[Bug 776642] Re: segfaults from 5.2.4-2ubuntu5.15

[Barry Jaspan]

valgrind confirms the error and provides a stack trace:

# valgrind php test.php
... lots of uninitialized memory references reported here ...
18
20
32
==29381== 
==29381== Invalid read of size 1
==29381==at 0x82E5B81: zend_objects_store_del_ref_by_handle (in 
/usr/bin/php5)
==29381==by 0x82E5D57: zend_objects_store_del_ref (in /usr/bin/php5)
==29381==by 0x82C6120: _zval_dtor_func (in /usr/bin/php5)
==29381==by 0x82B8FC7: _zval_ptr_dtor (in /usr/bin/php5)
==29381==by 0x82D1943: zend_hash_clean (in /usr/bin/php5)
==29381==by 0x82F69FE: (within /usr/bin/php5)
==29381==by 0x82E7957: execute (in /usr/bin/php5)
==29381==by 0x82C6522: zend_execute_scripts (in /usr/bin/php5)
==29381==by 0x827C20F: php_execute_script (in /usr/bin/php5)
==29381==by 0x8358D19: main (in /usr/bin/php5)
==29381==  Address 0x739195d9 is not stack'd, malloc'd or (recently) free'd
==29381== 
==29381== Process terminating with default action of signal 11 (SIGSEGV)
==29381==  Access not within mapped region at address 0x739195D9
==29381==at 0x82E5B81: zend_objects_store_del_ref_by_handle (in 
/usr/bin/php5)
==29381==by 0x82E5D57: zend_objects_store_del_ref (in /usr/bin/php5)
==29381==by 0x82C6120: _zval_dtor_func (in /usr/bin/php5)
==29381==by 0x82B8FC7: _zval_ptr_dtor (in /usr/bin/php5)
==29381==by 0x82D1943: zend_hash_clean (in /usr/bin/php5)
==29381==by 0x82F69FE: (within /usr/bin/php5)
==29381==by 0x82E7957: execute (in /usr/bin/php5)
==29381==by 0x82C6522: zend_execute_scripts (in /usr/bin/php5)
==29381==by 0x827C20F: php_execute_script (in /usr/bin/php5)
==29381==by 0x8358D19: main (in /usr/bin/php5)
==29381==

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/776642

Title:
  segfaults from  5.2.4-2ubuntu5.15

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 776642] Re: segfaults from 5.2.4-2ubuntu5.15

[Barry Jaspan]

We've confirmed this on a 32- and 64-bit Ubuntu 8.04 EC2 instance.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/776642

Title:
  segfaults from  5.2.4-2ubuntu5.15

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 776642] Re: segfaults from 5.2.4-2ubuntu5.15

[Barry Jaspan]

I reduced this to a much smaller test case. The output of the attached
script is:

# php test.php
18
20
32
Segmentation fault

This suggests the segfault is happening during the return from function
add_taxonomy_to_document().

# uname -a
Linux web-98.bjaspan.hosting.acquia.com 2.6.24-10-xen #1 SMP Tue Sep 8 19:06:53 
UTC 2009 i686 GNU/Linux
# php -v 
PHP 5.2.4-2ubuntu5.15 with Suhosin-Patch 0.9.6.2 (cli) (built: Apr 28 2011 
14:43:25) 
Copyright (c) 1997-2007 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2007 Zend Technologies


** Attachment added: "PHP script that segfaults 5.2.4-2ubuntu5.15"
   
https://bugs.launchpad.net/ubuntu/+source/php5/+bug/776642/+attachment/2110326/+files/test.php

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/776642

Title:
  segfaults from  5.2.4-2ubuntu5.15

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs