From: bdauvergne at entrouvert dot com
Operating system: Debian
PHP version: 5.2.5
PHP Bug Type: Scripting Engine problem
Bug description: Problem of ordering of resource destroying
php_request_shutdown
Description:
------------
Context: a cli interpreter with a temporary module loaded ( with dl() and
not a
declaration in php.ini).
Description:
In php_request_shutdown we can see this code:
1490 /* 7. Shutdown scanner/executor/compiler and restore ini
entries */
1491 zend_deactivate(TSRMLS_C);
1492
1493 /* 8. Call all extensions post-RSHUTDOWN functions */
1494 zend_try {
1495 zend_post_deactivate_modules(TSRMLS_C);
1496 } zend_end_try();
The problem comes from the deallocation of EG(regular_list) in
zend_deactivate
in zend.c:947 :
946
947 zend_destroy_rsrc_list(&EG(regular_list) TSRMLS_CC);
948
and the use of the same list inside zend_post_deactivate_modules which
calls
'zend_hash_reverse_apply(&module_registry, (apply_func_t)
module_registry_unload_temp TSRMLS_CC);'
on zend.c:966 which calls
1973 int module_registry_unload_temp(zend_module_entry *module TSRMLS_DC)
1974 {
1975 return (module->type == MODULE_TEMPORARY) ?
ZEND_HASH_APPLY_REMOVE : ZEND_HASH_APPLY_STOP;
1976 }
whick provokes the destruction of the module via module_destructor:
1903 void module_destructor(zend_module_entry *module)
1904 {
1905 TSRMLS_FETCH();
1906
1907 if (module->type == MODULE_TEMPORARY) {
1908 zend_clean_module_rsrc_dtors(module->module_number
TSRMLS_CC);
1909 clean_module_constants(module->module_number
TSRMLS_CC);
1910 }
as the module is a temporary module, which calls:
1908 zend_clean_module_rsrc_dtors(module->module_number
TSRMLS_CC);
which contains:
265 void zend_clean_module_rsrc_dtors(int module_number TSRMLS_DC)
266 {
267 zend_hash_apply_with_argument(&list_destructors,
(apply_func_arg_t) zend_clean_module_rsrc_dtors_cb, (void *) &module_number
TSRMLS_CC);
which calls zend_clean_module_rsrc_dtors_cb on the list_destructor of the
resources registerer by the given module:
253 static int zend_clean_module_rsrc_dtors_cb(zend_rsrc_list_dtors_entry
*ld, int *module_number TSRMLS_DC)
254 {
255 if (ld->module_number == *module_number) {
256 zend_hash_apply_with_argument(&EG(regular_list),
(apply_func_arg_t) clean_module_resource, (void *) &(ld->resource_id)
TSRMLS_CC);
257 zend_hash_apply_with_argument(&EG(persistent_list),
(apply_func_arg_t) clean_module_resource, (void *) &(ld->resource_id)
TSRMLS_CC);
258 return 1;
259 } else {
260 return 0;
261 }
262 }
On line 256 is the problem, we try to acces regular_list by it has already
been
destroyed before in zend_deactivate. It generate the error:
$ php5 -n -r 'dl("gd.so");'
/home/bdauvergne/wd/lasso/php5-5.2.5/Zend/zend_hash.c(886) : ht=0x8676c28
is already destroyed
Reproduce code:
---------------
$ php5 -n -r 'dl("gd.so");'
php5-5.2.5/Zend/zend_hash.c(886) : ht=0x8676c28 is already destroyed
Actual result:
--------------
Backtrace:
#0 0x08388794 in _zend_is_inconsistent (ht=0x8676c28, file=0x8628bb8
"php5-5.2.5/Zend/zend_hash.c", line=886)
at php5-5.2.5/Zend/zend_hash.c:54
#1 0x0838b017 in zend_hash_apply_with_argument (ht=0x8676c28,
apply_func=0x838d481 <clean_module_resource>, argument=0x87a6308)
at php5-5.2.5/Zend/zend_hash.c:886
#2 0x0838d4f4 in zend_clean_module_rsrc_dtors_cb (ld=0x87a62f0,
module_number=0xbf8a4c50) at php5-5.2.5/Zend/zend_list.c:256
#3 0x0838b071 in zend_hash_apply_with_argument (ht=0x86739e0,
apply_func=0x838d4ab <zend_clean_module_rsrc_dtors_cb>,
argument=0xbf8a4c50)
at php5-5.2.5/Zend/zend_hash.c:891
#4 0x0838d566 in zend_clean_module_rsrc_dtors (module_number=41) at
php5-5.2.5/Zend/zend_list.c:267
#5 0x08384c25 in module_destructor (module=0x87a64c8) at
php5-5.2.5/Zend/zend_API.c:1908
#6 0x0838acf0 in zend_hash_apply_deleter (ht=0x8676f00, p=0x87a6098) at
php5-5.2.5/Zend/zend_hash.c:805
#7 0x0838b294 in zend_hash_reverse_apply (ht=0x8676f00,
apply_func=0x8384d88 <module_registry_unload_temp>)
at php5-5.2.5/Zend/zend_hash.c:954
#8 0x0837d0f9 in zend_post_deactivate_modules () at
php5-5.2.5/Zend/zend.c:967
#9 0x08320e8a in php_request_shutdown (dummy=0x0) at
php5-5.2.5/main/main.c:1495
#10 0x0840caaf in main (argc=-1081454472, argv=0xb79c5450) at
php5-5.2.5/sapi/cli/php_cli.c:1327
--
Edit bug report at http://bugs.php.net/?id=44774&edit=1
--
Try a CVS snapshot (PHP 5.2):
http://bugs.php.net/fix.php?id=44774&r=trysnapshot52
Try a CVS snapshot (PHP 5.3):
http://bugs.php.net/fix.php?id=44774&r=trysnapshot53
Try a CVS snapshot (PHP 6.0):
http://bugs.php.net/fix.php?id=44774&r=trysnapshot60
Fixed in CVS: http://bugs.php.net/fix.php?id=44774&r=fixedcvs
Fixed in release:
http://bugs.php.net/fix.php?id=44774&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=44774&r=needtrace
Need Reproduce Script: http://bugs.php.net/fix.php?id=44774&r=needscript
Try newer version: http://bugs.php.net/fix.php?id=44774&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=44774&r=support
Expected behavior: http://bugs.php.net/fix.php?id=44774&r=notwrong
Not enough info:
http://bugs.php.net/fix.php?id=44774&r=notenoughinfo
Submitted twice:
http://bugs.php.net/fix.php?id=44774&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=44774&r=globals
PHP 4 support discontinued: http://bugs.php.net/fix.php?id=44774&r=php4
Daylight Savings: http://bugs.php.net/fix.php?id=44774&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=44774&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=44774&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=44774&r=float
No Zend Extensions: http://bugs.php.net/fix.php?id=44774&r=nozend
MySQL Configuration Error: http://bugs.php.net/fix.php?id=44774&r=mysqlcfg
