (php) of user 4500 dumped core.

Stack trace of thread 518762:
#0  0x00007f8f519ba660 raise (libc.so.6)
#1  0x00007f8f519bbc41 abort (libc.so.6)
#2  0x00007f8f519fcf17 __libc_message (libc.so.6)
#3  0x00007f8f51a0321a malloc_printerr (libc.so.6)
#4  0x00007f8f51a04d5c _int_free (libc.so.6)
#5  0x00007f8f44156249 _mysqlnd_pefree (mysqlnd.so)
#6  0x00007f8f441451fb mysqlnd_mysqlnd_conn_data_free_contents_pub (mysqlnd.so)
#7  0x00007f8f441455da mysqlnd_mysqlnd_conn_data_dtor_priv (mysqlnd.so)
#8  0x00007f8f4414ca82 mysqlnd_mysqlnd_conn_data_free_reference_priv (mysqlnd.so)
#9  0x00007f8f441516cc mysqlnd_mysqlnd_conn_dtor_priv (mysqlnd.so)
#10 0x00007f8f44151b5d mysqlnd_mysqlnd_conn_close_pub (mysqlnd.so)
#11 0x00007f8f43f18175 php_mysqli_close (mysqli.so)
#12 0x00007f8f43f1215a mysqli_link_free_storage (mysqli.so)
#13 0x00005614f98cf3e2 zend_objects_store_free_object_storage (php)
#14 0x00005614f9863dc7 shutdown_executor (php)
#15 0x00005614f987e807 zend_deactivate (php)
#16 0x00005614f97ebb17 php_request_shutdown (php)
#17 0x00005614f9969851 do_cli (php)
#18 0x00005614f9969f2c main (php)
#19 0x00007f8f519a6f2a __libc_start_main (libc.so.6)
#20 0x00005614f9653cea _start (php)

[wwwcron@testserver:~]$ /usr/bin/php /Volumes/dune/updateservice/distribute/call_cronjob.php cleanup.php
free(): invalid pointer
[wwwcron@testserver:~]$ gdb --args /usr/bin/php /Volumes/dune/updateservice/distribute/call_cronjob.php cleanup.php
GNU gdb (GDB) Fedora 8.0.1-36.fc27
Copyright (C) 2017 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /usr/bin/php...done.
(gdb) run
Starting program: /usr/bin/php /Volumes/dune/updateservice/distribute/call_cronjob.php cleanup.php
Missing separate debuginfos, use: dnf debuginfo-install php-cli-7.2.8-3.0.fc27.20180612.1853.rh.sandybridge.x86_64
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Detaching after fork from child process 518628.
Detaching after fork from child process 518629.
Detaching after fork from child process 518630.
Detaching after fork from child process 518631.
free(): invalid pointer
Detaching after fork from child process 518634.
[Inferior 1 (process 518624) exited normally]
(gdb) bt
No stack.
 [2018-06-14 08:43 UTC] nikic@php.net
-Status: Assigned +Status: Feedback
 [2018-06-14 08:43 UTC] nikic@php.net 
This issue should be fixed by https://github.com/php/php-src/commit/11507c0e1bfa17a96480f3648397f6975c31551e. Can you please verify that current 7.2 HEAD resolves this problem for you?
 [2018-06-14 09:22 UTC] spam2 at rhsoft dot net 
confirmed - thanks!

p.s.: the bugtracker is terrible slow currently and ends in repeated timeouts
 [2018-06-14 09:30 UTC] nikic@php.net
-Status: Feedback +Status: Assigned -Assigned To: johannes +Assigned To: krakjoe
 [2018-06-14 09:30 UTC] nikic@php.net 
Thanks for checking! Assigning this to krakjoe to make sure this fix is cherry-picked into the 7.1 release (or else the original change reverted).
 [2020-03-08 10:37 UTC] cmb@php.net
-Status: Assigned +Status: Closed
 [2020-03-08 10:37 UTC] cmb@php.net 
PHP 7.1 doesn't appear to be affected by this, but has reached
it's end of life anyway, so I'm closing this ticket.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Fri Apr 19 22:01:28 2024 UTC