ID: 29090
User updated by: derek at battams dot ca
Reported By: derek at battams dot ca
Status: Open
Bug Type: Reproducible crash
Operating System: Linux 2.4
PHP Version: 5.0.0RC3
New Comment:
This problem has carried over into the 5.0.0 final release.
Previous Comments:
------------------------------------------------------------------------
[2004-07-11 05:47:01] derek at battams dot ca
Description:
------------
PHP segfaults when trying to use the result of md5 or sha1 (tried md5
initally, then tried sha1 when code kept segfaulting) as a file name in
my destructor. Unfortunately, I can't reproduce the crash with a small
script (the class in question is part of a much larger system), but I
know how to elimite the segfault within the project's codebase. If I
remove the call to md5 in the sample code then there's no segfault (no
matter how hard I try). Once I put the md5 (or sha1) call back into
the destructor then the segfault returns immediately.
Reproduce code:
---------------
public function __destruct()
{
$cacheFile1 = BP_CACHE . "/" . md5($this->getDN());
$cacheFile2 = BP_CACHE . "/" .
md5($this->findAttribute("mail"));
if(!file_exists($cacheFile1) || !file_exists($cacheFile2) ||
!(is_link($cacheFile1) xor is_link($cacheFile2)))
if(file_exists($cacheFile1) && !is_link($cacheFile1))
{
if(file_exists($cacheFile2))
@unlink($cacheFile2);
@symlink(basename($cacheFile1), $cacheFile2);
}
else if(file_exists($cacheFile2) && !is_link($cacheFile2))
{
if(file_exists($cacheFile1))
@unlink($cacheFile1);
@symlink(basename($cacheFile2), $cacheFile1);
}
else
{
if(file_exists($cacheFile1))
@unlink($cacheFile1);
if(file_exists($cacheFile2))
@unlink($cacheFile2);
}
return;
}
Expected result:
----------------
Destructor returns with no segfault.
Actual result:
--------------
(gdb) bt
#0 0x081a3c99 in zend_hash_find (ht=0x4042cc5c,
arKey=0x4042c734 "cacheFile1", nKeyLength=11, pData=0x33303934)
at /tmp/php-5.0.0RC3/Zend/zend_hash.c:846
#1 0x081b74b6 in zend_fetch_var_address (opline=0x404323b8,
Ts=0xbfffe030,
type=0) at /tmp/php-5.0.0RC3/Zend/zend_execute.c:762
#2 0x081b9c5f in zend_fetch_r_handler (execute_data=0xbfffe6d0,
opline=0x404323b8, op_array=0x4042c25c)
at /tmp/php-5.0.0RC3/Zend/zend_execute.c:1994
#3 0x081b8a77 in execute (op_array=0x4042c25c)
at /tmp/php-5.0.0RC3/Zend/zend_execute.c:1389
#4 0x08194fa6 in zend_call_function (fci=0xbfffe850,
fci_cache=0xbfffe830)
at /tmp/php-5.0.0RC3/Zend/zend_execute_API.c:835
#5 0x081aa0c2 in zend_call_method (object_pp=0xbfffe8dc,
obj_ce=0x4042b824,
fn_proxy=0x0, function_name=0x81f9c04 "__destruct",
function_name_len=10,
retval_ptr_ptr=0x0, param_count=1078141880, arg1=0x0, arg2=0x0)
at /tmp/php-5.0.0RC3/Zend/zend_interfaces.c:79
#6 0x081ac3e1 in zend_objects_destroy_object (object=0x4043bf54,
handle=1078141880) at /tmp/php-5.0.0RC3/Zend/zend_objects.c:78
#7 0x081ae106 in zend_objects_store_call_destructors
(objects=0x82521d4)
at /tmp/php-5.0.0RC3/Zend/zend_objects_API.c:54
#8 0x0819428c in shutdown_executor ()
at /tmp/php-5.0.0RC3/Zend/zend_execute_API.c:209
#9 0x0819db09 in zend_deactivate () at
/tmp/php-5.0.0RC3/Zend/zend.c:819
#10 0x0816cdb5 in php_request_shutdown (dummy=0x0)
at /tmp/php-5.0.0RC3/main/main.c:1212
#11 0x081c3e8e in main (argc=2, argv=0xbffff6a4)
at /tmp/php-5.0.0RC3/sapi/cli/php_cli.c:1046
#12 0x42015574 in __libc_start_main () from /lib/tls/libc.so.6
Also, this from the debug enabled PHP binary:
[EMAIL PROTECTED] public_html]$ $R/php test.person.php
Warning: String is not zero-terminated
(ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ
ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ�̏*̏*D) (source:
/tmp/php-5.0.0RC3/Zend/zend_execute_API.c:391) in Unknown on line 0
[Sat Jul 10 23:41:43 2004] Script: 'test.person.php'
---------------------------------------
/tmp/php-5.0.0RC3/Zend/zend_execute_API.c(391) : Block 0x4140E9D4
status:
/tmp/php-5.0.0RC3/Zend/zend_variables.c(45) : Actual location (location
was relayed)
Beginning: Cached (allocated on
/tmp/php-5.0.0RC3/main/streams/streams.c:1529, 69 bytes)
End: OK
---------------------------------------
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=29090&edit=1
