#50057 [Com]: crash in _php_pgsql_notice_ptr_dtor -> efree with Horde

proforg at maloletka dot ru Tue, 03 Nov 2009 19:08:23 -0800

 ID:               50057
 Comment by:       proforg at maloletka dot ru
 Reported By:      proforg at maloletka dot ru
 Status:           Feedback
 Bug Type:         PostgreSQL related
 Operating System: Debian Lenny 2.6.26-2-amd64
 PHP Version:      5.2SVN-2009-11-02 (snap)
 New Comment:


Unfortunately, at the moment, I'm not able to figure out exact part of

the code which causes this segfault. Horde code is quite large and not

very clear. I'll try to simplify it as much as posible and send you
test 
case ASAP, but I can't even estimate how much time may it take.
Moreover, this error occures not every request, sometimes only on each

second, or third request. 

Requested valgrind output: http://maloletka.ru/valgrind.out.gz


Previous Comments:
------------------------------------------------------------------------

[2009-11-04 01:42:09] scott...@php.net

Can you provide a reproduce script and also would it be possible to run
what you have through valgrind to get a better memory trace.

------------------------------------------------------------------------

[2009-11-04 00:55:39] proforg at maloletka dot ru

php5.2-200911032130
configure options: --enable-fastcgi --enable-force-cgi-redirect
--with-pgsql --with-pear=/usr/share/php/ --enable-debug  --with-imap
--with-
kerberos --with-imap-ssl --with-gettext

run options: /usr/local/bin/php-cgi -b 127.0.0.1:9919 -c
/etc/php5/fpm/

backtrace:

[New process 4752]
#0  0x00000000006fc288 in zend_mm_check_ptr (heap=0xcd8390, ptr=0x1,
silent=1, __zend_filename=0x830c38 "/usr/local/src/php5.2-
200911032130/ext/pgsql/pgsql.c", 
    __zend_lineno=379, __zend_orig_filename=0x0, __zend_orig_lineno=0)
at /usr/local/src/php5.2-200911032130/Zend/zend_alloc.c:1304
1304            if (p->info._size != ZEND_MM_NEXT_BLOCK(p)->info._prev)
{

(gdb) bt
#0  0x00000000006fc288 in zend_mm_check_ptr (heap=0xcd8390, ptr=0x1,
silent=1, __zend_filename=0x830c38 "/usr/local/src/php5.2-
200911032130/ext/pgsql/pgsql.c", 
    __zend_lineno=379, __zend_orig_filename=0x0, __zend_orig_lineno=0)
at /usr/local/src/php5.2-200911032130/Zend/zend_alloc.c:1304
#1  0x00000000006fdd2e in _zend_mm_free_int (heap=0xcd8390, p=0x1,
__zend_filename=0x830c38 "/usr/local/src/php5.2-
200911032130/ext/pgsql/pgsql.c", __zend_lineno=379, 
    __zend_orig_filename=0x0, __zend_orig_lineno=0) at
/usr/local/src/php5.2-200911032130/Zend/zend_alloc.c:1943
#2  0x00000000006ff2ca in _efree (ptr=0x1, __zend_filename=0x830c38
"/usr/local/src/php5.2-200911032130/ext/pgsql/pgsql.c",
__zend_lineno=379, 
__zend_orig_filename=0x0, 
    __zend_orig_lineno=0) at
/usr/local/src/php5.2-200911032130/Zend/zend_alloc.c:2311
#3  0x000000000056e2f0 in _php_pgsql_notice_ptr_dtor (ptr=0x134b848) at
/usr/local/src/php5.2-200911032130/ext/pgsql/pgsql.c:379
#4  0x000000000072c591 in zend_hash_clean (ht=0xb12388) at
/usr/local/src/php5.2-200911032130/Zend/zend_hash.c:552
#5  0x000000000056eb8e in zm_deactivate_pgsql (type=1,
module_number=14) at
/usr/local/src/php5.2-200911032130/ext/pgsql/pgsql.c:578
#6  0x0000000000726f19 in module_registry_cleanup (module=0xd041d0) at
/usr/local/src/php5.2-200911032130/Zend/zend_API.c:1976
#7  0x000000000072cdf9 in zend_hash_reverse_apply (ht=0xb16760,
apply_func=0x726ede <module_registry_cleanup>) at
/usr/local/src/php5.2-
200911032130/Zend/zend_hash.c:755
#8  0x000000000071e481 in zend_deactivate_modules () at
/usr/local/src/php5.2-200911032130/Zend/zend.c:838
#9  0x00000000006c6258 in php_request_shutdown (dummy=0x0) at
/usr/local/src/php5.2-200911032130/main/main.c:1474
#10 0x00000000007a6ce5 in main (argc=5, argv=0x7fff3f4b5eb8) at
/usr/local/src/php5.2-200911032130/sapi/cgi/cgi_main.c:2057

------------------------------------------------------------------------

[2009-11-03 12:33:45] proforg at maloletka dot ru

Yes, definitely, same result at least with apache2 sapi.
I'll try to have some more tests and backtraces with clear cgi-fcgi
sapi 
later today,

------------------------------------------------------------------------

[2009-11-03 10:45:38] j...@php.net

Can you reproduce this without the 3rd party patches? (no, we do not
support this FPM thing!)

------------------------------------------------------------------------

[2009-11-03 02:22:59] proforg at maloletka dot ru

the same for 5.2.10 and 5.2.11
but 5.2.9 works fine

------------------------------------------------------------------------

The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
    http://bugs.php.net/50057

-- 
Edit this bug report at http://bugs.php.net/?id=50057&edit=1

#50057 [Com]: crash in _php_pgsql_notice_ptr_dtor -> efree with Horde

Reply via email to