ID: 24659 Updated by: [EMAIL PROTECTED] Reported By: fujimura at wakhok dot ac dot jp Status: Verified Bug Type: Zend Engine 2 problem Operating System: Linux kernel-2.4.21 PHP Version: 5.0.0b2-dev New Comment:
The second script crashes much earlier: Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 1024 (runnable)] 0x40425fde in zend_hash_add_or_update (ht=0x80ded04, arKey=0x80ded24 "\\sA@", nKeyLength=7, pData=0x0, nDataSize=4, pDest=0xbfffcd54, flag=1) at /usr/src/web/php/php5/Zend/zend_hash.c:238 238 INIT_DATA(ht, p, pData, nDataSize); (gdb) bt #0 0x40425fde in zend_hash_add_or_update (ht=0x80ded04, arKey=0x80ded24 "\\sA@", nKeyLength=7, pData=0x0, nDataSize=4, pDest=0xbfffcd54, flag=1) at /usr/src/web/php/php5/Zend/zend_hash.c:238 #1 0x404271f4 in zend_hash_copy (target=0x80ded04, source=0x80de7e4, pCopyConstructor=0x4041fce4 <zval_add_ref>, tmp=0xbfffcda4, size=4) at /usr/src/web/php/php5/Zend/zend_hash.c:750 #2 0x4041fde6 in _zval_copy_ctor (zvalue=0x80f160c) at /usr/src/web/php/php5/Zend/zend_variables.c:124 #3 0x4042b068 in zif_set_exception_handler (ht=1, return_value=0x80f160c, this_ptr=0x0, return_value_used=0) at /usr/src/web/php/php5/Zend/zend_builtin_functions.c:1017 #4 0x40451d4f in zend_do_fcall_common_helper (execute_data=0xbfffcf5c, op_array=0x80ea62c) at /usr/src/web/php/php5/Zend/zend_execute.c:2634 #5 0x404523f4 in zend_do_fcall_handler (execute_data=0xbfffcf5c, op_array=0x80ea62c) at /usr/src/web/php/php5/Zend/zend_execute.c:2763 #6 0x4043a7ee in execute (op_array=0x80ea62c) at /usr/src/web/php/php5/Zend/zend_execute.c:1194 #7 0x4042190f in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /usr/src/web/php/php5/Zend/zend.c:1017 #8 0x403ef2c5 in php_execute_script (primary_file=0xbffff288) at /usr/src/web/php/php5/main/main.c:1695 #9 0x4045c07e in apache_php_module_main (r=0x81bf684, display_source_mode=0) at /usr/src/web/php/php5/sapi/apache/sapi_apache.c:54 #10 0x4045cd00 in send_php (r=0x81bf684, display_source_mode=0, filename=0x0) at /usr/src/web/php/php5/sapi/apache/mod_php5.c:621 #11 0x4045cd6a in send_parsed_php (r=0x81bf684) at /usr/src/web/php/php5/sapi/apache/mod_php5.c:636 #12 0x8054f09 in ap_invoke_handler () #13 0x806b0cf in process_request_internal () #14 0x806b13a in ap_process_request () #15 0x8061916 in child_main () #16 0x8061af5 in make_child () #17 0x8061c76 in startup_children () #18 0x806230d in standalone_main () #19 0x8062b9c in main () #20 0x4016c9cb in __libc_start_main (main=0x80627d8 <main>, argc=3, argv=0xbffff6b4, init=0x804ed2c <_init>, fini=0x8082e64 <_fini>, rtld_fini=0x4000aea0 <_dl_fini>, stack_end=0xbffff6ac) at ../sysdeps/generic/libc-start.c:92 Previous Comments: ------------------------------------------------------------------------ [2003-07-18 00:34:39] [EMAIL PROTECTED] The first script (that xml thing) does this after some reloads: Warning: xml_set_default_handler(): supplied resource is not a valid XML Parser resource in /www/apache-1.3.27/htdocs/exep.php on line 13 Warning: xml_parser_free(): supplied resource is not a valid XML Parser resource in /www/apache-1.3.27/htdocs/exep.php on line 15 Warning: Unknown list entry type in request shutdown (135138372) in Unknown on line 0 Given enough requests, (ab -n 1000 http://localhost/bug24658_a.php), it crashes: [Switching to Thread 1024 (runnable)] 0x4042e1fd in zend_objects_destroy_object (object=0x80e907c, handle=1) at /usr/src/web/php/php5/Zend/zend_objects.c:36 36 zend_function *destructor = object->ce->destructor; (gdb) bt #0 0x4042e1fd in zend_objects_destroy_object (object=0x80e907c, handle=1) at /usr/src/web/php/php5/Zend/zend_objects.c:36 #1 0x40430855 in zend_objects_store_del_ref (zobject=0x80e0f9c) at /usr/src/web/php/php5/Zend/zend_objects_API.c:142 #2 0x4041fccc in _zval_dtor (zvalue=0x80e0f9c) at /usr/src/web/php/php5/Zend/zend_variables.c:61 #3 0x40417389 in _zval_ptr_dtor (zval_ptr=0x80ecff0) at /usr/src/web/php/php5/Zend/zend_execute_API.c:344 #4 0x40426be8 in zend_hash_destroy (ht=0x404a6990) at /usr/src/web/php/php5/Zend/zend_hash.c:509 #5 0x40416f55 in shutdown_executor () at /usr/src/web/php/php5/Zend/zend_execute_API.c:211 #6 0x40421257 in zend_deactivate () at /usr/src/web/php/php5/Zend/zend.c:795 #7 0x403ee8e6 in php_request_shutdown (dummy=0x0) at /usr/src/web/php/php5/main/main.c:1174 #8 0x4045c0d5 in apache_php_module_main (r=0x81bf684, display_source_mode=0) at /usr/src/web/php/php5/sapi/apache/sapi_apache.c:60 #9 0x4045cd00 in send_php (r=0x81bf684, display_source_mode=0, filename=0x0) at /usr/src/web/php/php5/sapi/apache/mod_php5.c:621 #10 0x4045cd6a in send_parsed_php (r=0x81bf684) at /usr/src/web/php/php5/sapi/apache/mod_php5.c:636 #11 0x8054f09 in ap_invoke_handler () #12 0x806b0cf in process_request_internal () #13 0x806b13a in ap_process_request () #14 0x8061916 in child_main () #15 0x8061af5 in make_child () #16 0x8061c76 in startup_children () #17 0x806230d in standalone_main () #18 0x8062b9c in main () #19 0x4016c9cb in __libc_start_main (main=0x80627d8 <main>, argc=3, argv=0xbffff6b4, init=0x804ed2c <_init>, fini=0x8082e64 <_fini>, rtld_fini=0x4000aea0 <_dl_fini>, stack_end=0xbffff6ac) at ../sysdeps/generic/libc-start.c:92 ------------------------------------------------------------------------ [2003-07-16 20:56:28] fujimura at wakhok dot ac dot jp > Backtrace is useless as long as you don't have > --enable-debug in your configure line. Okay, I rebuilt PHP with --enable-debug, but this bug did not reproduce. And next, I did again without --enable-debug, this bug reproduced. I have discovered that set_exception_handler() causes this one too. <?php set_exception_handler("test_func"); function test_func($exception) { var_dump($exception); exit; } throw new Exception(); print "A"; ?> I cannot understand. The debug codes of Zend causes with this? What can I do? > Also include the full configure line you used. ./configure \ --with-apxs=/usr/local/apache/bin/apxs \ --disable-short-tags \ --enable-versioning \ --enable-mbstring \ --enable-mbregex \ --enable-dom \ --with-iconv \ --with-xsl \ --with-openssl \ --with-zlib \ --with-bz2 ...and --enable-debug ------------------------------------------------------------------------ [2003-07-16 03:54:01] [EMAIL PROTECTED] Backtrace is useless as long as you don't have --enable-debug in your configure line. So add it, and put new backtrace here. Also include the full configure line you used. ------------------------------------------------------------------------ [2003-07-15 04:16:58] fujimura at wakhok dot ac dot jp -$parser AND die; +$parser OR die; ;-) ------------------------------------------------------------------------ [2003-07-15 04:15:16] fujimura at wakhok dot ac dot jp Description: ------------ The following code crashes(segmentation fault, and empty output) at a whim. But it does not reproduce when php invoked as CLI. Reproduce code: --------------- <?php class MyHandler { public function test($parser, $data) { print $data; } } $parser = xml_parser_create(); $parser AND die; $handler = new MyHandler(); xml_set_default_handler($parser, array($handler, "test")); xml_parser_free($parser); ?> Expected result: ---------------- Nothing. Actual result: -------------- SIGSEGV logged to error_log. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=24659&edit=1