ID: 22510
Updated by: [EMAIL PROTECTED]
Reported By: php at codewhore dot org
Status: Verified
Bug Type: Scripting Engine problem
Operating System: Linux 2.4
PHP Version: 4CVS-2003-03-04 (stable)
New Comment:
(pasted from bug #22996) user supplied comment & backtrace
What I did:
Compiled 4.3.2RC1 on my Sun Ultra10/Sparc64 NetBSD 1.6.
Used:
./configure --enable-debug --with-apxs
--with-session=shared,/usr/pkg/lib/php/20
020429 --with-gettext=shared,/usr/pkg/lib/php/20020429
--with-pcre=shared,/usr/
pkg/lib/php/20020429
Ran make test and one of the tests that failed follows:
Segmentation fault - core dumped
FAIL Bug #22510 (segfault among complex references)
[tests/lang/bug22510.phpt]
So, I ran gdb and the backtrace follows:
gdb
GNU gdb 5.0nb1
Copyright 2000 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and
you
are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for
details.
This GDB was configured as "sparc64--netbsd".
(gdb) file sapi/cli/php
Reading symbols from sapi/cli/php...done.
(gdb) r tests/lang/bug22510.phpt
Starting program: /usr/home/mlm/php-4.3.2RC1/sapi/cli/php
tests/lang/bug22510.ph
pt
--TEST--
Bug #22510 (segfault among complex references)
--FILE--
ok1
bar::run1
foo::method1
foo::method1
foo::finalize
done!
ok2
bar::run2
foo::method2
foo::method2
foo::finalize
done!
ok3
bar::run3
foo::method3
foo::method3
foo::finalize
done!
ouch
bar::run1
foo::method1
foo::method1
foo::finalize
[Mon Mar 31 19:20:58 2003] Script: 'tests/lang/bug22510.phpt'
---------------------------------------
/usr/home/mlm/php-4.3.2RC1/Zend/zend_execute.c(271) : Block 0x00442140
status:
Beginning: Overrun (magic=0x00000000, expected=0x7312F8DC)
Program received signal SIGSEGV, Segmentation fault.
0x40779970 in bcopy () from /usr/lib/libc.so.12
(gdb) bt
#0 0x40779970 in bcopy () from /usr/lib/libc.so.12
#1 0x2a0c60 in _mem_block_check (ptr=0x442180, silent=0,
__zend_filename=0x311e78
"/usr/home/mlm/php-4.3.2RC1/Zend/zend_execute.c",
__zend_lineno=271, __zend_orig_filename=0x0, __zend_orig_lineno=0)
at /usr/home/mlm/php-4.3.2RC1/Zend/zend_alloc.c:649
#2 0x2a0c14 in _mem_block_check (ptr=0x442180, silent=1,
__zend_filename=0x311e78
"/usr/home/mlm/php-4.3.2RC1/Zend/zend_execute.c",
__zend_lineno=271, __zend_orig_filename=0x0, __zend_orig_lineno=0)
at /usr/home/mlm/php-4.3.2RC1/Zend/zend_alloc.c:641
#3 0x29f3cc in _efree (ptr=0x442180,
__zend_filename=0x311e78
"/usr/home/mlm/php-4.3.2RC1/Zend/zend_execute.c",
__zend_lineno=271, __zend_orig_filename=0x0, __zend_orig_lineno=0)
at /usr/home/mlm/php-4.3.2RC1/Zend/zend_alloc.c:217
#4 0x2d42d4 in zend_assign_to_variable_reference (result=0x4c0408,
variable_ptr_ptr=0x4c7658, value_ptr_ptr=0x4ae658,
Ts=0xffffffffffffaa50)
at /usr/home/mlm/php-4.3.2RC1/Zend/zend_execute.c:271
#5 0x2d960c in execute (op_array=0x4b7c40)
at /usr/home/mlm/php-4.3.2RC1/Zend/zend_execute.c:1354
#6 0x2dae3c in execute (op_array=0x4b7040)
at /usr/home/mlm/php-4.3.2RC1/Zend/zend_execute.c:1650
#7 0x2be5dc in zend_execute_scripts (type=8, retval=0x0,
file_count=3)
at /usr/home/mlm/php-4.3.2RC1/Zend/zend.c:864
#8 0x261a14 in php_execute_script (primary_file=0xffffffffffffd950)
---Type <return> to continue, or q <return> to quit---
at /usr/home/mlm/php-4.3.2RC1/main/main.c:1636
#9 0x2e3f00 in main (argc=2, argv=0xffffffffffffdae8)
at /usr/home/mlm/php-4.3.2RC1/sapi/cli/php_cli.c:753
#10 0x12429c in ___start ()
(gdb) quit
Trying desprately to find a release that works on Sparc64,
So, let me know what I can do to help debug this,
Thank You,
Mike Marshall
Previous Comments:
------------------------------------------------------------------------
[2003-03-04 08:21:37] php at codewhore dot org
Here's another far more compact version:
<?php
class module
{
var $list;
function finalize()
{
$cl =& $this->list;
}
function method(&$controller)
{
$controller->get();
}
}
class controller
{
function &get()
{
return @$this->foo;
}
function call()
{
call_user_func_array($this->sym, array(&$this));
}
function load()
{
$instance =& new module();
$this->instance =& $instance;
$this->sym = array(&$instance, 'method');
}
function run()
{
$this->load();
$this->call();
$this->call();
}
}
class application
{
function run(&$controller)
{
$removing_this_global_usage_prevents_segv = @$_GET['x'];
$controller->run();
}
}
$controller = new controller();
application::run($controller);
$controller->instance->finalize();
?>
------------------------------------------------------------------------
[2003-03-03 15:35:00] php at codewhore dot org
Hi:
Thanks for waiting. Below is a test case which I've used to
reproducibly crash 4.3.0 and 4.3.2-dev on three seperate machines.
Sorry it's so long, but this is the absolute minimum I was able to come
up with. I haven't captured another backtrace for this particular case
yet, but I'd be happy to do so if you'd like.
---- >8 --- cut here --- 8< ----
<?php
class module
{
function module(&$controller)
{
$this->controller =& $controller;
}
}
class runnable_module extends module
{
function initialize() { }
function finalize() { }
function method() { }
}
class first extends runnable_module
{
function method()
{
$data =& $this->controller->get($data);
}
}
class second extends runnable_module
{
function initialize()
{
$this->list = array();
}
function finalize()
{
echo "About to get SIGSEGV...\n";
$cl =& $this->list;
echo "Shouldn't see this\n";
}
}
class controller
{
function finalize()
{
foreach ($this->module_list as $k => $x)
$this->module_list[$k]->finalize();
}
function &get($name)
{
return @$this->vars[$name];
}
function call($function)
{
$symbol =& $this->symtab[$function][0];
call_user_func($symbol, array());
}
function load($name, $method)
{
$instance =& new $name($this);
$instance->initialize();
$this->module_list[$name] =& $instance;
$this->symtab[$name] = array(array(&$instance, $method));
}
function run()
{
$this->load('first', 'method');
$this->load('second', 'method');
$this->call('first');
$this->call('first');
}
}
class application
{
function application(&$controller)
{
$this->controller =& $controller;
}
function run()
{
$controller =& $this->controller;
$removing_this_global_usage_prevents_segv = $_GET['x'];
$controller->run();
}
}
$controller = new controller();
$app = new application($controller);
$app->run();
$controller->finalize();
?>
---- >8 --- cut here --- 8< ----
Thanks again,
- Dave
------------------------------------------------------------------------
[2003-03-03 11:36:18] [EMAIL PROTECTED]
keep at feedback status until the asked feedback is actually given..
------------------------------------------------------------------------
[2003-03-03 07:47:15] php at codewhore dot org
I'm working on it - there's a ton of code here, and it's proving
difficult to pare it down to a simple test case. However, I hope to
have one posted by the end of the day today.
Thanks.
------------------------------------------------------------------------
[2003-03-03 00:59:43] [EMAIL PROTECTED]
Please provide us a minimum and self-contained script for reproducing
the problem.
I cannot reproduce this with the following code;
<?php
class foo
{
function transaction_commit() {
return true;
}
}
class test
{
var $commit_list;
function test() {
$a = array('a'=>new foo(), 'b'=>new foo());
$this->commit_list = &$a;
}
function finalize() {
$cl =& $this->commit_list;
foreach ($cl as $k => $x)
{
if (!$cl[$k]->transaction_commit())
return $this->throw(E_SYS);
}
return true;
}
}
$a = new test();
$a->finalize();
?>
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/22510
--
Edit this bug report at http://bugs.php.net/?id=22510&edit=1
