ID: 49098 Updated by: ras...@php.net Reported By: bugs at timj dot co dot uk Status: Open Bug Type: Session related Operating System: Linux PHP Version: 5.2.10 New Comment:
Looks like an ext/mysqli problem, but I looked through the code and I don't see a case where MyG(error_msg) is free'ed without being NULL'ed or immediately re-allocated. It isn't NULL'ed in the RSHUTDOWN, but it is NULL'ed in the RINIT, so there should be no way to get to php_mysqli_set_error() without it being either NULL or correctly allocated. Previous Comments: ------------------------------------------------------------------------ [2009-11-10 23:11:11] t...@php.net ==23150== Invalid free() / delete / delete[] ==23150== at 0x4A0633D: free (vg_replace_malloc.c:323) ==23150== by 0xABA17B9: php_mysqli_set_error (mysqli.c:1004) ==23150== by 0xABA61DD: zif_mysqli_real_connect (mysqli_api.c:1476) ==23150== by 0x656BD2: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:200) ==23150== by 0x652AFB: execute (zend_vm_execute.h:92) ==23150== by 0x656545: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:234) ==23150== by 0x652AFB: execute (zend_vm_execute.h:92) ==23150== by 0x656545: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:234) ==23150== by 0x652AFB: execute (zend_vm_execute.h:92) ==23150== by 0x656545: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:234) ==23150== by 0x652AFB: execute (zend_vm_execute.h:92) ==23150== by 0x656545: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:234) ==23150== Address 0xba0af20 is 0 bytes inside a block of size 1 free'd ==23150== at 0x4A0633D: free (vg_replace_malloc.c:323) ==23150== by 0xABA1348: zm_deactivate_mysqli (mysqli.c:711) ==23150== by 0x63165B: module_registry_cleanup (zend_API.c:1976) ==23150== by 0x63A3B3: zend_hash_reverse_apply (zend_hash.c:755) ==23150== by 0x6301EC: zend_deactivate_modules (zend.c:838) ==23150== by 0x5ED964: php_request_shutdown (main.c:1475) ==23150== by 0x6A065B: main (php_cli.c:1343) ==23150== ==23150== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 6 from 2) ==23150== malloc/free: in use at exit: 753 bytes in 4 blocks. ==23150== malloc/free: 52,204 allocs, 52,201 frees, 11,636,702 bytes allocated. ==23150== For counts of detected errors, rerun with: -v ==23150== searching for pointers to 4 not-freed blocks. ==23150== checked 746,032 bytes. ==23150== ==23150== ==23150== 1 bytes in 1 blocks are definitely lost in loss record 1 of 4 ==23150== at 0x4A0763E: malloc (vg_replace_malloc.c:207) ==23150== by 0x616129: _estrdup (zend_alloc.c:2428) ==23150== by 0xABA17C1: ??? ==23150== by 0xABA61DD: ??? ==23150== by 0x656BD2: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:200) ==23150== by 0x652AFB: execute (zend_vm_execute.h:92) ==23150== by 0x656545: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:234) ==23150== by 0x652AFB: execute (zend_vm_execute.h:92) ==23150== by 0x656545: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:234) ==23150== by 0x652AFB: execute (zend_vm_execute.h:92) ==23150== by 0x656545: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:234) ==23150== by 0x652AFB: execute (zend_vm_execute.h:92) ==23150== ==23150== LEAK SUMMARY: ==23150== definitely lost: 1 bytes in 1 blocks. ==23150== possibly lost: 0 bytes in 0 blocks. ==23150== still reachable: 752 bytes in 3 blocks. ==23150== suppressed: 0 bytes in 0 blocks. ==23150== Reachable blocks (those to which a pointer was found) are not shown. ==23150== To see them, rerun with: --leak-check=full --show-reachable=yes ------------------------------------------------------------------------ [2009-11-09 17:22:26] j...@php.net Try with valgrind: # USE_ZEND_ALLOC=0 valgrind --leak-check=full sapi/cli/php yourscript.php ------------------------------------------------------------------------ [2009-11-08 23:08:37] t...@php.net Compiling with -O0 and *without* --enable-debug gives a backtrace which is almost (not quite) the same: #0 0x00000000006bec94 in _zend_mm_free_int () #1 0x00000000006bfb06 in _efree () #2 0x00000000006546cf in php_version_compare () #3 0x000000000065474f in zif_version_compare () #4 0x000000000070a98a in zend_do_fcall_common_helper_SPEC () #5 0x000000000070e932 in ZEND_DO_FCALL_SPEC_CONST_HANDLER () #6 0x000000000070a480 in execute () #7 0x000000000070ab3b in zend_do_fcall_common_helper_SPEC () #8 0x000000000070b081 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER () #9 0x000000000070a480 in execute () #10 0x000000000070ab3b in zend_do_fcall_common_helper_SPEC () #11 0x000000000070b081 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER () #12 0x000000000070a480 in execute () #13 0x000000000070ab3b in zend_do_fcall_common_helper_SPEC () #14 0x000000000070b081 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER () #15 0x000000000070a480 in execute () #16 0x000000000070ab3b in zend_do_fcall_common_helper_SPEC () #17 0x000000000070b081 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER () #18 0x000000000070a480 in execute () #19 0x00000000006d2340 in zend_call_function () #20 0x00000000006d0651 in call_user_function_ex () #21 0x00000000006d052c in call_user_function () #22 0x00000000005718c9 in ps_call_handler () #23 0x0000000000571d8c in ps_write_user () #24 0x000000000056ab00 in php_session_save_current_state () #25 0x000000000056e184 in php_session_flush () #26 0x0000000000570395 in zm_deactivate_session () #27 0x00000000006e7532 in module_registry_cleanup () #28 0x00000000006ecf0f in zend_hash_reverse_apply () #29 0x00000000006df855 in zend_deactivate_modules () #30 0x0000000000689690 in php_request_shutdown () #31 0x0000000000763bd4 in main () ------------------------------------------------------------------------ [2009-11-08 22:44:30] t...@php.net Recompiled with --enable-debug and -O1, the backtrace is very similar to that reported right at the start of the bug, and not very helpful: #0 0x0000000000600d2d in _zend_mm_free_int () #1 0x0000000000600fc9 in _efree () #2 0x00000000005b651f in php_version_compare () #3 0x00000000005b6596 in zif_version_compare () #4 0x000000000063df7a in zend_do_fcall_common_helper_SPEC () #5 0x000000000063e53f in ZEND_DO_FCALL_SPEC_CONST_HANDLER () #6 0x000000000063a63d in execute () #7 0x000000000063e076 in zend_do_fcall_common_helper_SPEC () #8 0x000000000063e453 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER () #9 0x000000000063a63d in execute () #10 0x000000000063e076 in zend_do_fcall_common_helper_SPEC () #11 0x000000000063e453 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER () #12 0x000000000063a63d in execute () #13 0x000000000063e076 in zend_do_fcall_common_helper_SPEC () #14 0x000000000063e453 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER () #15 0x000000000063a63d in execute () #16 0x000000000063e076 in zend_do_fcall_common_helper_SPEC () #17 0x000000000063e453 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER () #18 0x000000000063a63d in execute () #19 0x000000000060ff69 in zend_call_function () #20 0x000000000061021b in call_user_function_ex () #21 0x00000000006103ef in call_user_function () #22 0x00000000005146ac in ps_call_handler () #23 0x00000000005148f4 in ps_write_user () #24 0x000000000050e381 in php_session_flush () #25 0x000000000050f4f6 in zm_deactivate_session () #26 0x000000000061b4be in module_registry_cleanup () #27 0x0000000000623a51 in zend_hash_reverse_apply () #28 0x000000000061a1ff in zend_deactivate_modules () #29 0x00000000005db184 in php_request_shutdown () #30 0x0000000000683ecc in main () Now, what's really interesting is that with -O0 and the exact same configure options, the segfault doesn't happen. Maybe this helps to pinpoint the cause? ------------------------------------------------------------------------ [2009-11-08 22:43:24] t...@php.net With my original compile as per instructions above (the compiler got -O2 by default): #0 _zend_mm_alloc_int (heap=0x9e32b0, size=12) at /path/to/php5.2-200911070930/Zend/zend_alloc.c:1785 #1 0x000000000048227e in php_pcre_match_impl (pce=<value optimized out>, subject=<value optimized out>, subject_len=<value optimized out>, return_value=<value optimized out>, subpats=0x0, global=0, use_flags=0, flags=<value optimized out>, start_offset=0) at /path/to/php5.2-200911070930/ext/pcre/php_pcre.c:603 #2 0x0000000000482ccd in php_do_pcre_match (ht=2, return_value=0xd584a0, return_value_ptr=<value optimized out>, this_ptr=<value optimized out>, return_value_used=<value optimized out>, global=0) at /path/to/php5.2-200911070930/ext/pcre/php_pcre.c:513 #3 0x0000000000659303 in zend_do_fcall_common_helper_SPEC ( execute_data=0x7fffffffc420) at /path/to/php5.2-200911070930/Zend/zend_vm_execute.h:200 #4 0x000000000065522c in execute (op_array=0xd83190) at /path/to/php5.2-200911070930/Zend/zend_vm_execute.h:92 #5 0x0000000000658c76 in zend_do_fcall_common_helper_SPEC ( execute_data=0x7fffffffc740) at /path/to/php5.2-200911070930/Zend/zend_vm_execute.h:234 #6 0x000000000065522c in execute (op_array=0xd37808) at /path/to/php5.2-200911070930/Zend/zend_vm_execute.h:92 #7 0x0000000000658c76 in zend_do_fcall_common_helper_SPEC ( execute_data=0x7fffffffd660) ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/49098 -- Edit this bug report at http://bugs.php.net/?id=49098&edit=1