ID: 50399 Comment by: ikickdogsforfun at hotmail dot com Reported By: ikickdogsforfun at hotmail dot com Status: Feedback Bug Type: Scripting Engine problem Operating System: Debian 5 PHP Version: 5.3.1 New Comment:
I added that line to my php.ini and checked phpinfo(); which showed zend.gc=off Still having the same problem I'm afraid and valgrind output shows segfault at the same location. Previous Comments: ------------------------------------------------------------------------ [2009-12-07 14:20:40] paj...@php.net Can you try with: zend.enable_gc=Off In your php.ini please? ------------------------------------------------------------------------ [2009-12-07 13:56:16] ikickdogsforfun at hotmail dot com Description: ------------ When using PHP SAPI and values have been added to the global $_SERVER variable, shutdown segfaults in zend_gc. If I remove the setting of the global variables it doesn't seg fault. This is possibly not a fault the SAPI, but I've been unable to resolve, removing the destroy and free commands in shutdown function doesn't stop it from segfaulting. Reproduce code: --------------- The entire source code file is available at https://crispycrisp.org/php.txt this is the function that causes a segfault in shutdown if it has been called: void php_set_superglobal_server(char *name, char *val) { zend_first_try { HashTable* locals = &EG(symbol_table); zval *type; /* Fetch $_SERVER from the global scope */ zend_hash_find(locals, "_SERVER", sizeof("_SERVER"), (void**)&SERVER); ALLOC_INIT_ZVAL(type); ZVAL_STRING(type, val, 1); ZEND_SET_SYMBOL(Z_ARRVAL_PP(SERVER), name, type); } zend_end_try(); } Expected result: ---------------- No segfault Actual result: -------------- ==17605== Thread 2: ==17605== Invalid read of size 4 ==17605== at 0x43B4BB9: gc_remove_zval_from_buffer (zend_gc.h:189) ==17605== by 0x438E18F: _zval_ptr_dtor (zend_execute_API.c:434) ==17605== by 0x43A4C7D: zend_hash_destroy (zend_hash.c:526) ==17605== by 0x804A88A: php_shutdown (php.c:143) ==17605== by 0x804A955: php (php.c:168) ==17605== by 0x8049D94: parsing_request (handler.c:180) ==17605== by 0x80496FE: handle (handler.c:25) ==17605== by 0x4032F3A: start_thread (in /lib/libpthread-2.7.so) ==17605== by 0x4793BED: clone (in /lib/libc-2.7.so) ==17605== Address 0x1c is not stack'd, malloc'd or (recently) free'd ==17605== ==17605== Process terminating with default action of signal 11 (SIGSEGV) ==17605== Access not within mapped region at address 0x1C ==17605== at 0x43B4BB9: gc_remove_zval_from_buffer (zend_gc.h:189) ==17605== by 0x438E18F: _zval_ptr_dtor (zend_execute_API.c:434) ==17605== by 0x43A4C7D: zend_hash_destroy (zend_hash.c:526) ==17605== by 0x804A88A: php_shutdown (php.c:143) ==17605== by 0x804A955: php (php.c:168) ==17605== by 0x8049D94: parsing_request (handler.c:180) ==17605== by 0x80496FE: handle (handler.c:25) ==17605== by 0x4032F3A: start_thread (in /lib/libpthread-2.7.so) ==17605== by 0x4793BED: clone (in /lib/libc-2.7.so) ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=50399&edit=1