#50145 [NEW]: srinatar

srina...@php.net Wed, 11 Nov 2009 00:27:14 -0800

From:             srina...@php.net
Operating system: solaris, linux
PHP version:      5.3.1RC3
PHP Bug Type:     Reproducible crash
Bug description:  srinatar


Description:
------------
with recent php 5.3.1 RC3, i noticed a crash when compiled with mbstring
and zend-multibyte and running the bug35634.phpt script found under
Zend/tests



Reproduce code:
---------------
'./configure' \
'--enable-cli' \
'--enable-mbstring' \
'--enable-zend-multibyte'

while running the test script Zend/tests/bug35634.phpt

<?php
if (defined("pass3")) {

  class ErrorClass {
  }

} else if (defined("pass2")) {

  class TestClass {
    function __construct() {
    }
    function TestClass() {
      $this->__construct();
    }
  }

} else {

  function errorHandler($errorNumber, $errorMessage, $fileName,
$lineNumber) {
    define("pass3", 1);
    include(__FILE__);
    die("Error: $errorMessage ($fileName:$lineNumber)\n");
  }

  set_error_handler('errorHandler');
  define("pass2", 1);
  include(__FILE__);
}
?>


Expected result:
----------------
Error: Redefining already defined constructor for class TestClass
(/tmp/c.php:12)

Actual result:
--------------
here is the stack trace of this crash..


@1 (l...@1) program terminated by signal SEGV (no mapping at the fault
address)
Current function is _zend_mm_alloc_int
 1892                   ZEND_MM_CHECK_BLOCK_LINKAGE(best_fit);
(dbx 1) where                                                         
current thread: t...@1
=>[1] _zend_mm_alloc_int(heap = 0x8b7f2f0, size = 496U), line 1892 in
"zend_alloc.c"
  [2] _emalloc(size = 496U), line 2295 in "zend_alloc.c"
  [3] open_file_for_scanning(file_handle = 0x80454f8), line 272 in
"zend_language_scanner.l"
  [4] compile_file(file_handle = 0x80454f8, type = 2), line 331 in
"zend_language_scanner.l"
  [5] phar_compile_file(file_handle = 0x80454f8, type = 2), line 3390 in
"phar.c"
  [6] compile_filename(type = 2, filename = 0x8b910b8), line 386 in
"zend_language_scanner.l"
  [7] ZEND_INCLUDE_OR_EVAL_SPEC_CONST_HANDLER(execute_data = 0x8cd6560),
line 1915 in "zend_vm_execute.h"
  [8] execute(op_array = 0x8cd4438), line 104 in "zend_vm_execute.h"
  [9] zend_call_function(fci = 0x80456a8, fci_cache = 0x8045608), line 942
in "zend_execute_API.c"
  [10] call_user_function_ex(function_table = 0x8bbf5a0, object_pp =
(nil), function_name = 0x8b8db78, retval_ptr_ptr = 0x804572c, param_count =
5U, params = 0x8b906d0, no_separation = 1, symbol_table = (nil)), line 734
in "zend_execute_API.c"
  [11] zend_error(type = 2048, format = 0x8b145e8 "Redefining already
defined constructor for class %s", ... = 0x8b8e730, ...), line 1101 in
"zend.c"
  [12] zend_do_begin_function_declaration(function_token = 0x8045b00,
function_name = 0x8045b28, is_method = 1, return_reference = 0,
fn_flags_znode = 0x8045aec), line 1289 in "zend_compile.c"
  [13] zendparse(), line 4082 in "zend_language_parser.c"
  [14] compile_file(file_handle = 0x8046da8, type = 2), line 343 in
"zend_language_scanner.l"
  [15] phar_compile_file(file_handle = 0x8046da8, type = 2), line 3390 in
"phar.c"
  [16] compile_filename(type = 2, filename = 0x8b8e4b4), line 386 in
"zend_language_scanner.l"
  [17] ZEND_INCLUDE_OR_EVAL_SPEC_CONST_HANDLER(execute_data = 0x8cd6440),
line 1915 in "zend_vm_execute.h"
  [18] execute(op_array = 0x8b8d970), line 104 in "zend_vm_execute.h"
  [19] zend_execute_scripts(type = 8, retval = (nil), file_count = 3, ...
= (nil), ...), line 1194 in "zend.c"
  [20] php_execute_script(primary_file = 0x8047850), line 2225 in
"main.c"
  [21] main(argc = 2, argv = 0x80478c4), line 1190 in "php_cli.c"

and here looks like best_fit seems to have been corrupted..

(dbx 2) p *best_fit
dbx: cannot access address 0x66690a70


(dbx 3) p *heap   
*heap = {
    use_zend_alloc     = 1
    _malloc            = (nil)
    _free              = (nil)
    _realloc           = (nil)
    free_bitmap        = 1073741824U
    large_free_bitmap  = 133376U
    block_size         = 262144U
    compact_size       = 2097152U
    segments_list      = 0x8cd6410
    storage            = 0x8b7eef0
    real_size          = 524288U
    real_peak          = 524288U
    limit              = 134217728U
    size               = 341616U
    peak               = 342120U
    reserve_size       = 8192U
    reserve            = 0x8b7f560
    overflow           = 0
    internal           = 0
    cached             = 456U
    cache              = (0x8b90590, 0x8b90700, 0x8b90718, 0x8b90558,
0x8b90918, (nil), (nil), (nil), (nil), (nil), 0x8b8faa0, (nil), (nil),
(nil), (nil), 0x8b8c1e8, (nil), (nil), (nil), (nil), (nil), (nil), (nil),
(nil), (nil), (nil), (nil), (nil), (nil), (nil), (nil), (nil))
    free_buckets       = (0x8b7f3b8, 0x8b7f3b8, 0x8b7f3c0, 0x8b7f3c0,
0x8b7f3c8, 0x8b7f3c8, 0x8b7f3d0, 0x8b7f3d0, 0x8b7f3d8, 0x8b7f3d8,
0x8b7f3e0, 0x8b7f3e0, 0x8b7f3e8, 0x8b7f3e8, 0x8b7f3f0, 0x8b7f3f0,
0x8b7f3f8, 0x8b7f3f8, 0x8b7f400, 0x8b7f400, 0x8b7f408, 0x8b7f408,
0x8b7f410, 0x8b7f410, 0x8b7f418, 0x8b7f418, 0x8b7f420, 0x8b7f420,
0x8b7f428, 0x8b7f428, 0x8b7f430, 0x8b7f430, 0x8b7f438, 0x8b7f438,
0x8b7f440, 0x8b7f440, 0x8b7f448, 0x8b7f448, 0x8b7f450, 0x8b7f450,
0x8b7f458, 0x8b7f458, 0x8b7f460, 0x8b7f460, 0x8b7f468, 0x8b7f468,
0x8b7f470, 0x8b7f470, 0x8b7f478, 0x8b7f478, 0x8b7f480, 0x8b7f480,
0x8b7f488, 0x8b7f488, 0x8b7f490, 0x8b7f490, 0x8b7f498, 0x8b7f498,
0x8b7f4a0, 0x8b7f4a0, 0x8b90b20, 0x8b90b20, 0x8b7f4b0, 0x8b7f4b0)
    large_free_buckets = ((nil), (nil), (nil), (nil), (nil), (nil), (nil),
(nil), 0x8b8fef8, (nil), (nil), 0x8b8e7a8, (nil), (nil), (nil), (nil),
(nil), 0x8b93a00, (nil), (nil), (nil), (nil), (nil), (nil), (nil), (nil),
(nil), (nil), (nil), (nil), (nil), (nil))
    rest_buckets       = (0x8b7f538, 0x8b7f538)
}


-- 
Edit bug report at http://bugs.php.net/?id=50145&edit=1
-- 
Try a snapshot (PHP 5.2):            
http://bugs.php.net/fix.php?id=50145&r=trysnapshot52
Try a snapshot (PHP 5.3):            
http://bugs.php.net/fix.php?id=50145&r=trysnapshot53
Try a snapshot (PHP 6.0):            
http://bugs.php.net/fix.php?id=50145&r=trysnapshot60
Fixed in SVN:                        
http://bugs.php.net/fix.php?id=50145&r=fixed
Fixed in SVN and need be documented: 
http://bugs.php.net/fix.php?id=50145&r=needdocs
Fixed in release:                    
http://bugs.php.net/fix.php?id=50145&r=alreadyfixed
Need backtrace:                      
http://bugs.php.net/fix.php?id=50145&r=needtrace
Need Reproduce Script:               
http://bugs.php.net/fix.php?id=50145&r=needscript
Try newer version:                   
http://bugs.php.net/fix.php?id=50145&r=oldversion
Not developer issue:                 
http://bugs.php.net/fix.php?id=50145&r=support
Expected behavior:                   
http://bugs.php.net/fix.php?id=50145&r=notwrong
Not enough info:                     
http://bugs.php.net/fix.php?id=50145&r=notenoughinfo
Submitted twice:                     
http://bugs.php.net/fix.php?id=50145&r=submittedtwice
register_globals:                    
http://bugs.php.net/fix.php?id=50145&r=globals
PHP 4 support discontinued:          http://bugs.php.net/fix.php?id=50145&r=php4
Daylight Savings:                    http://bugs.php.net/fix.php?id=50145&r=dst
IIS Stability:                       
http://bugs.php.net/fix.php?id=50145&r=isapi
Install GNU Sed:                     
http://bugs.php.net/fix.php?id=50145&r=gnused
Floating point limitations:          
http://bugs.php.net/fix.php?id=50145&r=float
No Zend Extensions:                  
http://bugs.php.net/fix.php?id=50145&r=nozend
MySQL Configuration Error:           
http://bugs.php.net/fix.php?id=50145&r=mysqlcfg

#50145 [NEW]: srinatar

Reply via email to