ID: 46308 Updated by: [EMAIL PROTECTED] Reported By: ob dot php at daevel dot fr -Status: Assigned +Status: Closed Bug Type: Scripting Engine problem Operating System: Debian Linux 64bit PHP Version: 5.2.6 Assigned To: dmitry New Comment:
This bug has been fixed in CVS. Snapshots of the sources are packaged every three hours; this change will be in the next snapshot. You can grab the snapshot at http://snaps.php.net/. Thank you for the report, and for helping us make PHP better. Previous Comments: ------------------------------------------------------------------------ [2008-10-17 02:14:46] crrodriguez at opensuse dot org I think dmitry is the right person to look at this bug.. can someone assign this bug to him please ? ;-) ------------------------------------------------------------------------ [2008-10-16 00:06:11] ob dot php at daevel dot fr Description: ------------ Hello, with this code and USE_ZEND_ALLOC=0, PHP throw a segfault. Reproduce code: --------------- In "first.php" I have this code : ============================================================ <?php class main { public static $dummy = NULL ; public static $dataAccessor = NULL ; } class dataAccessor { } class relay { public function __get( $name ) { main::$dataAccessor = new dataAccessor; } } class dummy { } main::$dummy = new dummy(); main::$dataAccessor = new relay(); ?> ============================================================ And in "second.php" I have this : (if I regroup all code in one file, there is no segfault) ============================================================ <?php require 'first.php'; main::$dataAccessor->bar; ?> ============================================================ Actual result: -------------- *** glibc detected *** /home/dev-olivier/usr/bin/php: corrupted double-linked list: 0x0000000002603800 *** ======= Backtrace: ========= /lib/libc.so.6[0x7f038ba39948] /lib/libc.so.6[0x7f038ba39bda] /lib/libc.so.6[0x7f038ba3b708] /lib/libc.so.6(cfree+0x76)[0x7f038ba3ba56] /home/dev-olivier/usr/bin/php[0x53ec31] /home/dev-olivier/usr/bin/php[0x53ecb3] /home/dev-olivier/usr/bin/php[0x541d2b] /home/dev-olivier/usr/bin/php(zend_mm_shutdown+0x4c)[0x540a80] /home/dev-olivier/usr/bin/php(shutdown_memory_manager+0x20)[0x5436ae] /home/dev-olivier/usr/bin/php(php_request_shutdown+0x31c)[0x50add9] /home/dev-olivier/usr/bin/php(main+0x17c1)[0x5e6c24] /lib/libc.so.6(__libc_start_main+0xe6)[0x7f038b9e41a6] /home/dev-olivier/usr/bin/php[0x425c39] ======= Memory map: ======== 00400000-006ad000 r-xp 00000000 fd:04 1968300 /home/dev-olivier/usr/bin/php 008ac000-008ca000 rw-p 002ac000 fd:04 1968300 /home/dev-olivier/usr/bin/php 008ca000-008cf000 rw-p 008ca000 00:00 0 0253b000-0260c000 rw-p 0253b000 00:00 0 [heap] 7f0384000000-7f0384021000 rw-p 7f0384000000 00:00 0 7f0384021000-7f0388000000 ---p 7f0384021000 00:00 0 7f038b5fe000-7f038b614000 r-xp 00000000 09:01 285898 /lib/libgcc_s.so.1 7f038b614000-7f038b814000 ---p 00016000 09:01 285898 /lib/libgcc_s.so.1 7f038b814000-7f038b815000 rw-p 00016000 09:01 285898 /lib/libgcc_s.so.1 7f038b815000-7f038b9c6000 r--p 00000000 09:01 261814 /usr/lib/locale/locale-archive 7f038b9c6000-7f038bb10000 r-xp 00000000 09:01 288347 /lib/libc-2.7.so 7f038bb10000-7f038bd0f000 ---p 0014a000 09:01 288347 /lib/libc-2.7.so 7f038bd0f000-7f038bd12000 r--p 00149000 09:01 288347 /lib/libc-2.7.so 7f038bd12000-7f038bd14000 rw-p 0014c000 09:01 288347 /lib/libc-2.7.so 7f038bd14000-7f038bd19000 rw-p 7f038bd14000 00:00 0 7f038bd19000-7f038bd2e000 r-xp 00000000 09:01 288291 /lib/libnsl-2.7.so 7f038bd2e000-7f038bf2d000 ---p 00015000 09:01 288291 /lib/libnsl-2.7.so 7f038bf2d000-7f038bf2f000 rw-p 00014000 09:01 288291 /lib/libnsl-2.7.so 7f038bf2f000-7f038bf31000 rw-p 7f038bf2f000 00:00 0 7f038bf31000-7f038bf33000 r-xp 00000000 09:01 288283 /lib/libdl-2.7.so 7f038bf33000-7f038c133000 ---p 00002000 09:01 288283 /lib/libdl-2.7.so 7f038c133000-7f038c135000 rw-p 00002000 09:01 288283 /lib/libdl-2.7.so 7f038c135000-7f038c1b7000 r-xp 00000000 09:01 301994 /lib/libm-2.7.so 7f038c1b7000-7f038c3b6000 ---p 00082000 09:01 301994 /lib/libm-2.7.so 7f038c3b6000-7f038c3b8000 rw-p 00081000 09:01 301994 /lib/libm-2.7.so 7f038c3b8000-7f038c3c8000 r-xp 00000000 09:01 301990 /lib/libresolv-2.7.so 7f038c3c8000-7f038c5c8000 ---p 00010000 09:01 301990 /lib/libresolv-2.7.so 7f038c5c8000-7f038c5ca000 rw-p 00010000 09:01 301990 /lib/libresolv-2.7.so 7f038c5ca000-7f038c5cc000 rw-p 7f038c5ca000 00:00 0 7f038c5cc000-7f038c5d4000 r-xp 00000000 09:01 288290 /lib/libcrypt-2.7.so 7f038c5d4000-7f038c7d4000 ---p 00008000 09:01 288290 /lib/libcrypt-2.7.so 7f038c7d4000-7f038c7d6000 rw-p 00008000 09:01 288290 /lib/libcrypt-2.7.so 7f038c7d6000-7f038c804000 rw-p 7f038c7d6000 00:00 0 7f038c804000-7f038c820000 r-xp 00000000 09:01 288285 /lib/ld-2.7.so 7f038ca0a000-7f038ca0e000 rw-p 7f038ca0a000 00:00 0 7f038ca19000-7f038ca1a000 rw-p 7f038ca19000 00:00 0 7f038ca1c000-7f038ca1f000 rw-p 7f038ca1c000 00:00 0 7f038ca1f000-7f038ca21000 rw-p 0001b000 09:01 288285 /lib/ld-2.7.so 7fff94a0b000-7fff94a20000 rw-p 7ffffffea000 00:00 0 [stack] 7fff94bfe000-7fff94bff000 r-xp 7fff94bfe000 00:00 0 [vdso] ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall] Abort And valgrind outputs this : ==12485== Memcheck, a memory error detector. ==12485== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al. ==12485== Using LibVEX rev 1854, a library for dynamic binary translation. ==12485== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP. ==12485== Using valgrind-3.3.1-Debian, a dynamic binary instrumentation framework. ==12485== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al. ==12485== For more details, rerun with: -v ==12485== ==12485== Invalid write of size 1 ==12485== at 0x585F25: zend_std_read_property (zend_object_handlers.c:333) ==12485== by 0x5A796E: zend_fetch_property_address_read_helper_SPEC_VAR_CONST (zend_vm_execute.h:9107) ==12485== by 0x5A7AE6: ZEND_FETCH_OBJ_R_SPEC_VAR_CONST_HANDLER (zend_vm_execute.h:9130) ==12485== by 0x58AE3A: execute (zend_vm_execute.h:92) ==12485== by 0x562D40: zend_execute_scripts (zend.c:1134) ==12485== by 0x50B98C: php_execute_script (main.c:2011) ==12485== by 0x5E635D: main (php_cli.c:1134) ==12485== Address 0x5db37d8 is 0 bytes inside a block of size 5 free'd ==12485== at 0x4C20B6E: free (vg_replace_malloc.c:323) ==12485== by 0x5430AC: _efree (zend_alloc.c:2293) ==12485== by 0x56FF50: zend_hash_destroy (zend_hash.c:529) ==12485== by 0x584837: zend_object_std_dtor (zend_objects.c:41) ==12485== by 0x584C71: zend_objects_free_object_storage (zend_objects.c:122) ==12485== by 0x588E46: zend_objects_store_del_ref_by_handle (zend_objects_API.c:206) ==12485== by 0x588C9E: zend_objects_store_del_ref (zend_objects_API.c:168) ==12485== by 0x560748: _zval_dtor_func (zend_variables.c:52) ==12485== by 0x551772: _zval_dtor (zend_variables.h:35) ==12485== by 0x551986: _zval_ptr_dtor (zend_execute_API.c:414) ==12485== by 0x554323: zend_call_function (zend_execute_API.c:1040) ==12485== by 0x57C4A1: zend_call_method (zend_interfaces.c:88) ==12485== ==12485== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 8 from 1) ==12485== malloc/free: in use at exit: 0 bytes in 0 blocks. ==12485== malloc/free: 4,998 allocs, 4,998 frees, 1,397,127 bytes allocated. ==12485== For counts of detected errors, rerun with: -v ==12485== All heap blocks were freed -- no leaks are possible. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=46308&edit=1
