ID: 39346
Updated by: [EMAIL PROTECTED]
Reported By: daan at parse dot nl
-Status: Assigned
+Status: Closed
Bug Type: Reproducible crash
Operating System: Slackware 10.2
PHP Version: 5.2.0RC5
Assigned To: dmitry
New Comment:
Fixed in CVS HEAD and PHP_5_3.
Now the assignment operator calls destructor for left value after the
actual assignment.
Previous Comments:
------------------------------------------------------------------------
[2007-11-08 12:20:16] [EMAIL PROTECTED]
The bug seems to be unfixable.
In __construct() the operator self::$instances[$this->_id] = $this;
executes the following sequence:
1) fetch address of self::$instances[$this->_id]
2) destroys old value
3) assigns new value into the address fetched on step (1)
but during step (2) __destruct() is called and it calls
unset(self::$instances[$this->_id])
as the result, the address fetched on step (1) became invalid on step
(3)
------------------------------------------------------------------------
[2006-12-21 06:37:34] judas dot iscariote at gmail dot com
this leaks memory on current 5_2 CVS but does not crash..
zend_vm_execute.h(405) : Freeing 0x2B8735197300 (24 bytes),
script=crash.php
=== Total 1 memory leaks detected ===
------------------------------------------------------------------------
[2006-12-20 11:39:46] duncanh at icritical dot com
@ daan at parse dot nl
You were correct. I managed to write an infinite loop.
Sorry for the noise.
------------------------------------------------------------------------
[2006-12-20 10:42:09] daan at parse dot nl
@ duncanh at icritical dot com:
That's probably an unrelated bug, which also results in a memory
related segfault.
The best thing to do is to report it as a new bug, and perhaps
reference to this bug in your description.
(and of course see if you can narrow it down to single piece of code)
------------------------------------------------------------------------
[2006-12-20 10:33:24] duncanh at icritical dot com
OS: CentOS 4.4
Apache: httpd-2.0.52-28.ent.centos4
PHP: PHP 5.2.0 (cli) (built: Dec 13 2006 10:13:00)
I'm seeing similar segfaults in the same area (0x0122081d
in _zend_mm_alloc_int (heap=0x8494f90, size=32)
at /root/Files/php-5.2.0/Zend/zend_alloc.c:1076), but I'm
not using destructors at all.
function Tenant($clientid) {
doDebug(6, __METHOD__."($clientid)");
doDebug(6, __METHOD__);
}
Logs show Tenant::Tenant(), and Tenant::Tenant. The
apache child then falls over in a heap. I can only assume
that somewhere in my includes, a bit of code is doing
something that the Zend code can't handle. I've trawled
through my code changes since this last worked, and
nothing obvious is showing up. I'm now working on
reducing my code to bare-bones, and building it back up
until the segfaults occur again.
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/39346
--
Edit this bug report at http://bugs.php.net/?id=39346&edit=1
