From: Operating system: Linux PHP version: 5.3.2 Package: Reproducible crash Bug Type: Bug Bug description:segmentation fault at the "engine shutdown"
Description: ------------ I have a repeatable crash in a project consisting from Zend Framework 1.10.2, Doctrine 1.2.1, and Dwoo 1.1.1. Unfortunately I'm unable to strip it down to a small enough test case. But the bug is very specific. ./configure '--enable-fpm' '--with-openssl' '--with-zlib' '--enable-bcmath' '--with-bz2' '--enable-calendar' '--with-curl' '--enable-exif' '--enable-ftp' '--with-gd' '--with-imap' '--with-imap-ssl' '--enable-mbstring' '--with-mcrypt' '--enable-pcntl' '--with-pdo-mysql' '--with-pdo-pgsql' '--with-pgsql' '--with-readline' '--with-mysql' '--enable-soap' '--enable-sockets' '--enable-sqlite-utf8' '--enable-sysvmsg' '--enable-sysvsem' '--enable-sysvshm' '--with-tidy' '--enable-wddx' '--with-xmlrpc' '--with-xsl' '--enable-zip' '--with-kerberos' '--with-mysqli' '--with-config-file-path=/usr/local/etc' '--with-config-file-scan-dir=/usr/local/etc/php.d' '--with-pear' '--with-jpeg-dir=/usr/lib' --with-freetype-dir=/usr/lib r...@mvubdevel:/usr/local/etc# diff php.ini php.ini-production 25c25 < ; they might mean something in the future. --- > ; they might mean something in the future. 201c201 < user_ini.filename = --- > ;user_ini.filename = 414c414 < realpath_cache_size = 16k --- > ;realpath_cache_size = 16k 420c420 < realpath_cache_ttl = 120 --- > ;realpath_cache_ttl = 120 444c444 < ; long running scripts. --- > ; long running scripts. 514c514 < error_reporting = E_ALL | E_STRICT --- > error_reporting = E_ALL & ~E_DEPRECATED 524,525c524,525 < ; Off = Do not display any errors < ; stderr = Display errors to STDERR (affects only CGI/CLI binaries!) --- > ; Off = Do not display any errors > ; stderr = Display errors to STDERR (affects only CGI/CLI binaries!) 531c531 < display_errors = On --- > display_errors = Off 542c542 < display_startup_errors = On --- > display_startup_errors = Off 586c586 < track_errors = On --- > track_errors = Off 604c604 < html_errors = On --- > html_errors = Off 636c636 < error_log = /var/log/php_errors.log --- > ;error_log = php_errors.log 644,645d643 < ; Note - track_vars is ALWAYS enabled < 677c675 < ; Leaving this value empty will cause PHP to use the value set in the --- > ; Leaving this value empty will cause PHP to use the value set in the 688,690c686 < ; with user data. This makes most sense when coupled with track_vars - in which < ; case you can access all of the GPC variables through the $HTTP_*_VARS[], < ; variables. --- > ; with user data. 811c807 < extension_dir = "/usr/local/lib/php/extensions/" --- > ; extension_dir = "./" 883c879,882 < upload_max_filesize = 6M --- > upload_max_filesize = 2M > > ; Maximum number of files that can be uploaded via a single request > max_file_uploads = 20 947c946 < ; --- > ; 997c996 < date.timezone = Europe/Ljubljana --- > ;date.timezone = 1019,1021c1018,1020 < iconv.input_encoding = UTF-8 < iconv.internal_encoding = UTF-8 < iconv.output_encoding = UTP-8 --- > ;iconv.input_encoding = ISO-8859-1 > ;iconv.internal_encoding = ISO-8859-1 > ;iconv.output_encoding = ISO-8859-1 1024c1023,1027 < ;intl.default_locale = --- > ;intl.default_locale = > ; This directive allows you to produce PHP errors when some error > ; happens within intl functions. The value is the level of the error produced. > ; Default is 0, which does not produce any errors. > ;intl.error_level = E_WARNING 1038,1040c1041,1043 < ;PCRE library recursion limit. < ;Please note that if you set this value to a high number you may consume all < ;the available process stack and eventually crash PHP (due to reaching the --- > ;PCRE library recursion limit. > ;Please note that if you set this value to a high number you may consume all > ;the available process stack and eventually crash PHP (due to reaching the 1064c1067 < phar.readonly = On --- > ;phar.readonly = On 1102c1105 < mail.log = /var/log/php-mail.log --- > ;mail.log = 1118c1121 < ; Controls the ODBC cursor model. --- > ; Controls the ODBC cursor model. 1245a1249,1256 > ; Allow accessing, from PHP's perspective, local files with LOAD DATA statements > ; http://php.net/mysqli.allow_local_infile > ;mysqli.allow_local_infile = On > > ; Allow or prevent persistent links. > ; http://php.net/mysqli.allow-persistent > mysqli.allow_persistent = On > 1294c1305 < mysqlnd.collect_memory_statistics = On --- > mysqlnd.collect_memory_statistics = Off 1504c1515 < session.cookie_httponly = --- > session.cookie_httponly = 1523c1534 < ; session initialization. The probability is calculated by using the following equation: --- > ; session initialization. The probability is calculated by using the following equation: 1572c1583 < session.bug_compat_warn = ffn --- > session.bug_compat_warn = Off 1614c1625 < ; Possible Values --- > ; Possible Values 1616a1628,1630 > ; This option may also be set to the name of any hash function supported by > ; the hash extension. A list of available hashes is returned by the hash_alogs() > ; function. 1690c1704 < ; Specify client character set. --- > ; Specify client character set. 1751c1765 < mbstring.internal_encoding = UTF-8 --- > ;mbstring.internal_encoding = EUC-JP 1854c1868 < ; (time to live) Sets the number of second while cached file will be used --- > ; (time to live) Sets the number of second while cached file will be used Test script: --------------- this snippet is from my model, getDbTable returns a class extending Doctrine_Table $ret = new stdClass(); $ret->aliases = $this->getDbTable()->findByUser($id); if ((false !== $ret->aliases) && count($ret->aliases) > 0) { //this is the line that gets executed, but there is no difference even if put $ret->user = $ret->aliases[0]->User; } else { $ret->user = $this->getDbTable('App_Data_User')->findOneByid_user($id); } return $ret; I thought that the cyclic reference is the culprit but there is no difference even if i put the else part up. I assign most of the data directly to zend view and use some of it to format some strings. Here comes the offending view script: {$user->local_pa...@{$domain} {$alias_form|safe} upper script is "compiled" by dwoo into the following php code <?php /* template head */ /* end template head */ ob_start(); /* template body */ ; echo (is_string($tmp=$this->readVarInto(array ( 1 => array ( 0 => '->', ), 2 => array ( 0 => 'local_part', ), 3 => array ( 0 => '', 1 => '', ),), $this->scope["user"], false)) ? htmlspecialchars($tmp, ENT_QUOTES, $this->charset) : $tmp);?>@<?php echo (is_string($tmp=$this->scope["domain"]) ? htmlspecialchars($tmp, ENT_QUOTES, $this->charset) : $tmp);?> <?php echo (isset($this->scope["alias_form"]) ? $this->scope["alias_form"] : null);?> <?php /* end template body */ return $this->buffer . ob_get_clean(); ?> now the interesting part. I can do one of the following. remove {$domain}, remove |safe from {$alias_form|safe} or add additional {$user} at the beginning of the script and the crash is gone. The real question here is what I can do to help you debug this? Expected result: ---------------- no segmentation fault Actual result: -------------- (gdb) continue Continuing. Program received signal SIGSEGV, Segmentation fault. _zend_mm_free_int (heap=0x8d5d1c8, p=0x8f0b7d4) at /projects/php53/php-5.3.2/Zend/zend_alloc.c:2018 2018 /projects/php53/php-5.3.2/Zend/zend_alloc.c: No such file or directory. in /projects/php53/php-5.3.2/Zend/zend_alloc.c (gdb) where #0 _zend_mm_free_int (heap=0x8d5d1c8, p=0x8f0b7d4) at /projects/php53/php-5.3.2/Zend/zend_alloc.c:2018 #1 0x08412dc8 in zend_hash_destroy (ht=0x99e2c64) at /projects/php53/php-5.3.2/Zend/zend_hash.c:526 #2 0x084248f3 in zend_object_std_dtor (object=0x99edab4) at /projects/php53/php-5.3.2/Zend/zend_objects.c:45 #3 0x08424922 in zend_objects_free_object_storage (object=0x99edab4) at /projects/php53/php-5.3.2/Zend/zend_objects.c:114 #4 0x08427f2c in zend_objects_store_del_ref_by_handle_ex (handle=123, handlers=0x88f4a40) at /projects/php53/php-5.3.2/Zend/zend_objects_API.c:220 #5 0x08427f5f in zend_objects_store_del_ref (zobject=0x99d958c) at /projects/php53/php-5.3.2/Zend/zend_objects_API.c:172 #6 0x083fc80f in _zval_dtor (zval_ptr=0x9a03dd8) at /projects/php53/php-5.3.2/Zend/zend_variables.h:35 #7 _zval_ptr_dtor (zval_ptr=0x9a03dd8) at /projects/php53/php-5.3.2/Zend/zend_execute_API.c:439 #8 0x08412dc8 in zend_hash_destroy (ht=0x99f54f4) at /projects/php53/php-5.3.2/Zend/zend_hash.c:526 #9 0x08407275 in _zval_dtor_func (zvalue=0x99f49b8) at /projects/php53/php-5.3.2/Zend/zend_variables.c:43 #10 0x083fc80f in _zval_dtor (zval_ptr=0x9887154) at /projects/php53/php-5.3.2/Zend/zend_variables.h:35 ---Type <return> to continue, or q <return> to quit--- #11 _zval_ptr_dtor (zval_ptr=0x9887154) at /projects/php53/php-5.3.2/Zend/zend_execute_API.c:439 #12 0x08412dc8 in zend_hash_destroy (ht=0x984543c) at /projects/php53/php-5.3.2/Zend/zend_hash.c:526 #13 0x084248f3 in zend_object_std_dtor (object=0x9966d98) at /projects/php53/php-5.3.2/Zend/zend_objects.c:45 #14 0x08424922 in zend_objects_free_object_storage (object=0x9966d98) at /projects/php53/php-5.3.2/Zend/zend_objects.c:114 #15 0x08427f2c in zend_objects_store_del_ref_by_handle_ex (handle=111, handlers=0x88f4a40) at /projects/php53/php-5.3.2/Zend/zend_objects_API.c:220 #16 0x08427f5f in zend_objects_store_del_ref (zobject=0x980877c) at /projects/php53/php-5.3.2/Zend/zend_objects_API.c:172 #17 0x083fc80f in _zval_dtor (zval_ptr=0x9a0ccd0) at /projects/php53/php-5.3.2/Zend/zend_variables.h:35 #18 _zval_ptr_dtor (zval_ptr=0x9a0ccd0) at /projects/php53/php-5.3.2/Zend/zend_execute_API.c:439 #19 0x08412dc8 in zend_hash_destroy (ht=0x9488590) at /projects/php53/php-5.3.2/Zend/zend_hash.c:526 #20 0x08407275 in _zval_dtor_func (zvalue=0x9439ac4) at /projects/php53/php-5.3.2/Zend/zend_variables.c:43 #21 0x083fc80f in _zval_dtor (zval_ptr=0x94933b0) at /projects/php53/php-5.3.2/Zend/zend_variables.h:35 ---Type <return> to continue, or q <return> to quit--- #22 _zval_ptr_dtor (zval_ptr=0x94933b0) at /projects/php53/php-5.3.2/Zend/zend_execute_API.c:439 #23 0x08412dc8 in zend_hash_destroy (ht=0x9461440) at /projects/php53/php-5.3.2/Zend/zend_hash.c:526 #24 0x084248f3 in zend_object_std_dtor (object=0x948a64c) at /projects/php53/php-5.3.2/Zend/zend_objects.c:45 #25 0x08424922 in zend_objects_free_object_storage (object=0x948a64c) at /projects/php53/php-5.3.2/Zend/zend_objects.c:114 #26 0x08427f2c in zend_objects_store_del_ref_by_handle_ex (handle=63, handlers=0x88f4a40) at /projects/php53/php-5.3.2/Zend/zend_objects_API.c:220 #27 0x08427f5f in zend_objects_store_del_ref (zobject=0x93fb604) at /projects/php53/php-5.3.2/Zend/zend_objects_API.c:172 #28 0x083fc80f in _zval_dtor (zval_ptr=0x9060248) at /projects/php53/php-5.3.2/Zend/zend_variables.h:35 #29 _zval_ptr_dtor (zval_ptr=0x9060248) at /projects/php53/php-5.3.2/Zend/zend_execute_API.c:439 #30 0x08412dc8 in zend_hash_destroy (ht=0x90a1cd4) at /projects/php53/php-5.3.2/Zend/zend_hash.c:526 #31 0x084248f3 in zend_object_std_dtor (object=0x905b748) at /projects/php53/php-5.3.2/Zend/zend_objects.c:45 #32 0x08424922 in zend_objects_free_object_storage (object=0x905b748) at /projects/php53/php-5.3.2/Zend/zend_objects.c:114 ---Type <return> to continue, or q <return> to quit--- #33 0x08427a7e in zend_objects_store_free_object_storage (objects=0x8911f50) at /projects/php53/php-5.3.2/Zend/zend_objects_API.c:92 #34 0x083fe755 in shutdown_executor () at /projects/php53/php-5.3.2/Zend/zend_execute_API.c:302 #35 0x08407d83 in zend_deactivate () at /projects/php53/php-5.3.2/Zend/zend.c:890 #36 0x083b6b13 in php_request_shutdown (dummy=0x0) at /projects/php53/php-5.3.2/main/main.c:1633 #37 0x0848bc5e in main (argc=3, argv=0xbf8725c4) at /projects/php53/php-5.3.2/sapi/fpm/fpm/fpm_main.c:1864 -- Edit bug report at http://bugs.php.net/bug.php?id=51405&edit=1 -- Try a snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=51405&r=trysnapshot52 Try a snapshot (PHP 5.3): http://bugs.php.net/fix.php?id=51405&r=trysnapshot53 Try a snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=51405&r=trysnapshot60 Fixed in SVN: http://bugs.php.net/fix.php?id=51405&r=fixed Fixed in SVN and need be documented: http://bugs.php.net/fix.php?id=51405&r=needdocs Fixed in release: http://bugs.php.net/fix.php?id=51405&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=51405&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=51405&r=needscript Try newer version: http://bugs.php.net/fix.php?id=51405&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=51405&r=support Expected behavior: http://bugs.php.net/fix.php?id=51405&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=51405&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=51405&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=51405&r=globals PHP 4 support discontinued: http://bugs.php.net/fix.php?id=51405&r=php4 Daylight Savings: http://bugs.php.net/fix.php?id=51405&r=dst IIS Stability: http://bugs.php.net/fix.php?id=51405&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=51405&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=51405&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=51405&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=51405&r=mysqlcfg
