ID: 38525
User updated by: judas dot iscariote at gmail dot com
Reported By: judas dot iscariote at gmail dot com
-Status: Feedback
+Status: Open
Bug Type: Reproducible crash
Operating System: linux
PHP Version: 5.2.0RC2
New Comment:
took me a while to reproduce it again, oO.
that 's whaT I obtained with valgrind.
==15053== Conditional jump or move depends on uninitialised value(s)
==15053== at 0x59E1002: vfprintf (in /lib64/libc-2.4.so)
==15053== by 0x59FE6F8: vsprintf (in /lib64/libc-2.4.so)
==15053== by 0x59E91A7: sprintf (in /lib64/libc-2.4.so)
==15053== by 0x7D120DA: _convert_to_string (zend_operators.c:556)
==15053== by 0x7D1A6C2: zend_make_printable_zval (zend.c:266)
==15053== by 0x7D58B84: ZEND_ADD_VAR_SPEC_TMP_CV_HANDLER
(zend_vm_execute.h:6552)
==15053== by 0x7D4407E: execute (zend_vm_execute.h:92)
==15053== by 0x7D4480F: zend_do_fcall_common_helper_SPEC
(zend_vm_execute.h:234)
==15053== by 0x7D454AD: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER
(zend_vm_execute.h:322)
==15053== by 0x7D4407E: execute (zend_vm_execute.h:92)
==15053== by 0x7D1C4DA: zend_execute_scripts (zend.c:1095)
==15053== by 0x7CBE341: php_execute_script (main.c:1759)
==15053==
==15053== Process terminating with default action of signal 11
(SIGSEGV)
==15053== Bad permissions for mapped region at address 0x18
==15053== at 0x7CF7D50: zend_mm_add_to_free_list (zend_alloc.c:465)
==15053== by 0x7CF986B: _zend_mm_alloc_int (zend_alloc.c:1233)
==15053== by 0x7CFA7C5: _zend_mm_realloc_int (zend_alloc.c:1543)
==15053== by 0x7CFAAE5: _erealloc (zend_alloc.c:1633)
==15053== by 0x7C82C92: php_var_serialize_string (var.c:540)
==15053== by 0x7C8650F: php_var_serialize_intern (var.c:810)
==15053== by 0x7C86709: php_var_serialize_intern (var.c:827)
==15053== by 0x7C87325: php_var_serialize (var.c:845)
==15053== by 0x7B8B8D4: ps_srlzr_encode_php (session.c:479)
==15053== by 0x7B8C43C: php_session_encode (session.c:581)
==15053== by 0x7B8CFB1: php_session_save_current_state
(session.c:860)
==15053== by 0x7B91F3C: php_session_flush (session.c:1845)
==15053==
==15053== ERROR SUMMARY: 63 errors from 13 contexts (suppressed: 155
from 1)
==15053== malloc/free: in use at exit: 20,326,987 bytes in 11,487
blocks.
==15053== malloc/free: 214,233 allocs, 202,746 frees, 315,649,047 bytes
allocated.
==15053== For counts of detected errors, rerun with: -v
==15053== searching for pointers to 11,487 not-freed blocks.
==15053== checked 17,712,560 bytes.
==15053==
==15053== LEAK SUMMARY:
==15053== definitely lost: 924 bytes in 35 blocks.
==15053== possibly lost: 0 bytes in 0 blocks.
==15053== still reachable: 20,326,063 bytes in 11,452 blocks.
==15053== suppressed: 0 bytes in 0 blocks.
==15053== Use --leak-check=full to see details of leaked memory.
hell:~ #
Previous Comments:
------------------------------------------------------------------------
[2006-08-21 08:53:05] [EMAIL PROTECTED]
Obviously the new heap implementation from Zend is unstable.
------------------------------------------------------------------------
[2006-08-21 08:39:58] [EMAIL PROTECTED]
Could you also please try to see if valgrind tells you anything?
valgrind --tool=memcheck --log-file=httpd /path/to/apache/httpd -X
And check out httpd.<PID> file.
------------------------------------------------------------------------
[2006-08-20 20:27:50] judas dot iscariote at gmail dot com
update summary.
------------------------------------------------------------------------
[2006-08-20 19:00:21] judas dot iscariote at gmail dot com
#1 0x00002af677a1970e in zend_mm_panic (message=0x2af677b5ade9 "Heap
corrupted")
at /local/local/bodegon/php-debug/Zend/zend_alloc.c:61
No locals.
#2 0x00002af677a19c00 in zend_mm_remove_from_free_list
(heap=0x555555867130, mm_block=0x2af679814fc0)
at /local/local/bodegon/php-debug/Zend/zend_alloc.c:473
prev = (zend_mm_free_block *) 0x555555867268
next = (zend_mm_free_block *) 0x3631f6792bdbc8
#3 0x00002af677a1c39a in _zend_mm_realloc_int (heap=0x555555867130,
p=0x2af6797d5060, size=262104,
__zend_filename=0x2af677b3bb78
"/local/local/bodegon/php-debug/ext/standard/var.c",
__zend_lineno=531,
__zend_orig_filename=0x0, __zend_orig_lineno=0) at
/local/local/bodegon/php-debug/Zend/zend_alloc.c:1450
mm_block = (zend_mm_block *) 0x2af6797d5020
next_block = (zend_mm_block *) 0x2af679814fc0
true_size = 262176
ptr = (void *) 0x23a8
#4 0x00002af677a1cae6 in _erealloc (ptr=0x2af6797d5060, size=262104,
allow_failure=0,
__zend_filename=0x2af677b3bb78
"/local/local/bodegon/php-debug/ext/standard/var.c",
__zend_lineno=531,
__zend_orig_filename=0x0, __zend_orig_lineno=0) at
/local/local/bodegon/php-debug/Zend/zend_alloc.c:1633
No locals.
#5 0x00002af6779a8e47 in php_var_serialize_long (buf=0x7fff362aa7a0,
val=407)
at /local/local/bodegon/php-debug/ext/standard/var.c:531
__nl = 261975
__dest = (smart_str *) 0x7fff362aa7a0
#6 0x00002af6779a84f0 in php_var_serialize_intern (buf=0x7fff362aa7a0,
struc=0x2af678c00088, var_hash=0x7fff362aa750)
at /local/local/bodegon/php-debug/ext/standard/var.c:807
key = 0x2af6785dc9c0 "hililist"
data = (zval **) 0x2af6787d9060
key_len = 9
index = 407
pos = (HashPosition) 0x2af6787d8e40
incomplete_class = 0 '\0'
i = 2
var_already = (ulong *) 0x555555867268
myht = (HashTable *) 0x2af6791b4710
#7 0x00002af6779a9326 in php_var_serialize (buf=0x7fff362aa7a0,
struc=0x2af678c00088, var_hash=0x7fff362aa750)
at /local/local/bodegon/php-debug/ext/standard/var.c:845
No locals.
#8 0x00002af6778ad8d5 in ps_srlzr_encode_php (newstr=0x7fff362aa808,
newlen=0x7fff362aa82c)
at /local/local/bodegon/php-debug/ext/session/session.c:479
_ht = (HashTable *) 0x2af6785592d0
---Type <return> to continue, or q <return> to quit---
buf = {
c = 0x2af6797d5060
"gettext_php_loaded|b:0;gettext_php_domain|s:0:\"\";gettext_php_dir|s:0:\"\";gettext_php_translateStrings|a:0:{}gettext_php_loaded_language|s:0:\"\";gettext_php_short_circuit|b:0;sq_base_url|s:27:\"http://hel";...,
len = 261973,
a = 262103}
var_hash = {nTableSize = 16384, nTableMask = 16383,
nNumOfElements = 8427, nNextFreeElement = 988,
pInternalPointer = 0x2af678f40f08, pListHead = 0x2af678f40f08,
pListTail = 0x2af6794865f0, arBuckets = 0x2af6791b4f48,
pDestructor = 0, persistent = 0 '\0', nApplyCount = 0 '\0',
bApplyProtection = 1 '\001', inconsistent = 0}
key = 0x2af678c000b0 "msgs"
key_length = 4
num_key = 47238021375260
struc = (zval **) 0x2af678c00088
#9 0x00002af6778ae43d in php_session_encode (newlen=0x7fff362aa82c)
at /local/local/bodegon/php-debug/ext/session/session.c:581
ret = 0x0
#10 0x00002af6778aefb2 in php_session_save_current_state () at
/local/local/bodegon/php-debug/ext/session/session.c:860
val = 0x3 <Address 0x3 out of bounds>
vallen = 0
ret = -1
#11 0x00002af6778b3f3d in php_session_flush () at
/local/local/bodegon/php-debug/ext/session/session.c:1845
orig_bailout = (jmp_buf *) 0x7fff362aa9c0
bailout = {{__jmpbuf = {160, -72001594702856356,
93824996795000, 93824995284840, 93824993674584, 93824993672000,
-72001594702856596, -71943351702066904}, __mask_was_saved = 0,
__saved_mask = {__val = {47238068320056, 0,
47238068320144, 88, 2840945349788, 47238058731560,
47238060414864, 140734102153504, 88, 140734102153536,
47238057413229, 140734102153536, 0, 0, 3017073977613,
47238058478808}}}}
#12 0x00002af6778b3f86 in zm_deactivate_session (type=1,
module_number=12)
at /local/local/bodegon/php-debug/ext/session/session.c:1859
No locals.
#13 0x00002af677a46705 in module_registry_cleanup
(module=0x5555558b2e90)
at /local/local/bodegon/php-debug/Zend/zend_API.c:1945
No locals.
#14 0x00002af677a4c4f3 in zend_hash_apply (ht=0x2af677cf99a0,
apply_func=0x2af677a466ca <module_registry_cleanup>)
at /local/local/bodegon/php-debug/Zend/zend_hash.c:666
p = (Bucket *) 0x5555558b2e30
#15 0x00002af677a3d635 in zend_deactivate_modules () at
/local/local/bodegon/php-debug/Zend/zend.c:817
orig_bailout = (jmp_buf *) 0x0
bailout = {{__jmpbuf = {160, -72001594702857076,
93824996795000, 93824995284840, 93824993674584, 93824993672000,
-72001594702856228, -71943351700553726}, __mask_was_saved = 0,
__saved_mask = {__val = {0, 47238055284985, 0,
19188171792, 47238060396720, 13793667680, 47238068320208,
140734102153824, 47238055285156, 345, 4294967315, 160,
18374742479006693916, 93824996795000, 93824995284840,
93824993674584}}}}
#16 0x00002af6779df423 in php_request_shutdown (dummy=0x0) at
/local/local/bodegon/php-debug/main/main.c:1284
report_memleaks = 1 '\001'
---Type <return> to continue, or q <return> to quit---
#17 0x00002af677ac34a3 in php_apache_request_dtor (r=0x5555559ae278)
at
/local/local/bodegon/php-debug/sapi/apache2handler/sapi_apache2.c:451
No locals.
#18 0x00002af677ac3dca in php_handler (r=0x5555559ae278)
at
/local/local/bodegon/php-debug/sapi/apache2handler/sapi_apache2.c:609
ctx = (php_struct * volatile) 0x5555559ab718
conf = (void *) 0x5555559aae48
brigade = (apr_bucket_brigade * volatile) 0x5555559bd640
bucket = (apr_bucket *) 0x5555556b4558
rv = 21845
parent_req = (request_rec * volatile) 0x0
#19 0x000055555558c6ba in ap_run_handler () from /usr/sbin/httpd2
No symbol table info available.
#20 0x000055555558faa2 in ap_invoke_handler () from /usr/sbin/httpd2
No symbol table info available.
#21 0x000055555559a1c8 in ap_process_request () from /usr/sbin/httpd2
No symbol table info available.
#22 0x0000555555597409 in ap_register_input_filter () from
/usr/sbin/httpd2
No symbol table info available.
#23 0x0000555555593772 in ap_run_process_connection () from
/usr/sbin/httpd2
No symbol table info available.
#24 0x000055555559dc09 in ap_graceful_stop_signalled () from
/usr/sbin/httpd2
No symbol table info available.
#25 0x000055555559de0e in ap_graceful_stop_signalled () from
/usr/sbin/httpd2
No symbol table info available.
#26 0x000055555559e911 in ap_mpm_run () from /usr/sbin/httpd2
No symbol table info available.
#27 0x0000555555579cb8 in main () from /usr/sbin/httpd2
No symbol table info available.
(gdb)
------------------------------------------------------------------------
[2006-08-20 18:29:05] [EMAIL PROTECTED]
Can you also try to compile your PHP with --enable-debug so
that the backtrace is more informative.
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/38525
--
Edit this bug report at http://bugs.php.net/?id=38525&edit=1
