Bug #40479 [Com]: zend_mm_heap corrupted
Edit report at https://bugs.php.net/bug.php?id=40479edit=1 ID: 40479 Comment by: komanek at natur dot cuni dot cz Reported by:rrossi at maggioli dot it Summary:zend_mm_heap corrupted Status: Feedback Type: Bug Package:Reproducible crash Operating System: Suse Linux 9.0 PHP Version:5.2.1 Block user comment: N Private report: N New Comment: For me it seems the solution is to compile PHP with --disable-zend-multibyte instead of --enable-zend-multibyte But I am not sure if it breaks something else, I didn't find much documentation on these options. Previous Comments: [2012-03-30 18:47:46] nathan at gt dot net Also to add, USE_ZEND_ALLOC=0 did not resolve but gc_disable(); did [2012-03-30 18:46:12] nathan at gt dot net I've also confirmed the above testcase triggers it on 5.3.10 via CLI. Can provide full access to any php developer interested in taking a look, just email me. [2012-03-28 11:42:16] komanek at natur dot cuni dot cz Hi, I used the USE_ZEND_ALLOC=0 and got another segfault. But in this case in the apache error log is hopefuly something useful: *** glibc detected *** /usr/local/apache2/bin/httpd: double free or corruption (!prev): 0x051d6e10 *** === Backtrace: = /lib/libc.so.6[0x7f5a8e3709a8] /lib/libc.so.6(cfree+0x76)[0x7f5a8e372ab6] /usr/local/apache2/modules/libphp5.so(zend_multibyte_read_script+0x2e)[0x7f5a887be90e] /usr/local/apache2/modules/libphp5.so(open_file_for_scanning+0x90)[0x7f5a887bed60] /usr/local/apache2/modules/libphp5.so(compile_file+0x9c)[0x7f5a887bf92c] /usr/local/apache2/modules/libphp5.so[0x7f5a8866575a] /usr/local/apache2/modules/libphp5.so[0x7f5a8881c733] /usr/local/apache2/modules/libphp5.so(execute+0x209)[0x7f5a88813c49] /usr/local/apache2/modules/libphp5.so(zend_execute_scripts+0x17b)[0x7f5a887e52db] /usr/local/apache2/modules/libphp5.so(php_execute_script+0x198)[0x7f5a8878e0f8] /usr/local/apache2/modules/libphp5.so[0x7f5a8887348f] /usr/local/apache2/bin/httpd(ap_run_handler+0x4a)[0x443f5a] /usr/local/apache2/bin/httpd(ap_invoke_handler+0xce)[0x44747e] /usr/local/apache2/bin/httpd(ap_process_request+0x18e)[0x465ece] /usr/local/apache2/bin/httpd[0x462d78] /usr/local/apache2/bin/httpd(ap_run_process_connection+0x4a)[0x44b45a] /usr/local/apache2/bin/httpd[0x46abd0] /usr/local/apache2/bin/httpd[0x46aea4] /usr/local/apache2/bin/httpd(ap_mpm_run+0xbde)[0x46baee] /usr/local/apache2/bin/httpd(main+0x99a)[0x43063a] /lib/libc.so.6(__libc_start_main+0xe6)[0x7f5a8e31b1a6] /usr/local/apache2/bin/httpd(apr_os_proc_mutex_put+0x49)[0x42f819] === Memory map: 0040-00493000 r-xp 08:01 442565 /usr/local/apache2/bin/httpd 00692000-00698000 rw-p 00092000 08:01 442565 /usr/local/apache2/bin/httpd 00698000-0069d000 rw-p 00698000 00:00 0 017e-053d4000 rw-p 017e 00:00 0 [heap] 7f5a8000-7f5a80021000 rw-p 7f5a8000 00:00 0 7f5a80021000-7f5a8400 ---p 7f5a80021000 00:00 0 7f5a8497c000-7f5a84992000 r-xp 08:01 835587 /lib/libgcc_s.so.1 7f5a84992000-7f5a84b92000 ---p 00016000 08:01 835587 /lib/libgcc_s.so.1 7f5a84b92000-7f5a84b93000 rw-p 00016000 08:01 835587 /lib/libgcc_s.so.1 7f5a84b9d000-7f5a84b9e000 r--s 08:11 78792612 /home/apache2/htdocs/horde/lib/core.php 7f5a84b9e000-7f5a84bc1000 r--p 08:11 78799575 /home/apache2/htdocs/horde/mnemo/locale/cs_CZ/LC_MESSAGES/mnemo.mo 7f5a84bc1000-7f5a84bc5000 r-xp 08:01 1884172 /lib/libnss_dns-2.7.so 7f5a84bc5000-7f5a84dc4000 ---p 4000 08:01 1884172 /lib/libnss_dns-2.7.so 7f5a84dc4000-7f5a84dc6000 rw-p 3000 08:01 1884172 /lib/libnss_dns-2.7.so 7f5a84dc6000-7f5a84dfd000 r--p 08:11 78790850 /home/apache2/htdocs/horde/imp/locale/cs_CZ/LC_MESSAGES/imp.mo 7f5a84dfd000-7f5a84dff000 r-xp 08:01 1327349 /usr/lib/gconv/ISO8859-2.so 7f5a84dff000-7f5a84ffe000 ---p 2000 08:01 1327349 /usr/lib/gconv/ISO8859-2.so 7f5a84ffe000-7f5a8500 rw-p 1000 08:01 1327349 /usr/lib/gconv/ISO8859-2.so 7f5a8500-7f5a85192000 r--p 08:01 428099 /usr/lib/locale/locale-archive 7f5a85192000-7f5a851e1000 rw-p 7f5a85192000 00:00 0 7f5a851e1000-7f5a851e3000 r-xp 08:01 451017 /usr/local/apache2/lib/apr-util-1/apr_ldap-1.so 7f5a851e3000-7f5a853e2000 ---p 2000 08:01 451017 /usr/local/apache2/lib/apr-util-1/apr_ldap
Bug #61508 [Com]: various crashes after upgrading to 5.3
Edit report at https://bugs.php.net/bug.php?id=61508edit=1 ID: 61508 Comment by: komanek at natur dot cuni dot cz Reported by:komanek at natur dot cuni dot cz Summary:various crashes after upgrading to 5.3 Status: Open Type: Bug Package:*General Issues Operating System: Debian 5 PHP Version:5.3.10 Block user comment: N Private report: N New Comment: This seems to be a duplicate of https://bugs.php.net/bug.php?id=40479 Previous Comments: [2012-03-26 11:21:34] komanek at natur dot cuni dot cz I should also mention that it is a server with relatively high load and that I do not have these problems on other (much smaller) servers. There should be a problem related to the load, OS or PHP itself. I also upgraded Apache to 2.2.22 which didn't resolve the issue. [2012-03-26 11:17:37] komanek at natur dot cuni dot cz Description: After upgrading from 5.2.17 na 5.3.10 there are rare crashes and segfaults: [Mon Mar 26 10:03:39 2012] [notice] child pid 22804 exit signal Segmentation fault (11), possible coredump in /usr/local/var/apache_cores [Mon Mar 26 10:05:06 2012] [notice] child pid 26428 exit signal Segmentation fault (11), possible coredump in /usr/local/var/apache_cores [Mon Mar 26 11:32:01 2012] [notice] child pid 1083 exit signal Bus error (7), possible coredump in /usr/local/var/apache_cores [Mon Mar 26 12:13:17 2012] [notice] child pid 26574 exit signal Segmentation fault (11), possible coredump in /usr/local/var/apache_cores Some of the stacktraces: #0 0x7fad2a19b67b in zend_vm_set_opcode_handler (op=0x1dca348) at /data/install/php-5.3.10/Zend/zend_vm_execute.h:34020 #1 0x7fad2a16df7e in pass_two (op_array=0x1dc6d00) at /data/install/php- 5.3.10/Zend/zend_opcode.c:412 #2 0x7fad2a161cf1 in zend_do_end_function_declaration (function_token=0x7ad843e0) at /data/install/php- 5.3.10/Zend/zend_compile.c:1447 #3 0x7fad2a1448fe in zendparse () at /data/install/php- 5.3.10/Zend/zend_language_parser.c:4088 #4 0x7fad2a150710 in compile_file (file_handle=0x7ad86240, type=8) at Zend/zend_language_scanner.l:364 #5 0x7fad29ff647a in phar_compile_file (file_handle=0x7ad86240, type=8) at /data/install/php-5.3.10/ext/phar/phar.c:3393 #6 0x7fad2a14fd4f in compile_filename (type=8, filename=0x451ffc0) at Zend/zend_language_scanner.l:407 #7 0x7fad2a1ad384 in ZEND_INCLUDE_OR_EVAL_SPEC_TMP_HANDLER (execute_data=0x451fa18) at /data/install/php-5.3.10/Zend/zend_vm_execute.h:5254 #8 0x7fad2a1a4969 in execute (op_array=0x3fcc538) at /data/install/php- 5.3.10/Zend/zend_vm_execute.h:107 #9 0x7fad2a175ffb in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /data/install/php-5.3.10/Zend/zend.c:1236 #10 0x7fad2a11ee18 in php_execute_script (primary_file=0x7ad88910) at /data/install/php-5.3.10/main/main.c:2308 #11 0x7fad2a2041af in php_handler (r=0x1d53a90) at /data/install/php- 5.3.10/sapi/apache2handler/sapi_apache2.c:669 #12 0x00443f5a in ap_run_handler (r=0x1d53a90) at config.c:158 #13 0x0044747e in ap_invoke_handler (r=0x1d53a90) at config.c:376 #14 0x00465ece in ap_process_request (r=0x1d53a90) at http_request.c:282 #15 0x00462d78 in ap_process_http_connection (c=0x1d3c470) at http_core.c:190 #16 0x0044b45a in ap_run_process_connection (c=0x1d3c470) at connection.c:43 #17 0x0046abd0 in child_main (child_num_arg=value optimized out) at prefork.c:667 #18 0x0046aea4 in make_child (s=0x11f5fe8, slot=7) at prefork.c:768 #19 0x0046baee in ap_mpm_run (_pconf=value optimized out, plog=value optimized out, s=value optimized out) at prefork.c:903 #20 0x0043063a in main (argc=4, argv=0x7ad88ef8) at main.c:753 #0 zend_hash_find (ht=0x2869c38, arKey=0x2862210 , nKeyLength=9, pData=0x7fffc2538958) at /data/install/php-5.3.10/Zend/zend_hash.c:884 #1 0x7f553a2f8f74 in zend_isset_isempty_dim_prop_obj_handler_SPEC_VAR_CONST (prop_dim=0, execute_data=0x2aed260) at /data/install/php- 5.3.10/Zend/zend_vm_execute.h:10926 #2 0x7f553a2ff969 in execute (op_array=0x2aac740) at /data/install/php- 5.3.10/Zend/zend_vm_execute.h:107 #3 0x7f553a2d0ffb in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /data/install/php-5.3.10/Zend/zend.c:1236 #4 0x7f553a279e18 in php_execute_script (primary_file=0x7fffc253aea0) at /data/install/php-5.3.10/main/main.c:2308 #5 0x7f553a35f1af in php_handler (r=0x2895878) at /data/install/php- 5.3.10/sapi/apache2handler/sapi_apache2.c:669 #6 0x00443f5a in ap_run_handler (r=0x2895878) at config.c:158 #7 0x0044747e in ap_invoke_handler (r=0x2895878) at config.c:376 #8 0x00465d30 in ap_internal_redirect (new_uri
Bug #40479 [Com]: zend_mm_heap corrupted
Edit report at https://bugs.php.net/bug.php?id=40479edit=1 ID: 40479 Comment by: komanek at natur dot cuni dot cz Reported by:rrossi at maggioli dot it Summary:zend_mm_heap corrupted Status: Feedback Type: Bug Package:Reproducible crash Operating System: Suse Linux 9.0 PHP Version:5.2.1 Block user comment: N Private report: N New Comment: I have just run into the same problems after upgrading from 5.2.17 to 5.3.10 last weekend. Hosted on Debian server. Before I found this bug report, I created another one: https://bugs.php.net/bug.php?id=61508 , which now seems to be a duplicate of this one. It is true I have a loaded server with many extensions and many users with their own apps, so this seems not to be possible for me to check all their code or to downgrade to unsupported 5.2 branch. Previous Comments: [2012-02-20 20:05:16] andreyvit at me dot com Just had the same issue, but 100% reproducible. It does not always print zend_mm_heap corrupted, but it always segfaults PHP. I've traced it to an equivalent of the following two lines of code: $xx = new stdClass; strpos($xx, ':'); Moreover, this only crashes inside a custom error handler function. If I disable set_error_handler call, the crash disappears. The crash inside the error handler is on a pretty innocent operation, and the location is not stable (most often it crashes on assigning a large literal array to a static variable). I tried to produce a smaller test case which reproduces the crash, but failed. Some magic dust is always missing. However, this gives us an alternative theory why most people may only be seeing this in production and rarely: they may only be running a custom error handler in production, and they may have a rare critical error somewhere which can trigger it. Try disabling your error handler and see. [2011-12-11 19:37:37] arekm at maven dot pl f dot ardelian at gmail dot com test case works on php 5.4rc2, too (php cli segfaults) [2011-11-23 11:30:36] utnalove at yahoo dot it Hello, I use Wordpress. I am hosted in home.pl which uses IdeaWebServer instead of Apache. Very often when I enable whatever cache plugin I get the zend_mm_heap corrupted error. I have also a hosting in the USA with Apache and the same PHP and MySql versions. If I backup both data and database and restore it in the Apache server I can use my caching plugins without issues because the zend_mm_heap corrupted error never appears. Home.pl says that this is a PHP issue and it is not connected with their non- Apache server. What's your opinion in that? Is it a PHP issue or a hosting issue? Thank you [2011-11-02 10:34:30] from dot php dot net at brainbox dot cz I can reproduce the bug on Microsoft Windows XP SP3, with latest official PHP 5.3.8 NTS build. When we run script from f dot ardelian at gmail dot com, PHP does not output zend_mm_heap corrupted, but right after displaying the If you see this⦠line CRASHES. However, I found that when I call gc_disable(); before script end, it finishes successfully. This helped me run the test script without problems, but didn't solve the issue in my other scripts. ? define('OBJECT_COUNT', 100 * 1000 * 10); class Object { private static $world = array(); private static $maxGuid = 0; protected $_guid = null; public function __construct() { self::$world[$this-_guid = self::$maxGuid++] = $this; } public function __destruct() { unset(self::$world[$this-_guid]); } } for ($i = 0; $i OBJECT_COUNT; ++$i) { new Object(); } // You probably won't see this because of the zend_mm_heap corrupted echo 'If you see this, try to increase OBJECT_COUNT to 100,000'; gc_disable(); // ADDED - works for me - PHP does not crash ? [2011-10-17 20:24:44] rob dot spekschoor at gmail dot com problem solved by compiling apache with prefork. Somehow Apache worker MPM + PHP 5.2 works fine but Apache worker MPM + PHP 5.3 fails terribly. Prefork seems stable The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at https://bugs.php.net/bug.php?id=40479 -- Edit this bug report at https://bugs.php.net/bug.php?id=40479edit=1
Bug #40479 [Com]: zend_mm_heap corrupted
Edit report at https://bugs.php.net/bug.php?id=40479edit=1 ID: 40479 Comment by: komanek at natur dot cuni dot cz Reported by:rrossi at maggioli dot it Summary:zend_mm_heap corrupted Status: Feedback Type: Bug Package:Reproducible crash Operating System: Suse Linux 9.0 PHP Version:5.2.1 Block user comment: N Private report: N New Comment: Hi, I used the USE_ZEND_ALLOC=0 and got another segfault. But in this case in the apache error log is hopefuly something useful: *** glibc detected *** /usr/local/apache2/bin/httpd: double free or corruption (!prev): 0x051d6e10 *** === Backtrace: = /lib/libc.so.6[0x7f5a8e3709a8] /lib/libc.so.6(cfree+0x76)[0x7f5a8e372ab6] /usr/local/apache2/modules/libphp5.so(zend_multibyte_read_script+0x2e)[0x7f5a887be90e] /usr/local/apache2/modules/libphp5.so(open_file_for_scanning+0x90)[0x7f5a887bed60] /usr/local/apache2/modules/libphp5.so(compile_file+0x9c)[0x7f5a887bf92c] /usr/local/apache2/modules/libphp5.so[0x7f5a8866575a] /usr/local/apache2/modules/libphp5.so[0x7f5a8881c733] /usr/local/apache2/modules/libphp5.so(execute+0x209)[0x7f5a88813c49] /usr/local/apache2/modules/libphp5.so(zend_execute_scripts+0x17b)[0x7f5a887e52db] /usr/local/apache2/modules/libphp5.so(php_execute_script+0x198)[0x7f5a8878e0f8] /usr/local/apache2/modules/libphp5.so[0x7f5a8887348f] /usr/local/apache2/bin/httpd(ap_run_handler+0x4a)[0x443f5a] /usr/local/apache2/bin/httpd(ap_invoke_handler+0xce)[0x44747e] /usr/local/apache2/bin/httpd(ap_process_request+0x18e)[0x465ece] /usr/local/apache2/bin/httpd[0x462d78] /usr/local/apache2/bin/httpd(ap_run_process_connection+0x4a)[0x44b45a] /usr/local/apache2/bin/httpd[0x46abd0] /usr/local/apache2/bin/httpd[0x46aea4] /usr/local/apache2/bin/httpd(ap_mpm_run+0xbde)[0x46baee] /usr/local/apache2/bin/httpd(main+0x99a)[0x43063a] /lib/libc.so.6(__libc_start_main+0xe6)[0x7f5a8e31b1a6] /usr/local/apache2/bin/httpd(apr_os_proc_mutex_put+0x49)[0x42f819] === Memory map: 0040-00493000 r-xp 08:01 442565 /usr/local/apache2/bin/httpd 00692000-00698000 rw-p 00092000 08:01 442565 /usr/local/apache2/bin/httpd 00698000-0069d000 rw-p 00698000 00:00 0 017e-053d4000 rw-p 017e 00:00 0 [heap] 7f5a8000-7f5a80021000 rw-p 7f5a8000 00:00 0 7f5a80021000-7f5a8400 ---p 7f5a80021000 00:00 0 7f5a8497c000-7f5a84992000 r-xp 08:01 835587 /lib/libgcc_s.so.1 7f5a84992000-7f5a84b92000 ---p 00016000 08:01 835587 /lib/libgcc_s.so.1 7f5a84b92000-7f5a84b93000 rw-p 00016000 08:01 835587 /lib/libgcc_s.so.1 7f5a84b9d000-7f5a84b9e000 r--s 08:11 78792612 /home/apache2/htdocs/horde/lib/core.php 7f5a84b9e000-7f5a84bc1000 r--p 08:11 78799575 /home/apache2/htdocs/horde/mnemo/locale/cs_CZ/LC_MESSAGES/mnemo.mo 7f5a84bc1000-7f5a84bc5000 r-xp 08:01 1884172 /lib/libnss_dns-2.7.so 7f5a84bc5000-7f5a84dc4000 ---p 4000 08:01 1884172 /lib/libnss_dns-2.7.so 7f5a84dc4000-7f5a84dc6000 rw-p 3000 08:01 1884172 /lib/libnss_dns-2.7.so 7f5a84dc6000-7f5a84dfd000 r--p 08:11 78790850 /home/apache2/htdocs/horde/imp/locale/cs_CZ/LC_MESSAGES/imp.mo 7f5a84dfd000-7f5a84dff000 r-xp 08:01 1327349 /usr/lib/gconv/ISO8859-2.so 7f5a84dff000-7f5a84ffe000 ---p 2000 08:01 1327349 /usr/lib/gconv/ISO8859-2.so 7f5a84ffe000-7f5a8500 rw-p 1000 08:01 1327349 /usr/lib/gconv/ISO8859-2.so 7f5a8500-7f5a85192000 r--p 08:01 428099 /usr/lib/locale/locale-archive 7f5a85192000-7f5a851e1000 rw-p 7f5a85192000 00:00 0 7f5a851e1000-7f5a851e3000 r-xp 08:01 451017 /usr/local/apache2/lib/apr-util-1/apr_ldap-1.so 7f5a851e3000-7f5a853e2000 ---p 2000 08:01 451017 /usr/local/apache2/lib/apr-util-1/apr_ldap-1.so 7f5a853e2000-7f5a853e3000 rw-p 1000 08:01 451017 /usr/local/apache2/lib/apr-util-1/apr_ldap-1.so 7f5a853e3000-7f5a853ed000 r-xp 08:01 1884173 /lib/libnss_files-2.7.so 7f5a853ed000-7f5a855ed000 ---p a000 08:01 1884173 /lib/libnss_files-2.7.so 7f5a855ed000-7f5a855ef000 rw-p a000 08:01 1884173 /lib/libnss_files-2.7.so 7f5a855ef000-7f5a855f8000 r-xp 08:01 1884175 /lib/libnss_nis-2.7.so 7f5a855f8000-7f5a857f8000 ---p 9000 08:01 1884175 /lib/libnss_nis-2.7.so 7f5a857f8000-7f5a857fa000 rw-p 9000 08:01 1884175 /lib/libnss_nis-2.7.so 7f5a857fa000-7f5a85801000 r-xp 08:01 1884171 /lib/libnss_compat-2.7.so 7f5a85801000
[PHP-BUG] Bug #61508 [NEW]: various crashes after upgrading to 5.3
From: Operating system: Debian 5 PHP version: 5.3.10 Package: *General Issues Bug Type: Bug Bug description:various crashes after upgrading to 5.3 Description: After upgrading from 5.2.17 na 5.3.10 there are rare crashes and segfaults: [Mon Mar 26 10:03:39 2012] [notice] child pid 22804 exit signal Segmentation fault (11), possible coredump in /usr/local/var/apache_cores [Mon Mar 26 10:05:06 2012] [notice] child pid 26428 exit signal Segmentation fault (11), possible coredump in /usr/local/var/apache_cores [Mon Mar 26 11:32:01 2012] [notice] child pid 1083 exit signal Bus error (7), possible coredump in /usr/local/var/apache_cores [Mon Mar 26 12:13:17 2012] [notice] child pid 26574 exit signal Segmentation fault (11), possible coredump in /usr/local/var/apache_cores Some of the stacktraces: #0 0x7fad2a19b67b in zend_vm_set_opcode_handler (op=0x1dca348) at /data/install/php-5.3.10/Zend/zend_vm_execute.h:34020 #1 0x7fad2a16df7e in pass_two (op_array=0x1dc6d00) at /data/install/php- 5.3.10/Zend/zend_opcode.c:412 #2 0x7fad2a161cf1 in zend_do_end_function_declaration (function_token=0x7ad843e0) at /data/install/php- 5.3.10/Zend/zend_compile.c:1447 #3 0x7fad2a1448fe in zendparse () at /data/install/php- 5.3.10/Zend/zend_language_parser.c:4088 #4 0x7fad2a150710 in compile_file (file_handle=0x7ad86240, type=8) at Zend/zend_language_scanner.l:364 #5 0x7fad29ff647a in phar_compile_file (file_handle=0x7ad86240, type=8) at /data/install/php-5.3.10/ext/phar/phar.c:3393 #6 0x7fad2a14fd4f in compile_filename (type=8, filename=0x451ffc0) at Zend/zend_language_scanner.l:407 #7 0x7fad2a1ad384 in ZEND_INCLUDE_OR_EVAL_SPEC_TMP_HANDLER (execute_data=0x451fa18) at /data/install/php-5.3.10/Zend/zend_vm_execute.h:5254 #8 0x7fad2a1a4969 in execute (op_array=0x3fcc538) at /data/install/php- 5.3.10/Zend/zend_vm_execute.h:107 #9 0x7fad2a175ffb in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /data/install/php-5.3.10/Zend/zend.c:1236 #10 0x7fad2a11ee18 in php_execute_script (primary_file=0x7ad88910) at /data/install/php-5.3.10/main/main.c:2308 #11 0x7fad2a2041af in php_handler (r=0x1d53a90) at /data/install/php- 5.3.10/sapi/apache2handler/sapi_apache2.c:669 #12 0x00443f5a in ap_run_handler (r=0x1d53a90) at config.c:158 #13 0x0044747e in ap_invoke_handler (r=0x1d53a90) at config.c:376 #14 0x00465ece in ap_process_request (r=0x1d53a90) at http_request.c:282 #15 0x00462d78 in ap_process_http_connection (c=0x1d3c470) at http_core.c:190 #16 0x0044b45a in ap_run_process_connection (c=0x1d3c470) at connection.c:43 #17 0x0046abd0 in child_main (child_num_arg=value optimized out) at prefork.c:667 #18 0x0046aea4 in make_child (s=0x11f5fe8, slot=7) at prefork.c:768 #19 0x0046baee in ap_mpm_run (_pconf=value optimized out, plog=value optimized out, s=value optimized out) at prefork.c:903 #20 0x0043063a in main (argc=4, argv=0x7ad88ef8) at main.c:753 #0 zend_hash_find (ht=0x2869c38, arKey=0x2862210 , nKeyLength=9, pData=0x7fffc2538958) at /data/install/php-5.3.10/Zend/zend_hash.c:884 #1 0x7f553a2f8f74 in zend_isset_isempty_dim_prop_obj_handler_SPEC_VAR_CONST (prop_dim=0, execute_data=0x2aed260) at /data/install/php- 5.3.10/Zend/zend_vm_execute.h:10926 #2 0x7f553a2ff969 in execute (op_array=0x2aac740) at /data/install/php- 5.3.10/Zend/zend_vm_execute.h:107 #3 0x7f553a2d0ffb in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /data/install/php-5.3.10/Zend/zend.c:1236 #4 0x7f553a279e18 in php_execute_script (primary_file=0x7fffc253aea0) at /data/install/php-5.3.10/main/main.c:2308 #5 0x7f553a35f1af in php_handler (r=0x2895878) at /data/install/php- 5.3.10/sapi/apache2handler/sapi_apache2.c:669 #6 0x00443f5a in ap_run_handler (r=0x2895878) at config.c:158 #7 0x0044747e in ap_invoke_handler (r=0x2895878) at config.c:376 #8 0x00465d30 in ap_internal_redirect (new_uri=value optimized out, r=value optimized out) at http_request.c:554 #9 0x7f553afb8bb5 in handler_redirect (r=0x28a3a50) at mod_rewrite.c:4843 #10 0x00443f5a in ap_run_handler (r=0x28a3a50) at config.c:158 #11 0x0044747e in ap_invoke_handler (r=0x28a3a50) at config.c:376 #12 0x00465ece in ap_process_request (r=0x28a3a50) at http_request.c:282 #13 0x00462d78 in ap_process_http_connection (c=0x2883390) at http_core.c:190 #14 0x0044b45a in ap_run_process_connection (c=0x2883390) at connection.c:43 #15 0x0046abd0 in child_main (child_num_arg=value optimized out) at prefork.c:667 #16 0x0046aea4 in make_child (s=0x1d3bfe8, slot=2) at prefork.c:768 #17 0x0046baee in ap_mpm_run (_pconf=value optimized out, plog=value optimized out, s=value optimized out) at prefork.c:903 #18 0x0043063a in main (argc=4, argv=0x7fffc253b518)
Bug #61508 [Com]: various crashes after upgrading to 5.3
Edit report at https://bugs.php.net/bug.php?id=61508edit=1 ID: 61508 Comment by: komanek at natur dot cuni dot cz Reported by:komanek at natur dot cuni dot cz Summary:various crashes after upgrading to 5.3 Status: Open Type: Bug Package:*General Issues Operating System: Debian 5 PHP Version:5.3.10 Block user comment: N Private report: N New Comment: I should also mention that it is a server with relatively high load and that I do not have these problems on other (much smaller) servers. There should be a problem related to the load, OS or PHP itself. I also upgraded Apache to 2.2.22 which didn't resolve the issue. Previous Comments: [2012-03-26 11:17:37] komanek at natur dot cuni dot cz Description: After upgrading from 5.2.17 na 5.3.10 there are rare crashes and segfaults: [Mon Mar 26 10:03:39 2012] [notice] child pid 22804 exit signal Segmentation fault (11), possible coredump in /usr/local/var/apache_cores [Mon Mar 26 10:05:06 2012] [notice] child pid 26428 exit signal Segmentation fault (11), possible coredump in /usr/local/var/apache_cores [Mon Mar 26 11:32:01 2012] [notice] child pid 1083 exit signal Bus error (7), possible coredump in /usr/local/var/apache_cores [Mon Mar 26 12:13:17 2012] [notice] child pid 26574 exit signal Segmentation fault (11), possible coredump in /usr/local/var/apache_cores Some of the stacktraces: #0 0x7fad2a19b67b in zend_vm_set_opcode_handler (op=0x1dca348) at /data/install/php-5.3.10/Zend/zend_vm_execute.h:34020 #1 0x7fad2a16df7e in pass_two (op_array=0x1dc6d00) at /data/install/php- 5.3.10/Zend/zend_opcode.c:412 #2 0x7fad2a161cf1 in zend_do_end_function_declaration (function_token=0x7ad843e0) at /data/install/php- 5.3.10/Zend/zend_compile.c:1447 #3 0x7fad2a1448fe in zendparse () at /data/install/php- 5.3.10/Zend/zend_language_parser.c:4088 #4 0x7fad2a150710 in compile_file (file_handle=0x7ad86240, type=8) at Zend/zend_language_scanner.l:364 #5 0x7fad29ff647a in phar_compile_file (file_handle=0x7ad86240, type=8) at /data/install/php-5.3.10/ext/phar/phar.c:3393 #6 0x7fad2a14fd4f in compile_filename (type=8, filename=0x451ffc0) at Zend/zend_language_scanner.l:407 #7 0x7fad2a1ad384 in ZEND_INCLUDE_OR_EVAL_SPEC_TMP_HANDLER (execute_data=0x451fa18) at /data/install/php-5.3.10/Zend/zend_vm_execute.h:5254 #8 0x7fad2a1a4969 in execute (op_array=0x3fcc538) at /data/install/php- 5.3.10/Zend/zend_vm_execute.h:107 #9 0x7fad2a175ffb in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /data/install/php-5.3.10/Zend/zend.c:1236 #10 0x7fad2a11ee18 in php_execute_script (primary_file=0x7ad88910) at /data/install/php-5.3.10/main/main.c:2308 #11 0x7fad2a2041af in php_handler (r=0x1d53a90) at /data/install/php- 5.3.10/sapi/apache2handler/sapi_apache2.c:669 #12 0x00443f5a in ap_run_handler (r=0x1d53a90) at config.c:158 #13 0x0044747e in ap_invoke_handler (r=0x1d53a90) at config.c:376 #14 0x00465ece in ap_process_request (r=0x1d53a90) at http_request.c:282 #15 0x00462d78 in ap_process_http_connection (c=0x1d3c470) at http_core.c:190 #16 0x0044b45a in ap_run_process_connection (c=0x1d3c470) at connection.c:43 #17 0x0046abd0 in child_main (child_num_arg=value optimized out) at prefork.c:667 #18 0x0046aea4 in make_child (s=0x11f5fe8, slot=7) at prefork.c:768 #19 0x0046baee in ap_mpm_run (_pconf=value optimized out, plog=value optimized out, s=value optimized out) at prefork.c:903 #20 0x0043063a in main (argc=4, argv=0x7ad88ef8) at main.c:753 #0 zend_hash_find (ht=0x2869c38, arKey=0x2862210 , nKeyLength=9, pData=0x7fffc2538958) at /data/install/php-5.3.10/Zend/zend_hash.c:884 #1 0x7f553a2f8f74 in zend_isset_isempty_dim_prop_obj_handler_SPEC_VAR_CONST (prop_dim=0, execute_data=0x2aed260) at /data/install/php- 5.3.10/Zend/zend_vm_execute.h:10926 #2 0x7f553a2ff969 in execute (op_array=0x2aac740) at /data/install/php- 5.3.10/Zend/zend_vm_execute.h:107 #3 0x7f553a2d0ffb in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /data/install/php-5.3.10/Zend/zend.c:1236 #4 0x7f553a279e18 in php_execute_script (primary_file=0x7fffc253aea0) at /data/install/php-5.3.10/main/main.c:2308 #5 0x7f553a35f1af in php_handler (r=0x2895878) at /data/install/php- 5.3.10/sapi/apache2handler/sapi_apache2.c:669 #6 0x00443f5a in ap_run_handler (r=0x2895878) at config.c:158 #7 0x0044747e in ap_invoke_handler (r=0x2895878) at config.c:376 #8 0x00465d30 in ap_internal_redirect (new_uri=value optimized out, r=value optimized out) at http_request.c:554 #9 0x7f553afb8bb5 in handler_redirect (r=0x28a3a50) at mod_rewrite.c:4843 #10 0x00443f5a in ap_run_handler (r=0x28a3a50
#23633 [Com]: Seg. Fault on ugly preg matching
ID: 23633 Comment by: komanek at natur dot cuni dot cz Reported By: sprice at wisc dot edu Status: Bogus Bug Type: PCRE related Operating System: Mac OS 10.2.6 PHP Version: 4CVS-2003-05-14 (stable) New Comment: The same problem on Irix 6.5.20 with PHP 4.3.3 and apache 2.0.47 - Horde/Imp uses a statement preg_match_all('|(\w+)://([^\s]*[\w+#?/=])|', $text, $matches, PREG_SET_ORDER); to find all hrefs in the mail message body for latrer highlighting them. Crashes every time the apache child process. Why is pcre so unstable ? Should not it be recoverable on the php engine level ? Previous Comments: [2003-05-15 09:21:26] [EMAIL PROTECTED] See bug #13618 and bug #20698 [2003-05-15 09:18:04] [EMAIL PROTECTED] #0 0x81b9a41 in match ( eptr=0x8778a89 om fusion of blade margins in \r\n, ' ' repeats 18 times, selected tubular leaves /font/td\r\n, ' ' repeats 14 times, /tr\r\n, ' ' repeats 14 times, tr \r\n, ' ' repeats 16 times, td width=\140\bfont face=\Arial, Helvetica, sans-..., ecode=0x8776b8f K, offset_top=4, md=0xbfffd2bc, ims=0, eptrb=0xbfe0225c, flags=2) at /usr/src/web/php/php4/ext/pcre/pcrelib/pcre.c:4104 #1 0x81baa14 in match ( eptr=0x8778a89 om fusion of blade margins in \r\n, ' ' repeats 18 times, selected tubular leaves /font/td\r\n, ' ' repeats 14 times, /tr\r\n, ' ' repeats 14 times, tr \r\n, ' ' repeats 16 times, td width=\140\bfont face=\Arial, Helvetica, sans-..., ecode=0x8776b97 =, offset_top=4, md=0xbfffd2bc, ims=0, eptrb=0xbfe0225c, flags=2) at /usr/src/web/php/php4/ext/pcre/pcrelib/pcre.c:4730 #2 0x81b9b75 in match ( eptr=0x8778a88 rom fusion of blade margins in \r\n, ' ' repeats 18 times, selected tubular leaves /font/td\r\n, ' ' repeats 14 times, /tr\r\n, ' ' repeats 14 times, tr \r\n, ' ' repeats 16 times, td width=\140\bfont face=\Arial, Helvetica, sans..., ecode=0x8776b8f K, offset_top=4, md=0xbfffd2bc, ims=0, eptrb=0xbfe0225c, flags=2) at /usr/src/web/php/php4/ext/pcre/pcrelib/pcre.c:4206 #3 0x81baa14 in match ( eptr=0x8778a88 rom fusion of blade margins in \r\n, ' ' repeats 18 times, selected tubular leaves /font/td\r\n, ' ' repeats 14 times, /tr\r\n, ' ' repeats 14 times, tr \r\n, ' ' repeats 16 times, td width=\140\bfont face=\Arial, Helvetica, sans..., ecode=0x8776b97 =, offset_top=4, md=0xbfffd2bc, ims=0, eptrb=0xbfe024bc, flags=2) at /usr/src/web/php/php4/ext/pcre/pcrelib/pcre.c:4730 #4 0x81b9b75 in match ( eptr=0x8778a87 from fusion of blade margins in \r\n, ' ' repeats 18 times, selected tubular leaves /font/td\r\n, ' ' repeats 14 times, /tr\r\n, ' ' repeats 14 times, tr \r\n, ' ' repeats 16 times, td width=\140\bfont face=\Arial, Helvetica, san..., ecode=0x8776b8f K, offset_top=4, md=0xbfffd2bc, ims=0, eptrb=0xbfe024bc, flags=2) at /usr/src/web/php/php4/ext/pcre/pcrelib/pcre.c:4206 ...and repeats couple of dozen times (#1 and #2, #3 and #4...) [2003-05-14 23:22:09] sprice at wisc dot edu This code: ?php $glossary = file_get_contents( '/Users/sprice/Desktop/ glossary.htm' ); $matches = array(); preg_match_all( '/td width=140bfont face=Arial, Helvetica, sans-serif size=2(\S|\s)+\/font\/ b\/td\s+td width=525/', $glossary, $matches ); ? (glossary.htm can be found here: http://botit.botany.wisc.edu/courses/structure_cd/ glossary.htm ) causes a segmentation fault (at least when run from the CLI). I suspect it is because it matches approx. 25764 (227^2/2) things in the given html document. This also occurs when you replace preg_match_all() with preg_match(). This is output from GDB (Someone might want to duplicate results because I don't know what I am doing w/ GDB): Program received signal EXC_BAD_ACCESS, Could not access memory. match (eptr=0x49907f ze=\2\multiple \r\n, ' ' repeats 18 times, nuclei bounded by a single cell wall/font/td\r\n, ' ' repeats 14 times, / tr\r\n, ' ' repeats 14 times, tr \r\n, ' ' repeats 16 times, td width=\140\bfont face=\Arial, Helvetica, sans-se..., ecode=0x46f62f =, offset_top=4, md=0xbfffd790, ims=0, eptrb=0xbff80290, flags=2) at /usr/local/php/php4- STABLE-200305150330/ext/pcre/pcrelib/pcre.c:4136 4136{ I can see why PHP would crash, but any crash is a bad crash, no? -- Edit this bug report at http://bugs.php.net/?id=23633edit=1
#21565 [Fbk-Opn]: safe_mode works well with include but not with require
ID: 21565 User updated by: [EMAIL PROTECTED] Reported By: [EMAIL PROTECTED] -Status: Feedback +Status: Open Bug Type: Scripting Engine problem Operating System: Tru64Unix 5.1A PHP Version: 4.3.0 New Comment: Well, you are right with the difference fatal error vs. warning. After I turned the warning messages on I can see the difference. So, the problem should be re-classified as a problem of both include and require. Still, with safe_mode on, it does not work, with safe_mode off, it works fine. Previous Comments: [2003-01-10 16:56:46] [EMAIL PROTECTED] It is likely that your error reporting level is such that warning messages do not get shown. Unlike require which fails with an error include will only output a warning on failure. Beyond that there is very little difference between the require/include code none of which is the code reponsible for actually openning files. [2003-01-10 03:35:37] [EMAIL PROTECTED] After upgrade from PHP 4.2.2 to 4.3.0 I encountered the problem with safe_mode in conjunction with require(). Example: [php.ini] safe_mode = On; include_path = .:./:/path/to/my/app/dir; safe_mode_include_dir = .:./:/path/to/my/app/dir; [/path/to/my/app/dir/index_working.php] - works fine for me ?php include header.php; ? [/path/to/my/app/dir/index_buggy.php] - throws error ?php require header.php; ? The error: [error] PHP Fatal error: main() [a href='http://www.php.net/function.main'function.main/a]: Failed opening required 'header.php' (include_path='.:./:/path/to/my/app/dir') in /path/to/my/app/dir/index_buggy.php on line 2 Operating system: Tru64Unix 5.1a Webserver: Apache 1.3.26 -- Edit this bug report at http://bugs.php.net/?id=21565edit=1
#21565 [Fbk-Opn]: include/require fail under safe-mode.
ID: 21565 User updated by: [EMAIL PROTECTED] Reported By: [EMAIL PROTECTED] -Status: Feedback +Status: Open Bug Type: Scripting Engine problem Operating System: Tru64Unix 5.1A PHP Version: 4.3.0 New Comment: I turned all errors and warnings reporting to have maximum info. Here is a real example from my web, with real paths in filesystem. Both include and require are used to demonstrate the difference, previously, I used only require. Strange is that in php 4.2.2 it worked fine for me. The only difference is the upgraded php dynamic module for Apache. It is not the problem of non-existing files or paths because with safe_mode = Off the included and required files are found and opened with no errors. ?php include header.php;? center p b a href=free_catalogue.phpThe Catalogue/a /b /p /center ?php require footer.php;? /body /html The output of this is: Warning: main() [function.main]: Unable to access ./header.php in /usr/users/dbminer/public_html/index.php on line 2 Warning: main(header.php) [function.main]: failed to create stream: No such file or directory in /usr/users/dbminer/public_html/index.php on line 2 Warning: main() [function.main]: Failed opening 'header.php' for inclusion (include_path='.:./:/usr/users/komanek/public_html/TEST/phpclasses:/usr/local/lib/php:/usr/local/www/apache/htdocs/MINER:/usr/users/dbminer/public_html:/usr/users/popin/html2/statistics/i') in /usr/users/dbminer/public_html/index.php on line 2 The Catalogue Warning: main() [function.main]: Unable to access ./footer.php in /usr/users/dbminer/public_html/index.php on line 11 Warning: main(footer.php) [function.main]: failed to create stream: No such file or directory in /usr/users/dbminer/public_html/index.php on line 11 Fatal error: main() [function.main]: Failed opening required 'footer.php' (include_path='.:./:/usr/users/komanek/public_html/TEST/phpclasses:/usr/local/lib/php:/usr/local/www/apache/htdocs/MINER:/usr/users/dbminer/public_html:/usr/users/popin/html2/statistics/i') in /usr/users/dbminer/public_html/index.php on line 11 From filesystem: lib[0]:/usr/users/dbminer/public_html(07:04)# ls -al index.php header.php footer.php -rw-r--r-- 1 dbminer users174 Oct 30 2000 footer.php -rw-r--r-- 1 dbminer users 1047 Nov 7 2001 header.php -rw-r--r-- 1 dbminer users161 Jan 13 12:08 index.php Configure switches: --with-apache=/scratch/sources/apache_1.3.26 --with-openssl --with-zlib=/usr/local --with-zlib-dir=/usr/local --with-bz2=/usr/local --with-db --enable-dbase --with-gd --with-dom --enable-ftp --enable-gd-native-ttf --with-freetype-dir=/usr/local/freetype2 --with-iconv --with-mysql --enable-trans-sid --with-jpeg-dir=/usr/local/lib --with-png-dir=/usr/local/lib --enable-sockets --enable-discard-path --enable-safe-mode --enable-bcmatch --enable-calendar --enable-ctype --enable-mailparse --enable-force-cgi-redirect --enable-memory-limit --with-expat-dir=/usr/local --with-xml --with-gettext --with-mcrypt --with-imap=/scratch/sources/imap/imap-2002.RC2 --with-imap-ssl=/scratch/sources/imap/imap-2002.RC2 --disable-cgi Previous Comments: [2003-01-13 17:45:48] [EMAIL PROTECTED] Do you get any other warning/error messages, something about UID of the script not matching that of the file? [2003-01-13 17:37:23] [EMAIL PROTECTED] updated the summary line. [2003-01-13 04:09:18] [EMAIL PROTECTED] Well, you are right with the difference fatal error vs. warning. After I turned the warning messages on I can see the difference. So, the problem should be re-classified as a problem of both include and require. Still, with safe_mode on, it does not work, with safe_mode off, it works fine. [2003-01-10 16:56:46] [EMAIL PROTECTED] It is likely that your error reporting level is such that warning messages do not get shown. Unlike require which fails with an error include will only output a warning on failure. Beyond that there is very little difference between the require/include code none of which is the code reponsible for actually openning files. [2003-01-10 03:35:37] [EMAIL PROTECTED] After upgrade from PHP 4.2.2 to 4.3.0 I encountered the problem with safe_mode in conjunction with require(). Example: [php.ini] safe_mode = On; include_path = .:./:/path/to/my/app/dir; safe_mode_include_dir = .:./:/path/to/my/app/dir; [/path/to/my/app/dir/index_working.php] - works fine for me ?php include header.php; ? [/path/to/my/app/dir/index_buggy.php] - throws error ?php require header.php; ? The error
#21565 [NEW]: safe_mode works well with include but not with require
From: [EMAIL PROTECTED] Operating system: Tru64Unix 5.1A PHP version: 4.3.0 PHP Bug Type: *General Issues Bug description: safe_mode works well with include but not with require After upgrade from PHP 4.2.2 to 4.3.0 I encountered the problem with safe_mode in conjunction with require(). Example: [php.ini] safe_mode = On; include_path = .:./:/path/to/my/app/dir; safe_mode_include_dir = .:./:/path/to/my/app/dir; [/path/to/my/app/dir/index_working.php] - works fine for me ?php include header.php; ? [/path/to/my/app/dir/index_buggy.php] - throws error ?php require header.php; ? The error: [error] PHP Fatal error: main() [a href='http://www.php.net/function.main'function.main/a]: Failed opening required 'header.php' (include_path='.:./:/path/to/my/app/dir') in /path/to/my/app/dir/index_buggy.php on line 2 Operating system: Tru64Unix 5.1a Webserver: Apache 1.3.26 -- Edit bug report at http://bugs.php.net/?id=21565edit=1 -- Try a CVS snapshot: http://bugs.php.net/fix.php?id=21565r=trysnapshot Fixed in CVS: http://bugs.php.net/fix.php?id=21565r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=21565r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=21565r=needtrace Try newer version: http://bugs.php.net/fix.php?id=21565r=oldversion Not developer issue:http://bugs.php.net/fix.php?id=21565r=support Expected behavior: http://bugs.php.net/fix.php?id=21565r=notwrong Not enough info:http://bugs.php.net/fix.php?id=21565r=notenoughinfo Submitted twice:http://bugs.php.net/fix.php?id=21565r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=21565r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=21565r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=21565r=dst IIS Stability: http://bugs.php.net/fix.php?id=21565r=isapi Install GNU Sed:http://bugs.php.net/fix.php?id=21565r=gnused