From: mailfrom-bugs dot php dot net at kopka dot net
Operating system: Linux (Gentoo)
PHP version: 5CVS-2005-04-05 (dev)
PHP Bug Type: Reproducible crash
Bug description: Segfault/Memory Leak by getClass (etc) in __destruct
Description:
------------
getClass($this) and others segfault or leak memory (when --enable-debug)
on
PHP 5.0.3
PHP 5.0.4
PHP 5.0.5-dev (cli) (2005-04-05 11:42:27)
build on gentoo linux (default install flags).
I ran into this using the following construct:
if (database::query($string)->error) {}
where database::query() returns an object wrapping a result set (or
providing info on success of the request).
PHP 5.0.3 (and i am quite sure this applies to other versions as well as i
experience this for quite a time) segfaults under the following cumulating
circumstances:
- If the object is only used once and not referenced to a variable
- If a property is read/set (if a function is called all is OK)
- If __destruct references the class name by some means (others are OK)
When you try the demo uncomment one of the lines which cause a segfault
(and are noted as a memory leak with --enable-debug):
// $c=get_class($this);unset ($c);
// echo get_class($this);
// if(defined('DEBUG_'.__CLASS__)){}
The following lines don't raise a segfault:
$c=__CLASS__;unset($c);
if(__CLASS__ == "BUG") {};
get_class($this);
echo __CLASS__;
The following line don't raise a segfault but is noted as a memory leak
(--enable-debug):
$c=get_class($this);
Naturally the hidden beast came up a long time after i wrote the line -
spending a good month of free time trying to locate it i am happy to
finally nail it to the ground for someone who knows what he is doing to
slay it (it cost me a keyboard and brought quite a few white hairs into
existence).
Since the original bug report vanished from the bug list (and can only be
found by number for reasons that escape me) i opened it again (and closed
the other).
Good hunting.
Configure Command => './configure' '--prefix=/usr'
'--host=i686-pc-linux-gnu' '--mandir=/usr/share/man'
'--infodir=/usr/share/info' '--datadir=/usr/share' '--sysconfdir=/etc'
'--localstatedir=/var/lib' '--disable-cgi' '--enable-cli' '--enable-embed'
'--with-config-file-path=/etc/php/cli-php5' '--disable-bcmath'
'--without-bz2' '--disable-calendar'
'--without-cpdflib' '--disable-ctype' '--without-curl'
'--without-curlwrappers' '--disable-dbase' '--disable-dio'
'--disable-dom' '--disable-exif' '--without-fam' '--without-fbsql'
'--without-fdftk' '--disable-filepro' '--disable-ftp' '--without-gettext'
'--without-gmp' '--without-hwapi' '--without-iconv' '--without-informix'
'--without-ingres' '--without-interbase' '--without-kerberos'
'--disable-libxml' '--disable-mbstring'
'--without-mcrypt' '--without-mcve' '--disable-memory-limit'
'--without-mhash' '--without-mime-magic' '--without-ming'
'--without-mnogosearch' '--without-msql' '--without-mssql'
'--without-ncurses' '--without-oci8' '--without-oracle'
'--without-openssl' '--without-openssl-dir' '--without-ovrimos'
'--disable-pcntl' '--without-pcre-regx' '--without-pfpro'
'--without-pgsql' '--disable-posix' '--without-pspell' '--without-recode'
'--disable-simplexml' '--disable-shmop' '--without-snmp' '--disable-soap'
'--disable-sockets' '--disable-spl' '--without-sybase'
'--without-sybase-ct' '--disable-sysvmsg' '--disable-sysvsem'
'--disable-sysvshm' '--without-tidy'
'--disable-tokenizer' '--disable-wddx' '--without-xsl'
'--without-xmlrpc' '--disable-yp' '--without-zlib' '--disable-debug'
'--without-jpeg-dir' '--without-freetype-dir' '--without-t1lib'
'--without-ttf' '--disable-gd-jis-conf' '--disable-gd-native-ttf'
'--without-png-dir' '--without-tiff-dir' '--without-xpm-dir'
'--without-gd' '--disable-session' '--without-sqlite' '--disable-dba'
'--without-readline' '--without-libedit'
Reproduce code:
---------------
<?php
class BUG {
var $error = "please fix this thing, it wasted a nice part of my
life!\n";
static function instance() {return new BUG();}
function __destruct()
{
$c=get_class($this);unset ($c);
// echo get_class($this);
// if(defined('DEBUG_'.__CLASS__)){}
// $c=get_class($this); //memory leak only
echo $this->error;
}
}
BUG::instance()->error;
echo "this is still executed\n";
?>
Expected result:
----------------
Expected result:
----------------
# php -n bug.php(cr)
please fix this thing, it wasted a nice part of my life!
this is still executed
# (cursor)
Actual result:
--------------
Sorry that i can not provide a core dump according to the requested
standards (vith --enable-debug) because if i compile like this there is
no segfault (just a memory leak), so i hope a standard one will help:
--------------------------------------------------------------
(with --disable-debug)
# php -n bug.php (cr)
please fix this thing, it wasted a nice part of my life!
this is still executed
Segmentation fault (core dumped)
# gdb php core
GNU gdb 6.0
Copyright 2003 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you
are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for
details.
This GDB was configured as "i686-pc-linux-gnu"...(no debugging symbols
found)...Using host libthread_db library "/lib/libthread_db.so.1".
Core was generated by `php -n bug.php'.
Program terminated with signal 11, Segmentation fault.
warning: current_sos: Can't read pathname for load map: Input/output
error
Reading symbols from /lib/libcrypt.so.1...(no debugging symbols
found)...done.
Loaded symbols for /lib/libcrypt.so.1
Reading symbols from /lib/libresolv.so.2...(no debugging symbols
found)...done.
Loaded symbols for /lib/libresolv.so.2
Reading symbols from /lib/libm.so.6...(no debugging symbols
found)...done.
Loaded symbols for /lib/libm.so.6
Reading symbols from /lib/libdl.so.2...(no debugging symbols
found)...done.
Loaded symbols for /lib/libdl.so.2
Reading symbols from /lib/libnsl.so.1...(no debugging symbols
found)...done.
Loaded symbols for /lib/libnsl.so.1
Reading symbols from /lib/libc.so.6...(no debugging symbols
found)...done.
Loaded symbols for /lib/libc.so.6
Reading symbols from /lib/ld-linux.so.2...(no debugging symbols
found)...done.
Loaded symbols for /lib/ld-linux.so.2
#0 0x08109250 in shutdown_memory_manager ()
(gdb) bt
#0 0x08109250 in shutdown_memory_manager ()
#1 0x00000a00 in ?? ()
#2 0x0817d04c in ?? ()
#3 0x0818e1fc in executor_globals ()
#4 0xbffff31c in ?? ()
#5 0x00000027 in ?? ()
#6 0x080e3192 in php_request_shutdown ()
--------------------------------------------------------------
(with --enable-debug)
# php -n bug.php
please fix this thing, it wasted a nice part of my life!
[Tue Apr 5 01:28:43 2005] Script: 'bug.php'
---------------------------------------
/var/tmp/portage/php-5.0.3-r1/work/php-5.0.3/Zend/zend_execute.c(77) :
Block 0x08201EF0 status:
/var/tmp/portage/php-5.0.3-r1/work/php-5.0.3/Zend/zend_execute.h(61) :
Actual location (location was relayed)
Beginning: Cached (allocated on
/var/tmp/portage/php-5.0.3-r1/work/php-5.0.3/Zend/zend_execute.c:2893,
16 bytes)
End: OK
---------------------------------------
this is still executed
/var/tmp/portage/php-5.0.3-r1/work/php-5.0.3/Zend/zend_execute.c(3255) :
Freeing 0x082014FC (16 bytes), script=bug.php
=== Total 1 memory leaks detected ===
# gdb php
GNU gdb 6.0
Copyright 2003 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you
are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for
details.
This GDB was configured as "i686-pc-linux-gnu"...(no debugging symbols
found)...Using host libthread_db library "/lib/libthread_db.so.1".
(gdb) run -n bug.php
Starting program: /usr/bin/php -n bug.php
warning: Unable to find dynamic linker breakpoint function.
GDB will be unable to debug shared library initializers
and track explicitly loaded dynamic code.
(no debugging symbols found)...(no debugging symbols found)...(no
debugging symbols found)...(no debugging symbols found)...(no debugging
symbols found)...
(no debugging symbols found)...(no debugging symbols found)...please fix
this thing, it wasted a nice part of my life!
[Tue Apr 5 01:27:54 2005] Script: 'bug.php'
---------------------------------------
/var/tmp/portage/php-5.0.3-r1/work/php-5.0.3/Zend/zend_execute.c(77) :
Block 0x08201CF0 status:
/var/tmp/portage/php-5.0.3-r1/work/php-5.0.3/Zend/zend_execute.h(61) :
Actual location (location was relayed)
Beginning: Cached (allocated on
/var/tmp/portage/php-5.0.3-r1/work/php-5.0.3/Zend/zend_execute.c:2893,
16 bytes)
End: OK
---------------------------------------
this is still executed
/var/tmp/portage/php-5.0.3-r1/work/php-5.0.3/Zend/zend_execute.c(3255) :
Freeing 0x082012FC (16 bytes), script=bug.php
=== Total 1 memory leaks detected ===
Program exited normally.
(gdb)
--
Edit bug report at http://bugs.php.net/?id=32596&edit=1
--
Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=32596&r=trysnapshot4
Try a CVS snapshot (php5.0):
http://bugs.php.net/fix.php?id=32596&r=trysnapshot50
Try a CVS snapshot (php5.1):
http://bugs.php.net/fix.php?id=32596&r=trysnapshot51
Fixed in CVS: http://bugs.php.net/fix.php?id=32596&r=fixedcvs
Fixed in release: http://bugs.php.net/fix.php?id=32596&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=32596&r=needtrace
Need Reproduce Script: http://bugs.php.net/fix.php?id=32596&r=needscript
Try newer version: http://bugs.php.net/fix.php?id=32596&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=32596&r=support
Expected behavior: http://bugs.php.net/fix.php?id=32596&r=notwrong
Not enough info:
http://bugs.php.net/fix.php?id=32596&r=notenoughinfo
Submitted twice:
http://bugs.php.net/fix.php?id=32596&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=32596&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=32596&r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=32596&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=32596&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=32596&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=32596&r=float
No Zend Extensions: http://bugs.php.net/fix.php?id=32596&r=nozend
MySQL Configuration Error: http://bugs.php.net/fix.php?id=32596&r=mysqlcfg
