The bug happens in this line: if (--(*op_array->refcount)>0) { return; }
of destroy_op_array, when the code tries to read the refcount, according to the disassembler: Dump of assembler code for function destroy_op_array: 0x00007f6c321e2080 <+0>: push %r13 0x00007f6c321e2082 <+2>: push %r12 0x00007f6c321e2084 <+4>: push %rbp 0x00007f6c321e2085 <+5>: push %rbx 0x00007f6c321e2086 <+6>: mov %rdi,%rbx 0x00007f6c321e2089 <+9>: sub $0x8,%rsp 0x00007f6c321e208d <+13>: mov 0x48(%rdi),%rbp 0x00007f6c321e2091 <+17>: mov 0x50(%rdi),%r13d 0x00007f6c321e2095 <+21>: mov 0x90(%rdi),%rdi 0x00007f6c321e209c <+28>: test %rdi,%rdi 0x00007f6c321e209f <+31>: je 0x7f6c321e20b2 <destroy_op_array+50> 0x00007f6c321e20a1 <+33>: callq 0x7f6c321f6940 <zend_hash_destroy> 0x00007f6c321e20a6 <+38>: mov 0x90(%rbx),%rdi 0x00007f6c321e20ad <+45>: callq 0x7f6c321ccc80 <_efree> 0x00007f6c321e20b2 <+50>: mov 0x40(%rbx),%rdx => 0x00007f6c321e20b6 <+54>: mov (%rdx),%eax 0x00007f6c321e20b8 <+56>: sub $0x1,%eax 0x00007f6c321e20bb <+59>: test %eax,%eax 0x00007f6c321e20bd <+61>: mov %eax,(%rdx) 0x00007f6c321e20bf <+63>: je 0x7f6c321e20d0 <destroy_op_array+80> The pointer look bad, as rdx points to 0x7f6c28390138: (gdb) info registers rax 0x7f6c321e2270 140102674031216 rbx 0x7f6c36d2a7b0 140102752970672 rcx 0x201f0 131568 rdx 0x7f6c28390138 140102508020024 rsi 0x0 0 rdi 0x0 0 rbp 0x7f6c28390140 0x7f6c28390140 rsp 0x7fff2f1ae250 0x7fff2f1ae250 r8 0x7f6c36583290 140102744945296 r9 0xc08e69804da8f602 -4571600571954825726 r10 0x7f6c3691aad0 140102748711632 r11 0x7f6c365f2c20 140102745402400 r12 0x7f6c36d6bc00 140102753238016 r13 0xd42 3394 r14 0x7fff2f1aebf8 140733983681528 r15 0x113e0 70624 rip 0x7f6c321e20b6 0x7f6c321e20b6 <destroy_op_array+54> eflags 0x246 [ PF ZF IF ] cs 0x33 51 ss 0x2b 43 ds 0x0 0 es 0x0 0 fs 0x0 0 gs 0x0 0 and this location is not memory mapped: (gdb) x 0x7f6c28390138 0x7f6c28390138: Cannot access memory at address 0x7f6c28390138 The bug does not happen with the php-cli, but with apache-php. -- Segmentation fault in libapache2-mod-php5 when calling methods https://bugs.launchpad.net/bugs/602689 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs