From: K dot Kaczkowski at eisp dot pl
Operating system: Linux 2.4.30
PHP version: 4CVS-2005-05-23 (stable)
PHP Bug Type: Reproducible crash
Bug description: SIGSEGV in zend_shutdown/memory leak
Description:
------------
I have a problem with reproducible crashes during zend_shutdown when PHP
is compiled with --disable-debug.
When the same script is run under --enable-debug, it only reports memory
leaks.
Unfortunately I wasn't able to isolate simple test case for php crash,
but I have script causing memory leak and I'm pretty sure it's the same
bug and fixing leak will also fix crashes.
This bug was introduced in 4.3.10 version, all versions above behave
similar with small difference: in 4.3.10/4.3.11 bad free happens in
shutdown_memory_manager called from php_request_shutdown instead of
zend_shutdown from php_module_shutdown in latest snapshot.
4.3.9 works without any problems.
Backtrace for crash case:
Program received signal SIGSEGV, Segmentation fault.
0x400fdd43 in free () from /lib/libc.so.6
(gdb) bt
#0 0x400fdd43 in free () from /lib/libc.so.6
#1 0x400fdaa3 in free () from /lib/libc.so.6
#2 0x08101670 in zend_hash_destroy (ht=0x8157de0) at
/usr/src/php4-STABLE-200505232041/Zend/zend_hash.c:561
#3 0x080fd6d6 in zend_shutdown () at
/usr/src/php4-STABLE-200505232041/Zend/zend.c:581
#4 0x080d91d2 in php_module_shutdown () at
/usr/src/php4-STABLE-200505232041/main/main.c:1294
#5 0x08115b3c in main (argc=2, argv=0xbfffd724) at
/usr/src/php4-STABLE-200505232041/sapi/cli/php_cli.c:885
Output for crash case when compiled with --enable-debug:
/usr/src/php4-STABLE-200505232041/Zend/zend_execute.c(1749) : Freeing
0x081FD6EC (5 bytes), script=test1.php
/usr/src/php4-STABLE-200505232041/Zend/zend_variables.c(111) : Actual
location (location was relayed)
Last leak repeated 3 times
Details for "memory leak only" case are below.
Reproduce code:
---------------
<?
function &test1($arg)
{
return(test2($arg));
}
function &test2($arg)
{
return(test3($arg));
}
function &test3($arg)
{
return($arg);
}
test1("test");
?>
Expected result:
----------------
nothing/no memory leak
Actual result:
--------------
/usr/src/php4-STABLE-200505232041/Zend/zend_execute.c(1749) : Freeing
0x081D1014 (5 bytes), script=test2.php
/usr/src/php4-STABLE-200505232041/Zend/zend_variables.c(111) : Actual
location (location was relayed)
Last leak repeated 1 time
--
Edit bug report at http://bugs.php.net/?id=33114&edit=1
--
Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=33114&r=trysnapshot4
Try a CVS snapshot (php5.0):
http://bugs.php.net/fix.php?id=33114&r=trysnapshot50
Try a CVS snapshot (php5.1):
http://bugs.php.net/fix.php?id=33114&r=trysnapshot51
Fixed in CVS: http://bugs.php.net/fix.php?id=33114&r=fixedcvs
Fixed in release: http://bugs.php.net/fix.php?id=33114&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=33114&r=needtrace
Need Reproduce Script: http://bugs.php.net/fix.php?id=33114&r=needscript
Try newer version: http://bugs.php.net/fix.php?id=33114&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=33114&r=support
Expected behavior: http://bugs.php.net/fix.php?id=33114&r=notwrong
Not enough info:
http://bugs.php.net/fix.php?id=33114&r=notenoughinfo
Submitted twice:
http://bugs.php.net/fix.php?id=33114&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=33114&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=33114&r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=33114&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=33114&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=33114&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=33114&r=float
No Zend Extensions: http://bugs.php.net/fix.php?id=33114&r=nozend
MySQL Configuration Error: http://bugs.php.net/fix.php?id=33114&r=mysqlcfg
