ID: 48228
Updated by: j...@php.net
Reported By: iddekingej at lycos dot com
-Status: Open
+Status: Feedback
Bug Type: Scripting Engine problem
Operating System: Linux
PHP Version: 5.3.0RC2
New Comment:
What MPM are you using in Apache? (and when you give feedback, change
the status to 'Open'..)
Previous Comments:
[2009-05-11 20:37:48] iddekingej at lycos dot com
Thanks, but the latest snapshot din't fix the problem.
I managed to debug apache and php and found the following:
The field alloc_globals->mm_heap->reserve_size is (wrongly) overwritten
with some address while freeing memory. This value contains therefore a
large number.
Next, in zend_mm_shutdown the following code is executed
if (heap->reserve_size) {
heap->reserve = _zend_mm_alloc_int(heap, heap->reserve_size
ZEND_FILE_LINE_CC ZEND_FILE_LINE_EMPTY_CC);
}
This failed because reserve_size contains a very large number.
The corruption of "alloc_globals->mm_heap->reserve_size" happens in the
function _zend_mm_free_int.This function is called from
"shutdown_executor" about line 327.
That is "zend_ptr_stack_destroy(&EG(arg_types_stack));"
In the function _zend_mm_free_int a local var mm_block is loaded with
"mm_block = ZEND_MM_HEADER_OF(p);"
This header contains size=0,next=0 (hmm size=0 sounds wrong).
The value in "alloc_globals->mm_heap->reserve_size" is corrupted later
on at the line "*cache = (zend_mm_free_block*)mm_block;" (about line
1968).
So I guess that "cache" contains a wrong pointer.
This is as far as I could debug php.
[2009-05-11 09:45:55] j...@php.net
Please try using this CVS snapshot:
http://snaps.php.net/php5.3-latest.tar.gz
For Windows:
http://windows.php.net/snapshots/
[2009-05-10 22:47:19] iddekingej at lycos dot com
Description:
The included example code was made for finding the reason
php5.3RC2/apache2 crashed with some php website (the websie is not
publicly available). The script didn't crash apache but failed
differently.
The script should fail with a 'undefined variable', it does but it also
displays the message "Fatal error: Allowed memory size of 536870912
bytes exhausted (tried to allocate 140498868988960 bytes) in Unknown on
line 0". (The large number is probably a memory location).
This error only happens in the following situation:
* as a web page (CLI works OK)
* restart apache
* Load the page and the memory exhausted message is displayed.
* Reload the page and no "memory exhausted" message
Software/machine:
* 64Bit amd
* Kubuntu 8.10
* Apache 2.2.9
* PHP(5.3RC2) compiled with :
'./configure' '--enable-zip' '--enable-soap' '--enable-sockets'
'--with-gd' '--with-pgsql' '--with-apxs2=/usr/bin/apxs2'
'--with-gettext' '--enable-cli' '--enable-mbstring'
Reproduce code:
---
Error:getMessage()?>check(3,3,array("xx"=>$p_b,"xzx"=>$p_d,"xx"=>$p_e,"yy"=>$p_c));
}
}
$l_aa=new aa();
$l_aa->dosome('2',"3","4","5",'sddd','ddd');
?>
Expected result:
* Undefined variable
Actual result:
--
* Undefined variable
* "Fatal error: Allowed memory size of 536870912 bytes exhausted (tried
to allocate 140498868988960 bytes) in Unknown on line 0".
--
Edit this bug report at http://bugs.php.net/?id=48228&edit=1
