ID: 33116 User updated by: segv74 at gmail dot com Reported By: segv74 at gmail dot com -Status: Feedback +Status: Open Bug Type: Reproducible crash Operating System: linux 2.4.28 PHP Version: 5.0.3 New Comment:
php5-STABLE-latest.tar.gz shows same buggy results too. (gdb) bt #0 0x08170036 in _efree (ptr=0xbfffd040) at /home/ssw/work/php5-STABLE-200505240632/Zend/zend_alloc.c:281 #1 0x08189ae8 in zend_hash_destroy (ht=0x827ca24) at /home/ssw/work/php5-STABLE-200505240632/Zend/zend_hash.c:519 #2 0x081821d7 in _zval_dtor (zvalue=0x827ca8c) at /home/ssw/work/php5-STABLE-200505240632/Zend/zend_variables.c:52 #3 0x08179b48 in _zval_ptr_dtor (zval_ptr=0x827cab8) at /home/ssw/work/php5-STABLE-200505240632/Zend/zend_execute_API.c:400 #4 0x08189bb8 in zend_hash_clean (ht=0x827c89c) at /home/ssw/work/php5-STABLE-200505240632/Zend/zend_hash.c:545 #5 0x0817c79e in zend_cleanup_class_data (pce=0x827e08c) at /home/ssw/work/php5-STABLE-200505240632/Zend/zend_opcode.c:139 #6 0x08189dd8 in zend_hash_apply (ht=0x81ffdb0, apply_func=0x817c770 <zend_cleanup_class_data>) at /home/ssw/work/php5-STABLE-200505240632/Zend/zend_hash.c:664 #7 0x0817988c in shutdown_executor () at /home/ssw/work/php5-STABLE-200505240632/Zend/zend_execute_API.c:257 #8 0x081834c5 in zend_deactivate () at /home/ssw/work/php5-STABLE-200505240632/Zend/zend.c:824 #9 0x0814d326 in php_request_shutdown (dummy=0x0) at /home/ssw/work/php5-STABLE-200505240632/main/main.c:1224 #10 0x081ad55c in main (argc=2, argv=0xbffff654) at /home/ssw/work/php5-STABLE-200505240632/sapi/cgi/cgi_main.c:1640 (gdb) up ... #4 0x08189bb8 in zend_hash_clean (ht=0x827c89c) at /home/ssw/work/php5-STABLE-200505240632/Zend/zend_hash.c:545 545 ht->pDestructor(q->pData); (gdb) print (char *)&*q.arKey $6 = 0x827cacc "included_classes" Previous Comments: ------------------------------------------------------------------------ [2005-05-24 09:27:30] [EMAIL PROTECTED] Please try using this CVS snapshot: http://snaps.php.net/php5-STABLE-latest.tar.gz For Windows: http://snaps.php.net/win32/php5.0-win32-latest.zip ------------------------------------------------------------------------ [2005-05-24 05:07:46] segv74 at gmail dot com Description: ------------ following codes produce wrong output. I think this bug is related with php's internal reference counter. If I change assign $class to "$class" (comment 1), It product correct outputs. If I turn on comment 2(comment 1 is off), debug mode php client crashes. gdb backtrace is here. (gdb) bt #0 0x4029db87 in memcpy () from /lib/libc.so.6 #1 0x0825a1a3 in _mem_block_check (ptr=0xbfffbd84, silent=0, __zend_filename=0x8435640 "/jocoso/install/tmp/APACHESO/php-5.0.3/Zend/zend_variables.c", __zend_lineno=193, __zend_orig_filename=0x8434900 "/jocoso/install/tmp/APACHESO/php-5.0.3/Zend/zend_execute.h", __zend_orig_lineno=61) at /jocoso/install/tmp/APACHESO/php-5.0.3/Zend/zend_alloc.c:722 #2 0x0825a15e in _mem_block_check (ptr=0xbfffbd84, silent=1, __zend_filename=0x8435640 "/jocoso/install/tmp/APACHESO/php-5.0.3/Zend/zend_variables.c", __zend_lineno=193, __zend_orig_filename=0x8434900 "/jocoso/install/tmp/APACHESO/php-5.0.3/Zend/zend_execute.h", __zend_orig_lineno=61) at /jocoso/install/tmp/APACHESO/php-5.0.3/Zend/zend_alloc.c:714 #3 0x08259294 in _efree (ptr=0xbfffbd84, __zend_filename=0x8435640 "/jocoso/install/tmp/APACHESO/php-5.0.3/Zend/zend_variables.c", __zend_lineno=193, __zend_orig_filename=0x8434900 "/jocoso/install/tmp/APACHESO/php-5.0.3/Zend/zend_execute.h", __zend_orig_lineno=61) at /jocoso/install/tmp/APACHESO/php-5.0.3/Zend/zend_alloc.c:265 #4 0x08269504 in safe_free_zval_ptr_rel (p=0xbfffbd84, __zend_filename=0x8435640 "/jocoso/install/tmp/APACHESO/php-5.0.3/Zend/zend_variables.c", __zend_lineno=193, __zend_orig_filename=0x8434980 "/jocoso/install/tmp/APACHESO/php-5.0.3/Zend/zend_execute_API.c", __zend_orig_lineno=393) at /jocoso/install/tmp/APACHESO/php-5.0.3/Zend/zend_execute.h:61 #5 0x08266a41 in _zval_ptr_dtor (zval_ptr=0x852b0d8, __zend_filename=0x8435640 "/jocoso/install/tmp/APACHESO/php-5.0.3/Zend/zend_variables.c", __zend_lineno=193) at /jocoso/install/tmp/APACHESO/php-5.0.3/Zend/zend_execute_API.c:393 #6 0x08273aa5 in _zval_ptr_dtor_wrapper (zval_ptr=0x852b0d8) at /jocoso/install/tmp/APACHESO/php-5.0.3/Zend/zend_variables.c:193 #7 0x0827e61a in zend_hash_destroy (ht=0x852a814) at /jocoso/install/tmp/APACHESO/php-5.0.3/Zend/zend_hash.c:519 #8 0x08273649 in _zval_dtor (zvalue=0x852b97c, __zend_filename=0x8434980 "/jocoso/install/tmp/APACHESO/php-5.0.3/Zend/zend_execute_API.c", __zend_lineno=392) at /jocoso/install/tmp/APACHESO/php-5.0.3/Zend/zend_variables.c:52 #9 0x08266a1a in _zval_ptr_dtor (zval_ptr=0x851b208, __zend_filename=0x8435640 "/jocoso/install/tmp/APACHESO/php-5.0.3/Zend/zend_variables.c", __zend_lineno=193) at /jocoso/install/tmp/APACHESO/php-5.0.3/Zend/zend_execute_API.c:392 #10 0x08273aa5 in _zval_ptr_dtor_wrapper (zval_ptr=0x851b208) at /jocoso/install/tmp/APACHESO/php-5.0.3/Zend/zend_variables.c:193 #11 0x0827e8d0 in zend_hash_apply_deleter (ht=0x849f8f0, p=0x851b1fc) at /jocoso/install/tmp/APACHESO/php-5.0.3/Zend/zend_hash.c:574 #12 0x0827eb58 in zend_hash_graceful_reverse_destroy (ht=0x849f8f0) at /jocoso/install/tmp/APACHESO/php-5.0.3/Zend/zend_hash.c:640 #13 0x08266071 in shutdown_executor () at /jocoso/install/tmp/APACHESO/php-5.0.3/Zend/zend_execute_API.c:208 #14 0x082754c3 in zend_deactivate () at /jocoso/install/tmp/APACHESO/php-5.0.3/Zend/zend.c:818 #15 0x082272cb in php_request_shutdown (dummy=0x0) at /jocoso/install/tmp/APACHESO/php-5.0.3/main/main.c:1212 #16 0x082af690 in main (argc=2, argv=0xbfffe3a4) at /jocoso/install/tmp/APACHESO/php-5.0.3/sapi/cli/php_cli.c:1046 (gdb) up ... #11 0x0827e8d0 in zend_hash_apply_deleter (ht=0x849f8f0, p=0x851b1fc) at /jocoso/install/tmp/APACHESO/php-5.0.3/Zend/zend_hash.c:574 574 ht->pDestructor(p->pData); (gdb) print *p $1 = {h = 1695326377, nKeyLength = 8, pData = 0x851b208, pDataPtr = 0x852b97c, pListNext = 0x0, pListLast = 0x85255fc, pNext = 0x0, pLast = 0x0, arKey = "i"} (gdb) print (char *)&*p->arKey $3 = 0x851b21c "include" Reproduce code: --------------- test.php ================================== <? function __autoload($class) { $GLOBALS['include'][] = $class; //$GLOBALS['include'][] = "$class"; <-- change to this line produce correct output (comment 1) include_once "$class.inc"; } $a = new DefClass; //$a = new UndefClass; <-- crashes, when turn off this comment (comment 2) print_r($GLOBALS['include']); ?> DefClass.inc ================================== <? class DefClass{} ?> Expected result: ---------------- Array ( [0] => DefClass ) Actual result: -------------- Array ( [0] => 139613932 ) ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=33116&edit=1
