Edit report at https://bugs.php.net/bug.php?id=55867&edit=1
ID: 55867 Comment by: vnsavage at gmail dot com Reported by: savetheinternet at omegasdg dot com Summary: segfault while declaring function Status: Open Type: Bug Package: Unknown/Other Function Operating System: Debian 2.6.26-26lenny3 PHP Version: 5.3.8 Block user comment: N Private report: N New Comment: Do you still get this? What is your PHP setup? Configuration parameters and modules? Do you use APC? Previous Comments: ------------------------------------------------------------------------ [2011-10-10 18:16:38] goingbackayear at hotmail dot com I'll tell you what's wrong with the code STI when you ban Lazare and all the other Paulberg spammers. ------------------------------------------------------------------------ [2011-10-08 08:33:35] savetheinternet at omegasdg dot com Well, the file that short extract is from is quite a large file. It is a configuration file for https://github.com/savetheinternet/Tinyboard. Aside from the fhash function, all the file does is modify an associative array which is originally defined elsewhere. --------------- <?php $config['something'] = false; $config['something_else']['foo'] = 'bar'; // [...] if(!function_exists('fhash')) { --------------- As I said, I'm not able to reproduce this bug manually so I'm not sure where exactly it goes wrong, but I don't think anything else in the file is relevant. When it happens, my syslog is filled up with the below, and I am forced to restart fastcgi. > Oct 8 10:32:30 kernel: [9364589.325832] php-cgi[28124]: segfault at 0 ip b6f67d5c sp bf844b6c error 4 in libc-2.7.so[b6ef0000+155000] > Oct 8 10:32:30 kernel: [9364589.330222] php-cgi[28125]: segfault at 0 ip b6f67d5c sp bf844b6c error 4 in libc-2.7.so[b6ef0000+155000] > Oct 8 10:32:30 kernel: [9364589.335009] php-cgi[28126]: segfault at 0 ip b6f67d5c sp bf844b6c error 4 in libc-2.7.so[b6ef0000+155000] > Oct 8 10:32:30 kernel: [9364589.337822] php-cgi[28127]: segfault at 0 ip b6f67d5c sp bf844b6c error 4 in libc-2.7.so[b6ef0000+155000] ------------------------------------------------------------------------ [2011-10-08 06:19:41] paj...@php.net Can you paste the short example please? As in not only the place where it occurs. ------------------------------------------------------------------------ [2011-10-07 17:21:10] savetheinternet at omegasdg dot com Description: ------------ Although I do have a short code sample, I'm not sure where exactly or what conditions causes the segfault; I am unable to reproduce it myself. The backtrace indicates that this is indeed where the bug occurs. The code sample below is an extract from a file that is included various times throughout a much larger application. fhash is not defined anywhere else. Test script: --------------- if(!function_exists('fhash')) { function fhash($file) { system('optipng ' . escapeshellarg(preg_replace('/src\/(\d+)\.(.+)$/', 'thumb/$1.png', $file)) . ' > /dev/null'); return sha1_file($file); } } Expected result: ---------------- To ensure that fhash() is not declared multiple times as this file may be included multiple times. Actual result: -------------- (gdb) bt #0 0xb6f2ed5c in memcpy () from /lib/i686/cmov/libc.so.6 #0 0xb6f2ed5c in memcpy () from /lib/i686/cmov/libc.so.6 #1 0x084e9e17 in _zend_hash_add_or_update (ht=0x9bb7498, arKey=0xb49e3c98 "fhash", nKeyLength=6, pData=0x0, nDataSize=144, pDest=0x0, flag=2, __zend_filename=0x88aa40c "/home/<user>/php-5.3.8/Zend/zend_compile.c", __zend_lineno=2956) at /home/<user>/php-5.3.8/Zend/zend_hash.c:256 #2 0x084c3d48 in do_bind_function (opline=0xb49e88fc, function_table=0x9bb7498, compile_time=0 '\0') at /home/<user>/php-5.3.8/Zend/zend_compile.c:2956 #3 0x0850aa49 in ZEND_DECLARE_FUNCTION_SPEC_HANDLER (execute_data=0x9d79da8) at /home/<user>/php-5.3.8/Zend/zend_vm_execute.h:586 #4 0x08508506 in execute (op_array=0x9d5ceac) at /home/<user>/php- 5.3.8/Zend/zend_vm_execute.h:107 #5 0x084dcf8d in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /home/<user>/php-5.3.8/Zend/zend.c:1236 #6 0x08472037 in php_execute_script (primary_file=0xbfc62428) at /home/<user>/php-5.3.8/main/main.c:2284 #7 0x085a504e in main (argc=3, argv=0xbfc62594) at /home/<user>/php- 5.3.8/sapi/cgi/cgi_main.c:2112 (gdb) print (char *)executor_globals.active_op_array->filename $2 = 0xb49e34d0 "/var/www/inc/instance-config.php" (gdb) frame 4 #4 0x08508506 in execute (op_array=0x9d5ceac) at /home/<user>/php- 5.3.8/Zend/zend_vm_execute.h:107 107 if ((ret = EX(opline)->handler(execute_data TSRMLS_CC)) > 0) { (gdb) frame 2 #2 0x084c3d48 in do_bind_function (opline=0xb49e88fc, function_table=0x9bb7498, compile_time=0 '\0') at /home/<user>/php-5.3.8/Zend/zend_compile.c:2956 2956 if (zend_hash_add(function_table, opline- >op2.u.constant.value.str.val, opline- >op2.u.constant.value.str.len+1, function, sizeof(zend_function), NULL)==FAILURE) { (gdb) print (char*)opline->op2.u.constant.value.str.val $1 = 0xb49e3c98 "fhash" (gdb) frame 1 #1 0x084e9e17 in _zend_hash_add_or_update (ht=0x9bb7498, arKey=0xb49e3c98 "fhash", nKeyLength=6, pData=0x0, nDataSize=144, pDest=0x0, flag=2, __zend_filename=0x88aa40c "/home/<user>/php- 5.3.8/Zend/zend_compile.c", __zend_lineno=2956) at /home/<user>/php-5.3.8/Zend/zend_hash.c:256 256 INIT_DATA(ht, p, pData, nDataSize); ------------------------------------------------------------------------ -- Edit this bug report at https://bugs.php.net/bug.php?id=55867&edit=1
