Getting periodic crashes in some of my templates. Crash is reproduceable using cgi or apache builds. Crash also occurs under solaris 2.7. Backtrace is from Linux RedHat 7.0

211             CALCULATE_REAL_SIZE_AND_CACHE_INDEX(p->size);
(gdb) bt
#0  0x80aaa14 in _efree (ptr=0x735740) at zend_alloc.c:211
#1  0x80b53bf in _zval_dtor (zvalue=0x81a44fc) at zend_variables.c:62
#2  0x80af555 in _zval_ptr_dtor (zval_ptr=0x81dd818) at zend_execute_API.c:261
#3  0x80b9198 in zend_hash_clean (ht=0x8153124) at zend_hash.c:590
#4  0x80d30b0 in execute (op_array=0x814e504) at ./zend_execute.c:1575
#5  0x80b637d in zend_execute_scripts (type=8, file_count=3) at zend.c:729
#6  0x805d733 in php_execute_script (primary_file=0xbffff6e0) at main.c:1221
#7  0x805bee8 in main (argc=3, argv=0xbffff784) at cgi_main.c:738
#8  0x40698b65 in __libc_start_main (main=0x805b77c <main>, argc=3, 
    ubp_av=0xbffff784, init=0x805a0ec <_init>, fini=0x80d86cc <_fini>, 
    rtld_fini=0x4000df24 <_dl_fini>, stack_end=0xbffff77c)
    at ../sysdeps/generic/libc-start.c:111


./configure --prefix=/var/mancala \
            #--with-apache=/src/linux/build/apache_1.3.17 \
            --with-oci8 \
            --without-mysql \
            --with-zlib=/usr/lib \
            --with-dom=/src/linux/build/libxml2-2.2.11 \
            --enable-sysvsem \
            --enable-sysvshm \
            --disable-xml 

[PHP]

;;;;;;;;;;;;;;;;;;;
; About this file ;
;;;;;;;;;;;;;;;;;;;
; This file controls many aspects of PHP's behavior.  In order for PHP to
; read it, it must be named 'php.ini'.  PHP looks for it in the current
; working directory, in the path designated by the environment variable
; PHPRC, and in the path that was defined in compile time (in that order).
; Under Windows, the compile-time path is the Windows directory.  The
; path in which the php.ini file is looked for can be overriden using
; the -c argument in command line mode.
;
; The syntax of the file is extremely simple.  Whitespace and Lines
; beginning with a semicolon are silently ignored (as you probably guessed).
; Section headers (e.g. [Foo]) are also silently ignored, even though
; they might mean something in the future.
;
; Directives are specified using the following syntax:
; directive = value
; Directive names are *case sensitive* - foo=bar is different from FOO=bar.
;
; The value can be a string, a number, a PHP constant (e.g. E_ALL or M_PI), one
; of the INI constants (On, Off, True, False, Yes, No and None) or an expression
; (e.g. E_ALL & ~E_NOTICE), or a quoted string ("foo").
;
; Expressions in the INI file are limited to bitwise operators and parentheses:
; |				bitwise OR
; &				bitwise AND
; ~				bitwise NOT
; !				boolean NOT
;
; Boolean flags can be turned on using the values 1, On, True or Yes.
; They can be turned off using the values 0, Off, False or No.
;
; An empty string can be denoted by simply not writing anything after the equal
; sign, or by using the None keyword:
;
;   foo =			; sets foo to an empty string
;	foo = none		; sets foo to an empty string
;	foo = "none"	; sets foo to the string 'none'
;
; If you use constants in your value, and these constants belong to a dynamically
; loaded extension (either a PHP extension or a Zend extension), you may only
; use these constants *after* the line that loads the extension.
;
; All the values in the php.ini-dist file correspond to the builtin
; defaults (that is, if no php.ini is used, or if you delete these lines,
; the builtin defaults will be identical).


;;;;;;;;;;;;;;;;;;;;
; Language Options ;
;;;;;;;;;;;;;;;;;;;;

engine			=	On	; Enable the PHP scripting language engine under Apache
short_open_tag	=	On	; allow the <? tag.  otherwise, only <?php and <script> tags are recognized.
asp_tags		=	On  ; allow ASP-style <% %> tags
precision		=	14	; number of significant digits displayed in floating point numbers
y2k_compliance	=	Off	; whether to be year 2000 compliant (will cause problems with non y2k compliant browsers)
output_buffering	= Off	; Output buffering allows you to send header lines (including cookies)
							; even after you send body content, in the price of slowing PHP's
							; output layer a bit.
							; You can enable output buffering by in runtime by calling the output
							; buffering functions, or enable output buffering for all files
							; by setting this directive to On.
output_handler		=		; You can redirect all of the output of your scripts to a function,
							; that can be responsible to process or log it.  For example,
							; if you set the output_handler to "ob_gzhandler", than output
							; will be transparently compressed for browsers that support gzip or
							; deflate encoding.  Setting an output handler automatically turns on
							; output buffering.
implicit_flush		= Off	; Implicit flush tells PHP to tell the output layer to flush itself
							; automatically after every output block.  This is equivalent to
							; calling the PHP function flush() after each and every call to print()
							; or echo() and each and every HTML block.
							; Turning this option on has serious performance implications, and
							; is generally recommended for debugging purposes only.
; Mancala: allow_call_time_pass_reference turned off
allow_call_time_pass_reference	= Off	; whether to enable the ability to force arguments to be 
										; passed by reference at function-call time.  This method
										; is deprecated, and is likely to be unsupported in future
										; versions of PHP/Zend.  The encouraged method of specifying
										; which arguments should be passed by reference is in the
										; function declaration.  You're encouraged to try and
										; turn this option Off, and make sure your scripts work
										; properly with it, to ensure they will work with future
										; versions of the language (you will receive a warning
										; each time you use this feature, and the argument will
										; be passed by value instead of by reference).

; Safe Mode
safe_mode		=	Off
safe_mode_exec_dir	=
safe_mode_allowed_env_vars = PHP_					; Setting certain environment variables
													; may be a potential security breach.
													; This directive contains a comma-delimited
													; list of prefixes.  In Safe Mode, the
													; user may only alter environment
													; variables whose names begin with the
													; prefixes supplied here.
													; By default, users will only be able
													; to set environment variables that begin
													; with PHP_ (e.g. PHP_FOO=BAR).
													; Note:  If this directive is empty, PHP
													; will let the user modify ANY environment
													; variable!
safe_mode_protected_env_vars = LD_LIBRARY_PATH		; This directive contains a comma-
													; delimited list of environment variables,
													; that the end user won't be able to
													; change using putenv().
													; These variables will be protected
													; even if safe_mode_allowed_env_vars is
													; set to allow to change them.


disable_functions	=								; This directive allows you to disable certain
													; functions for security reasons.  It receives
													; a comma separated list of function names.
													; This directive is *NOT* affected by whether
													; Safe Mode is turned on or off.
													

; Colors for Syntax Highlighting mode.  Anything that's acceptable in <font color=???> would work.
highlight.string	=	#DD0000
highlight.comment	=	#FF8000
highlight.keyword	=	#007700
highlight.bg		=	#FFFFFF
highlight.default	=	#0000BB
highlight.html		=	#000000

; Misc
expose_php	=	Off		; Decides whether PHP may expose the fact that it is installed on the
						; server (e.g., by adding its signature to the Web server header).
						; It is no security threat in any way, but it makes it possible
						; to determine whether you use PHP on your server or not.



;;;;;;;;;;;;;;;;;;;
; Resource Limits ;
;;;;;;;;;;;;;;;;;;;

max_execution_time = 30     ; Maximum execution time of each script, in seconds
memory_limit = 8M			; Maximum amount of memory a script may consume (8MB)


;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
; Error handling and logging ;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
; error_reporting is a bit-field.  Or each number up to get desired error reporting level
; E_ALL				- All errors and warnings
; E_ERROR			- fatal run-time errors
; E_WARNING			- run-time warnings (non fatal errors)
; E_PARSE			- compile-time parse errors
; E_NOTICE			- run-time notices (these are warnings which often result from a bug in
;					  your code, but it's possible that it was intentional (e.g., using an
;					  uninitialized variable and relying on the fact it's automatically
;					  initialized to an empty string)
; E_CORE_ERROR		- fatal errors that occur during PHP's initial startup
; E_CORE_WARNING	- warnings (non fatal errors) that occur during PHP's initial startup
; E_COMPILE_ERROR	- fatal compile-time errors
; E_COMPILE_WARNING	- compile-time warnings (non fatal errors)
; E_USER_ERROR		- user-generated error message
; E_USER_WARNING	- user-generated warning message
; E_USER_NOTICE		- user-generated notice message
; Examples:
; error_reporting = E_ALL & ~E_NOTICE						; show all errors, except for notices
; error_reporting = E_COMPILE_ERROR|E_ERROR|E_CORE_ERROR	; show only errors
error_reporting	=	E_ALL & ~E_NOTICE		; Show all errors except for notices
display_errors	=	On	; Print out errors (as a part of the output)
						; For production web sites, you're strongly encouraged
						; to turn this feature off, and use error logging instead (see below).
						; Keeping display_errors enabled on a production web site may reveal
						; security information to end users, such as file paths on your Web server,
						; your database schema or other information.
display_startup_errors = Off		; Even when display_errors is on, errors that occur during
									; PHP's startup sequence are not displayed.  It's strongly
									; recommended to keep display_startup_errors off, except for
									; when debugging.
log_errors		=	On	; Log errors into a log file (server-specific log, stderr, or error_log (below))
						; As stated above, you're strongly advised to use error logging in place of
						; error displaying on production web sites.
track_errors	=	On	; Store the last error/warning message in $php_errormsg (boolean)
;error_prepend_string = "<font color=ff0000>"   ; string to output before an error message
;error_append_string = "</font>"                ; string to output after an error message
;error_log	=	filename	; log errors to specified file
;error_log	=	syslog		; log errors to syslog (Event Log on NT, not valid in Windows 95)
error_log	=	/var/mancala/apache/logs/php.log
warn_plus_overloading	=	Off		; warn if the + operator is used with strings


;;;;;;;;;;;;;;;;;
; Data Handling ;
;;;;;;;;;;;;;;;;;
; Note - track_vars is ALWAYS enabled as of PHP 4.0.3
variables_order		=	"EGPCS"	; This directive describes the order in which PHP registers
								; GET, POST, Cookie, Environment and Built-in variables (G, P,
								; C, E & S respectively, often referred to as EGPCS or GPC).
								; Registration is done from left to right, newer values override
								; older values.
register_globals	=	On		; Whether or not to register the EGPCS variables as global
								; variables.  You may want to turn this off if you don't want
								; to clutter your scripts' global scope with user data.  This makes
								; most sense when coupled with track_vars - in which case you can
								; access all of the GPC variables through the $HTTP_*_VARS[],
								; variables.
								; You should do your best to write your scripts so that they do
								; not require register_globals to be on;  Using form variables
								; as globals can easily lead to possible security problems, if
								; the code is not very well thought of.
register_argc_argv	=	On		; This directive tells PHP whether to declare the argv&argc
								; variables (that would contain the GET information).  If you
								; don't use these variables, you should turn it off for
								; increased performance
post_max_size		=	8M		; Maximum size of POST data that PHP will accept.
gpc_order			=	"GPC"	; This directive is deprecated.  Use variables_order instead.

; Magic quotes
; Mancala: magic_quotes_gpc turned off.
magic_quotes_gpc	=	Off		; magic quotes for incoming GET/POST/Cookie data
magic_quotes_runtime=	Off		; magic quotes for runtime-generated data, e.g. data from SQL, from exec(), etc.
magic_quotes_sybase	=	Off		; Use Sybase-style magic quotes (escape ' with '' instead of \')

; automatically add files before or after any PHP document
auto_prepend_file	=
auto_append_file	=

; As of 4.0b4, PHP always outputs a character encoding by default in
; the Content-type: header.  To disable sending of the charset, simply
; set it to be empty.
; PHP's built-in default is text/html
default_mimetype = "text/html"
;default_charset = "iso-8859-1"

;;;;;;;;;;;;;;;;;;;;;;;;;
; Paths and Directories ;
;;;;;;;;;;;;;;;;;;;;;;;;;
include_path	=                   ; UNIX: "/path1:/path2"  Windows: "\path1;\path2"
doc_root		=					; the root of the php pages, used only if nonempty
user_dir		=					; the directory under which php opens the script using /~username, used only if nonempty
extension_dir	=	./				; directory in which the loadable extensions (modules) reside
enable_dl		= On				; Whether or not to enable the dl() function.
									; The dl() function does NOT properly work in multithreaded
									; servers, such as IIS or Zeus, and is automatically disabled
									; on them.


;;;;;;;;;;;;;;;;
; File Uploads ;
;;;;;;;;;;;;;;;;
file_uploads	= On				; Whether to allow HTTP file uploads
;upload_tmp_dir	=	                ; temporary directory for HTTP uploaded files (will use system default if not specified)
upload_max_filesize = 2M		    ; Maximum allowed size for uploaded files


;;;;;;;;;;;;;;;;;;
; Fopen wrappers ;
;;;;;;;;;;;;;;;;;;
allow_url_fopen = On                ; Wheter to allow trating URLs like http:... or ftp:... like files


;;;;;;;;;;;;;;;;;;;;;;
; Dynamic Extensions ;
;;;;;;;;;;;;;;;;;;;;;;
; if you wish to have an extension loaded automaticly, use the
; following syntax:  extension=modulename.extension
; for example, on windows,
; extension=msql.dll
; or under UNIX,
; extension=msql.so
; Note that it should be the name of the module only, no directory information 
; needs to go here.  Specify the location of the extension with the extension_dir directive above.


;Windows Extensions
;Note that MySQL and ODBC support is now built in, so no dll is needed for it.
;
;extension=php_bz2.dll
;extension=php_ctype.dll
;extension=php_cpdf.dll
;extension=php_curl.dll
;extension=php_cybercash.dll
;extension=php_db.dll
;extension=php_dba.dll
;extension=php_dbase.dll
;extension=php_domxml.dll
;extension=php_dotnet.dll
;extension=php_exif.dll
;extension=php_fdf.dll
;extension=php_filepro.dll
;extension=php_gd.dll
;extension=php_gettext.dll
;extension=php_ifx.dll
;extension=php_iisfunc.dll
;extension=php_imap.dll
;extension=php_interbase.dll
;extension=php_java.dll
;extension=php_ldap.dll
;extension=php_mhash.dll
;extension=php_mssql65.dll
;extension=php_mssql70.dll
;extension=php_oci8.dll
;extension=php_openssl.dll
;extension=php_oracle.dll
;extension=php_pdf.dll
;extension=php_pgsql.dll
;extension=php_printer.dll
;extension=php_sablot.dll
;extension=php_snmp.dll
;extension=php_sybase_ct.dll
;extension=php_yaz.dll
;extension=php_zlib.dll


;;;;;;;;;;;;;;;;;;;
; Module Settings ;
;;;;;;;;;;;;;;;;;;;

[Syslog]
define_syslog_variables	= Off	; Whether or not to define the various syslog variables,
								; e.g. $LOG_PID, $LOG_CRON, etc.  Turning it off is a
								; good idea performance-wise.  In runtime, you can define
								; these variables by calling define_syslog_variables()


[mail function]
SMTP			=	localhost			;for win32 only
sendmail_from	=	me@localhost.com	;for win32 only
;sendmail_path	=						;for unix only, may supply arguments as well (default is 'sendmail -t -i')

[Debugger]
debugger.host	=	localhost
debugger.port	=	7869
debugger.enabled	=	False

[Logging]
; These configuration directives are used by the example logging mechanism.
; See examples/README.logging for more explanation.
;logging.method    = db
;logging.directory = /path/to/log/directory

[Java]
;java.class.path = .\php_java.jar
;java.home = c:\jdk
;java.library = c:\jdk\jre\bin\hotspot\jvm.dll 
;java.library.path = .\


[SQL]
sql.safe_mode	=	Off

[ODBC]
;odbc.default_db		=	Not yet implemented
;odbc.default_user		=	Not yet implemented
;odbc.default_pw		=	Not yet implemented
odbc.allow_persistent	=	On	; allow or prevent persistent links
odbc.check_persistent  = 	On	; check that a connection is still validbefore reuse
odbc.max_persistent	=	-1	; maximum number of persistent links. -1 means no limit
odbc.max_links			=	-1	; maximum number of links (persistent+non persistent). -1 means no limit
odbc.defaultlrl	=	4096	; Handling of LONG fields. Returns number of bytes to variables, 0 means passthru
odbc.defaultbinmode	= 	1	; Handling of binary data. 0 means passthru, 1 return as is, 2 convert to char
; See the documentation on odbc_binmode and odbc_longreadlen for an explanation of uodbc.defaultlrl
; and uodbc.defaultbinmode

[MySQL]
mysql.allow_persistent	=	On	; allow or prevent persistent link
mysql.max_persistent	=	-1	; maximum number of persistent links. -1 means no limit
mysql.max_links			=	-1	; maximum number of links (persistent+non persistent).  -1 means no limit
mysql.default_port		=		; default port number for mysql_connect().  If unset,
								; mysql_connect() will use the $MYSQL_TCP_PORT, or the mysql-tcp
								; entry in /etc/services, or the compile-time defined MYSQL_PORT
								; (in that order).  Win32 will only look at MYSQL_PORT.
mysql.default_socket	=		; default socket name for local MySQL connects.  If empty, uses the built-in
								; MySQL defaults
mysql.default_host		=		; default host for mysql_connect() (doesn't apply in safe mode)
mysql.default_user		=		; default user for mysql_connect() (doesn't apply in safe mode)
mysql.default_password	=		; default password for mysql_connect() (doesn't apply in safe mode)
								; Note that this is generally a *bad* idea to store passwords
								; in this file.  *Any* user with PHP access can run
								; 'echo cfg_get_var("mysql.default_password")' and reveal that
								; password!  And of course, any users with read access to this
								; file will be able to reveal the password as well.

[mSQL]
msql.allow_persistent	=	On	; allow or prevent persistent link
msql.max_persistent		=	-1	; maximum number of persistent links. -1 means no limit
msql.max_links			=	-1	; maximum number of links (persistent+non persistent).  -1 means no limit

[PostgresSQL]
pgsql.allow_persistent	=	On	; allow or prevent persistent link
pgsql.max_persistent	=	-1	; maximum number of persistent links. -1 means no limit
pgsql.max_links			=	-1	; maximum number of links (persistent+non persistent).  -1 means no limit

[Sybase]
sybase.allow_persistent	=	On	; allow or prevent persistent link
sybase.max_persistent	=	-1	; maximum number of persistent links. -1 means no limit
sybase.max_links		=	-1	; maximum number of links (persistent+non persistent).  -1 means no limit
;sybase.interface_file	=	"/usr/sybase/interfaces"
sybase.min_error_severity	=	10	; minimum error severity to display
sybase.min_message_severity	=	10	; minimum message severity to display
sybase.compatability_mode	= Off	; compatability mode with old versions of PHP 3.0.
									; If on, this will cause PHP to automatically assign types to results
									; according to their Sybase type, instead of treating them all as
									; strings.  This compatability mode will probably not stay around
									; forever, so try applying whatever necessary changes to your code,
									; and turn it off.

[Sybase-CT]
sybct.allow_persistent	=	On		; allow or prevent persistent link
sybct.max_persistent	=	-1		; maximum number of persistent links. -1 means no limit
sybct.max_links			=	-1		; maximum number of links (persistent+non persistent).  -1 means no limit
sybct.min_server_severity	=	10	; minimum server message severity to display
sybct.min_client_severity	=	10	; minimum client message severity to display

[bcmath]
bcmath.scale	=	0	; number of decimal digits for all bcmath functions

[browscap]
;browscap	=	extra/browscap.ini

[Informix]
ifx.default_host		=		; default host for ifx_connect() (doesn't apply in safe mode)
ifx.default_user		=		; default user for ifx_connect() (doesn't apply in safe mode)
ifx.default_password		=		; default password for ifx_connect() (doesn't apply in safe mode)
ifx.allow_persistent		=	On	; allow or prevent persistent link
ifx.max_persistent		=	-1	; maximum number of persistent links. -1 means no limit
ifx.max_links			=	-1	; maximum number of links (persistent+non persistent).  -1 means no limit
ifx.textasvarchar		=	0	; if set on, select statements return the contents of a text blob instead of it's id
ifx.byteasvarchar		=	0	; if set on, select statements return the contents of a byte blob instead of it's id
ifx.charasvarchar		=	0	; trailing blanks are stripped from fixed-length char columns. May help the life
						; of Informix SE users. 
ifx.blobinfile			=	0	; if set on, the contents of text&byte blobs are dumped to a file instead of
						; keeping them in memory
ifx.nullformat			=	0	; NULL's are returned as empty strings, unless this is set to 1. In that case,
						; NULL's are returned as string 'NULL'.

[Session]
session.save_handler      = files   ; handler used to store/retrieve data
session.save_path         = /tmp    ; argument passed to save_handler
                                    ; in the case of files, this is the
                                    ; path where data files are stored
session.use_cookies       = 1       ; whether to use cookies
session.name              = PHPSESSID  
                                    ; name of the session
                                    ; is used as cookie name
session.auto_start        = 0       ; initialize session on request startup
session.cookie_lifetime   = 0       ; lifetime in seconds of cookie
                                    ; or if 0, until browser is restarted
session.cookie_path       = /       ; the path the cookie is valid for
session.cookie_domain     =         ; the domain the cookie is valid for
session.serialize_handler = php     ; handler used to serialize data
                                    ; php is the standard serializer of PHP
session.gc_probability    = 1       ; percentual probability that the 
                                    ; 'garbage collection' process is started
                                    ; on every session initialization
session.gc_maxlifetime    = 1440    ; after this number of seconds, stored
                                    ; data will be seen as 'garbage' and
                                    ; cleaned up by the gc process
session.referer_check     =         ; check HTTP Referer to invalidate 
                                    ; externally stored URLs containing ids
session.entropy_length    = 0       ; how many bytes to read from the file
session.entropy_file      =         ; specified here to create the session id
; session.entropy_length    = 16
; session.entropy_file      = /dev/urandom
session.cache_limiter     = nocache ; set to {nocache,private,public} to
                                    ; determine HTTP caching aspects
session.cache_expire      = 180     ; document expires after n minutes
session.use_trans_sid     = 1       ; use transient sid support if enabled
                                    ; by compiling with --enable-trans-sid
url_rewriter.tags         = "a=href,area=href,frame=src,input=src,form=fakeentry"

[MSSQL]
mssql.allow_persistent		=	On	; allow or prevent persistent link
mssql.max_persistent		=	-1	; maximum number of persistent links. -1 means no limit
mssql.max_links				=	-1	; maximum number of links (persistent+non persistent).  -1 means no limit
mssql.min_error_severity	=	10	; minimum error severity to display
mssql.min_message_severity	=	10	; minimum message severity to display
mssql.compatability_mode	=  Off	; compatability mode with old versions of PHP 3.0.
;mssql.textlimit			= 4096	; valid range 0 - 2147483647 default = 4096
;mssql.textsize				= 4096	; valid range 0 - 2147483647 default = 4096
;mssql.batchsize			=	 0  ; limits the number of records in each bach. 0 = all records in one batch.

[Assertion]
;assert.active				=	On	; assert(expr); active by default
;assert.warning				=	On	; issue a PHP warning for each failed assertion.
;assert.bail				=	Off	; don't bail out by default.
;assert.callback			=	0	; user-function to be called if an assertion fails.
;assert.quiet_eval			=	0	; eval the expression with current error_reporting(). set to true if you want error_reporting(0) around the eval().

[Ingres II]
ingres.allow_persistent		=	On	; allow or prevent persistent link
ingres.max_persistent		=	-1	; maximum number of persistent links. (-1 means no limit)
ingres.max_links			=	-1	; maximum number of links, including persistents (-1 means no limit)
ingres.default_database		=		; default database (format : [node_id::]dbname[/srv_class]
ingres.default_user			=		; default user
ingres.default_password		=		; default password

[Verisign Payflow Pro]
pfpro.defaulthost			=	"test.signio.com"	; default Signio server
pfpro.defaultport			=	443	; default port to connect to
pfpro.defaulttimeout		=	30	; default timeout in seconds

; pfpro.proxyaddress		=		; default proxy IP address (if required)
; pfpro.proxyport			=		; default proxy port
; pfpro.proxylogon			=		; default proxy logon
; pfpro.proxypassword		=		; default proxy password
[Sockets]
sockets.use_system_read		=	On	; Use the system read() function instead of
						; the php_read() wrapper.

; Local Variables:
; tab-width: 4
; End: