Edit report at https://bugs.php.net/bug.php?id=60158&edit=1
ID: 60158
User updated by: michael dot irey at gmail dot com
Reported by: michael dot irey at gmail dot com
Summary: Segmentation fault in zend_variables.c
-Status: Feedback
+Status: Open
Type: Bug
Package: Scripting Engine problem
Operating System: Ubuntu 10.04.3 LTS
PHP Version: 5.3.x
Block user comment: N
Private report: N
New Comment:
I would really like to provide a short example script to reproduce the problem.
However, the problem only seems to pop up on when a large amount of objects are
used, but that is only a guess.
We use ZendFramework 1.11.x. I have re-compiled PHP with --enable-debug and
when
I execute the script that caused the seg fault I get this:
Unknown(0) : Warning - String is not zero-terminated (APPLICATION_PATH??
bZZZZZZZZZZZ?b) (source: /root/downloads/php-5.3.8/Zend/zend_opcode.c:261)
[Mon Oct 31 12:17:52 2011] Script:
'/web/vhosts/imac.michael.dev.bluehawk.evanta.com/website/public/index.php'
---------------------------------------
/root/downloads/php-5.3.8/Zend/zend_opcode.c(261) : Block 0x7f88250c2ab0 status:
/root/downloads/php-5.3.8/Zend/zend_variables.c(36) : Actual location (location
was relayed)
Beginning: OK (allocated on Zend/zend_language_scanner.l:1695, 17 bytes)
Start: OK
End: Overflown (magic=0x0000002B instead of 0x62D3082C)
1 byte(s) overflown
---------------------------------------
[Mon Oct 31 12:17:52 2011] Script:
'/web/vhosts/imac.michael.dev.bluehawk.evanta.com/website/public/index.php'
Zend/zend_language_scanner.l(1695) : Freeing 0x7F88250C2AB0 (17 bytes),
script=/web/vhosts/imac.michael.dev.bluehawk.evanta.com/website/public/index.php
=== Total 1 memory leaks detected ===
Unknown(0) : Warning - String is not zero-terminated (APPLICATION_PATH??
bZZZZZZZZZZZ?b) (source: /root/downloads/php-5.3.8/Zend/zend_opcode.c:261)
[Mon Oct 31 12:18:09 2011] Script:
'/web/vhosts/imac.michael.dev.bluehawk.evanta.com/website/public/index.php'
---------------------------------------
/root/downloads/php-5.3.8/Zend/zend_opcode.c(261) : Block 0x7f88250c2ab0 status:
/root/downloads/php-5.3.8/Zend/zend_variables.c(36) : Actual location (location
was relayed)
Beginning: OK (allocated on Zend/zend_language_scanner.l:1695, 17 bytes)
Start: OK
End: Overflown (magic=0x0000002B instead of 0x62D3082C)
1 byte(s) overflown
---------------------------------------
[Mon Oct 31 12:18:09 2011] Script:
'/web/vhosts/imac.michael.dev.bluehawk.evanta.com/website/public/index.php'
Zend/zend_language_scanner.l(1695) : Freeing 0x7F88250C2AB0 (17 bytes),
script=/web/vhosts/imac.michael.dev.bluehawk.evanta.com/website/public/index.php
=== Total 1 memory leaks detected ===
Is there anything else I can do to help diagnose and resolve this issue?
Previous Comments:
------------------------------------------------------------------------
[2011-10-31 20:13:05] [email protected]
Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves.
A proper reproducing script starts with <?php and ends with ?>,
is max. 10-20 lines long and does not require any external
resources such as databases, etc. If the script requires a
database to demonstrate the issue, please make sure it creates
all necessary tables, stored procedures etc.
Please avoid embedding huge scripts into the report.
------------------------------------------------------------------------
[2011-10-31 19:51:35] michael dot irey at gmail dot com
Changed the package description
------------------------------------------------------------------------
[2011-10-31 18:49:12] michael dot irey at gmail dot com
Updated the summary line to contain zend_variables.c
------------------------------------------------------------------------
[2011-10-31 18:47:39] michael dot irey at gmail dot com
Ok, I have reproduced the bug from a clean PHP build using 5.3.8
Here is the new gdb details:
Program terminated with signal 11, Segmentation fault.
#0 0x00007fabd4b288b6 in _zval_dtor_func (zvalue=0x7fff0a50eb70,
__zend_filename=0x7fabd4ea8558 "/root/downloads/php-
5.3.8/Zend/zend_object_handlers.c", __zend_lineno=441)
at /root/downloads/php-5.3.8/Zend/zend_variables.c:35
35 CHECK_ZVAL_STRING_REL(zvalue);
(gdb) dump_bt executor_globals.current_execute_data
[0xd8959e80] setElement() /web/lib/zend/ZendFramework-1.11.10-
minimal/library/Zend/Form/Decorator/Abstract.php:186
[0xd8959b18] setElement() /web/lib/zend/ZendFramework-1.11.10-
minimal/library/Zend/Form/Element.php:2030
[0xd8959940] render() /web/lib/zend/ZendFramework-1.11.10-
minimal/library/Zend/Form/Element.php:2046
[0x0a50eec0] __toString()
[0xd89580d0] ???
/web/vhosts/imac.michael.dev.bluehawk.evanta.com/website/application/views/scrip
ts/contacts/duplicate.phtml:62
[0xd8957ed0] ??? /web/lib/zend/ZendFramework-1.11.10-
minimal/library/Zend/View.php:108
[0xd8957c88] _run() /web/lib/zend/ZendFramework-1.11.10-
minimal/library/Zend/View/Abstract.php:888
[0xd89579b8] render() /web/lib/zend/ZendFramework-1.11.10-
minimal/library/Zend/Controller/Action/Helper/ViewRenderer.php:900
[0xd89577b0] renderScript() /web/lib/zend/ZendFramework-1.11.10-
minimal/library/Zend/Controller/Action/Helper/ViewRenderer.php:921
[0xd8957670] render() /web/lib/zend/ZendFramework-1.11.10-
minimal/library/Zend/Controller/Action/Helper/ViewRenderer.php:960
[0xd89574a8] postDispatch() /web/lib/zend/ZendFramework-1.11.10-
minimal/library/Zend/Controller/Action/HelperBroker.php:277
[0xd8956e20] notifyPostDispatch() /web/lib/zend/ZendFramework-1.11.10-
minimal/library/Zend/Controller/Action.php:527
[0xd8956008] dispatch() /web/lib/zend/ZendFramework-1.11.10-
minimal/library/Zend/Controller/Dispatcher/Standard.php:295
[0xd89545e0] dispatch() /web/lib/zend/ZendFramework-1.11.10-
minimal/library/Zend/Controller/Front.php:954
[0xd89541e0] dispatch() /web/lib/zend/ZendFramework-1.11.10-
minimal/library/Zend/Application/Bootstrap/Bootstrap.php:97
[0xd89540a0] run() /web/lib/zend/ZendFramework-1.11.10-
minimal/library/Zend/Application.php:366
[0xd8953090] run()
/web/vhosts/imac.michael.dev.bluehawk.evanta.com/website/public/index.php:69
------------------------------------------------------------------------
[2011-10-28 16:14:44] [email protected]
zend_alloc_canary.c is from Suhosin project, not PHP.
So, try reproduce the crash in a clean PHP build.
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
https://bugs.php.net/bug.php?id=60158
--
Edit this bug report at https://bugs.php.net/bug.php?id=60158&edit=1
