php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #77468 zend_mm_heap corrupted
Submitted: 2019-01-16 13:38 UTC Modified: 2019-07-24 09:07 UTC
Votes:5
Avg. Score:4.6 ± 0.8
Reproduced:4 of 4 (100.0%)
Same Version:2 (50.0%)
Same OS:1 (25.0%)
From: thomas dot wiedmann at laek-bw dot de Assigned: sixd (profile)
Status: Assigned Package: PDO OCI
PHP Version: 7.3.1 OS: Windows 7 (Win64)
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: thomas dot wiedmann at laek-bw dot de
New email:
PHP Version: OS:

 

 [2019-01-16 13:38 UTC] thomas dot wiedmann at laek-bw dot de
Description:
------------
Apache 2 Errorlog shows: zend_mm_heap corrupted and restart. Maybe PDO_OCI related. Try to move from project from 5.6.x to 7.3.1



Test script:
---------------
[...]
[Wed Jan 16 14:24:28.175823 2019] [authz_core:debug] [pid 3520:tid 796] mod_authz_core.c(817): [client x.x.x.x:55680] AH01626: authorization result of Require all granted: granted, referer: http://x.x.x.x/start/wellcome?SID=7686e02d7a8928b02b448f1e5998781c
[Wed Jan 16 14:24:28.175823 2019] [authz_core:debug] [pid 3520:tid 796] mod_authz_core.c(817): [client x.x.x.x:55680] AH01626: authorization result of <RequireAny>: granted, referer: http://x.x.x.x/start/wellcome?SID=7686e02d7a8928b02b448f1e5998781c
zend_mm_heap corrupted
[Wed Jan 16 14:24:28.339839 2019] [mpm_winnt:notice] [pid 1496:tid 368] AH00428: Parent: child process 3520 exited with status 1 -- Restarting.
[Wed Jan 16 14:24:28.372843 2019] [mpm_winnt:notice] [pid 1496:tid 368] AH00455: Apache/2.4.37 (Win64) PHP/7.3.1 configured -- resuming normal operations
[Wed Jan 16 14:24:28.372843 2019] [mpm_winnt:notice] [pid 1496:tid 368] AH00456: Apache Lounge VC15 Server built: Nov 21 2018 11:51:35
[Wed Jan 16 14:24:28.372843 2019] [core:notice] [pid 1496:tid 368] AH00094: Command line: 'C:\\Program Files\\Apache24\\bin\\httpd.exe -d C:/Program Files/Apache24'
[Wed Jan 16 14:24:28.372843 2019] [core:debug] [pid 1496:tid 368] log.c(1568): AH02639: Using SO_REUSEPORT: no (0)
[Wed Jan 16 14:24:28.373843 2019] [mpm_winnt:notice] [pid 1496:tid 368] AH00418: Parent: Created child process 3372
[Wed Jan 16 14:24:28.373843 2019] [mpm_winnt:debug] [pid 1496:tid 368] mpm_winnt.c(430): AH00402: Parent: Sent the scoreboard to the child
[Wed Jan 16 14:24:28.603866 2019] [mpm_winnt:debug] [pid 3372:tid 244] mpm_winnt.c(1719): AH00453: Child process is running
[Wed Jan 16 14:24:28.604866 2019] [mpm_winnt:debug] [pid 3372:tid 244] mpm_winnt.c(344): AH00391: Child: Retrieved our scoreboard from the parent.
[Wed Jan 16 14:24:28.604866 2019] [mpm_winnt:debug] [pid 3372:tid 244] mpm_winnt.c(466): AH00403: Child: Waiting for data for listening socket 127.0.0.1:8080
[Wed Jan 16 14:24:28.604866 2019] [mpm_winnt:debug] [pid 1496:tid 368] mpm_winnt.c(513): AH00408: Parent: Duplicating socket 324 (127.0.0.1:8080) and sending it to child process 3372
[Wed Jan 16 14:24:28.604866 2019] [mpm_winnt:debug] [pid 1496:tid 368] mpm_winnt.c(513): AH00408: Parent: Duplicating socket 268 (x.x.x.x:80) and sending it to child process 3372
[Wed Jan 16 14:24:28.604866 2019] [mpm_winnt:debug] [pid 1496:tid 368] mpm_winnt.c(532): AH00411: Parent: Sent 2 listeners to child 3372
[Wed Jan 16 14:24:28.605866 2019] [mpm_winnt:debug] [pid 3372:tid 244] mpm_winnt.c(466): AH00403: Child: Waiting for data for listening socket x.x.x.x:80
[Wed Jan 16 14:24:28.605866 2019] [mpm_winnt:debug] [pid 3372:tid 244] mpm_winnt.c(491): AH00407: Child: retrieved 2 listeners from parent
[Wed Jan 16 14:24:28.605866 2019] [mpm_winnt:debug] [pid 3372:tid 244] child.c(969): AH00352: Child: Acquired the start mutex.
[Wed Jan 16 14:24:28.605866 2019] [mpm_winnt:notice] [pid 3372:tid 244] AH00354: Child: Starting 64 worker threads.
[...]

Expected result:
----------------
No zend_mm_heap related Apache restart


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2019-01-16 14:20 UTC] ab@php.net
-Status: Open +Status: Feedback
 [2019-01-16 14:20 UTC] ab@php.net
Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read
http://bugs.php.net/bugs-generating-backtrace.php for *NIX and
http://bugs.php.net/bugs-generating-backtrace-win32.php for Win32

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.


 [2019-01-18 11:58 UTC] thomas dot wiedmann at laek-bw dot de
-Status: Feedback +Status: Open
 [2019-01-18 11:58 UTC] thomas dot wiedmann at laek-bw dot de
Microsoft DebugDiag Analysis tools are different now
- need .NET 4.0 Framework
- Analyse is a separated tool

I get a .dump (145 MB) , but the analyse tool show:

---[Error]---
Please follow up with the vendor The PHP Group for [...]\php-7.3.1-Win32-VC15-x64\php7ts.dll
 
WARNING - DebugDiag was not able to locate debug symbols for \php7ts.dll, so the information below may be incomplete.

In httpd__PID__4240__Date__01_18_2019__Time_11_58_27AM__375__Second_Chance_Exception_C0000005.dmp the assembly instruction at php7ts!efree+61 in [...]\php-7.3.1-Win32-VC15-x64\php7ts.dll from The PHP Group has caused an access violation exception (0xC0000005) when trying to read from memory location 0x04000838 on thread 6

Thread 6 - System ID 4180

Entry point   libhttpd!ap_run_generate_log_id+3b10 
Create time   18.01.2019 11:57:39 
Time spent in user mode   0 Days 00:00:00.218 
Time spent in kernel mode   0 Days 00:00:00.140 


This thread is not fully resolved and may or may not be a problem. Further analysis of these threads may be required.

php7ts!efree+61 
php_pdo_oci+30cf 
php7ts!php_pdo_free_statement+d8c 
php7ts!php_pdo_free_statement+1731 
php7ts!zend_cleanup_unfinished_execution+50b 
php7ts!execute_ex+5f 
php7ts!zend_execute+1a8 
php7ts!zend_execute_scripts+b9 
php7ts!php_execute_script+261 
php7apache2_4+3df1 
libhttpd!ap_run_handler+35 
libhttpd!ap_invoke_handler+10f 
libhttpd!ap_internal_redirect_handler+29a 
libhttpd!ap_process_request+f 
libhttpd!ap_byterange_filter+1581 
libhttpd!ap_run_process_connection+35 
libhttpd!ap_process_connection+45 
libhttpd!ap_run_generate_log_id+3da0 
kernel32!BaseThreadInitThunk+d 
ntdll!RtlUserThreadStart+1d 

-------------
 [2019-01-18 13:00 UTC] thomas dot wiedmann at laek-bw dot de
Apache Version - httpd-2.4.37-win64-VC15.zip (14.12.2018 11:52)
 [2019-01-18 14:55 UTC] cmb@php.net
-Package: Apache2 related +Package: PDO OCI -Assigned To: +Assigned To: sixd
 [2019-01-18 14:55 UTC] cmb@php.net
This looks like an PDO Core or PDO_OCI issue; Christopher,
could you please have a look at this?
 [2019-01-18 21:48 UTC] sixd@php.net
-Status: Assigned +Status: Feedback
 [2019-01-18 21:48 UTC] sixd@php.net
I'll need your SQL to create the table data and minimal PHP file that shows the issue.  Thanks.
 [2019-01-21 09:38 UTC] thomas dot wiedmann at laek-bw dot de
-Status: Feedback +Status: Assigned
 [2019-01-21 09:38 UTC] thomas dot wiedmann at laek-bw dot de
I get the restart after doing the same PL/SQL more then two times. Logging same "error_log" notes. It's look like this

-----[Process]---
read() - start
read() - prepared
read() - executed
read() - closeCursor
read() - stmt=null
read() - start
read() - prepared
read() - executed
read() - closeCursor
read() - stmt=null
zend_mm_heap corrupted
restarting
-----[Process]---

Sorry: get message: Your comment looks like SPAM by its content. Please consider rewording.

So I will send more then one feedback
 [2019-01-21 09:40 UTC] thomas dot wiedmann at laek-bw dot de
Second piece


After the second stmt=null apache crashed
----[php PL/SQL call]---
$sQuery = '';
$sQuery = $sQuery . 'BEGIN ';
$sQuery = $sQuery . ' tw_pkg_bearbeiter.Read(:df_nBearbeiter,:df_sArt); ';   
$sQuery = $sQuery . ' tw_pkg_bearbeiter.GetnBearbeiter(:df_nBearbeiter);';
$sQuery = $sQuery . ' tw_pkg_bearbeiter.GetsArt(:df_sArt);';
$sQuery = $sQuery . ' tw_pkg_bearbeiter.GetnZahl(:df_nZahl);';
$sQuery = $sQuery . ' tw_pkg_bearbeiter.GetsText(:df_sText);';
$sQuery = $sQuery . ' tw_pkg_bearbeiter.GetdtZahl(:df_dtZahl);';         
$sQuery = $sQuery . ' tw_pkg_bearbeiter.GetnStatus(:nStatus); ';                    
$sQuery = $sQuery . 'END; ';          
 
$stmt = $dbh->prepare($sQuery);
if ($stmt) { 

 error_log('bearbeiter read() - prepared', 0); 

 $stmt->bindParam(':df_nBearbeiter', $df_nBearbeiter, PDO::PARAM_INT | PDO::PARAM_INPUT_OUTPUT, 22 );
 $stmt->bindParam(':df_sArt', $df_sArt, PDO::PARAM_STR | PDO::PARAM_INPUT_OUTPUT, 15 );
 $stmt->bindParam(':df_nZahl', $df_nZahl, PDO::PARAM_INT | PDO::PARAM_INPUT_OUTPUT, 22 );
 $stmt->bindParam(':df_sText', $df_sText, PDO::PARAM_STR | PDO::PARAM_INPUT_OUTPUT, 40 );          
 $stmt->bindParam(':df_dtZahl', $df_dtZahl, PDO::PARAM_STR | PDO::PARAM_INPUT_OUTPUT, 10 );
 $stmt->bindParam(':nStatus', $nStatus, PDO::PARAM_INT | PDO::PARAM_INPUT_OUTPUT, 22 );       

 $stmt->execute();
 
 error_log('bearbeiter read() - executed', 0); 
 
 $stmt->closeCursor();       
 
 error_log('bearbeiter read() - closeCursor', 0); 
 
 $stmt = null;               
 
 error_log('bearbeiter read() - stmt=null', 0); 
 
 if ($nStatus) {
  // ok     
 } else {
  // nicht gefunden @todo - Fehlermeldung?
 }  
}
----[php PL/SQL call]---
 [2019-01-21 09:41 UTC] thomas dot wiedmann at laek-bw dot de
Third piece

----[PL/SQL Package]----
CREATE OR REPLACE PACKAGE tw_pkg_bearbeiter
 AUTHID CURRENT_USER
IS 
 
 /**
 * Hauptmethoden
 */
 PROCEDURE Read (p_nBearbeiter IN  NUMBER := NULL, p_sArt IN  VARCHAR2 := NULL); 
 

 /**
 * GET/SET
 */
 PROCEDURE GetnBearbeiter ( p_nBearbeiter OUT  NUMBER  );
 PROCEDURE SetnBearbeiter ( p_nBearbeiter IN  NUMBER  := NULL );
 PROCEDURE GetsArt ( p_sArt OUT  VARCHAR2  );
 PROCEDURE SetsArt ( p_sArt IN  VARCHAR2  := NULL );
 PROCEDURE GetnZahl ( p_nZahl OUT  NUMBER  );
 PROCEDURE SetnZahl ( p_nZahl IN  NUMBER  := NULL );
 PROCEDURE GetsText ( p_sText OUT  VARCHAR2  );
 PROCEDURE SetsText ( p_sText IN  VARCHAR2  := NULL );
 
 PROCEDURE GetdtZahl ( p_dtZahl OUT VARCHAR2  );
 PROCEDURE SetdtZahl ( p_dtZahl IN  VARCHAR2  := NULL ); 
 
END;
----[PL/SQL Package]----
 [2019-01-21 09:44 UTC] thomas dot wiedmann at laek-bw dot de
Forth piece 

----[PL/SQL Package Body]----
CREATE OR REPLACE PACKAGE BODY tw_pkg_bearbeiter
IS

 /**
 * Globale Variablen für Tabelle: BEARBEITER 
 */ 
 g_nBearbeiter bearbeiter.bearbeiter%TYPE;
 g_sArt bearbeiter.art%TYPE;
 g_nZahl bearbeiter.zahl%TYPE;
 g_sText bearbeiter.text%TYPE;

 /**
 * Verarbeitungsstatus
 */
 g_nStatus NUMBER := 0;
 g_nEOF NUMBER := 0;
 error_code NUMBER := SQLCODE;
 error_msg VARCHAR2(512) := SQLERRM;
 
 CURSOR curBearbeiterRead(p_nBearbeiter NUMBER, p_sArt VARCHAR2 ) IS
 SELECT 
   bearbeiter, 
   art, 
   zahl, 
   text
  FROM bearbeiter
 WHERE bearbeiter = p_nBearbeiter
   AND art = p_sArt;
  
 recBearbeiterRead curBearbeiterRead%ROWTYPE;  
 
 /**
 * globale Variable zu BEARBEITER initialisieren
 */
 PROCEDURE Init
 IS
 BEGIN
  
  g_nBearbeiter := NULL;
  g_sArt := NULL;
  g_nZahl := NULL;
  g_sText := NULL;
  
 END;

 
 /**
 * Datensatz direkt lesen
 */
 PROCEDURE Read (p_nBearbeiter IN  NUMBER, p_sArt IN  VARCHAR2 )
 IS
 BEGIN
  /**
  * INIT
  */
  Init();
  
  
  OPEN curBearbeiterRead(p_nBearbeiter, p_sArt);
  LOOP
   FETCH curBearbeiterRead INTO recBearbeiterRead;
   EXIT WHEN curBearbeiterRead%NOTFOUND;
   /**
   * Datensatz in globale Variablen einlesen
   */
   g_nBearbeiter := recBearbeiterRead.bearbeiter;
   g_sArt := recBearbeiterRead.art;
   g_nZahl := recBearbeiterRead.zahl;
   g_sText := recBearbeiterRead.text;
   
   EXIT;
  END LOOP;
  IF curBearbeiterRead%FOUND THEN
   g_nStatus := 1;
  ELSE 
   g_nStatus := 0;  
  END IF;
  CLOSE curBearbeiterRead;  
 END; 

 
 PROCEDURE Close 
 IS 
 BEGIN 
   IF curBearbeiterRead%ISOPEN THEN
    CLOSE curBearbeiterRead;
   END IF;  

   IF curBearbeiterSearch%ISOPEN THEN
    CLOSE curBearbeiterSearch;
   END IF;     
 END;
 
 
 /**
 * PRIVAT FUNCTION - nicht in Spezifikation
 * Prüfen auf zwischenzeitliche Änderung (multiuser) und Sperren für UPDATE
 */

 
 /**
 * Status - Get - Variablen
 */ 
 PROCEDURE GetnStatus (p_nStatus OUT NUMBER)
 IS
 BEGIN
  p_nStatus :=  g_nStatus;
 END;     
 PROCEDURE GetnErrorcode (p_error_code OUT NUMBER)
 IS
 BEGIN
  p_error_code :=  error_code;
 END;     
 PROCEDURE GetsErrormsg (p_error_msg OUT VARCHAR2)
 IS
 BEGIN
  p_error_msg :=  error_msg;
 END;     
 
    
 /**
 * SET/GET Methoden 
 */ 
 PROCEDURE GetnBearbeiter ( p_nBearbeiter OUT  NUMBER  )
 IS 
 BEGIN 
  p_nBearbeiter :=  g_nBearbeiter;
 END; 
 PROCEDURE SetnBearbeiter ( p_nBearbeiter IN  NUMBER  )
 IS 
 BEGIN 
  g_nBearbeiter :=  p_nBearbeiter;
 END; 
 PROCEDURE GetsArt ( p_sArt OUT  VARCHAR2  )
 IS 
 BEGIN 
  p_sArt :=  g_sArt;
 END; 
 PROCEDURE SetsArt ( p_sArt IN  VARCHAR2  )
 IS 
 BEGIN 
  g_sArt :=  p_sArt;
 END; 
 PROCEDURE GetnZahl ( p_nZahl OUT  NUMBER  )
 IS 
 BEGIN 
  p_nZahl :=  g_nZahl;
 END; 
 PROCEDURE SetnZahl ( p_nZahl IN  NUMBER  )
 IS 
 BEGIN 
  g_nZahl :=  p_nZahl;
 END; 
 PROCEDURE GetsText ( p_sText OUT  VARCHAR2  )
 IS 
 BEGIN 
  p_sText :=  g_sText;
 END; 
 PROCEDURE SetsText ( p_sText IN  VARCHAR2  )
 IS 
 BEGIN 
  g_sText :=  p_sText;
 END; 
 
 /**
 * wenn in Zahl ein Julianisches Datum hinterlegt ist, 
 * dieses im Format DD.MM.YYYY abholen/setzen
 */ 
 PROCEDURE GetdtZahl ( p_dtZahl OUT VARCHAR2  )
 IS 
 BEGIN 
  p_dtZahl :=  TO_CHAR(TO_DATE(g_nZahl,'J'),'DD.MM.YYYY');
 END; 
 PROCEDURE SetdtZahl ( p_dtZahl IN VARCHAR2 )
 IS 
 BEGIN 
  g_nZahl :=   TO_NUMBER(TO_CHAR(TO_DATE(p_dtZahl,'DD.MM.YYYY'),'J'));
 END;  
 
 
 
BEGIN
 NULL;
 EXCEPTION
  WHEN others THEN 
   error_code := SQLCODE;
   error_msg := SQLERRM;
END;


----[PL/SQL Package Body]----
 [2019-07-24 08:34 UTC] thomas dot wiedmann at laek-bw dot de
I am not sure in which PHP version this error is fixed. Am I waiting for 7.4 ?
Thanks!
 [2019-07-24 09:07 UTC] cmb@php.net
> I am not sure in which PHP version this error is fixed.

Since this ticket has not been closed, the bug is not fixed yet.
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Tue Nov 12 16:01:30 2019 UTC