ID: 30877
Updated by: [EMAIL PROTECTED]
Reported By: delphi32 at gmx dot de
-Status: Open
+Status: Assigned
-Bug Type: Class/Object related
+Bug Type: Scripting Engine problem
Operating System: Gentoo Linux 2.6.10-rc1
PHP Version: 5.0.2
-Assigned To:
+Assigned To: andi
New Comment:
Cannot reproduce it with HEAD, but here is the backtrace for 5_0:
Program received signal SIGSEGV, Segmentation fault.
0x08156d56 in zend_get_property_info (zobj=0x6, member=0x8220fe4,
silent=0)
at /home/dev/php-src_5_0/Zend/zend_object_handlers.c:202
202 if (zend_hash_quick_find(&zobj->ce->properties_info,
Z_STRVAL_P(member), Z_STRLEN_P(member)+1, h, (void **)
&property_info)==SUCCESS) {
(gdb) bt
#0 0x08156d56 in zend_get_property_info (zobj=0x6, member=0x8220fe4,
silent=0)
at /home/dev/php-src_5_0/Zend/zend_object_handlers.c:202
#1 0x08155b20 in zend_std_read_property (object=0xbfffeb70,
member=0x8220fe4, type=0)
at /home/dev/php-src_5_0/Zend/zend_object_handlers.c:287
#2 0x0816073c in zend_fetch_property_address_read (result=0x8220fb8,
op1=0x8220fcc, op2=0x8220fe0, Ts=0x8220fe4, type=0)
at /home/dev/php-src_5_0/Zend/zend_execute.c:1158
#3 0x08162334 in zend_fetch_obj_r_handler (execute_data=0xbfffe990,
opline=0x8220fb4, op_array=0x821f7f4)
at /home/dev/php-src_5_0/Zend/zend_execute.c:2132
#4 0x08160fa2 in execute (op_array=0x821f7f4) at
/home/dev/php-src_5_0/Zend/zend_execute.c:1400
#5 0x0813df7e in zend_call_function (fci=0xbfffeae0,
fci_cache=0xbfffeac0)
at /home/dev/php-src_5_0/Zend/zend_execute_API.c:836
#6 0x08152128 in zend_call_method (object_pp=0xbfffeb6c,
obj_ce=0x821f14c, fn_proxy=0x0,
function_name=0x819a99b "__destruct", function_name_len=10,
retval_ptr_ptr=0x0, param_count=9, arg1=0x0, arg2=0x0)
at /home/dev/php-src_5_0/Zend/zend_interfaces.c:79
#7 0x08155582 in zend_objects_destroy_object (object=0x821fa6c,
handle=9) at /home/dev/php-src_5_0/Zend/zend_objects.c:78
#8 0x08156f41 in zend_objects_store_call_destructors
(objects=0x81baad4)
at /home/dev/php-src_5_0/Zend/zend_objects_API.c:54
#9 0x0813d02c in shutdown_executor () at
/home/dev/php-src_5_0/Zend/zend_execute_API.c:207
#10 0x08145ec7 in zend_deactivate () at
/home/dev/php-src_5_0/Zend/zend.c:818
#11 0x081182a5 in php_request_shutdown (dummy=0x0) at
/home/dev/php-src_5_0/main/main.c:1212
#12 0x08169b90 in main (argc=3, argv=0xbffff8c4) at
/home/dev/php-src_5_0/sapi/cli/php_cli.c:1046
#13 0x420157a4 in __libc_start_main () from /lib/tls/libc.so.6
Valgrind says:
==3978== Invalid read of size 4
==3978== at 0x8156D56: zend_get_property_info
(zend_object_handlers.c:202)
==3978== by 0x8155B1F: zend_std_read_property
(zend_object_handlers.c:287)
==3978== by 0x816073B: zend_fetch_property_address_read
(zend_execute.c:1158)
==3978== by 0x8162333: zend_fetch_obj_r_handler
(zend_execute.c:2132)
==3978== Address 0x6 is not stack'd, malloc'd or free'd
Previous Comments:
------------------------------------------------------------------------
[2004-11-24 03:30:22] delphi32 at gmx dot de
Description:
------------
I got a segmentation fault by executing the postet code. If you execute
it in CLI mode, you will see the segfault. If it is executed by mod_php
Firefox does nothing.
I have no idea why PHP segfaults. I was able to reduce the problem to 1
line. I have written comments into the code which show the problem.
Of course, the code is trash but PHP should not segfault in such a
situation.
My config line follows:
./configure --prefix=/usr --host=i686-pc-linux-gnu
--mandir=/usr/share/man --infodir=/usr/share/info --datadir=/usr/share
--sysconfdir=/etc --localstatedir=/var/lib --with-apxs2=/usr/sbin/apxs2
--with-config-file-path=/etc/php/apache2-php5 --without-pear
--disable-bcmath --with-bz2=shared --disable-calendar
--with-cpdflib=shared --disable-ctype --without-curl
--without-curlwrappers --disable-dbase --disable-dio --disable-exif
--without-fam --without-fbsql --without-fdftk --disable-filepro
--enable-ftp=shared --with-gettext=shared --without-gmp --without-hwapi
--with-iconv=shared --without-informix --without-ingres
--without-interbase --enable-mbstring=shared --with-mcrypt=shared
--without-mcve --disable-memory-limit --without-mhash
--with-mime-magic=/usr/share/misc/file/magic.mime --without-ming
--without-mnogosearch --without-msql --without-mssql
--with-ncurses=shared --without-oci8 --without-oracle
--with-openssl=shared --with-openssl-dir=/usr --without-ovrimos
--disable-pcntl --without-pcre-regx --without-pfpro --without-pgsql
--with-pspell=shared --without-recode --disable-simplexml
--enable-shmop --without-snmp --disable-soap --enable-sockets=shared
--without-sybase --without-sybase-ct --disable-sysvmsg
--disable-sysvsem --disable-sysvshm --without-tidy --disable-tokenizer
--disable-wddx --without-xsl --without-xmlrpc --disable-yp
--with-zlib=shared --disable-debug --without-cdb --with-db4=shared
--without-dbm --without-flatfile --with-gdbm=shared --without-inifile
--without-qdbm --with-jpeg-dir=/usr --with-gd=shared,/usr
--enable-gd-jis-conf --enable-gd-native-ttf --with-imap=shared
--with-imap-ssl --with-mysql=shared
--with-mysql-sock=/var/run/mysqld/mysqld.sock --with-mm
--without-msession --without-sqlite --enable-dba=shared --with-readline
--without-libedit
Enrico Neidt
Reproduce code:
---------------
http://www2.schlampenschlacht.de/segfault.txt
I don't know how long I can host the file there. If it's not there just
mail me, I'll send you a copy. Sorry for that.
Expected result:
----------------
This would be correct:
PARENT DESTRUCT
Before segfault (0)
After segfault (0)
Before segfault (1)
After segfault (1)
Before segfault (2)
After segfault (2)
Before segfault (3)
After segfault (3)
Before segfault (4)
After segfault (4)
Actual result:
--------------
Because I am not able (allowed) to debug php (has no debugging symbols)
I only can give you the output generated by the php script:
PARENT DESTRUCT
Before segfault (0)
Before segfault (1)
After segfault (1)
Before segfault (2)
After segfault (2)
Before segfault (3)
After segfault (3)
Before segfault (4)
After segfault (4)
After segfault (0)
Segmentation fault
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=30877&edit=1
