ID: 37061
User updated by: ceo at l-i-e dot com
Reported By: ceo at l-i-e dot com
Status: Open
Bug Type: Reproducible crash
Operating System: FreeBSD 5.3-RELEASE
PHP Version: 5.1.2
New Comment:
Just to keep you readers posted:
Compiling --without-zend-memory-manager is easy, and it still
terminates prematurely.
valgrind, however, will take some time...
>From source yields:
checking for a supported CPU/OS combination... no (i386-freebsd5.3)
configure: error: Valgrind is platform specific. Sorry. Please consider
doing a port.
It's in the ports tree, but I'm not root, so I've asked for it to get
installed.
Or maybe I could convince ports tree to install it in my homedir
somehow? I'll search for a way to do that.
Previous Comments:
[2006-04-12 22:24:09] ceo at l-i-e dot com
Corrected typo of OS. Sorry.
[2006-04-12 22:09:19] [EMAIL PROTECTED]
>5.3-RELEASE
Is it AIX 5.3 or ..?
Try to build PHP with --enable-debug and --disable-zend-memory-manager
and then run it through `valgrind --tool=memcheck` (see
http://valgrind.org).
And if you put the valgrind log somewhere in the net, that would give
us a lot of useful information.
Though, a short but complete reproduce script would be even better.
[2006-04-12 22:03:23] ceo at l-i-e dot com
Description:
It's a LONG script, but it always ends up in:
Zend/zend_hash.c:66 (give or take lines changed in CVS)
zend_output_debug_string(1, "%s(%d) : ht=%p is being cleaned", file,
line, ht);
and then it just quits, with no other error output.
I *suspect* that the root cause is in something like this:
curl_setopt($curl, CURLOPT_BINARYTRANSFER, 1);
curl_setopt($curl, CURLOPT_URL, 'http://example.com/example.jpg');
$jpeg = curl_exec($curl);
//ASSUME that the server bounces us around with 302s and gives:
http://example.com/";>
curl_setopt($curl, CURLOPT_BINARYTRANSFER, 0);
curl_setopt($curl, CURLOPT_URL, 'http://example.com');
$html = curl_exec($curl);
At this point, I get warnings about $html not being zero-terminated if
I try to use it, and, sure enough, it's got garbage characters at the
end.
I SUSPECT that the curl handle is getting forced into non-binary mode
because of the 302s and the fact that plain/text comes out at the end
of that -- And I SUSPECT that this somehow gets the curl handle's
"binary" status out of sync somehow with itself, and gets curl all
confused.
All of this, however, is just my suspicion... It COULD be the OCR GD
stuff I'm doing...
But something is definitely corrupting thing somewhere.
Hopefully somebody who understand backtrace better than I can track it
down...
Reproduce code:
---
http://acousticdemo.com/info.com/overture/overture.phps
http://acousticdemo.com/info.com/overture/overture.inc.phps
I am happy to provide my login/password to [EMAIL PROTECTED] if you can't
reproduce and want to run this from CLI under gdb and see it in
action.
I've already done that, and can reproduce it in gdb.
It just takes awhile to get to that state, and my "short" scripts are
not yet causing the bug. :-(
Also happens in:
php_5.1.2 (release)
php5.1-200604071630
php5.1-200604102030
Take your pick.
Expected result:
Ideally, it would just "work" and continue on, keeping track of strings
and binary strings without me worrying about it.
I'd settle for an E_ERROR for conditions where a server returns
plain-text instead of binary expected.
Or even an E_ERROR when the strings are known to be corrupted.
But a "silent" failure with only C errors under --with-debug is pretty
harsh.
Actual result:
--
Silent script end prematurely under normal CLI.
--with-debug and gdb get me this:
#0 _zend_is_inconsistent (ht=0x83e14a4, file=0x823e6b4
"/www/acousticdemo.com/php_cvs/php5.1-200604102030/Zend/zend_hash.c",
line=752)
at
/www/acousticdemo.com/php_cvs/php5.1-200604102030/Zend/zend_hash.c:67
#1 0x081a899f in zend_hash_copy (target=0x83e0ca4, source=0x83e14a4,
pCopyConstructor=0x819d0cc , tmp=0xbfbfc950, size=4)
at
/www/acousticdemo.com/php_cvs/php5.1-200604102030/Zend/zend_hash.c:752
#2 0x0819d1ed in _zval_copy_ctor_func (zvalue=0x839ce64,
__zend_filename=0x823d6b0
"/www/acousticdemo.com/php_cvs/php5.1-200604102030/Zend/zend_variables.h",
__zend_lineno=45)
at
/www/acousticdemo.com/php_cvs/php5.1-200604102030/Zend/zend_variables.c:134
#3 0x0819da97 in _zval_copy_ctor (zvalue=0x839ce64,
__zend_filename=0x823d628
"/www/acousticdemo.com/php_cvs/php5.1-200604102030/Zend/zend.c",
__zend_lineno=1009) at zend_variables.h:45
#4 0x0819ec52 in zend_error (type=2, format=0x823d488 "String is not
zero-terminated (%s) (source: %s:%d)")
at
/www/acousticdemo.com/php_cvs/php5.1-200604102030/Zend/zend.c:1009
#5 0x0819cf