#29735 [Opn]: Segfault (11) / Possible stack corruption
ID: 29735
User updated by: sparkeh at btinternet dot com
Reported By: sparkeh at btinternet dot com
Status: Open
Bug Type: Reproducible crash
Operating System: Linux 2.6.7-gentoo-r9
PHP Version: 5.0.1
New Comment:
I've noticed that this is a duplicate of bug #28487
Previous Comments:
[2004-08-19 20:50:11] sparkeh at btinternet dot com
gdb stack trace from the first script (Ref: 3:24pm CEST)
#0 0x081e74a2 in _zval_ptr_dtor ()
#1 0x08216d9f in zend_switch_free_handler ()
#2 0x08211dff in execute ()
#3 0x0821567d in zend_do_fcall_common_helper ()
#4 0x08215993 in zend_do_fcall_by_name_handler ()
#5 0x08211dff in execute ()
#6 0x081f2b17 in zend_execute_scripts ()
#7 0x081b4d31 in php_execute_script ()
#8 0x in ?? ()
#9 0x0003 in ?? ()
#10 0x in ?? ()
...
#970 0x5f706870 in ?? ()
#971 0x69727473 in ?? ()
#972 0x68775f70 in ?? ()
#973 0x4083a6c4 in mallopt () from /lib/libc.so.6
Previous frame inner to this frame (corrupt stack?)
(gdb)
:o)
[2004-08-19 18:27:58] hip at cs dot okstate dot edu
I getting a seg. fault on a simple little script that's worked for
years and it sure smells like stack corruption.
?
require_once(config.inc);
require_once(Database.inc);
$db = new Database(USER_ID, USER_PASSWORD);
$db-connect();
$sql = select from STUDENT_STATUS ;
$sql .= where STATUS='APPROVED' ;
?
On my solaris 9 x86 box this seq. faults. Change the last line it seq
faults. Remove the last line it doesn't. After a
hour of playing, I've discovered that I can prevent a seg. fault by
place echo statements (or some other random statment) in key positions
in the file. That sure smells
like stack corruption.
I ran gdb on the core dump and the last lines of the backtrace are:
#20 0x81b65da in zend_deactivate () at
/usr/local/src/php-5.0.1/Zend/zend.c:819
#21 0x8182007 in php_request_shutdown (dummy=0x0)
at /usr/local/src/php-5.0.1/main/main.c:1212
#22 0x81db50f in main (argc=2, argv=0x8047a18)
at /usr/local/src/php-5.0.1/sapi/cli/php_cli.c:1046
and from what little I know of gdb it looks like it's happening when
php is trying to shutdown.
[2004-08-18 20:36:46] sparkeh at btinternet dot com
N.B. Original code tested and works as expected with PHP 4.3.3
[2004-08-18 19:44:13] sparkeh at btinternet dot com
There is no loop here. This is segfaulting because the function is
failing to return correctly (stack corruption). Remove the global
statement, and add an echo '' outside of the switch() braces to see
normal (expected) program flow.
[2004-08-18 17:18:38] sparkeh at btinternet dot com
What loop??
Remove the global $moo and the $rar = 0 and it runs as expected:
?
switch($t)
{
default:
function segfault()
{
echo 'About to segfault : ';
}
segfault();
}
echo 'Or not. Look no loop.';
?
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/29735
--
Edit this bug report at http://bugs.php.net/?id=29735edit=1
#29735 [Opn]: Segfault (11) / Possible stack corruption
ID: 29735
User updated by: sparkeh at btinternet dot com
Reported By: sparkeh at btinternet dot com
Status: Open
Bug Type: Reproducible crash
Operating System: Linux 2.6.7-gentoo-r9
PHP Version: 5.0.1
New Comment:
gdb stack trace from the first script (Ref: 3:24pm CEST)
#0 0x081e74a2 in _zval_ptr_dtor ()
#1 0x08216d9f in zend_switch_free_handler ()
#2 0x08211dff in execute ()
#3 0x0821567d in zend_do_fcall_common_helper ()
#4 0x08215993 in zend_do_fcall_by_name_handler ()
#5 0x08211dff in execute ()
#6 0x081f2b17 in zend_execute_scripts ()
#7 0x081b4d31 in php_execute_script ()
#8 0x in ?? ()
#9 0x0003 in ?? ()
#10 0x in ?? ()
...
#970 0x5f706870 in ?? ()
#971 0x69727473 in ?? ()
#972 0x68775f70 in ?? ()
#973 0x4083a6c4 in mallopt () from /lib/libc.so.6
Previous frame inner to this frame (corrupt stack?)
(gdb)
:o)
Previous Comments:
[2004-08-19 18:27:58] hip at cs dot okstate dot edu
I getting a seg. fault on a simple little script that's worked for
years and it sure smells like stack corruption.
?
require_once(config.inc);
require_once(Database.inc);
$db = new Database(USER_ID, USER_PASSWORD);
$db-connect();
$sql = select from STUDENT_STATUS ;
$sql .= where STATUS='APPROVED' ;
?
On my solaris 9 x86 box this seq. faults. Change the last line it seq
faults. Remove the last line it doesn't. After a
hour of playing, I've discovered that I can prevent a seg. fault by
place echo statements (or some other random statment) in key positions
in the file. That sure smells
like stack corruption.
I ran gdb on the core dump and the last lines of the backtrace are:
#20 0x81b65da in zend_deactivate () at
/usr/local/src/php-5.0.1/Zend/zend.c:819
#21 0x8182007 in php_request_shutdown (dummy=0x0)
at /usr/local/src/php-5.0.1/main/main.c:1212
#22 0x81db50f in main (argc=2, argv=0x8047a18)
at /usr/local/src/php-5.0.1/sapi/cli/php_cli.c:1046
and from what little I know of gdb it looks like it's happening when
php is trying to shutdown.
[2004-08-18 20:36:46] sparkeh at btinternet dot com
N.B. Original code tested and works as expected with PHP 4.3.3
[2004-08-18 19:44:13] sparkeh at btinternet dot com
There is no loop here. This is segfaulting because the function is
failing to return correctly (stack corruption). Remove the global
statement, and add an echo '' outside of the switch() braces to see
normal (expected) program flow.
[2004-08-18 17:18:38] sparkeh at btinternet dot com
What loop??
Remove the global $moo and the $rar = 0 and it runs as expected:
?
switch($t)
{
default:
function segfault()
{
echo 'About to segfault : ';
}
segfault();
}
echo 'Or not. Look no loop.';
?
[2004-08-18 17:05:03] [EMAIL PROTECTED]
?
You call the function segfault() in a never ending loop.
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/29735
--
Edit this bug report at http://bugs.php.net/?id=29735edit=1
#29735 [Opn]: Segfault (11) / Possible stack corruption
ID: 29735
User updated by: sparkeh at btinternet dot com
Reported By: sparkeh at btinternet dot com
Status: Open
Bug Type: Reproducible crash
Operating System: Linux 2.6.7-gentoo-r9
PHP Version: 5.0.1
New Comment:
N.B. Original code tested and works as expected with PHP 4.3.3
Previous Comments:
[2004-08-18 19:44:13] sparkeh at btinternet dot com
There is no loop here. This is segfaulting because the function is
failing to return correctly (stack corruption). Remove the global
statement, and add an echo '' outside of the switch() braces to see
normal (expected) program flow.
[2004-08-18 17:18:38] sparkeh at btinternet dot com
What loop??
Remove the global $moo and the $rar = 0 and it runs as expected:
?
switch($t)
{
default:
function segfault()
{
echo 'About to segfault : ';
}
segfault();
}
echo 'Or not. Look no loop.';
?
[2004-08-18 17:05:03] [EMAIL PROTECTED]
?
You call the function segfault() in a never ending loop.
[2004-08-18 16:17:19] sparkeh at btinternet dot com
There is no recursion. This is a function being called from within a
switch block. Surely?
[2004-08-18 15:47:59] [EMAIL PROTECTED]
Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php
This is expected, PHP does not protect against infinite recursion.
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/29735
--
Edit this bug report at http://bugs.php.net/?id=29735edit=1
