From: t dot stobbe at blackdogdev dot com
Operating system: Linux 2.4.27-2-386(Debian sarge)
PHP version: 5.1.5
PHP Bug Type: Scripting Engine problem
Bug description: Memory (including temporary) allocation errors in Zend
Description:
------------
This bug applies to at least PHP 5.1.2 (cli) and 5.1.5 (cli), but probably
more. I'm not sure if it's a cli only issue, but I doubt it.
At a certain point, after large numbers of classes are allocated, and
quite a few iterations of function and method calls are made (a minute or
two of running), temporary internal memory allocation in the Zend engine
seems to start faultering. This first signs appear via FALSE errors
like:
Warning: preg_replace(): Empty regular expression in
/home/cr/blkbx/lib/Strings.class.php on line 65
...for a call of (on line 65):
$s = preg_replace("/ +/", " ", $s);
or, this one might happen...
Warning: preg_replace(): Delimiter must not be alphanumeric or backslash
in /home/cr/blkbx/lib/Strings.class.php on line 36
I thought it was a PCRE issue (like pcre_cache getting corrupted or
something), but modified php_pcre.c to printf the regular expression
pattern before anything else and it displays "/ +/" 99% of the time and
then all of a sudden it becomes "". Additionally, I've seen the pattern
become "1". The next call might then become "/ +/" again. Most likely
this means that the problem is with the zend hash management engine.
A short time after these warnings start appearing (the script will
continue running for a bit), PHP dies with a Segment fault. This seems to
occur just as I'm unsetting an object, although I can't confirm that this
is the only time it happens.
Further more, I've done a bit of searching on the internet and found that
other people have received the exact same random warnings under similar
conditions, although no one seems to know how to fix it. I'm sure this is
a duplicate bug report, but after hours of searching the bug database, I
couldn't come up with this report.
A backtrace is provided below.
Reproduce code:
---------------
This is a serious issue which I've managed to confirm is an engine
problem, but not been able to find a place to patch it myself. Nor have I
been able to reproduce it using simple examples. It only appears to happen
when large numbers of classes are allocated, and therefore (sadly) I can't
seem to reproduce the underlying issue without my entire (and it is very
large and complex) application running.
I'm sorry about this, but hopefully I've done enough of the initial leg
work already for you guys to be able to track it down.
Expected result:
----------------
No warnings or segment faults to occur (I know, I know... bad expected
result. Please read the bug description).
Actual result:
--------------
The following warnings are all false as they concern 100% valid,
hard-coded regular expression patterns such as "/ +/" and "/[a-z]+\\.0/i".
They start randomly occuring just before the crash.
Warning: preg_replace(): Empty regular expression in
/home/cr/blkbx/lib/Strings.class.php on line 36
Warning: preg_replace(): No ending delimiter '.' found in
/home/cr/blkbx/lib/Strings.class.php on line 70
Warning: preg_replace(): Delimiter must not be alphanumeric or backslash
in /home/cr/blkbx/lib/Strings.class.php on line 36
Segment fault backtrace
#0 0x0829ce56 in _efree (ptr=0x89855a4) at
/usr/local/src/php-5.1.5/Zend/zend_alloc.c:303
#1 0x082b9e38 in zend_hash_destroy (ht=0x8956304) at
/usr/local/src/php-5.1.5/Zend/zend_hash.c:528
#2 0x082c6508 in zend_object_std_dtor (object=0x88e7abc) at
/usr/local/src/php-5.1.5/Zend/zend_objects.c:40
#3 0x082c66d4 in zend_objects_free_object_storage (object=0x88e7abc) at
/usr/local/src/php-5.1.5/Zend/zend_objects.c:111
#4 0x082c910d in zend_objects_store_del_ref (zobject=0x82c66c0) at
/usr/local/src/php-5.1.5/Zend/zend_objects_API.c:172
#5 0x082b08ee in _zval_dtor_func (zvalue=0x897feac) at
/usr/local/src/php-5.1.5/Zend/zend_variables.c:52
#6 0x082a75e8 in _zval_ptr_dtor (zval_ptr=0x8973cb0) at
zend_variables.h:35
#7 0x082b9e48 in zend_hash_destroy (ht=0x89a8e64) at
/usr/local/src/php-5.1.5/Zend/zend_hash.c:521
#8 0x082b0915 in _zval_dtor_func (zvalue=0x8881d64) at
/usr/local/src/php-5.1.5/Zend/zend_variables.c:43
#9 0x082a75e8 in _zval_ptr_dtor (zval_ptr=0x899daf0) at
zend_variables.h:35
#10 0x082b978b in _zend_hash_quick_add_or_update (ht=0x88e93d4,
arKey=0x8572bb4 "", nKeyLength=24, h=2431529124, pData=0xbfffba78,
nDataSize=4, pDest=0xbfffba34,
flag=1) at /usr/local/src/php-5.1.5/Zend/zend_hash.c:294
#11 0x082c7559 in zend_std_write_property (object=0x8956844,
member=0x88816d4, value=0x88816d4) at
/usr/local/src/php-5.1.5/Zend/zend_object_handlers.c:419
#12 0x08314999 in zend_assign_to_object (result=0x8581594,
object_ptr=0x845035c, op2=0x74696877, value_op=0x85815f4, Ts=0xbfffbb3c,
opcode=136)
at /usr/local/src/php-5.1.5/Zend/zend_execute.c:617
#13 0x082efaf9 in ZEND_ASSIGN_OBJ_SPEC_UNUSED_CONST_HANDLER
(execute_data=0xbfffbc20) at zend_vm_execute.h:14703
#14 0x082ca9b8 in execute (op_array=0x864b68c) at zend_vm_execute.h:92
#15 0x082caed1 in zend_do_fcall_common_helper_SPEC
(execute_data=0xbfffbd10) at zend_vm_execute.h:234
#16 0x082ca9b8 in execute (op_array=0x864b72c) at zend_vm_execute.h:92
#17 0x082caed1 in zend_do_fcall_common_helper_SPEC
(execute_data=0xbfffc6a0) at zend_vm_execute.h:234
#18 0x082ca9b8 in execute (op_array=0x8625484) at zend_vm_execute.h:92
#19 0x082caed1 in zend_do_fcall_common_helper_SPEC
(execute_data=0xbfffd260) at zend_vm_execute.h:234
#20 0x082ca9b8 in execute (op_array=0x8625634) at zend_vm_execute.h:92
#21 0x082caed1 in zend_do_fcall_common_helper_SPEC
(execute_data=0xbfffd600) at zend_vm_execute.h:234
#22 0x082ca9b8 in execute (op_array=0x855aeac) at zend_vm_execute.h:92
#23 0x082b23a0 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
at /usr/local/src/php-5.1.5/Zend/zend.c:1109
#24 0x08278ea6 in php_execute_script (primary_file=0xbffffa30) at
/usr/local/src/php-5.1.5/main/main.c:1737
#25 0x0832090f in main (argc=4, argv=0xbffffad4) at
/usr/local/src/php-5.1.5/sapi/cli/php_cli.c:1093
--
Edit bug report at http://bugs.php.net/?id=38585&edit=1
--
Try a CVS snapshot (PHP 4.4):
http://bugs.php.net/fix.php?id=38585&r=trysnapshot44
Try a CVS snapshot (PHP 5.2):
http://bugs.php.net/fix.php?id=38585&r=trysnapshot52
Try a CVS snapshot (PHP 6.0):
http://bugs.php.net/fix.php?id=38585&r=trysnapshot60
Fixed in CVS: http://bugs.php.net/fix.php?id=38585&r=fixedcvs
Fixed in release:
http://bugs.php.net/fix.php?id=38585&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=38585&r=needtrace
Need Reproduce Script: http://bugs.php.net/fix.php?id=38585&r=needscript
Try newer version: http://bugs.php.net/fix.php?id=38585&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=38585&r=support
Expected behavior: http://bugs.php.net/fix.php?id=38585&r=notwrong
Not enough info:
http://bugs.php.net/fix.php?id=38585&r=notenoughinfo
Submitted twice:
http://bugs.php.net/fix.php?id=38585&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=38585&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=38585&r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=38585&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=38585&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=38585&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=38585&r=float
No Zend Extensions: http://bugs.php.net/fix.php?id=38585&r=nozend
MySQL Configuration Error: http://bugs.php.net/fix.php?id=38585&r=mysqlcfg
