ID: 49098
Updated by: j...@php.net
Reported By: bugs at timj dot co dot uk
-Status: Open
+Status: Feedback
Bug Type: Session related
Operating System: Linux
PHP Version: 5.2.10
New Comment:
What's the valgrind output then, same as before?
Previous Comments:
------------------------------------------------------------------------
[2009-11-11 22:48:14] t...@php.net
Reverting the change from r281844 doesn't seem to fix it (tested on
5.3-snap200911111930)
------------------------------------------------------------------------
[2009-11-11 20:41:46] t...@php.net
Yes it still segfaults in the same way in 5.3-snap200911111930.
Essentially the same valgrind output.
Going back to the original issue, it started happening in 5.2.10. A
diff of the "mysqli" directory between 5.2.9 and 5.2.10 shows only one
change: mysqli_api.c in SVN r281844.
------------------------------------------------------------------------
[2009-11-11 08:48:02] j...@php.net
To narrow this down a bit: Does it happen with latest PHP 5.3 snapshot?
------------------------------------------------------------------------
[2009-11-10 23:35:57] ras...@php.net
Looks like an ext/mysqli problem, but I looked through the code and I
don't see a case where MyG(error_msg) is free'ed without being NULL'ed
or immediately re-allocated. It isn't NULL'ed in the RSHUTDOWN, but it
is NULL'ed in the RINIT, so there should be no way to get to
php_mysqli_set_error() without it being either NULL or correctly
allocated.
------------------------------------------------------------------------
[2009-11-10 23:11:11] t...@php.net
==23150== Invalid free() / delete / delete[]
==23150== at 0x4A0633D: free (vg_replace_malloc.c:323)
==23150== by 0xABA17B9: php_mysqli_set_error (mysqli.c:1004)
==23150== by 0xABA61DD: zif_mysqli_real_connect (mysqli_api.c:1476)
==23150== by 0x656BD2: zend_do_fcall_common_helper_SPEC
(zend_vm_execute.h:200)
==23150== by 0x652AFB: execute (zend_vm_execute.h:92)
==23150== by 0x656545: zend_do_fcall_common_helper_SPEC
(zend_vm_execute.h:234)
==23150== by 0x652AFB: execute (zend_vm_execute.h:92)
==23150== by 0x656545: zend_do_fcall_common_helper_SPEC
(zend_vm_execute.h:234)
==23150== by 0x652AFB: execute (zend_vm_execute.h:92)
==23150== by 0x656545: zend_do_fcall_common_helper_SPEC
(zend_vm_execute.h:234)
==23150== by 0x652AFB: execute (zend_vm_execute.h:92)
==23150== by 0x656545: zend_do_fcall_common_helper_SPEC
(zend_vm_execute.h:234)
==23150== Address 0xba0af20 is 0 bytes inside a block of size 1
free'd
==23150== at 0x4A0633D: free (vg_replace_malloc.c:323)
==23150== by 0xABA1348: zm_deactivate_mysqli (mysqli.c:711)
==23150== by 0x63165B: module_registry_cleanup (zend_API.c:1976)
==23150== by 0x63A3B3: zend_hash_reverse_apply (zend_hash.c:755)
==23150== by 0x6301EC: zend_deactivate_modules (zend.c:838)
==23150== by 0x5ED964: php_request_shutdown (main.c:1475)
==23150== by 0x6A065B: main (php_cli.c:1343)
==23150==
==23150== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 6 from
2)
==23150== malloc/free: in use at exit: 753 bytes in 4 blocks.
==23150== malloc/free: 52,204 allocs, 52,201 frees, 11,636,702 bytes
allocated.
==23150== For counts of detected errors, rerun with: -v
==23150== searching for pointers to 4 not-freed blocks.
==23150== checked 746,032 bytes.
==23150==
==23150==
==23150== 1 bytes in 1 blocks are definitely lost in loss record 1 of
4
==23150== at 0x4A0763E: malloc (vg_replace_malloc.c:207)
==23150== by 0x616129: _estrdup (zend_alloc.c:2428)
==23150== by 0xABA17C1: ???
==23150== by 0xABA61DD: ???
==23150== by 0x656BD2: zend_do_fcall_common_helper_SPEC
(zend_vm_execute.h:200)
==23150== by 0x652AFB: execute (zend_vm_execute.h:92)
==23150== by 0x656545: zend_do_fcall_common_helper_SPEC
(zend_vm_execute.h:234)
==23150== by 0x652AFB: execute (zend_vm_execute.h:92)
==23150== by 0x656545: zend_do_fcall_common_helper_SPEC
(zend_vm_execute.h:234)
==23150== by 0x652AFB: execute (zend_vm_execute.h:92)
==23150== by 0x656545: zend_do_fcall_common_helper_SPEC
(zend_vm_execute.h:234)
==23150== by 0x652AFB: execute (zend_vm_execute.h:92)
==23150==
==23150== LEAK SUMMARY:
==23150== definitely lost: 1 bytes in 1 blocks.
==23150== possibly lost: 0 bytes in 0 blocks.
==23150== still reachable: 752 bytes in 3 blocks.
==23150== suppressed: 0 bytes in 0 blocks.
==23150== Reachable blocks (those to which a pointer was found) are not
shown.
==23150== To see them, rerun with: --leak-check=full
--show-reachable=yes
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/49098
--
Edit this bug report at http://bugs.php.net/?id=49098&edit=1
