ID: 50145 Updated by: srina...@php.net Reported By: srina...@php.net Status: Open Bug Type: Reproducible crash Operating System: solaris, linux PHP Version: 5.3.1RC3 New Comment:
af course, this issue is not reproduced when used with USE_ZEND_ALLOC=0. this can be a temporary work around until this issue is further investigated. Previous Comments: ------------------------------------------------------------------------ [2009-11-11 08:26:55] srina...@php.net Description: ------------ with recent php 5.3.1 RC3, i noticed a crash when compiled with mbstring and zend-multibyte and running the bug35634.phpt script found under Zend/tests Reproduce code: --------------- './configure' \ '--enable-cli' \ '--enable-mbstring' \ '--enable-zend-multibyte' while running the test script Zend/tests/bug35634.phpt <?php if (defined("pass3")) { class ErrorClass { } } else if (defined("pass2")) { class TestClass { function __construct() { } function TestClass() { $this->__construct(); } } } else { function errorHandler($errorNumber, $errorMessage, $fileName, $lineNumber) { define("pass3", 1); include(__FILE__); die("Error: $errorMessage ($fileName:$lineNumber)\n"); } set_error_handler('errorHandler'); define("pass2", 1); include(__FILE__); } ?> Expected result: ---------------- Error: Redefining already defined constructor for class TestClass (/tmp/c.php:12) Actual result: -------------- here is the stack trace of this crash.. @1 (l...@1) program terminated by signal SEGV (no mapping at the fault address) Current function is _zend_mm_alloc_int 1892 ZEND_MM_CHECK_BLOCK_LINKAGE(best_fit); (dbx 1) where current thread: t...@1 =>[1] _zend_mm_alloc_int(heap = 0x8b7f2f0, size = 496U), line 1892 in "zend_alloc.c" [2] _emalloc(size = 496U), line 2295 in "zend_alloc.c" [3] open_file_for_scanning(file_handle = 0x80454f8), line 272 in "zend_language_scanner.l" [4] compile_file(file_handle = 0x80454f8, type = 2), line 331 in "zend_language_scanner.l" [5] phar_compile_file(file_handle = 0x80454f8, type = 2), line 3390 in "phar.c" [6] compile_filename(type = 2, filename = 0x8b910b8), line 386 in "zend_language_scanner.l" [7] ZEND_INCLUDE_OR_EVAL_SPEC_CONST_HANDLER(execute_data = 0x8cd6560), line 1915 in "zend_vm_execute.h" [8] execute(op_array = 0x8cd4438), line 104 in "zend_vm_execute.h" [9] zend_call_function(fci = 0x80456a8, fci_cache = 0x8045608), line 942 in "zend_execute_API.c" [10] call_user_function_ex(function_table = 0x8bbf5a0, object_pp = (nil), function_name = 0x8b8db78, retval_ptr_ptr = 0x804572c, param_count = 5U, params = 0x8b906d0, no_separation = 1, symbol_table = (nil)), line 734 in "zend_execute_API.c" [11] zend_error(type = 2048, format = 0x8b145e8 "Redefining already defined constructor for class %s", ... = 0x8b8e730, ...), line 1101 in "zend.c" [12] zend_do_begin_function_declaration(function_token = 0x8045b00, function_name = 0x8045b28, is_method = 1, return_reference = 0, fn_flags_znode = 0x8045aec), line 1289 in "zend_compile.c" [13] zendparse(), line 4082 in "zend_language_parser.c" [14] compile_file(file_handle = 0x8046da8, type = 2), line 343 in "zend_language_scanner.l" [15] phar_compile_file(file_handle = 0x8046da8, type = 2), line 3390 in "phar.c" [16] compile_filename(type = 2, filename = 0x8b8e4b4), line 386 in "zend_language_scanner.l" [17] ZEND_INCLUDE_OR_EVAL_SPEC_CONST_HANDLER(execute_data = 0x8cd6440), line 1915 in "zend_vm_execute.h" [18] execute(op_array = 0x8b8d970), line 104 in "zend_vm_execute.h" [19] zend_execute_scripts(type = 8, retval = (nil), file_count = 3, ... = (nil), ...), line 1194 in "zend.c" [20] php_execute_script(primary_file = 0x8047850), line 2225 in "main.c" [21] main(argc = 2, argv = 0x80478c4), line 1190 in "php_cli.c" and here looks like best_fit seems to have been corrupted.. (dbx 2) p *best_fit dbx: cannot access address 0x66690a70 (dbx 3) p *heap *heap = { use_zend_alloc = 1 _malloc = (nil) _free = (nil) _realloc = (nil) free_bitmap = 1073741824U large_free_bitmap = 133376U block_size = 262144U compact_size = 2097152U segments_list = 0x8cd6410 storage = 0x8b7eef0 real_size = 524288U real_peak = 524288U limit = 134217728U size = 341616U peak = 342120U reserve_size = 8192U reserve = 0x8b7f560 overflow = 0 internal = 0 cached = 456U cache = (0x8b90590, 0x8b90700, 0x8b90718, 0x8b90558, 0x8b90918, (nil), (nil), (nil), (nil), (nil), 0x8b8faa0, (nil), (nil), (nil), (nil), 0x8b8c1e8, (nil), (nil), (nil), (nil), (nil), (nil), (nil), (nil), (nil), (nil), (nil), (nil), (nil), (nil), (nil), (nil)) free_buckets = (0x8b7f3b8, 0x8b7f3b8, 0x8b7f3c0, 0x8b7f3c0, 0x8b7f3c8, 0x8b7f3c8, 0x8b7f3d0, 0x8b7f3d0, 0x8b7f3d8, 0x8b7f3d8, 0x8b7f3e0, 0x8b7f3e0, 0x8b7f3e8, 0x8b7f3e8, 0x8b7f3f0, 0x8b7f3f0, 0x8b7f3f8, 0x8b7f3f8, 0x8b7f400, 0x8b7f400, 0x8b7f408, 0x8b7f408, 0x8b7f410, 0x8b7f410, 0x8b7f418, 0x8b7f418, 0x8b7f420, 0x8b7f420, 0x8b7f428, 0x8b7f428, 0x8b7f430, 0x8b7f430, 0x8b7f438, 0x8b7f438, 0x8b7f440, 0x8b7f440, 0x8b7f448, 0x8b7f448, 0x8b7f450, 0x8b7f450, 0x8b7f458, 0x8b7f458, 0x8b7f460, 0x8b7f460, 0x8b7f468, 0x8b7f468, 0x8b7f470, 0x8b7f470, 0x8b7f478, 0x8b7f478, 0x8b7f480, 0x8b7f480, 0x8b7f488, 0x8b7f488, 0x8b7f490, 0x8b7f490, 0x8b7f498, 0x8b7f498, 0x8b7f4a0, 0x8b7f4a0, 0x8b90b20, 0x8b90b20, 0x8b7f4b0, 0x8b7f4b0) large_free_buckets = ((nil), (nil), (nil), (nil), (nil), (nil), (nil), (nil), 0x8b8fef8, (nil), (nil), 0x8b8e7a8, (nil), (nil), (nil), (nil), (nil), 0x8b93a00, (nil), (nil), (nil), (nil), (nil), (nil), (nil), (nil), (nil), (nil), (nil), (nil), (nil), (nil)) rest_buckets = (0x8b7f538, 0x8b7f538) } ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=50145&edit=1