Bug #60158 [Bgs]: Segmentation fault in _zend_mm_free_canary_int

Mon, 31 Oct 2011 11:48:00 -0700 

Edit report at https://bugs.php.net/bug.php?id=60158&edit=1

 ID:                 60158
 User updated by:    michael dot irey at gmail dot com
 Reported by:        michael dot irey at gmail dot com
 Summary:            Segmentation fault in _zend_mm_free_canary_int
 Status:             Bogus
 Type:               Bug
 Package:            Apache2 related
 Operating System:   Ubuntu 10.04.3 LTS
-PHP Version:        5.3.8
+PHP Version:        5.3.x
 Block user comment: N
 Private report:     N

 New Comment:

Ok, I have reproduced the bug from a clean PHP build using 5.3.8

Here is the new gdb details:


Program terminated with signal 11, Segmentation fault.
#0  0x00007fabd4b288b6 in _zval_dtor_func (zvalue=0x7fff0a50eb70, 
__zend_filename=0x7fabd4ea8558 "/root/downloads/php-
5.3.8/Zend/zend_object_handlers.c", __zend_lineno=441)
    at /root/downloads/php-5.3.8/Zend/zend_variables.c:35
35                              CHECK_ZVAL_STRING_REL(zvalue);
(gdb) dump_bt executor_globals.current_execute_data
[0xd8959e80] setElement() /web/lib/zend/ZendFramework-1.11.10-
minimal/library/Zend/Form/Decorator/Abstract.php:186 
[0xd8959b18] setElement() /web/lib/zend/ZendFramework-1.11.10-
minimal/library/Zend/Form/Element.php:2030 
[0xd8959940] render() /web/lib/zend/ZendFramework-1.11.10-
minimal/library/Zend/Form/Element.php:2046 
[0x0a50eec0] __toString() 
[0xd89580d0] ??? 
/web/vhosts/imac.michael.dev.bluehawk.evanta.com/website/application/views/scrip
ts/contacts/duplicate.phtml:62 
[0xd8957ed0] ??? /web/lib/zend/ZendFramework-1.11.10-
minimal/library/Zend/View.php:108 
[0xd8957c88] _run() /web/lib/zend/ZendFramework-1.11.10-
minimal/library/Zend/View/Abstract.php:888 
[0xd89579b8] render() /web/lib/zend/ZendFramework-1.11.10-
minimal/library/Zend/Controller/Action/Helper/ViewRenderer.php:900 
[0xd89577b0] renderScript() /web/lib/zend/ZendFramework-1.11.10-
minimal/library/Zend/Controller/Action/Helper/ViewRenderer.php:921 
[0xd8957670] render() /web/lib/zend/ZendFramework-1.11.10-
minimal/library/Zend/Controller/Action/Helper/ViewRenderer.php:960 
[0xd89574a8] postDispatch() /web/lib/zend/ZendFramework-1.11.10-
minimal/library/Zend/Controller/Action/HelperBroker.php:277 
[0xd8956e20] notifyPostDispatch() /web/lib/zend/ZendFramework-1.11.10-
minimal/library/Zend/Controller/Action.php:527 
[0xd8956008] dispatch() /web/lib/zend/ZendFramework-1.11.10-
minimal/library/Zend/Controller/Dispatcher/Standard.php:295 
[0xd89545e0] dispatch() /web/lib/zend/ZendFramework-1.11.10-
minimal/library/Zend/Controller/Front.php:954 
[0xd89541e0] dispatch() /web/lib/zend/ZendFramework-1.11.10-
minimal/library/Zend/Application/Bootstrap/Bootstrap.php:97 
[0xd89540a0] run() /web/lib/zend/ZendFramework-1.11.10-
minimal/library/Zend/Application.php:366 
[0xd8953090] run() 
/web/vhosts/imac.michael.dev.bluehawk.evanta.com/website/public/index.php:69


Previous Comments:
------------------------------------------------------------------------
[2011-10-28 16:14:44] fel...@php.net

zend_alloc_canary.c is from Suhosin project, not PHP.

So, try reproduce the crash in a clean PHP build.

------------------------------------------------------------------------
[2011-10-28 16:10:58] michael dot irey at gmail dot com

Added more detail in the summary

------------------------------------------------------------------------
[2011-10-28 16:05:50] michael dot irey at gmail dot com

Description:
------------
Using ZendFramework-1.11.10. Seg fault occurs also in 5.3.2 as well as 5.3.8. 
Does 
not occur in 5.2.4.  Difficult to reproduce, but I will include the gdb 
backtrace. 
Basically assigning the value of variable to another, causes the seg fault. I 
can 
not determine why. The line $this->_element = $element; causes the seg fault.

Test script:
---------------
    public function setElement($element)
    {
        if ((!$element instanceof Zend_Form_Element)
            && (!$element instanceof Zend_Form)
            && (!$element instanceof Zend_Form_DisplayGroup))
        {
            require_once 'Zend/Form/Decorator/Exception.php';
            throw new Zend_Form_Decorator_Exception('Invalid element type 
passed to decorator');
        }

        $this->_element = $element;
        return $this;
    }

Expected result:
----------------
Not this: exit signal Segmentation fault (11)

Actual result:
--------------
Program terminated with signal 11, Segmentation fault.
#0  0x00007ffd348abe53 in _zend_mm_free_canary_int (heap=0x7ffd39b11130, 
p=0x21143c453bb97f0f) at /build/buildd/php5-5.3.2/Zend/zend_alloc_canary.c:2090
2090    /build/buildd/php5-5.3.2/Zend/zend_alloc_canary.c: No such file or 
directory.
        in /build/buildd/php5-5.3.2/Zend/zend_alloc_canary.c




(gdb) dump_bt executor_globals.current_execute_data
[0x386f2e30] setElement() /web/lib/zend/ZendFramework-1.11.10-
minimal/library/Zend/Form/Decorator/Abstract.php:186 
[0x386f2ac8] setElement() /web/lib/zend/ZendFramework-1.11.10-
minimal/library/Zend/Form/Element.php:2030 
[0x386f28f0] render() /web/lib/zend/ZendFramework-1.11.10-
minimal/library/Zend/Form/Element.php:2046 
[0xa59d03f0] __toString() 
[0x386f1080] ??? 
/web/vhosts/imac.michael.dev.bluehawk.evanta.com/website/application/views/scrip
ts/contacts/duplicate.phtml:186 
[0x386f0e80] ??? /web/lib/zend/ZendFramework-1.11.10-
minimal/library/Zend/View.php:108 
[0x386f0c38] _run() /web/lib/zend/ZendFramework-1.11.10-
minimal/library/Zend/View/Abstract.php:888 
[0x386f0968] render() /web/lib/zend/ZendFramework-1.11.10-
minimal/library/Zend/Controller/Action/Helper/ViewRenderer.php:900 
[0x386f0760] renderScript() /web/lib/zend/ZendFramework-1.11.10-
minimal/library/Zend/Controller/Action/Helper/ViewRenderer.php:921 
[0x386f0620] render() /web/lib/zend/ZendFramework-1.11.10-
minimal/library/Zend/Controller/Action/Helper/ViewRenderer.php:960 
[0x386f0458] postDispatch() /web/lib/zend/ZendFramework-1.11.10-
minimal/library/Zend/Controller/Action/HelperBroker.php:277 
[0x386efdd0] notifyPostDispatch() /web/lib/zend/ZendFramework-1.11.10-
minimal/library/Zend/Controller/Action.php:527 
[0x386eefb8] dispatch() /web/lib/zend/ZendFramework-1.11.10-
minimal/library/Zend/Controller/Dispatcher/Standard.php:295 
[0x386ed590] dispatch() /web/lib/zend/ZendFramework-1.11.10-
minimal/library/Zend/Controller/Front.php:954 
[0x386ed190] dispatch() /web/lib/zend/ZendFramework-1.11.10-
minimal/library/Zend/Application/Bootstrap/Bootstrap.php:97 
[0x386ed050] run() /web/lib/zend/ZendFramework-1.11.10-
minimal/library/Zend/Application.php:366 
[0x386ec068] run() 
/web/vhosts/imac.michael.dev.bluehawk.evanta.com/website/public/index.php:69 



------------------------------------------------------------------------



-- 
Edit this bug report at https://bugs.php.net/bug.php?id=60158&edit=1

Reply via email to