Bug #50519 [Com]: segfault in garbage collection when using set_error_handler and DomDocument

ni...@php.net Fri, 05 Oct 2012 02:24:05 -0700

Edit report at https://bugs.php.net/bug.php?id=50519&edit=1


 ID:                 50519
 Comment by:         ni...@php.net
 Reported by:        robin dot kunde at gmail dot com
 Summary:            segfault in garbage collection when using
                     set_error_handler and DomDocument
 Status:             Closed
 Type:               Bug
 Package:            Reproducible crash
 Operating System:   *
 PHP Version:        5.3, 6
 Assigned To:        dmitry
 Block user comment: N
 Private report:     N

 New Comment:

@mplomer at gmx dot de:

Your issue probably isn't related to this one, could you maybe open a new bug? 
It would also be nice if you could attach a short reproduce script, otherwise 
it's very hard to guess what is going on ;)


Previous Comments:
------------------------------------------------------------------------
[2012-10-05 09:06:05] mplomer at gmx dot de

Hi ... we currently reproduced the segfault in the same line (zend_gc.c - "pz = 
*(zval**)p->pData;":

- PHP 5.4.7
- Very long running and memory intensive command line script
- Always reproducable


GDB-Backtrace:

Program terminated with signal 11, Segmentation fault.
#0  0x00000000006e7576 in zval_mark_grey (pz=0x2c36d00) at 
/usr/src/php5.4/source/php5-5.4.7/Zend/zend_gc.c:425
425                             pz = *(zval**)p->pData;

(gdb) bt
#0  0x00000000006e7576 in zval_mark_grey (pz=0x2c36d00) at 
/usr/src/php5.4/source/php5-5.4.7/Zend/zend_gc.c:425
#1  0x00000000006e84ce in gc_collect_cycles () at 
/usr/src/php5.4/source/php5-5.4.7/Zend/zend_gc.c:471
#2  0x00000000006e8864 in gc_zval_possible_root (zv=0x2c36d00) at 
/usr/src/php5.4/source/php5-5.4.7/Zend/zend_gc.c:166
#3  0x00000000006d5dbb in zend_hash_destroy (ht=0x1811dcb8) at 
/usr/src/php5.4/source/php5-5.4.7/Zend/zend_hash.c:560
#4  0x00000000006c8179 in _zval_dtor_func (zvalue=0x189270f0) at 
/usr/src/php5.4/source/php5-5.4.7/Zend/zend_variables.c:43
#5  0x00000000006bb29d in _zval_ptr_dtor (zval_ptr=0x2ac8cc0) at 
/usr/src/php5.4/source/php5-5.4.7/Zend/zend_variables.h:35
#6  0x00000000006d7f28 in _zend_hash_add_or_update (ht=0x7f27eb1873b0, 
arKey=0x18cb3870 "instruments", nKeyLength=12, pData=0x1,
    nDataSize=415173616, pDest=0x0, flag=6061480) at 
/usr/src/php5.4/source/php5-5.4.7/Zend/zend_hash.c:234
#7  0x00000000005c7da8 in T.292 (ht=0x2c36d00, arKey=0x7fff0da8a360 
"\370\025\016\353'\177", nKeyLength=2, pData=0x7f27eb1a1200)
    at /usr/src/php5.4/source/php5-5.4.7/Zend/zend_hash.h:351
#8  0x00000000005ccd66 in spl_array_write_dimension_ex 
(check_inherited=415524600, object=0x18c466f8, offset=0x18bf5238, 
value=0x6a624f7961727241)
    at /usr/src/php5.4/source/php5-5.4.7/ext/spl/spl_array.c:461
#9  0x00000000005cd3b6 in zim_spl_Array_offsetSet (ht=46361856, 
return_value=0x7fff0da8a360, return_value_ptr=0x2, this_ptr=0x7f27eb1874f0,
    return_value_used=415173616) at 
/usr/src/php5.4/source/php5-5.4.7/ext/spl/spl_array.c:713
#10 0x00007f280964206b in xdebug_execute_internal () from 
/usr/lib/php5/20100525/xdebug.so
#11 0x0000000000745806 in zend_do_fcall_common_helper_SPEC 
(execute_data=0x7f280da03108)
    at /usr/src/php5.4/source/php5-5.4.7/Zend/zend_vm_execute.h:644
#12 0x0000000000732978 in execute (op_array=0x7f27eb19e648) at 
/usr/src/php5.4/source/php5-5.4.7/Zend/zend_vm_execute.h:410
#13 0x00007f2809642509 in xdebug_execute () from 
/usr/lib/php5/20100525/xdebug.so
#14 0x0000000000745b03 in zend_do_fcall_common_helper_SPEC 
(execute_data=0x7f280da01e40)
    at /usr/src/php5.4/source/php5-5.4.7/Zend/zend_vm_execute.h:669
#15 0x0000000000732978 in execute (op_array=0x33d0240) at 
/usr/src/php5.4/source/php5-5.4.7/Zend/zend_vm_execute.h:410
...

------------------------------------------------------------------------
[2010-02-03 18:07:26] s...@php.net

Automatic comment from SVN on behalf of pajoye
Revision: http://svn.php.net/viewvc/?view=revision&revision=294427
Log: - Fixed bug #50519 (segfault in garbage collection when using 
set_error_handler an..

------------------------------------------------------------------------
[2010-01-25 16:46:55] s...@php.net

Automatic comment from SVN on behalf of johannes
Revision: http://svn.php.net/viewvc/?view=revision&revision=294000
Log: merge -r292624: Fixed bug #50519 (segfault in garbage collection when using
set_error_handler and DomDocument (dmitry)

------------------------------------------------------------------------
[2010-01-11 10:07:52] dmi...@php.net

This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.



------------------------------------------------------------------------
[2010-01-11 10:07:10] s...@php.net

Automatic comment from SVN on behalf of dmitry
Revision: http://svn.php.net/viewvc/?view=revision&revision=293400
Log: Fixed bug #50519 (segfault in garbage collection when using 
set_error_handler and DomDocument)

------------------------------------------------------------------------


The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at

    https://bugs.php.net/bug.php?id=50519


-- 
Edit this bug report at https://bugs.php.net/bug.php?id=50519&edit=1

Bug #50519 [Com]: segfault in garbage collection when using set_error_handler and DomDocument

Reply via email to