ID: 38265
Updated by: [EMAIL PROTECTED]
Reported By: judas dot iscariote at gmail dot com
-Status: Assigned
+Status: Closed
Bug Type: Reproducible crash
Operating System: linux 64 bit
PHP Version: 5CVS-2006-07-31 (CVS)
Assigned To: dmitry
New Comment:
Fixed in CVS HEAD and PHP_5_2.
Previous Comments:
------------------------------------------------------------------------
[2006-07-31 07:38:06] judas dot iscariote at gmail dot com
print (char
*)(executor_globals.function_state_ptr->function)->common.function_name
$1 = 0x6e03a9 "serialize"
reclassified as reproducible crash , changed the report title since
looks like serialize is the guilty.
------------------------------------------------------------------------
[2006-07-31 07:18:48] judas dot iscariote at gmail dot com
Description:
------------
Im testing PHP 5.2, current CVS.
it segfaults using the pear tool
Reproduce code:
---------------
sorry but no short reproduce code :( , but it is easly reproducible
like this :
pear install --alldeps phpdocumentor-beta
Expected result:
----------------
installing phpdocumentor beta as always
Actual result:
--------------
Starting program: /local/local/bodegon/php-debug/sapi/cli/php -C -q -d
include_path=/usr/share/pear -d output_buffering=1 -d open_basedir= -d
safe_mode=0 /usr/share/pear/pearcmd.php install --alldeps -f
phpdocumentor-beta
downloading PhpDocumentor-1.3.0RC6.tar ...
Starting to download PhpDocumentor-1.3.0RC6.tar (-1 bytes)
.............................................................................................................................................................................................................................................................................................................................................................................................................
.....done: 9,735,168 bytes
Program received signal SIGSEGV, Segmentation fault.
_zend_mm_alloc_int (heap=0x889210, size=786261,
__zend_filename=0x6ecd08
"/local/local/bodegon/php-debug/ext/standard/var.c",
__zend_lineno=541,
__zend_orig_filename=0x0, __zend_orig_lineno=0) at
/local/local/bodegon/php-debug/Zend/zend_alloc.c:465
465 next->prev_free_block = mm_block;
(gdb)
(gdb)
(gdb) bt full
#0 _zend_mm_alloc_int (heap=0x889210, size=786261,
__zend_filename=0x6ecd08
"/local/local/bodegon/php-debug/ext/standard/var.c",
__zend_lineno=541,
__zend_orig_filename=0x0, __zend_orig_lineno=0) at
/local/local/bodegon/php-debug/Zend/zend_alloc.c:465
index = 18446744073709551610
segment_size = 96
segment = <value optimized out>
next_block = (zend_mm_block *) 0x2b091d31afc0
true_size = 786336
best_size = <value optimized out>
p = <value optimized out>
end = (zend_mm_free_block *) 0x889258
best_fit = (zend_mm_free_block *) 0x2b091d25b020
offset = {4, 0, 1, 0, 2, 0, 1, 0, 3, 0, 1, 0, 2, 0, 1, 0}
#1 0x00000000005bec96 in _zend_mm_realloc_int (heap=0x889210,
p=0x2b091d19a060, size=786261,
__zend_filename=0x6ecd08
"/local/local/bodegon/php-debug/ext/standard/var.c",
__zend_lineno=541,
__zend_orig_filename=0x0, __zend_orig_lineno=0) at
/local/local/bodegon/php-debug/Zend/zend_alloc.c:1543
index = <value optimized out>
remaining_size = <value optimized out>
mm_block = (zend_mm_block *) 0x2b091d19a020
next_block = (zend_mm_block *) 0x2b091d259f10
true_size = 786336
ptr = <value optimized out>
#2 0x000000000056b678 in php_var_serialize_intern (buf=0x7fff90c10760,
struc=<value optimized out>,
var_hash=<value optimized out>) at
/local/local/bodegon/php-debug/ext/standard/var.c:541
__nl = <value optimized out>
i = <value optimized out>
var_already = <value optimized out>
myht = <value optimized out>
#3 0x000000000056ab12 in php_var_serialize_intern (buf=0x7fff90c10760,
struc=0x2b091c3bb120, var_hash=0x7fff90c10710)
at /local/local/bodegon/php-debug/ext/standard/var.c:827
__nl = 786068
i = <value optimized out>
---Type <return> to continue, or q <return> to quit---
var_already = <value optimized out>
myht = (HashTable *) 0x2b091c578198
#4 0x000000000056ab12 in php_var_serialize_intern (buf=0x7fff90c10760,
struc=0x2b091b909e10, var_hash=0x7fff90c10710)
at /local/local/bodegon/php-debug/ext/standard/var.c:827
__nl = 785956
i = <value optimized out>
var_already = <value optimized out>
myht = (HashTable *) 0x2b091b2067d8
#5 0x000000000056ab12 in php_var_serialize_intern (buf=0x7fff90c10760,
struc=0x2b091b33faa0, var_hash=0x7fff90c10710)
at /local/local/bodegon/php-debug/ext/standard/var.c:827
__nl = 326227
i = <value optimized out>
var_already = <value optimized out>
myht = (HashTable *) 0x2b091be36cd8
#6 0x000000000056c6e9 in php_var_serialize (buf=0x0, struc=0xc1000,
var_hash=0x2b091d31afc0)
at /local/local/bodegon/php-debug/ext/standard/var.c:845
No locals.
#7 0x000000000056c7ad in zif_serialize (ht=<value optimized out>,
return_value=0x2b091b274d98,
return_value_ptr=<value optimized out>, this_ptr=<value optimized
out>, return_value_used=<value optimized out>)
at /local/local/bodegon/php-debug/ext/standard/var.c:868
struc = (zval **) 0x2b091b33faa0
var_hash = {nTableSize = 16384, nTableMask = 16383,
nNumOfElements = 13861, nNextFreeElement = 4327,
pInternalPointer = 0x2b091bc64968, pListHead = 0x2b091bc64968,
pListTail = 0x2b091b76c398, arBuckets = 0x2b091c966b40,
pDestructor = 0, persistent = 0 '\0', nApplyCount = 0 '\0',
bApplyProtection = 1 '\001', inconsistent = 0}
buf = {
c = 0x2b091d19a060
"a:23:{s:7:\"attribs\";a:6:{s:15:\"packagerversion\";s:5:\"1.4.9\";s:7:\"version\";s:3:\"2.0\";s:5:\"xmlns\";s:35:\"http://pear.php.net/dtd/package-2.0\";s:11:\"xmlns:tasks\";s:33:\"http://pear.php.net/dtd/tasks-1.0\";s";...,
len = 786076, a = 786260}
#8 0x0000000000605f9a in zend_do_fcall_common_helper_SPEC
(execute_data=0x7fff90c10fc0)
at /local/local/bodegon/php-debug/Zend/zend_vm_execute.h:200
i = 1
p = <value optimized out>
---Type <return> to continue, or q <return> to quit---
arg_count = 0
return_reference = 0 '\0'
opline = (zend_op *) 0x2b091ac162e0
original_return_value = <value optimized out>
current_scope = (zend_class_entry *) 0x0
current_this = (zval *) 0x0
return_value_used = -1
should_change_scope = 0 '\0'
#9 0x00000000005f86df in execute (op_array=0x2b091ac12b08) at
/local/local/bodegon/php-debug/Zend/zend_vm_execute.h:92
execute_data = {opline = 0x2b091ac162e0, function_state =
{function_symbol_table = 0x2b091adc8380,
function = 0x8b6af0, reserved = {0x889210, 0x1, 0x7fff90c114f0,
0x2b091ac34dd8}}, fbc = 0x0, op_array = 0x2b091ac12b08,
object = 0x0, Ts = 0x7fff90c108d0, CVs = 0x7fff90c10880,
original_in_execution = 1 '\001', symbol_table = 0x2b091adadc78,
prev_execute_data = 0x7fff90c114f0, old_error_reporting = 0x0}
#10 0x00000000006059e3 in zend_do_fcall_common_helper_SPEC
(execute_data=0x7fff90c114f0)
at /local/local/bodegon/php-debug/Zend/zend_vm_execute.h:234
opline = (zend_op *) 0x2b091ac350a8
original_return_value = (zval **) 0x7fff90c15d38
current_scope = (zend_class_entry *) 0x2b091ab0b828
current_this = (zval *) 0x2b091c347488
return_value_used = <value optimized out>
should_change_scope = 1 '\001'
#11 0x00000000005f86df in execute (op_array=0x2b091ac362c0) at
/local/local/bodegon/php-debug/Zend/zend_vm_execute.h:92
execute_data = {opline = 0x2b091ac350a8, function_state =
{function_symbol_table = 0x2b091adadc78,
function = 0x2b091ac12b08, reserved = {0x12700000040, 0x712168,
0x2b091c588e98, 0x7fff90c188e0}}, fbc = 0x2b091ac12b08,
op_array = 0x2b091ac362c0, object = 0x2b091c347488, Ts =
0x7fff90c11170, CVs = 0x7fff90c11140,
original_in_execution = 1 '\001', symbol_table = 0x2b091ad13f68,
prev_execute_data = 0x7fff90c16420,
old_error_reporting = 0x0}
#12 0x00000000006059e3 in zend_do_fcall_common_helper_SPEC
(execute_data=0x7fff90c16420)
at /local/local/bodegon/php-debug/Zend/zend_vm_execute.h:234
opline = (zend_op *) 0x2b091aee1878
original_return_value = (zval **) 0x7fff90c188e0
current_scope = (zend_class_entry *) 0x2b091ae4c640
---Type <return> to continue, or q <return> to quit---
current_this = (zval *) 0x2b091ae475b0
return_value_used = <value optimized out>
should_change_scope = 1 '\001'
#13 0x00000000005f86df in execute (op_array=0x2b091ae747a8) at
/local/local/bodegon/php-debug/Zend/zend_vm_execute.h:92
execute_data = {opline = 0x2b091aee1878, function_state =
{function_symbol_table = 0x2b091ad13f68,
function = 0x2b091ac362c0, reserved = {0x889210, 0x1,
0x7fff90c1ad00, 0x2b091ae04168}}, fbc = 0x2b091ac362c0,
op_array = 0x2b091ae747a8, object = 0x2b091c347488, Ts =
0x7fff90c117d0, CVs = 0x7fff90c11670,
original_in_execution = 1 '\001', symbol_table = 0x2b091ad14208,
prev_execute_data = 0x7fff90c1ad00,
old_error_reporting = 0x0}
#14 0x00000000006059e3 in zend_do_fcall_common_helper_SPEC
(execute_data=0x7fff90c1ad00)
at /local/local/bodegon/php-debug/Zend/zend_vm_execute.h:234
opline = (zend_op *) 0x2b091ae043c0
original_return_value = (zval **) 0x7fff90c1b3a0
current_scope = (zend_class_entry *) 0x2b091add1718
current_this = (zval *) 0x2b091addd7e0
return_value_used = <value optimized out>
should_change_scope = 1 '\001'
#15 0x00000000005f86df in execute (op_array=0x2b091adf3fa8) at
/local/local/bodegon/php-debug/Zend/zend_vm_execute.h:92
execute_data = {opline = 0x2b091ae043c0, function_state =
{function_symbol_table = 0x2b091ad14208,
function = 0x2b091ae747a8, reserved = {0x9f, 0x7, 0x2b091ae31bb8,
0x8}}, fbc = 0x2b091ae747a8,
op_array = 0x2b091adf3fa8, object = 0x2b091ae475b0, Ts =
0x7fff90c166f0, CVs = 0x7fff90c165a0,
original_in_execution = 1 '\001', symbol_table = 0x2b091acc6238,
prev_execute_data = 0x7fff90c1b3d0,
old_error_reporting = 0x0}
#16 0x00000000006059e3 in zend_do_fcall_common_helper_SPEC
(execute_data=0x7fff90c1b3d0)
at /local/local/bodegon/php-debug/Zend/zend_vm_execute.h:234
opline = (zend_op *) 0x2b091ae31dc8
original_return_value = (zval **) 0x7fff90c1f0f0
current_scope = (zend_class_entry *) 0x2b091adcee30
current_this = (zval *) 0x2b091addd7e0
return_value_used = <value optimized out>
should_change_scope = 1 '\001'
#17 0x00000000005f86df in execute (op_array=0x2b091ade6e38) at
/local/local/bodegon/php-debug/Zend/zend_vm_execute.h:92
---Type <return> to continue, or q <return> to quit---
execute_data = {opline = 0x2b091ae31dc8, function_state =
{function_symbol_table = 0x2b091acc6238,
function = 0x2b091adf3fa8, reserved = {0x70e8d8, 0x10170e8d8,
0x2b091addf4a0, 0x90c1b4c0}}, fbc = 0x2b091adf3fa8,
op_array = 0x2b091ade6e38, object = 0x2b091addd7e0, Ts =
0x7fff90c1aec0, CVs = 0x7fff90c1ae80,
original_in_execution = 1 '\001', symbol_table = 0x2b091ad1c8c8,
prev_execute_data = 0x7fff90c1f330,
old_error_reporting = 0x0}
#18 0x00000000006059e3 in zend_do_fcall_common_helper_SPEC
(execute_data=0x7fff90c1f330)
at /local/local/bodegon/php-debug/Zend/zend_vm_execute.h:234
opline = (zend_op *) 0x2b0919f5a770
original_return_value = (zval **) 0x7fff90c1f4b0
current_scope = (zend_class_entry *) 0x0
current_this = (zval *) 0x0
return_value_used = <value optimized out>
should_change_scope = 1 '\001'
#19 0x00000000005f86df in execute (op_array=0x2b0919eef8f8) at
/local/local/bodegon/php-debug/Zend/zend_vm_execute.h:92
execute_data = {opline = 0x2b0919f5a770, function_state =
{function_symbol_table = 0x2b091ad1c8c8,
function = 0x2b091ade6e38, reserved = {0x5be660, 0x2b0900000000,
0x0, 0x2b0919eefa28}}, fbc = 0x2b091ade6e38,
op_array = 0x2b0919eef8f8, object = 0x2b091addd7e0, Ts =
0x7fff90c1b6a0, CVs = 0x7fff90c1b550,
original_in_execution = 0 '\0', symbol_table = 0x888b48,
prev_execute_data = 0x0, old_error_reporting = 0x0}
#20 0x00000000005d67a8 in zend_execute_scripts (type=8, retval=0x0,
file_count=3)
at /local/local/bodegon/php-debug/Zend/zend.c:1095
files = {{gp_offset = 40, fp_offset = 32767, overflow_arg_area
= 0x7fff90c1f5b0, reg_save_area = 0x7fff90c1f4c0}}
i = 1
file_handle = (zend_file_handle *) 0x7fff90c21a40
orig_op_array = (zend_op_array *) 0x0
local_retval = (zval *) 0x0
#21 0x0000000000593435 in php_execute_script
(primary_file=0x7fff90c21a40)
at /local/local/bodegon/php-debug/main/main.c:1759
realfile =
"/usr/share/pear/pearcmd.php\000\000\000\000\000\006\000\000\000\000\000\000p�\000\000\000\000\000linkinfo\000p\000\000\000\000\000�\213\032\t+\000\0004{\032\t+\000\000readlink\220i\205",
'\0' <repeats 13 times>, "p\034�220\177", '\0' <repeats 26
times>,
"�020�031\t+\000\000\001\000\000\000rlde\000\000\000\000\000\000\000\000\006\000\000\000\000\000\000p�\000\000\000\000\000�\213\032\t+",
'\0' <repeats 18 times>, "Be�031\t+\000\000P�", '\0'
<repeats 13 times>, "c�\000\000\000"...
---Type <return> to continue, or q <return> to quit---
prepend_file_p = (zend_file_handle *) 0x0
append_file_p = (zend_file_handle *) 0x0
prepend_file = {type = 0 '\0', filename = 0x0, opened_path =
0x0, handle = {fd = 0, fp = 0x0, stream = {
handle = 0x0, reader = 0, closer = 0, fteller = 0, interactive =
0}}, free_filename = 0 '\0'}
append_file = {type = 0 '\0', filename = 0x0, opened_path =
0x0, handle = {fd = 0, fp = 0x0, stream = {
handle = 0x0, reader = 0, closer = 0, fteller = 0, interactive =
0}}, free_filename = 0 '\0'}
old_cwd = 0x7fff90c1f5d0 ""
retval = 0
#22 0x000000000065dfbd in main (argc=16, argv=0x7fff90c21c78) at
/local/local/bodegon/php-debug/sapi/cli/php_cli.c:1097
bailout = {{__jmpbuf = {1, -69030786763965496, 0,
140735622028400, 0, 0, -69032687551370152, -69030786766214177},
__mask_was_saved = 0, __saved_mask = {__val = {4426960, 0,
47318089355888, 47318089356752, 140735622027456,
47318090518560, 434712305, 47318089357400, 456, 47317654700032,
4426960, 0, 47318089415902, 47318102347120,
47318100110072, 0}}}}
exit_status = <value optimized out>
c = <value optimized out>
file_handle = {type = 2 '\002', filename = 0x7fff90c23475
"/usr/share/pear/pearcmd.php",
opened_path = 0x2b0919eef890 "/usr/share/pear/PEAR.php", handle = {fd
= 10194480, fp = 0x9b8e30, stream = {
handle = 0x9b8e30, reader = 0x5eb660 <zend_stream_stdio_reader>,
closer = 0x5eb640 <zend_stream_stdio_closer>,
fteller = 0x5eb630 <zend_stream_stdio_fteller>, interactive =
0}}, free_filename = 0 '\0'}
behavior = 1
reflection_what = 0x0
orig_optind = 1
orig_optarg = 0x0
arg_free = 0x7fff90c23475 "/usr/share/pear/pearcmd.php"
arg_excp = <value optimized out>
script_file = 0x7fff90c23475 "/usr/share/pear/pearcmd.php"
interactive = 0
lineno = 1
exec_direct = 0x0
exec_run = 0x0
exec_begin = 0x0
exec_end = 0x0
---Type <return> to continue, or q <return> to quit---
param_error = <value optimized out>
hide_argv = 0
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=38265&edit=1
