ID: 49098
Updated by: ras...@php.net
Reported By: bugs at timj dot co dot uk
Status: Open
Bug Type: Session related
Operating System: Linux
PHP Version: 5.2.10
New Comment:
Looks like an ext/mysqli problem, but I looked through the code and I
don't see a case where MyG(error_msg) is free'ed without being NULL'ed
or immediately re-allocated. It isn't NULL'ed in the RSHUTDOWN, but it
is NULL'ed in the RINIT, so there should be no way to get to
php_mysqli_set_error() without it being either NULL or correctly
allocated.
Previous Comments:
------------------------------------------------------------------------
[2009-11-10 23:11:11] t...@php.net
==23150== Invalid free() / delete / delete[]
==23150== at 0x4A0633D: free (vg_replace_malloc.c:323)
==23150== by 0xABA17B9: php_mysqli_set_error (mysqli.c:1004)
==23150== by 0xABA61DD: zif_mysqli_real_connect (mysqli_api.c:1476)
==23150== by 0x656BD2: zend_do_fcall_common_helper_SPEC
(zend_vm_execute.h:200)
==23150== by 0x652AFB: execute (zend_vm_execute.h:92)
==23150== by 0x656545: zend_do_fcall_common_helper_SPEC
(zend_vm_execute.h:234)
==23150== by 0x652AFB: execute (zend_vm_execute.h:92)
==23150== by 0x656545: zend_do_fcall_common_helper_SPEC
(zend_vm_execute.h:234)
==23150== by 0x652AFB: execute (zend_vm_execute.h:92)
==23150== by 0x656545: zend_do_fcall_common_helper_SPEC
(zend_vm_execute.h:234)
==23150== by 0x652AFB: execute (zend_vm_execute.h:92)
==23150== by 0x656545: zend_do_fcall_common_helper_SPEC
(zend_vm_execute.h:234)
==23150== Address 0xba0af20 is 0 bytes inside a block of size 1
free'd
==23150== at 0x4A0633D: free (vg_replace_malloc.c:323)
==23150== by 0xABA1348: zm_deactivate_mysqli (mysqli.c:711)
==23150== by 0x63165B: module_registry_cleanup (zend_API.c:1976)
==23150== by 0x63A3B3: zend_hash_reverse_apply (zend_hash.c:755)
==23150== by 0x6301EC: zend_deactivate_modules (zend.c:838)
==23150== by 0x5ED964: php_request_shutdown (main.c:1475)
==23150== by 0x6A065B: main (php_cli.c:1343)
==23150==
==23150== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 6 from
2)
==23150== malloc/free: in use at exit: 753 bytes in 4 blocks.
==23150== malloc/free: 52,204 allocs, 52,201 frees, 11,636,702 bytes
allocated.
==23150== For counts of detected errors, rerun with: -v
==23150== searching for pointers to 4 not-freed blocks.
==23150== checked 746,032 bytes.
==23150==
==23150==
==23150== 1 bytes in 1 blocks are definitely lost in loss record 1 of
4
==23150== at 0x4A0763E: malloc (vg_replace_malloc.c:207)
==23150== by 0x616129: _estrdup (zend_alloc.c:2428)
==23150== by 0xABA17C1: ???
==23150== by 0xABA61DD: ???
==23150== by 0x656BD2: zend_do_fcall_common_helper_SPEC
(zend_vm_execute.h:200)
==23150== by 0x652AFB: execute (zend_vm_execute.h:92)
==23150== by 0x656545: zend_do_fcall_common_helper_SPEC
(zend_vm_execute.h:234)
==23150== by 0x652AFB: execute (zend_vm_execute.h:92)
==23150== by 0x656545: zend_do_fcall_common_helper_SPEC
(zend_vm_execute.h:234)
==23150== by 0x652AFB: execute (zend_vm_execute.h:92)
==23150== by 0x656545: zend_do_fcall_common_helper_SPEC
(zend_vm_execute.h:234)
==23150== by 0x652AFB: execute (zend_vm_execute.h:92)
==23150==
==23150== LEAK SUMMARY:
==23150== definitely lost: 1 bytes in 1 blocks.
==23150== possibly lost: 0 bytes in 0 blocks.
==23150== still reachable: 752 bytes in 3 blocks.
==23150== suppressed: 0 bytes in 0 blocks.
==23150== Reachable blocks (those to which a pointer was found) are not
shown.
==23150== To see them, rerun with: --leak-check=full
--show-reachable=yes
------------------------------------------------------------------------
[2009-11-09 17:22:26] j...@php.net
Try with valgrind:
# USE_ZEND_ALLOC=0 valgrind --leak-check=full sapi/cli/php
yourscript.php
------------------------------------------------------------------------
[2009-11-08 23:08:37] t...@php.net
Compiling with -O0 and *without* --enable-debug gives a backtrace
which is almost (not quite) the same:
#0 0x00000000006bec94 in _zend_mm_free_int ()
#1 0x00000000006bfb06 in _efree ()
#2 0x00000000006546cf in php_version_compare ()
#3 0x000000000065474f in zif_version_compare ()
#4 0x000000000070a98a in zend_do_fcall_common_helper_SPEC ()
#5 0x000000000070e932 in ZEND_DO_FCALL_SPEC_CONST_HANDLER ()
#6 0x000000000070a480 in execute ()
#7 0x000000000070ab3b in zend_do_fcall_common_helper_SPEC ()
#8 0x000000000070b081 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER ()
#9 0x000000000070a480 in execute ()
#10 0x000000000070ab3b in zend_do_fcall_common_helper_SPEC ()
#11 0x000000000070b081 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER ()
#12 0x000000000070a480 in execute ()
#13 0x000000000070ab3b in zend_do_fcall_common_helper_SPEC ()
#14 0x000000000070b081 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER ()
#15 0x000000000070a480 in execute ()
#16 0x000000000070ab3b in zend_do_fcall_common_helper_SPEC ()
#17 0x000000000070b081 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER ()
#18 0x000000000070a480 in execute ()
#19 0x00000000006d2340 in zend_call_function ()
#20 0x00000000006d0651 in call_user_function_ex ()
#21 0x00000000006d052c in call_user_function ()
#22 0x00000000005718c9 in ps_call_handler ()
#23 0x0000000000571d8c in ps_write_user ()
#24 0x000000000056ab00 in php_session_save_current_state ()
#25 0x000000000056e184 in php_session_flush ()
#26 0x0000000000570395 in zm_deactivate_session ()
#27 0x00000000006e7532 in module_registry_cleanup ()
#28 0x00000000006ecf0f in zend_hash_reverse_apply ()
#29 0x00000000006df855 in zend_deactivate_modules ()
#30 0x0000000000689690 in php_request_shutdown ()
#31 0x0000000000763bd4 in main ()
------------------------------------------------------------------------
[2009-11-08 22:44:30] t...@php.net
Recompiled with --enable-debug and -O1, the backtrace is very similar
to that reported right at the start of the bug, and not very helpful:
#0 0x0000000000600d2d in _zend_mm_free_int ()
#1 0x0000000000600fc9 in _efree ()
#2 0x00000000005b651f in php_version_compare ()
#3 0x00000000005b6596 in zif_version_compare ()
#4 0x000000000063df7a in zend_do_fcall_common_helper_SPEC ()
#5 0x000000000063e53f in ZEND_DO_FCALL_SPEC_CONST_HANDLER ()
#6 0x000000000063a63d in execute ()
#7 0x000000000063e076 in zend_do_fcall_common_helper_SPEC ()
#8 0x000000000063e453 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER ()
#9 0x000000000063a63d in execute ()
#10 0x000000000063e076 in zend_do_fcall_common_helper_SPEC ()
#11 0x000000000063e453 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER ()
#12 0x000000000063a63d in execute ()
#13 0x000000000063e076 in zend_do_fcall_common_helper_SPEC ()
#14 0x000000000063e453 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER ()
#15 0x000000000063a63d in execute ()
#16 0x000000000063e076 in zend_do_fcall_common_helper_SPEC ()
#17 0x000000000063e453 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER ()
#18 0x000000000063a63d in execute ()
#19 0x000000000060ff69 in zend_call_function ()
#20 0x000000000061021b in call_user_function_ex ()
#21 0x00000000006103ef in call_user_function ()
#22 0x00000000005146ac in ps_call_handler ()
#23 0x00000000005148f4 in ps_write_user ()
#24 0x000000000050e381 in php_session_flush ()
#25 0x000000000050f4f6 in zm_deactivate_session ()
#26 0x000000000061b4be in module_registry_cleanup ()
#27 0x0000000000623a51 in zend_hash_reverse_apply ()
#28 0x000000000061a1ff in zend_deactivate_modules ()
#29 0x00000000005db184 in php_request_shutdown ()
#30 0x0000000000683ecc in main ()
Now, what's really interesting is that with -O0 and the exact same
configure options, the segfault doesn't happen. Maybe this helps to
pinpoint the cause?
------------------------------------------------------------------------
[2009-11-08 22:43:24] t...@php.net
With my original compile as per instructions above (the compiler got
-O2 by default):
#0 _zend_mm_alloc_int (heap=0x9e32b0, size=12)
at /path/to/php5.2-200911070930/Zend/zend_alloc.c:1785
#1 0x000000000048227e in php_pcre_match_impl (pce=<value optimized
out>,
subject=<value optimized out>, subject_len=<value optimized out>,
return_value=<value optimized out>, subpats=0x0, global=0,
use_flags=0,
flags=<value optimized out>, start_offset=0)
at /path/to/php5.2-200911070930/ext/pcre/php_pcre.c:603
#2 0x0000000000482ccd in php_do_pcre_match (ht=2,
return_value=0xd584a0,
return_value_ptr=<value optimized out>, this_ptr=<value optimized
out>,
return_value_used=<value optimized out>, global=0)
at /path/to/php5.2-200911070930/ext/pcre/php_pcre.c:513
#3 0x0000000000659303 in zend_do_fcall_common_helper_SPEC (
execute_data=0x7fffffffc420)
at /path/to/php5.2-200911070930/Zend/zend_vm_execute.h:200
#4 0x000000000065522c in execute (op_array=0xd83190)
at /path/to/php5.2-200911070930/Zend/zend_vm_execute.h:92
#5 0x0000000000658c76 in zend_do_fcall_common_helper_SPEC (
execute_data=0x7fffffffc740)
at /path/to/php5.2-200911070930/Zend/zend_vm_execute.h:234
#6 0x000000000065522c in execute (op_array=0xd37808)
at /path/to/php5.2-200911070930/Zend/zend_vm_execute.h:92
#7 0x0000000000658c76 in zend_do_fcall_common_helper_SPEC (
execute_data=0x7fffffffd660)
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/49098
--
Edit this bug report at http://bugs.php.net/?id=49098&edit=1
