ID: 33114 User updated by: K dot Kaczkowski at eisp dot pl Reported By: K dot Kaczkowski at eisp dot pl -Status: Feedback +Status: Closed Bug Type: Reproducible crash Operating System: Linux 2.4.30 PHP Version: 5CVS, 4CVS (2005-05-26) Assigned To: derick New Comment:
Ok, that fixed it. Thanks! Previous Comments: ------------------------------------------------------------------------ [2005-06-07 15:50:43] [EMAIL PROTECTED] Please try using this CVS snapshot: http://snaps.php.net/php4-STABLE-latest.tar.gz For Windows: http://snaps.php.net/win32/php4-win32-STABLE-latest.zip ------------------------------------------------------------------------ [2005-05-24 10:51:25] K dot Kaczkowski at eisp dot pl > Derick: This is interesting: works with PHP 4.3.9 ? Yes, 4.3.9 and below are ok, it seems that this bug came in as a side effect of bugfixes in 4.3.10 I'm currently forced to use 4.3.9 on one of my webservers because of that. ------------------------------------------------------------------------ [2005-05-24 10:00:21] [EMAIL PROTECTED] HEAD gives this valgrind output: ==25325== Conditional jump or move depends on uninitialised value(s) ==25325== at 0x839BB4E: ZEND_RETURN_SPEC_CV_HANDLER (zend_vm_execute.h:18606) ==25325== by 0x836907A: execute (zend_vm_execute.h:78) ==25325== by 0x83694AF: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:204) ==25325== by 0x8369B4D: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:290) ==25325== ------------------------------------------------------------------------ [2005-05-24 09:34:36] [EMAIL PROTECTED] Derick: This is interesting: works with PHP 4.3.9 ? ------------------------------------------------------------------------ [2005-05-24 01:27:47] K dot Kaczkowski at eisp dot pl Description: ------------ I have a problem with reproducible crashes during zend_shutdown when PHP is compiled with --disable-debug. When the same script is run under --enable-debug, it only reports memory leaks. Unfortunately I wasn't able to isolate simple test case for php crash, but I have script causing memory leak and I'm pretty sure it's the same bug and fixing leak will also fix crashes. This bug was introduced in 4.3.10 version, all versions above behave similar with small difference: in 4.3.10/4.3.11 bad free happens in shutdown_memory_manager called from php_request_shutdown instead of zend_shutdown from php_module_shutdown in latest snapshot. 4.3.9 works without any problems. Backtrace for crash case: Program received signal SIGSEGV, Segmentation fault. 0x400fdd43 in free () from /lib/libc.so.6 (gdb) bt #0 0x400fdd43 in free () from /lib/libc.so.6 #1 0x400fdaa3 in free () from /lib/libc.so.6 #2 0x08101670 in zend_hash_destroy (ht=0x8157de0) at /usr/src/php4-STABLE-200505232041/Zend/zend_hash.c:561 #3 0x080fd6d6 in zend_shutdown () at /usr/src/php4-STABLE-200505232041/Zend/zend.c:581 #4 0x080d91d2 in php_module_shutdown () at /usr/src/php4-STABLE-200505232041/main/main.c:1294 #5 0x08115b3c in main (argc=2, argv=0xbfffd724) at /usr/src/php4-STABLE-200505232041/sapi/cli/php_cli.c:885 Output for crash case when compiled with --enable-debug: /usr/src/php4-STABLE-200505232041/Zend/zend_execute.c(1749) : Freeing 0x081FD6EC (5 bytes), script=test1.php /usr/src/php4-STABLE-200505232041/Zend/zend_variables.c(111) : Actual location (location was relayed) Last leak repeated 3 times Details for "memory leak only" case are below. Reproduce code: --------------- <? function &test1($arg) { return(test2($arg)); } function &test2($arg) { return(test3($arg)); } function &test3($arg) { return($arg); } test1("test"); ?> Expected result: ---------------- nothing/no memory leak Actual result: -------------- /usr/src/php4-STABLE-200505232041/Zend/zend_execute.c(1749) : Freeing 0x081D1014 (5 bytes), script=test2.php /usr/src/php4-STABLE-200505232041/Zend/zend_variables.c(111) : Actual location (location was relayed) Last leak repeated 1 time ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=33114&edit=1