ID: 31106 Updated by: [EMAIL PROTECTED] Reported By: alan at akbkhome dot com Status: Feedback Bug Type: Reproducible crash Operating System: linux PHP Version: 4.3.10 Assigned To: stas New Comment:
I'll try and get a test case done over the weekend.. should be quite simple - create a overloaded object (with __call) - and assign some vars's then set it so something else.. (based on a rough guess).. The real code is a bit to complex for a simple test case - but it broke both my devel servers. ;) Previous Comments: ------------------------------------------------------------------------ [2004-12-17 11:23:05] [EMAIL PROTECTED] Can you provide some example of the code that crashes? Of course I'd prefer the code that I could run, so that I can check what's the problem. Removing unlock won't do good - it would just cause a memory leak. ------------------------------------------------------------------------ [2004-12-16 09:57:55] [EMAIL PROTECTED] Actually both changes in this commit cause big problems with overloaded objects http://cvs.php.net/diff.php/Zend/Attic/zend_execute.c?sa=1&r1=1.316.2.41&r2=1.316.2.42&ty=u removing 1st fixes crashes removing 2nd fixes object properties getting destroyed/lost? when calling methods of overloaded objects. ------------------------------------------------------------------------ [2004-12-16 08:12:44] [EMAIL PROTECTED] change title to be more precise.. ------------------------------------------------------------------------ [2004-12-16 08:04:45] alan at akbkhome dot com This fixes it. --- zend_execute.c 2004-12-16 15:18:16.000000000 +0800 +++ zend_execute.c.fixed 2004-12-16 15:18:28.000000000 +0800 @@ -996,7 +996,6 @@ } zend_llist_destroy(T->EA.data.overloaded_element.elements_list); efree(T->EA.data.overloaded_element.elements_list); - PZVAL_UNLOCK(T->EA.data.overloaded_element.object); } ------------------------------------------------------------------------ [2004-12-16 01:36:21] alan at akbkhome dot com Description: ------------ config with apache2 fork I need to isolate the code causing this, - but it appears to be a common segfault, on more than just one page. php4.3.7 runs fine. - exactly the same config './configure' '--with-apxs2=/usr/bin/apxs2' '--prefix=/usr' '--with-regex=php' '--with-config-file-path=/etc/php4/apache' '--disable-rpath' '--disable-debug' '--enable-memory-limit' '--with-layout=GNU' '--enable-calendar' '--enable-sysvsem' '--enable-sysvshm' '--enable-track-vars' '--enable-trans-sid' '--enable-bcmath' '--with-bz2' '--with-db4' '--with-iconv' '--enable-exif' '--enable-filepro' '--enable-ftp' '--with-gettext' '--enable-mbstring' '--with-pcre-regex=/usr' '--enable-shmop' '--enable-sockets' '--enable-wddx' '--with-expat-dir=/usr' '--enable-yp' '--with-zlib' '--without-pgsql' '--with-openssl=/usr' '--disable-static' '--with-zlib-dir=/usr' '--with-mysql=/usr' '--with-ming=/usr' full backtrace: #0 0x4040a264 in mallopt () from /lib/libc.so.6 #1 0x4040907f in free () from /lib/libc.so.6 #2 0x40726d7f in _efree (ptr=0x84726ac) at /usr/src/php-4.3.10/Zend/zend_alloc.c:265 #3 0x4073b3df in zend_hash_destroy (ht=0x843b0cc) at /usr/src/php-4.3.10/Zend/zend_hash.c:566 #4 0x40735084 in _zval_dtor (zvalue=0x8437774) at /usr/src/php-4.3.10/Zend/zend_variables.c:60 #5 0x4072e23c in _zval_ptr_dtor (zval_ptr=0x408e0df0) at /usr/src/php-4.3.10/Zend/zend_execute_API.c:289 #6 0x40744748 in execute (op_array=0x82f3a7c) at zend_execute_locks.h:26 #7 0x407468c4 in execute (op_array=0x82f3a14) at /usr/src/php-4.3.10/Zend/zend_execute.c:1686 #8 0x407468c4 in execute (op_array=0x824799c) at /usr/src/php-4.3.10/Zend/zend_execute.c:1686 #9 0x407468c4 in execute (op_array=0x8247344) at /usr/src/php-4.3.10/Zend/zend_execute.c:1686 #10 0x407468c4 in execute (op_array=0x82419e4) at /usr/src/php-4.3.10/Zend/zend_execute.c:1686 #11 0x40736971 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /usr/src/php-4.3.10/Zend/zend.c:900 #12 0x40708a1f in php_execute_script (primary_file=0xbffffa50) at /usr/src/php-4.3.10/main/main.c:1736 #13 0x4074bb8c in php_handler (r=0x8235478) at /usr/src/php-4.3.10/sapi/apache2handler/sapi_apache2.c:542 #14 0x080782b5 in ap_run_handler () #15 0x08189a68 in ?? () (gdb) bt full #0 0x4040a264 in mallopt () from /lib/libc.so.6 No symbol table info available. #1 0x4040907f in free () from /lib/libc.so.6 No symbol table info available. #2 0x40726d7f in _efree (ptr=0x84726ac) at /usr/src/php-4.3.10/Zend/zend_alloc.c:265 p = (zend_mem_header *) 0x8472698 real_size = 138880672 cache_index = 138880664 #3 0x4073b3df in zend_hash_destroy (ht=0x843b0cc) at /usr/src/php-4.3.10/Zend/zend_hash.c:566 p = (Bucket *) 0x0 q = (Bucket *) 0x84727bc #4 0x40735084 in _zval_dtor (zvalue=0x8437774) at /usr/src/php-4.3.10/Zend/zend_variables.c:60 No locals. #5 0x4072e23c in _zval_ptr_dtor (zval_ptr=0x408e0df0) at /usr/src/php-4.3.10/Zend/zend_execute_API.c:289 No locals. #6 0x40744748 in execute (op_array=0x82f3a7c) at zend_execute_locks.h:26 execute_data = {opline = 0x8307708, function_state = {function_symbol_table = 0x82481fc, function = 0x82f3a7c, reserved = {0x408d8678, 0x408a085b, 0x82432f4, 0xbfffb358}}, fbc = 0x0, ce = 0x0, object = {ptr = 0x0}, Ts = 0xbfff914c, original_in_execution = 1 '\001', op_array = 0x82f3a7c, prev_execute_data = 0xbfffb760} #7 0x407468c4 in execute (op_array=0x82f3a14) at /usr/src/php-4.3.10/Zend/zend_execute.c:1686 calling_symbol_table = (HashTable *) 0x82c2644 original_return_value = (zval **) 0xbfffc554 execute_data = {opline = 0x827d480, function_state = {function_symbol_table = 0x82432f4, function = 0x82f3a7c, reserved = {0x408d8678, 0x408a085b, 0x82c2644, 0xbfffb7b8}}, fbc = 0x82f3a7c, ce = 0x0, object = { ptr = 0x82fcf5c}, Ts = 0xbfffb37c, original_in_execution = 1 '\001', op_array = 0x82f3a14, prev_execute_data = 0xbfffcdb0} #8 0x407468c4 in execute (op_array=0x824799c) at /usr/src/php-4.3.10/Zend/zend_execute.c:1686 calling_symbol_table = (HashTable *) 0x8247df4 original_return_value = (zval **) 0xbfffd204 execute_data = {opline = 0x824df60, function_state = {function_symbol_table = 0x82c2644, function = 0x82f3a14, reserved = {0x408d8678, 0x408a085b, 0x8247df4, 0xbfffce08}}, fbc = 0x82f3a14, ce = 0x0, object = { ptr = 0x82fcf5c}, Ts = 0xbfffb7dc, original_in_execution = 1 '\001', op_array = 0x824799c, ---Type <return> to continue, or q <return> to quit--- prev_execute_data = 0xbfffd3e0} #9 0x407468c4 in execute (op_array=0x8247344) at /usr/src/php-4.3.10/Zend/zend_execute.c:1686 calling_symbol_table = (HashTable *) 0x82d86a4 original_return_value = (zval **) 0xbfffd5cc execute_data = {opline = 0x8249734, function_state = {function_symbol_table = 0x8247df4, function = 0x824799c, reserved = {0x40726df3, 0x82a1584, 0x0, 0x20}}, fbc = 0x824799c, ce = 0x0, object = {ptr = 0x82d877c}, Ts = 0xbfffce2c, original_in_execution = 1 '\001', op_array = 0x8247344, prev_execute_data = 0xbfffd7b0} #10 0x407468c4 in execute (op_array=0x82419e4) at /usr/src/php-4.3.10/Zend/zend_execute.c:1686 calling_symbol_table = (HashTable *) 0x408e0c6c original_return_value = (zval **) 0xbfffd828 execute_data = {opline = 0x8246300, function_state = {function_symbol_table = 0x82d86a4, function = 0x8247344, reserved = {0x408d8678, 0x8241b24, 0x0, 0xbfffd7e8}}, fbc = 0x8247344, ce = 0x827b9f8, object = {ptr = 0x0}, Ts = 0xbfffd45c, original_in_execution = 0 '\0', op_array = 0x82419e4, prev_execute_data = 0x0} #11 0x40736971 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /usr/src/php-4.3.10/Zend/zend.c:900 files = 0xbfffd854 "" i = 1 file_handle = (zend_file_handle *) 0xbffffa50 orig_op_array = (zend_op_array *) 0x0 local_retval = (zval *) 0x0 #12 0x40708a1f in php_execute_script (primary_file=0xbffffa50) at /usr/src/php-4.3.10/main/main.c:1736 orig_bailout = {{__jmpbuf = {1083016824, 1083051352, -1073743060, -1073743032, -1073743488, 1081391400}, __mask_was_saved = 0, __saved_mask = {__val = {0 <repeats 32 times>}}}} orig_bailout_set = 1 '\001' prepend_file_p = (zend_file_handle *) 0x0 append_file_p = (zend_file_handle *) 0x0 prepend_file = {type = 0 '\0', filename = 0x0, opened_path = 0x0, handle = {fd = 0, fp = 0x0}, free_filename = 0 '\0'} ---Type <return> to continue, or q <return> to quit--- append_file = {type = 0 '\0', filename = 0x0, opened_path = 0x0, handle = {fd = 0, fp = 0x0}, free_filename = 0 '\0'} old_cwd = 0xbfffd85c "/usr/src/php-4.3.10" old_primary_file_path = 0x0 retval = 0 #13 0x4074bb8c in php_handler (r=0x8235478) at /usr/src/php-4.3.10/sapi/apache2handler/sapi_apache2.c:542 zfd = {type = 1 '\001', filename = 0x8236690 "/mnt/svn_live/FlexyWiki/spam.php", opened_path = 0x8241aec "ì¶x|\004", handle = {fd = 20, fp = 0x14}, free_filename = 0 '\0'} ctx = (php_struct *) 0x823d8e8 conf = <value optimized out> brigade = (apr_bucket_brigade *) 0x823d960 bucket = <value optimized out> rv = <value optimized out> parent_req = (request_rec *) 0x0 #14 0x080782b5 in ap_run_handler () Reproduce code: --------------- To follow later. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=31106&edit=1
