#50540 [Fbk->Opn]: Segmentation fault with "free:invalid pointer while running ldap unit tests

Tue, 22 Dec 2009 19:13:18 -0800 

 ID:               50540
 User updated by:  sriram dot natarajan at gmail dot com
 Reported By:      sriram dot natarajan at gmail dot com
-Status:           Feedback
+Status:           Open
 Bug Type:         LDAP related
 Operating System: RHEL5.2
 PHP Version:      5.2SVN-2009-12-21 (snap)
 New Comment:

srir...@memcache]'php'>rpm -qa | grep openldap
openldap-devel-2.3.27-8.el5_1.3
openldap-2.3.27-8.el5_1.3
openldap-devel-2.3.27-8.el5_1.3
openldap-servers-2.3.27-8.el5_1.3
openldap-2.3.27-8.el5_1.3
[srira...@memcache]'php-5.2.12'>

ldap version is the default version that is shipped within RHEL 5.2.


Previous Comments:
------------------------------------------------------------------------

[2009-12-21 11:29:52] j...@php.net

Exactly what openldap version have you compiled PHP with?

------------------------------------------------------------------------

[2009-12-21 09:33:17] srina...@php.net

analyzing the core dump, got some more info..

#0  0x0000003662e0675d in ber_free () from /usr/lib64/liblber-2.3.so.0
#1  0x00000000004e0ba2 in _free_ldap_result_entry (rsrc=0x94873a0) at 
/export/home/sriramn/php/ext/ldap/ldap.c:223
#2  0x00000000006de62a in list_entry_destructor (ptr=0x94873a0) at 
/export/home/sriramn/php/Zend/zend_list.c:184
#3  0x00000000006dbe0b in zend_hash_del_key_or_index (ht=0xaa99a8, 
arKey=0x0, nKeyLength=0, h=7, flag=1)
    at /export/home/sriramn/php/Zend/zend_hash.c:497
#4  0x00000000006de116 in _zend_list_delete (id=7) at 
/export/home/sriramn/php/Zend/zend_list.c:58
#5  0x00000000006cd79f in _zval_dtor_func (zvalue=0x94873e0) at 
/export/home/sriramn/php/Zend/zend_variables.c:59
#6  0x00000000006bf1d8 in _zval_dtor (zvalue=0x94873e0) at 
/export/home/sriramn/php/Zend/zend_variables.h:35
#7  0x00000000006bf3e0 in _zval_ptr_dtor (zval_ptr=0x9488ac0) at 
/export/home/sriramn/php/Zend/zend_execute_API.c:414
#8  0x00000000006dc21b in zend_hash_apply_deleter (ht=0xaa98a8, 
p=0x9488aa8) at /export/home/sriramn/php/Zend/zend_hash.c:611
#9  0x00000000006dc30d in zend_hash_graceful_reverse_destroy 
(ht=0xaa98a8) at /export/home/sriramn/php/Zend/zend_hash.c:646
#10 0x00000000006beedc in shutdown_executor () at 
/export/home/sriramn/php/Zend/zend_execute_API.c:239
#11 0x00000000006cee43 in zend_deactivate () at 
/export/home/sriramn/php/Zend/zend.c:860
#12 0x000000000067c99d in php_request_shutdown (dummy=0x0) at 
/export/home/sriramn/php/main/main.c:1504
#13 0x000000000074d7ef in main (argc=57, argv=0x7fff248479c8) at 
/export/home/sriramn/php/sapi/cli/php_cli.c:1346

#1  0x00000000004e0ba2 in _free_ldap_result_entry (rsrc=0x94873a0) at 
/export/home/sriramn/php/ext/ldap/ldap.c:223
223                     ber_free(entry->ber, 0);
(gdb) p *entry
$10 = {data = 0x94adf20, ber = 0x3d63642c6e69616d, id = 6}
(gdb) up
#2  0x00000000006de62a in list_entry_destructor (ptr=0x94873a0) at 
/export/home/sriramn/php/Zend/zend_list.c:184
184                                             ld->list_dtor_ex(le 
TSRMLS_CC);
(gdb) ptype ld
type = struct _zend_rsrc_list_dtors_entry {
    void (*list_dtor)(void *);
    void (*plist_dtor)(void *);
    rsrc_dtor_func_t list_dtor_ex;
    rsrc_dtor_func_t plist_dtor_ex;
    char *type_name;
    int module_number;
    int resource_id;
    unsigned char type;
} *   
#1  0x00000000004e0ba2 in _free_ldap_result_entry (rsrc=0x94873a0) at 
/export/home/sriramn/php/ext/ldap/ldap.c:223
223                     ber_free(entry->ber, 0);
(gdb) ptype entry
type = struct {
    LDAPMessage *data;
    BerElement *ber;
    int id;
} *   


------------------------------------------------------------------------

[2009-12-21 09:29:22] sriram dot natarajan at gmail dot com

Description:
------------
found segmentation fault on free with invalid pointer while running 
php ldap unit test cases on Redhat enterprise linux 5.2 (64-bit)

PASS ldap_next_attribute() - Testing ldap_next_attribute() that should

fail [ext/ldap/tests/ldap_next_attribute_error.phpt]
PASS ldap_next_entry() - Basic ldap_first_entry test 
[ext/ldap/tests/ldap_next_entry_basic.phpt]
PASS ldap_next_entry() - Testing ldap_next_entry() that should fail 
[ext/ldap/tests/ldap_next_entry_error.phpt]
*** glibc detected *** /export/home/sriramn/php/sapi/cli/php: free(): 
invalid pointer: 0x00007fffe402f898 ***
======= Backtrace: =========
/lib64/libc.so.6[0x3660e71634]
/lib64/libc.so.6(cfree+0x8c)[0x3660e74c5c]
/export/home/sriramn/php/sapi/cli/php[0x4e0ba2]
/export/home/sriramn/php/sapi/cli/php(list_entry_destructor+0x85)[0x6d
e62a]
/export/home/sriramn/php/sapi/cli/php(zend_hash_del_key_or_index+0x1fd
)[0x6dbe0b]
/export/home/sriramn/php/sapi/cli/php(_zend_list_delete+0x57)[0x6de116
]
/export/home/sriramn/php/sapi/cli/php(_zval_dtor_func+0xa3)[0x6cd79f]
/export/home/sriramn/php/sapi/cli/php[0x6bf1d8]
/export/home/sriramn/php/sapi/cli/php(_zval_ptr_dtor+0x36)[0x6bf3e0]
/export/home/sriramn/php/sapi/cli/php[0x6dc21b]
/export/home/sriramn/php/sapi/cli/php(zend_hash_graceful_reverse_destr
oy+0x27)[0x6dc30d]
/export/home/sriramn/php/sapi/cli/php(shutdown_executor+0x4d)[0x6beedc
]
/export/home/sriramn/php/sapi/cli/php(zend_deactivate+0x5f)[0x6cee43]
/export/home/sriramn/php/sapi/cli/php(php_request_shutdown+0x203)[0x67
c99d]
/export/home/sriramn/php/sapi/cli/php(main+0x1742)[0x74d7ef]
/lib64/libc.so.6(__libc_start_main+0xf4)[0x3660e1d8b4]
/export/home/sriramn/php/sapi/cli/php(realloc+0x409)[0x4467a9]

note: i haven't tried this on 32-bit. here, php is compiled in 32-bit.


Reproduce code:
---------------
- enable ldap server from RHEL 5.2 (64-bit)
- enable ldap server to run as root with secret as rootpw
- running php ldap unit test case causes segv.

Expected result:
----------------
- test pass successfully

Actual result:
--------------
- segv seen while running ldap_next_entry_*phpt


------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=50540&edit=1

Reply via email to