ID: 49098 Updated by: j...@php.net Reported By: bugs at timj dot co dot uk -Status: Open +Status: Feedback Bug Type: Session related Operating System: Linux PHP Version: 5.2.10 New Comment:
What's the valgrind output then, same as before? Previous Comments: ------------------------------------------------------------------------ [2009-11-11 22:48:14] t...@php.net Reverting the change from r281844 doesn't seem to fix it (tested on 5.3-snap200911111930) ------------------------------------------------------------------------ [2009-11-11 20:41:46] t...@php.net Yes it still segfaults in the same way in 5.3-snap200911111930. Essentially the same valgrind output. Going back to the original issue, it started happening in 5.2.10. A diff of the "mysqli" directory between 5.2.9 and 5.2.10 shows only one change: mysqli_api.c in SVN r281844. ------------------------------------------------------------------------ [2009-11-11 08:48:02] j...@php.net To narrow this down a bit: Does it happen with latest PHP 5.3 snapshot? ------------------------------------------------------------------------ [2009-11-10 23:35:57] ras...@php.net Looks like an ext/mysqli problem, but I looked through the code and I don't see a case where MyG(error_msg) is free'ed without being NULL'ed or immediately re-allocated. It isn't NULL'ed in the RSHUTDOWN, but it is NULL'ed in the RINIT, so there should be no way to get to php_mysqli_set_error() without it being either NULL or correctly allocated. ------------------------------------------------------------------------ [2009-11-10 23:11:11] t...@php.net ==23150== Invalid free() / delete / delete[] ==23150== at 0x4A0633D: free (vg_replace_malloc.c:323) ==23150== by 0xABA17B9: php_mysqli_set_error (mysqli.c:1004) ==23150== by 0xABA61DD: zif_mysqli_real_connect (mysqli_api.c:1476) ==23150== by 0x656BD2: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:200) ==23150== by 0x652AFB: execute (zend_vm_execute.h:92) ==23150== by 0x656545: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:234) ==23150== by 0x652AFB: execute (zend_vm_execute.h:92) ==23150== by 0x656545: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:234) ==23150== by 0x652AFB: execute (zend_vm_execute.h:92) ==23150== by 0x656545: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:234) ==23150== by 0x652AFB: execute (zend_vm_execute.h:92) ==23150== by 0x656545: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:234) ==23150== Address 0xba0af20 is 0 bytes inside a block of size 1 free'd ==23150== at 0x4A0633D: free (vg_replace_malloc.c:323) ==23150== by 0xABA1348: zm_deactivate_mysqli (mysqli.c:711) ==23150== by 0x63165B: module_registry_cleanup (zend_API.c:1976) ==23150== by 0x63A3B3: zend_hash_reverse_apply (zend_hash.c:755) ==23150== by 0x6301EC: zend_deactivate_modules (zend.c:838) ==23150== by 0x5ED964: php_request_shutdown (main.c:1475) ==23150== by 0x6A065B: main (php_cli.c:1343) ==23150== ==23150== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 6 from 2) ==23150== malloc/free: in use at exit: 753 bytes in 4 blocks. ==23150== malloc/free: 52,204 allocs, 52,201 frees, 11,636,702 bytes allocated. ==23150== For counts of detected errors, rerun with: -v ==23150== searching for pointers to 4 not-freed blocks. ==23150== checked 746,032 bytes. ==23150== ==23150== ==23150== 1 bytes in 1 blocks are definitely lost in loss record 1 of 4 ==23150== at 0x4A0763E: malloc (vg_replace_malloc.c:207) ==23150== by 0x616129: _estrdup (zend_alloc.c:2428) ==23150== by 0xABA17C1: ??? ==23150== by 0xABA61DD: ??? ==23150== by 0x656BD2: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:200) ==23150== by 0x652AFB: execute (zend_vm_execute.h:92) ==23150== by 0x656545: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:234) ==23150== by 0x652AFB: execute (zend_vm_execute.h:92) ==23150== by 0x656545: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:234) ==23150== by 0x652AFB: execute (zend_vm_execute.h:92) ==23150== by 0x656545: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:234) ==23150== by 0x652AFB: execute (zend_vm_execute.h:92) ==23150== ==23150== LEAK SUMMARY: ==23150== definitely lost: 1 bytes in 1 blocks. ==23150== possibly lost: 0 bytes in 0 blocks. ==23150== still reachable: 752 bytes in 3 blocks. ==23150== suppressed: 0 bytes in 0 blocks. ==23150== Reachable blocks (those to which a pointer was found) are not shown. ==23150== To see them, rerun with: --leak-check=full --show-reachable=yes ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/49098 -- Edit this bug report at http://bugs.php.net/?id=49098&edit=1