ID: 48228 User updated by: iddekingej at lycos dot com Reported By: iddekingej at lycos dot com -Status: No Feedback +Status: Open Bug Type: Scripting Engine problem Operating System: Linux PHP Version: 5.3.0RC2 New Comment:
This bug is closed wrongly because I did give feedback. The request was to try a snapshot. I did try the snapshot and it din't solve the problem. So I did responded (at 11 May 8:37pm UTC) and wrote that it didn't solve the problem and give extra information about the cause so I think I responed apriopiate Previous Comments: ------------------------------------------------------------------------ [2009-05-20 18:45:30] iddekingej at lycos dot com >No feedback was provided This bug is closed wrongly because I did give feedback. The request was to try a snapshot. I did try the snapshot and it din't solve the problem. So I did responded (at 11 May 8:37pm UTC) and wrote that it didn't solve the problem and give extra information about the cause so I think I responed apriopiate. ------------------------------------------------------------------------ [2009-05-19 01:00:01] php-bugs at lists dot php dot net No feedback was provided for this bug for over a week, so it is being suspended automatically. If you are able to provide the information that was originally requested, please do so and change the status of the bug back to "Open". ------------------------------------------------------------------------ [2009-05-11 20:37:48] iddekingej at lycos dot com Thanks, but the latest snapshot din't fix the problem. I managed to debug apache and php and found the following: The field alloc_globals->mm_heap->reserve_size is (wrongly) overwritten with some address while freeing memory. This value contains therefore a large number. Next, in zend_mm_shutdown the following code is executed if (heap->reserve_size) { heap->reserve = _zend_mm_alloc_int(heap, heap->reserve_size ZEND_FILE_LINE_CC ZEND_FILE_LINE_EMPTY_CC); } This failed because reserve_size contains a very large number. The corruption of "alloc_globals->mm_heap->reserve_size" happens in the function _zend_mm_free_int.This function is called from "shutdown_executor" about line 327. That is "zend_ptr_stack_destroy(&EG(arg_types_stack));" In the function _zend_mm_free_int a local var mm_block is loaded with "mm_block = ZEND_MM_HEADER_OF(p);" This header contains size=0,next=0 (hmm size=0 sounds wrong). The value in "alloc_globals->mm_heap->reserve_size" is corrupted later on at the line "*cache = (zend_mm_free_block*)mm_block;" (about line 1968). So I guess that "cache" contains a wrong pointer. This is as far as I could debug php. ------------------------------------------------------------------------ [2009-05-11 09:45:55] j...@php.net Please try using this CVS snapshot: http://snaps.php.net/php5.3-latest.tar.gz For Windows: http://windows.php.net/snapshots/ ------------------------------------------------------------------------ [2009-05-10 22:47:19] iddekingej at lycos dot com Description: ------------ The included example code was made for finding the reason php5.3RC2/apache2 crashed with some php website (the websie is not publicly available). The script didn't crash apache but failed differently. The script should fail with a 'undefined variable', it does but it also displays the message "Fatal error: Allowed memory size of 536870912 bytes exhausted (tried to allocate 140498868988960 bytes) in Unknown on line 0". (The large number is probably a memory location). This error only happens in the following situation: * as a web page (CLI works OK) * restart apache * Load the page and the memory exhausted message is displayed. * Reload the page and no "memory exhausted" message Software/machine: * 64Bit amd * Kubuntu 8.10 * Apache 2.2.9 * PHP(5.3RC2) compiled with : './configure' '--enable-zip' '--enable-soap' '--enable-sockets' '--with-gd' '--with-pgsql' '--with-apxs2=/usr/bin/apxs2' '--with-gettext' '--enable-cli' '--enable-mbstring' Reproduce code: --------------- <? function ex_handler($p_exception) { ?> Error:<i><?=$p_exception->getMessage()?></i><br/><br/><? } function er_handler($p_errorno,$p_errstr,$p_errfile,$p_errline,$p_context) { $l_exception=new Exception("Error $p_errorno at $p_errline in '$p_errfile':$p_errstr"); throw $l_exception; } set_Exception_Handler("ex_handler"); set_Error_Handler("er_handler",E_STRICT|E_WARNING|E_ALL|E_ERROR|E_NOTICE); class aa { function check($p_a,$p_b,$p_c) { echo $p_a; } function dosome($p_b,$p_d,$p_e,$p_f,$p_g,$p_h) { return $this->check(3,3,array("xx"=>$p_b,"xzx"=>$p_d,"xx"=>$p_e,"yy"=>$p_c)); } } $l_aa=new aa(); $l_aa->dosome('2',"33333333333333333","4","5",'sddddddddddddddddddddddd','ddddddddddddddddddd'); ?> Expected result: ---------------- * Undefined variable Actual result: -------------- * Undefined variable * "Fatal error: Allowed memory size of 536870912 bytes exhausted (tried to allocate 140498868988960 bytes) in Unknown on line 0". ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=48228&edit=1