ID: 50540 User updated by: sriram dot natarajan at gmail dot com Reported By: sriram dot natarajan at gmail dot com -Status: Feedback +Status: Open Bug Type: LDAP related Operating System: RHEL5.2 PHP Version: 5.2SVN-2009-12-21 (snap) New Comment:
srir...@memcache]'php'>rpm -qa | grep openldap openldap-devel-2.3.27-8.el5_1.3 openldap-2.3.27-8.el5_1.3 openldap-devel-2.3.27-8.el5_1.3 openldap-servers-2.3.27-8.el5_1.3 openldap-2.3.27-8.el5_1.3 [srira...@memcache]'php-5.2.12'> ldap version is the default version that is shipped within RHEL 5.2. Previous Comments: ------------------------------------------------------------------------ [2009-12-21 11:29:52] j...@php.net Exactly what openldap version have you compiled PHP with? ------------------------------------------------------------------------ [2009-12-21 09:33:17] srina...@php.net analyzing the core dump, got some more info.. #0 0x0000003662e0675d in ber_free () from /usr/lib64/liblber-2.3.so.0 #1 0x00000000004e0ba2 in _free_ldap_result_entry (rsrc=0x94873a0) at /export/home/sriramn/php/ext/ldap/ldap.c:223 #2 0x00000000006de62a in list_entry_destructor (ptr=0x94873a0) at /export/home/sriramn/php/Zend/zend_list.c:184 #3 0x00000000006dbe0b in zend_hash_del_key_or_index (ht=0xaa99a8, arKey=0x0, nKeyLength=0, h=7, flag=1) at /export/home/sriramn/php/Zend/zend_hash.c:497 #4 0x00000000006de116 in _zend_list_delete (id=7) at /export/home/sriramn/php/Zend/zend_list.c:58 #5 0x00000000006cd79f in _zval_dtor_func (zvalue=0x94873e0) at /export/home/sriramn/php/Zend/zend_variables.c:59 #6 0x00000000006bf1d8 in _zval_dtor (zvalue=0x94873e0) at /export/home/sriramn/php/Zend/zend_variables.h:35 #7 0x00000000006bf3e0 in _zval_ptr_dtor (zval_ptr=0x9488ac0) at /export/home/sriramn/php/Zend/zend_execute_API.c:414 #8 0x00000000006dc21b in zend_hash_apply_deleter (ht=0xaa98a8, p=0x9488aa8) at /export/home/sriramn/php/Zend/zend_hash.c:611 #9 0x00000000006dc30d in zend_hash_graceful_reverse_destroy (ht=0xaa98a8) at /export/home/sriramn/php/Zend/zend_hash.c:646 #10 0x00000000006beedc in shutdown_executor () at /export/home/sriramn/php/Zend/zend_execute_API.c:239 #11 0x00000000006cee43 in zend_deactivate () at /export/home/sriramn/php/Zend/zend.c:860 #12 0x000000000067c99d in php_request_shutdown (dummy=0x0) at /export/home/sriramn/php/main/main.c:1504 #13 0x000000000074d7ef in main (argc=57, argv=0x7fff248479c8) at /export/home/sriramn/php/sapi/cli/php_cli.c:1346 #1 0x00000000004e0ba2 in _free_ldap_result_entry (rsrc=0x94873a0) at /export/home/sriramn/php/ext/ldap/ldap.c:223 223 ber_free(entry->ber, 0); (gdb) p *entry $10 = {data = 0x94adf20, ber = 0x3d63642c6e69616d, id = 6} (gdb) up #2 0x00000000006de62a in list_entry_destructor (ptr=0x94873a0) at /export/home/sriramn/php/Zend/zend_list.c:184 184 ld->list_dtor_ex(le TSRMLS_CC); (gdb) ptype ld type = struct _zend_rsrc_list_dtors_entry { void (*list_dtor)(void *); void (*plist_dtor)(void *); rsrc_dtor_func_t list_dtor_ex; rsrc_dtor_func_t plist_dtor_ex; char *type_name; int module_number; int resource_id; unsigned char type; } * #1 0x00000000004e0ba2 in _free_ldap_result_entry (rsrc=0x94873a0) at /export/home/sriramn/php/ext/ldap/ldap.c:223 223 ber_free(entry->ber, 0); (gdb) ptype entry type = struct { LDAPMessage *data; BerElement *ber; int id; } * ------------------------------------------------------------------------ [2009-12-21 09:29:22] sriram dot natarajan at gmail dot com Description: ------------ found segmentation fault on free with invalid pointer while running php ldap unit test cases on Redhat enterprise linux 5.2 (64-bit) PASS ldap_next_attribute() - Testing ldap_next_attribute() that should fail [ext/ldap/tests/ldap_next_attribute_error.phpt] PASS ldap_next_entry() - Basic ldap_first_entry test [ext/ldap/tests/ldap_next_entry_basic.phpt] PASS ldap_next_entry() - Testing ldap_next_entry() that should fail [ext/ldap/tests/ldap_next_entry_error.phpt] *** glibc detected *** /export/home/sriramn/php/sapi/cli/php: free(): invalid pointer: 0x00007fffe402f898 *** ======= Backtrace: ========= /lib64/libc.so.6[0x3660e71634] /lib64/libc.so.6(cfree+0x8c)[0x3660e74c5c] /export/home/sriramn/php/sapi/cli/php[0x4e0ba2] /export/home/sriramn/php/sapi/cli/php(list_entry_destructor+0x85)[0x6d e62a] /export/home/sriramn/php/sapi/cli/php(zend_hash_del_key_or_index+0x1fd )[0x6dbe0b] /export/home/sriramn/php/sapi/cli/php(_zend_list_delete+0x57)[0x6de116 ] /export/home/sriramn/php/sapi/cli/php(_zval_dtor_func+0xa3)[0x6cd79f] /export/home/sriramn/php/sapi/cli/php[0x6bf1d8] /export/home/sriramn/php/sapi/cli/php(_zval_ptr_dtor+0x36)[0x6bf3e0] /export/home/sriramn/php/sapi/cli/php[0x6dc21b] /export/home/sriramn/php/sapi/cli/php(zend_hash_graceful_reverse_destr oy+0x27)[0x6dc30d] /export/home/sriramn/php/sapi/cli/php(shutdown_executor+0x4d)[0x6beedc ] /export/home/sriramn/php/sapi/cli/php(zend_deactivate+0x5f)[0x6cee43] /export/home/sriramn/php/sapi/cli/php(php_request_shutdown+0x203)[0x67 c99d] /export/home/sriramn/php/sapi/cli/php(main+0x1742)[0x74d7ef] /lib64/libc.so.6(__libc_start_main+0xf4)[0x3660e1d8b4] /export/home/sriramn/php/sapi/cli/php(realloc+0x409)[0x4467a9] note: i haven't tried this on 32-bit. here, php is compiled in 32-bit. Reproduce code: --------------- - enable ldap server from RHEL 5.2 (64-bit) - enable ldap server to run as root with secret as rootpw - running php ldap unit test case causes segv. Expected result: ---------------- - test pass successfully Actual result: -------------- - segv seen while running ldap_next_entry_*phpt ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=50540&edit=1