From: m dot moeller at bigpoint dot net
Operating system: *
PHP version: 5.2.11
PHP Bug Type: Reproducible crash
Bug description: destroy_op_array refcount invalid ptr / apache filter sapi
Description:
------------
if apache receives a shutdown signal, php occasionally triggers a
segfault.
#2 0x00007f5c4ea35268 in destroy_op_array (op_array=0x1670790) at
/tmp/buildd/php5-5.2.6.dfsg.1/Zend/zend_opcode.c:230
#3 0x00007f5c4ea49488 in zend_hash_destroy (ht=0x14b8910) at
/tmp/buildd/php5-5.2.6.dfsg.1/Zend/zend_hash.c:717
#4 0x00007f5c4ea3eb3a in zend_shutdown () at
/tmp/buildd/php5-5.2.6.dfsg.1/Zend/zend.c:816
#5 0x00007f5c4e9f8975 in php_module_shutdown () at
/tmp/buildd/php5-5.2.6.dfsg.1/main/main.c:1908
#6 0x00007f5c4e9f8a19 in php_module_shutdown_wrapper (sapi_globals=0x0)
at /tmp/buildd/php5-5.2.6.dfsg.1/main/main.c:1879
#7 0x00007f5c4eab2a21 in php_apache_child_shutdown (tmp=0x0) at
/tmp/buildd/php5-5.2.6.dfsg.1/sapi/apache2handler/sapi_apache2.c:362
#8 0x00007f5c55e31a5c in ?? () from /usr/lib/libapr-1.so.0
#9 0x00007f5c55e30ca3 in apr_pool_destroy () from /usr/lib/libapr-1.so.0
#10 0x000000000044d8de in clean_child_exit (code=0) at
/build/buildd-apache2_2.2.9-10+lenny4-amd64-wTiRUQ/apache2-2.2.9/server/mpm/prefork/prefork.c:198
#11 0x000000000044e00b in just_die (sig=<value optimized out>) at
/build/buildd-apache2_2.2.9-10+lenny4-amd64-wTiRUQ/apache2-2.2.9/server/mpm/prefork/prefork.c:330
#12 <signal handler called>
#2 0x00007f5c4ea35268 in destroy_op_array (op_array=0x1670790) at
/tmp/buildd/php5-5.2.6.dfsg.1/Zend/zend_opcode.c:230
230 /tmp/buildd/php5-5.2.6.dfsg.1/Zend/zend_opcode.c: No such file or
directory.
in /tmp/buildd/php5-5.2.6.dfsg.1/Zend/zend_opcode.c
(gdb) print op_array->refcount
$1 = (zend_uint *) 0x7f5c4cbdb908
(gdb) print *op_array->refcount
Cannot access memory at address 0x7f5c4cbdb908
Reproduce code:
---------------
while true; do
curl http://localhost/testpage.php &
apachectl restart
done
Expected result:
----------------
clear error log
Actual result:
--------------
segfault
--
Edit bug report at http://bugs.php.net/?id=49922&edit=1
--
Try a snapshot (PHP 5.2):
http://bugs.php.net/fix.php?id=49922&r=trysnapshot52
Try a snapshot (PHP 5.3):
http://bugs.php.net/fix.php?id=49922&r=trysnapshot53
Try a snapshot (PHP 6.0):
http://bugs.php.net/fix.php?id=49922&r=trysnapshot60
Fixed in SVN:
http://bugs.php.net/fix.php?id=49922&r=fixed
Fixed in SVN and need be documented:
http://bugs.php.net/fix.php?id=49922&r=needdocs
Fixed in release:
http://bugs.php.net/fix.php?id=49922&r=alreadyfixed
Need backtrace:
http://bugs.php.net/fix.php?id=49922&r=needtrace
Need Reproduce Script:
http://bugs.php.net/fix.php?id=49922&r=needscript
Try newer version:
http://bugs.php.net/fix.php?id=49922&r=oldversion
Not developer issue:
http://bugs.php.net/fix.php?id=49922&r=support
Expected behavior:
http://bugs.php.net/fix.php?id=49922&r=notwrong
Not enough info:
http://bugs.php.net/fix.php?id=49922&r=notenoughinfo
Submitted twice:
http://bugs.php.net/fix.php?id=49922&r=submittedtwice
register_globals:
http://bugs.php.net/fix.php?id=49922&r=globals
PHP 4 support discontinued: http://bugs.php.net/fix.php?id=49922&r=php4
Daylight Savings: http://bugs.php.net/fix.php?id=49922&r=dst
IIS Stability:
http://bugs.php.net/fix.php?id=49922&r=isapi
Install GNU Sed:
http://bugs.php.net/fix.php?id=49922&r=gnused
Floating point limitations:
http://bugs.php.net/fix.php?id=49922&r=float
No Zend Extensions:
http://bugs.php.net/fix.php?id=49922&r=nozend
MySQL Configuration Error:
http://bugs.php.net/fix.php?id=49922&r=mysqlcfg
