Bug #16026: Segmentation fault in zend_alloc.c

Tue, 12 Mar 2002 14:47:24 -0800 

From:             [EMAIL PROTECTED]
Operating system: RH 7.2
PHP version:      4.1.2
PHP Bug Type:     Reproducible crash
Bug description:  Segmentation fault in zend_alloc.c

I had a problem trying to migrate a SourceForge installation from PHP 4.0.6
to 4.1.2.  It appears to be related to something in the postgres
integration (opening two connections to the same database).  The
workaround was to just turn sys_db_use_replication to false (which it
probably should have been set to originally anyway..)  

But here is the script that failed (about as small as I could make it). 
Note that there were other areas of code that I had commented out that
would produce the same problem.  In particular one really strange section
where commenting out the "global" line from a function eliminated the seg
fault.  However, this is the script I narrowed down to a single CGI file.

======== BEGIN SCRIPT ========
#!/home/system/pkg/sourceforge.net/php/4.1.2/bin/php -q
<?php

$sys_dbhost="localhost";
$sys_db_use_replication=true;
$sys_dbreadhost='localhost';
$sys_dbreaddb='sourceforge';
$sys_dbname="sourceforge";
$sys_dbuser="sf-admin";
$sys_dbpasswd="";
$sys_server="mysql";

$sys_db_row_pointer=array(); //current row for each result set

function db_connect() {
        global $sys_dbhost,$sys_dbuser,$sys_dbpasswd,$conn,
               
$sys_dbname,$sys_db_use_replication,$sys_dbreaddb,$sys_dbreadhos
t;

        //
        //      Connect to primary database
        //
        $conn = @pg_pconnect("user=$sys_dbuser dbname=$sys_dbname
host=$sys_dbho
st password=$sys_dbpasswd");

        //
        //      If any replication is configured, connect
        //
        if ($sys_db_use_replication) {
                $conn2 = @pg_pconnect("user=$sys_dbuser
dbname=$sys_dbreaddb hos
t=$sys_dbreadhost password=$sys_dbpasswd");
        } else {
                $conn2 = $conn;
        }

        //
        //      Now map the physical database connections to the
        //      "virtual" list that is used to distribute load in
db_query()
        //
        define("SYS_DB_PRIMARY",$conn);
}

db_connect();


?>
======== END SCRIPT ========




PHP was built with the following options:
../configure \
        --prefix=$PKG/php/4.1.2 \
        --with-pgsql=$PKG/postgres/7.1.2 \
        --enable-track-vars \
        --enable-discard-path \
        --with-config-file-path=$PKG/apache/conf \
        --with-ldap=$PKG/openldap/2.0.11 \
        --with-gd=$PKG/gd/1.8.4 \
        --with-png-dir=$PKG/libpng/1.0.12 \
        --with-jpeg-dir=$PKG/jpeg/6b \
        --with-t1lib=$PKG/t1lib/1.2 \
        --with-zlib=$PKG/zlib/1.1.3 \
        --with-curl=$PKG/curl/7.9 \
        --with-mcrypt=$PKG/libmcrypt/2.4.15 \
        --enable-rule=EAPI \
        --with-debug


And here is the backtrace:
#0  0x402dcdf0 in chunk_free (ar_ptr=0x40385f00, p=0x81eee18) at
malloc.c:3131
        hd = 1077436944
        sz = 3912
        idx = 1077436216
        next = 0x81efd60
        nextsz = 1077436216
        prevsz = 1077436944
        bck = 0x40386170
        fwd = 0x81efd60
        islr = 0
        sz = 3912
        next = 0x81efd60
        bck = 0x40386170
        islr = 0
#1  0x402dcd59 in __libc_free (mem=0x81efd20) at malloc.c:3054
        mem = (void *) 0x81efd60
        ar_ptr = (arena *) 0x40385f00
        p = 0x81efd18
#2  0x080f5025 in shutdown_memory_manager (silent=0, clean_cache=0)
    at ../../Zend/zend_alloc.c:485
        ptr = (zend_mem_header *) 0x40385f00
        p = (zend_mem_header *) 0x20
        t = (zend_mem_header *) 0x81efd60
        fci = 11292
        i = 7
        j = 32
        fast_cache_list_entry = (zend_fast_cache_list_entry *) 0x40386210
        next_fast_cache_list_entry = (zend_fast_cache_list_entry *) 0x20
#3  0x08069ae3 in php_request_shutdown (dummy=0x0)
    at
/home/system/src/sourceforge.net/sourceforge.net-binaries-needed-software
/php-4.1.2/main/main.c:742
        orig_bailout = {{__jmpbuf = {1077443044, 135978484, -1073745380,
      -1073745288, -1073745632, 134644858}, __mask_was_saved = 0,
    __saved_mask = {__val = {0 <repeats 32 times>}}}}
        orig_bailout_set = 1 '\001'
        orig_bailout = {{__jmpbuf = {1077443044, 135978484, -1073745380,
      -1073745288, -1073745632, 134644858}, __mask_was_saved = 0,
    __saved_mask = {__val = {0 <repeats 32 times>}}}}
        orig_bailout_set = 1 '\001'
        orig_bailout = {{__jmpbuf = {1077443044, 135978484, -1073745380,
      -1073745288, -1073745632, 134644858}, __mask_was_saved = 0,
    __saved_mask = {__val = {0 <repeats 32 times>}}}}
        orig_bailout_set = 1 '\001'
        orig_bailout = {{__jmpbuf = {1077443044, 135978484, -1073745380,
      -1073745288, -1073745632, 134644858}, __mask_was_saved = 0,
    __saved_mask = {__val = {0 <repeats 32 times>}}}}
        orig_bailout_set = 1 '\001'
        orig_bailout = {{__jmpbuf = {1077443044, 135978484, -1073745380,
      -1073745288, -1073745632, 134644858}, __mask_was_saved = 0,
    __saved_mask = {__val = {0 <repeats 32 times>}}}}
        orig_bailout_set = 1 '\001'
        orig_bailout = {{__jmpbuf = {0, 1073834432, 1073834432,
-40736468,
      571, 0}, __mask_was_saved = 0, __saved_mask = {__val = {0,
3221220736,
        0, 2, 1076368789, 0, 1073781889, 0, 1076368789, 0, 1562,
1076303630,
        1077443044, 1076232668, 1075046400, 22, 1077137904, 17,
1077443044,
        3221220664, 1077138054, 136241152, 0, 1074067016, 1077137986, 0,
        1077443044, 3221220696, 1077443044, 4096, 136237056,
3221220696}}}}
        orig_bailout_set = 0 '\000'
#4  0x08068b7f in main (argc=3, argv=0xbffff2ec)
    at
/home/system/src/sourceforge.net/sourceforge.net-binaries-needed-software
/php-4.1.2/sapi/cgi/cgi_main.c:776
        orig_bailout = {{__jmpbuf = {0, 0, 0, 0, 0, 0}, __mask_was_saved =
0,
    __saved_mask = {__val = {0 <repeats 32 times>}}}}
        exit_status = 0
        cgi = 0
        c = 1077436944
        i = 135978328
        len = 136248672
        file_handle = {type = 2 '\002', filename = 0x81eff5c "./bar.php",
  opened_path = 0x81f00ec "SYS_DB_PRIMARY", handle = {fd = 136249200,
    fp = 0x81eff70}, free_filename = 0 '\000'}
        retval = 0
        s = 0x0
        behavior = 1
        no_headers = 1
        orig_optind = 1
        orig_optarg = 0x0
        argv0 = 0x0
        script_file = 0x0
        global_vars = {head = 0x0, tail = 0x0, size = 4, count = 0, dtor =
0,
  persistent = 0 '\000', traverse_ptr = 0x819861c}
        interactive = 0
#5  0x40279177 in __libc_start_main (main=0x80682d8 <main>, argc=3,
    ubp_av=0xbffff2ec, init=0x8065b9c <_init>, fini=0x8136e80 <_fini>,
    rtld_fini=0x4000e184 <_dl_fini>, stack_end=0xbffff2dc)
    at ../sysdeps/generic/libc-start.c:129
        ubp_av = (char **) 0xbffff2ec
        fini = (void (*)()) 0x40016b64 <_dl_debug_mask>
        rtld_fini = (void (*)()) 0x40385f00 <main_arena>
        ubp_ev = (char **) 0xbffff2fc
(gdb)



-- 
Edit bug report at http://bugs.php.net/?id=16026&edit=1
-- 
Fixed in CVS:        http://bugs.php.net/fix.php?id=16026&r=fixedcvs
Fixed in release:    http://bugs.php.net/fix.php?id=16026&r=alreadyfixed
Need backtrace:      http://bugs.php.net/fix.php?id=16026&r=needtrace
Try newer version:   http://bugs.php.net/fix.php?id=16026&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=16026&r=support
Expected behavior:   http://bugs.php.net/fix.php?id=16026&r=notwrong
Not enough info:     http://bugs.php.net/fix.php?id=16026&r=notenoughinfo
Submitted twice:     http://bugs.php.net/fix.php?id=16026&r=submittedtwice

Reply via email to