From: [EMAIL PROTECTED] Operating system: RH 7.2 PHP version: 4.1.2 PHP Bug Type: Reproducible crash Bug description: Segmentation fault in zend_alloc.c
I had a problem trying to migrate a SourceForge installation from PHP 4.0.6 to 4.1.2. It appears to be related to something in the postgres integration (opening two connections to the same database). The workaround was to just turn sys_db_use_replication to false (which it probably should have been set to originally anyway..) But here is the script that failed (about as small as I could make it). Note that there were other areas of code that I had commented out that would produce the same problem. In particular one really strange section where commenting out the "global" line from a function eliminated the seg fault. However, this is the script I narrowed down to a single CGI file. ======== BEGIN SCRIPT ======== #!/home/system/pkg/sourceforge.net/php/4.1.2/bin/php -q <?php $sys_dbhost="localhost"; $sys_db_use_replication=true; $sys_dbreadhost='localhost'; $sys_dbreaddb='sourceforge'; $sys_dbname="sourceforge"; $sys_dbuser="sf-admin"; $sys_dbpasswd=""; $sys_server="mysql"; $sys_db_row_pointer=array(); //current row for each result set function db_connect() { global $sys_dbhost,$sys_dbuser,$sys_dbpasswd,$conn, $sys_dbname,$sys_db_use_replication,$sys_dbreaddb,$sys_dbreadhos t; // // Connect to primary database // $conn = @pg_pconnect("user=$sys_dbuser dbname=$sys_dbname host=$sys_dbho st password=$sys_dbpasswd"); // // If any replication is configured, connect // if ($sys_db_use_replication) { $conn2 = @pg_pconnect("user=$sys_dbuser dbname=$sys_dbreaddb hos t=$sys_dbreadhost password=$sys_dbpasswd"); } else { $conn2 = $conn; } // // Now map the physical database connections to the // "virtual" list that is used to distribute load in db_query() // define("SYS_DB_PRIMARY",$conn); } db_connect(); ?> ======== END SCRIPT ======== PHP was built with the following options: ../configure \ --prefix=$PKG/php/4.1.2 \ --with-pgsql=$PKG/postgres/7.1.2 \ --enable-track-vars \ --enable-discard-path \ --with-config-file-path=$PKG/apache/conf \ --with-ldap=$PKG/openldap/2.0.11 \ --with-gd=$PKG/gd/1.8.4 \ --with-png-dir=$PKG/libpng/1.0.12 \ --with-jpeg-dir=$PKG/jpeg/6b \ --with-t1lib=$PKG/t1lib/1.2 \ --with-zlib=$PKG/zlib/1.1.3 \ --with-curl=$PKG/curl/7.9 \ --with-mcrypt=$PKG/libmcrypt/2.4.15 \ --enable-rule=EAPI \ --with-debug And here is the backtrace: #0 0x402dcdf0 in chunk_free (ar_ptr=0x40385f00, p=0x81eee18) at malloc.c:3131 hd = 1077436944 sz = 3912 idx = 1077436216 next = 0x81efd60 nextsz = 1077436216 prevsz = 1077436944 bck = 0x40386170 fwd = 0x81efd60 islr = 0 sz = 3912 next = 0x81efd60 bck = 0x40386170 islr = 0 #1 0x402dcd59 in __libc_free (mem=0x81efd20) at malloc.c:3054 mem = (void *) 0x81efd60 ar_ptr = (arena *) 0x40385f00 p = 0x81efd18 #2 0x080f5025 in shutdown_memory_manager (silent=0, clean_cache=0) at ../../Zend/zend_alloc.c:485 ptr = (zend_mem_header *) 0x40385f00 p = (zend_mem_header *) 0x20 t = (zend_mem_header *) 0x81efd60 fci = 11292 i = 7 j = 32 fast_cache_list_entry = (zend_fast_cache_list_entry *) 0x40386210 next_fast_cache_list_entry = (zend_fast_cache_list_entry *) 0x20 #3 0x08069ae3 in php_request_shutdown (dummy=0x0) at /home/system/src/sourceforge.net/sourceforge.net-binaries-needed-software /php-4.1.2/main/main.c:742 orig_bailout = {{__jmpbuf = {1077443044, 135978484, -1073745380, -1073745288, -1073745632, 134644858}, __mask_was_saved = 0, __saved_mask = {__val = {0 <repeats 32 times>}}}} orig_bailout_set = 1 '\001' orig_bailout = {{__jmpbuf = {1077443044, 135978484, -1073745380, -1073745288, -1073745632, 134644858}, __mask_was_saved = 0, __saved_mask = {__val = {0 <repeats 32 times>}}}} orig_bailout_set = 1 '\001' orig_bailout = {{__jmpbuf = {1077443044, 135978484, -1073745380, -1073745288, -1073745632, 134644858}, __mask_was_saved = 0, __saved_mask = {__val = {0 <repeats 32 times>}}}} orig_bailout_set = 1 '\001' orig_bailout = {{__jmpbuf = {1077443044, 135978484, -1073745380, -1073745288, -1073745632, 134644858}, __mask_was_saved = 0, __saved_mask = {__val = {0 <repeats 32 times>}}}} orig_bailout_set = 1 '\001' orig_bailout = {{__jmpbuf = {1077443044, 135978484, -1073745380, -1073745288, -1073745632, 134644858}, __mask_was_saved = 0, __saved_mask = {__val = {0 <repeats 32 times>}}}} orig_bailout_set = 1 '\001' orig_bailout = {{__jmpbuf = {0, 1073834432, 1073834432, -40736468, 571, 0}, __mask_was_saved = 0, __saved_mask = {__val = {0, 3221220736, 0, 2, 1076368789, 0, 1073781889, 0, 1076368789, 0, 1562, 1076303630, 1077443044, 1076232668, 1075046400, 22, 1077137904, 17, 1077443044, 3221220664, 1077138054, 136241152, 0, 1074067016, 1077137986, 0, 1077443044, 3221220696, 1077443044, 4096, 136237056, 3221220696}}}} orig_bailout_set = 0 '\000' #4 0x08068b7f in main (argc=3, argv=0xbffff2ec) at /home/system/src/sourceforge.net/sourceforge.net-binaries-needed-software /php-4.1.2/sapi/cgi/cgi_main.c:776 orig_bailout = {{__jmpbuf = {0, 0, 0, 0, 0, 0}, __mask_was_saved = 0, __saved_mask = {__val = {0 <repeats 32 times>}}}} exit_status = 0 cgi = 0 c = 1077436944 i = 135978328 len = 136248672 file_handle = {type = 2 '\002', filename = 0x81eff5c "./bar.php", opened_path = 0x81f00ec "SYS_DB_PRIMARY", handle = {fd = 136249200, fp = 0x81eff70}, free_filename = 0 '\000'} retval = 0 s = 0x0 behavior = 1 no_headers = 1 orig_optind = 1 orig_optarg = 0x0 argv0 = 0x0 script_file = 0x0 global_vars = {head = 0x0, tail = 0x0, size = 4, count = 0, dtor = 0, persistent = 0 '\000', traverse_ptr = 0x819861c} interactive = 0 #5 0x40279177 in __libc_start_main (main=0x80682d8 <main>, argc=3, ubp_av=0xbffff2ec, init=0x8065b9c <_init>, fini=0x8136e80 <_fini>, rtld_fini=0x4000e184 <_dl_fini>, stack_end=0xbffff2dc) at ../sysdeps/generic/libc-start.c:129 ubp_av = (char **) 0xbffff2ec fini = (void (*)()) 0x40016b64 <_dl_debug_mask> rtld_fini = (void (*)()) 0x40385f00 <main_arena> ubp_ev = (char **) 0xbffff2fc (gdb) -- Edit bug report at http://bugs.php.net/?id=16026&edit=1 -- Fixed in CVS: http://bugs.php.net/fix.php?id=16026&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=16026&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=16026&r=needtrace Try newer version: http://bugs.php.net/fix.php?id=16026&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=16026&r=support Expected behavior: http://bugs.php.net/fix.php?id=16026&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=16026&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=16026&r=submittedtwice