ID: 20358 Updated by: [EMAIL PROTECTED] Reported By: mtak at beyondnetworks dot co dot jp -Status: Verified +Status: Feedback Bug Type: Session related Operating System: RedHat7.3 PHP Version: 4.3.0-dev New Comment:
Please try using this CVS snapshot: http://snaps.php.net/php4-STABLE-latest.tar.gz For Windows: http://snaps.php.net/win32/php4-win32-STABLE-latest.zip After 10,000 requests I have yet to see a single crash. Previous Comments: ------------------------------------------------------------------------ [2003-01-06 18:00:33] eward at devlab dot cc Same problem here Tried the latest snapshot no difference Willing to produce a backtrace if neccesary Redhat 7.3 Apache 2.0.43 PHP 4.3.0 and latest snapshot I have a Typo3 CMS and can make the segmentation fault happen on command with the install tool. ------------------------------------------------------------------------ [2002-12-16 14:37:58] adrieder at sbox dot tugraz dot at Same problem here... Sparc Solaris 8, php-4.2.3, apache-1.3.27 ------------------------------------------------------------------------ [2002-12-16 02:41:49] bduclaux at hotmail dot com Hi, I have experienced the same bug on my linux box with several versions of httpd/php Redhat7.3 PHP 4.3.2 4.3.0-pre1 4.3.0-rc1 4.3.0-rc2 Apache 1.3.27. It can happen at any time (like 24h after launching httpd) and it then crashes every apache child. Obviously, the structure data->hash[slot] is not properly initialized before entering in ps_sd_lookup, but that is quite strange ! It think it should be fixed before 4.3.0 release. ------------------------------------------------------------------------ [2002-12-13 08:46:30] verx at implix dot com FreeBSD, Apache 1.3.27, PHP 4.2.3 #0 0x48287655 in ps_sd_destroy (data=0x811b0a0, sd=0x4c6c2354) at mod_mm.c:168 168 for (prev = data->hash[slot]; prev->next != sd; prev = prev->next); (gdb) bt #0 0x48287655 in ps_sd_destroy (data=0x811b0a0, sd=0x4c6c2354) at mod_mm.c:168 #1 0x4828784f in ps_mm_destroy (data=0x811b0a0) at mod_mm.c:242 #2 0x48287a25 in zm_shutdown_ps_mm (type=1, module_number=11) at mod_mm.c:293 #3 0x48231e93 in module_destructor (module=0x811c500) at zend_API.c:1127 #4 0x482338d3 in zend_hash_destroy (ht=0x48333b80) at zend_hash.c:541 #5 0x4822ef3f in zend_shutdown () at zend.c:492 #6 0x4823c107 in php_module_shutdown () at main.c:1052 #7 0x4823c0d4 in php_module_shutdown_wrapper (sapi_globals=0x48311880) at main.c:1029 #8 0x48239abc in apache_php_module_shutdown_wrapper () at mod_php4.c:800 #9 0x805003a in run_cleanups () #10 0x804f09f in ap_clear_pool () #11 0x804f100 in ap_destroy_pool () #12 0x804f08b in ap_clear_pool () #13 0x804f100 in ap_destroy_pool () #14 0x8059460 in clean_parent_exit () #15 0x805b925 in standalone_main () #16 0x805bd6b in main () #17 0x804eb0d in _start () (gdb) print *data $3 = {mm = 0x4c69b414, hash = 0x4c69b434, hash_max = 511, hash_cnt = 0, owner = 81324} (gdb) print *sd $4 = {next = 0x3e0, hv = 979, ctime = 1282159212, data = 0x74656c73, datalen = 2087871860, alloclen = 976304755, key = "\""} (gdb) print slot $5 = 1282155348 (gdb) print data->hash $6 = (ps_sd **) 0x4c69b434 (gdb) print *(data->hash) $7 = (ps_sd *) 0x4c6c2354 (gdb) print *prev Cannot access memory at address 0x10. ------------------------------------------------------------------------ [2002-11-12 06:01:38] mtak at beyondnetworks dot co dot jp more info... (gdb) list 182 183 hv = ps_sd_hash(key, strlen(key)); 184 slot = hv & data->hash_max; 185 186 for (prev = NULL, ret = data->hash[slot]; ret; prev = ret, ret = ret->next) 187 if (ret->hv == hv && !strcmp(ret->key, key)) 188 break; 189 190 if (ret && rw && ret != data->hash[slot]) { 191 /* Move the entry to the top of the linked list */ (gdb) print key $1 = 0x8136f2c "136" (gdb) print hv $2 = 1943406893 (gdb) print slot $3 = 301 (gdb) print data->hash_max $4 = 511 (gdb) print prev $5 = (ps_sd *) 0x4413df00 (gdb) print ret $6 = (ps_sd *) 0x1f (gdb) print ret->next Cannot access memory at address 0x1f (gdb) print data->hash[slot]->next $7 = (struct ps_sd *) 0x1f ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/20358 -- Edit this bug report at http://bugs.php.net/?id=20358&edit=1
