From: [email protected]
Operating system: solaris, linux
PHP version: 5.3.1RC3
PHP Bug Type: Reproducible crash
Bug description: srinatar
Description:
------------
with recent php 5.3.1 RC3, i noticed a crash when compiled with mbstring
and zend-multibyte and running the bug35634.phpt script found under
Zend/tests
Reproduce code:
---------------
'./configure' \
'--enable-cli' \
'--enable-mbstring' \
'--enable-zend-multibyte'
while running the test script Zend/tests/bug35634.phpt
<?php
if (defined("pass3")) {
class ErrorClass {
}
} else if (defined("pass2")) {
class TestClass {
function __construct() {
}
function TestClass() {
$this->__construct();
}
}
} else {
function errorHandler($errorNumber, $errorMessage, $fileName,
$lineNumber) {
define("pass3", 1);
include(__FILE__);
die("Error: $errorMessage ($fileName:$lineNumber)\n");
}
set_error_handler('errorHandler');
define("pass2", 1);
include(__FILE__);
}
?>
Expected result:
----------------
Error: Redefining already defined constructor for class TestClass
(/tmp/c.php:12)
Actual result:
--------------
here is the stack trace of this crash..
@1 (l...@1) program terminated by signal SEGV (no mapping at the fault
address)
Current function is _zend_mm_alloc_int
1892 ZEND_MM_CHECK_BLOCK_LINKAGE(best_fit);
(dbx 1) where
current thread: t...@1
=>[1] _zend_mm_alloc_int(heap = 0x8b7f2f0, size = 496U), line 1892 in
"zend_alloc.c"
[2] _emalloc(size = 496U), line 2295 in "zend_alloc.c"
[3] open_file_for_scanning(file_handle = 0x80454f8), line 272 in
"zend_language_scanner.l"
[4] compile_file(file_handle = 0x80454f8, type = 2), line 331 in
"zend_language_scanner.l"
[5] phar_compile_file(file_handle = 0x80454f8, type = 2), line 3390 in
"phar.c"
[6] compile_filename(type = 2, filename = 0x8b910b8), line 386 in
"zend_language_scanner.l"
[7] ZEND_INCLUDE_OR_EVAL_SPEC_CONST_HANDLER(execute_data = 0x8cd6560),
line 1915 in "zend_vm_execute.h"
[8] execute(op_array = 0x8cd4438), line 104 in "zend_vm_execute.h"
[9] zend_call_function(fci = 0x80456a8, fci_cache = 0x8045608), line 942
in "zend_execute_API.c"
[10] call_user_function_ex(function_table = 0x8bbf5a0, object_pp =
(nil), function_name = 0x8b8db78, retval_ptr_ptr = 0x804572c, param_count =
5U, params = 0x8b906d0, no_separation = 1, symbol_table = (nil)), line 734
in "zend_execute_API.c"
[11] zend_error(type = 2048, format = 0x8b145e8 "Redefining already
defined constructor for class %s", ... = 0x8b8e730, ...), line 1101 in
"zend.c"
[12] zend_do_begin_function_declaration(function_token = 0x8045b00,
function_name = 0x8045b28, is_method = 1, return_reference = 0,
fn_flags_znode = 0x8045aec), line 1289 in "zend_compile.c"
[13] zendparse(), line 4082 in "zend_language_parser.c"
[14] compile_file(file_handle = 0x8046da8, type = 2), line 343 in
"zend_language_scanner.l"
[15] phar_compile_file(file_handle = 0x8046da8, type = 2), line 3390 in
"phar.c"
[16] compile_filename(type = 2, filename = 0x8b8e4b4), line 386 in
"zend_language_scanner.l"
[17] ZEND_INCLUDE_OR_EVAL_SPEC_CONST_HANDLER(execute_data = 0x8cd6440),
line 1915 in "zend_vm_execute.h"
[18] execute(op_array = 0x8b8d970), line 104 in "zend_vm_execute.h"
[19] zend_execute_scripts(type = 8, retval = (nil), file_count = 3, ...
= (nil), ...), line 1194 in "zend.c"
[20] php_execute_script(primary_file = 0x8047850), line 2225 in
"main.c"
[21] main(argc = 2, argv = 0x80478c4), line 1190 in "php_cli.c"
and here looks like best_fit seems to have been corrupted..
(dbx 2) p *best_fit
dbx: cannot access address 0x66690a70
(dbx 3) p *heap
*heap = {
use_zend_alloc = 1
_malloc = (nil)
_free = (nil)
_realloc = (nil)
free_bitmap = 1073741824U
large_free_bitmap = 133376U
block_size = 262144U
compact_size = 2097152U
segments_list = 0x8cd6410
storage = 0x8b7eef0
real_size = 524288U
real_peak = 524288U
limit = 134217728U
size = 341616U
peak = 342120U
reserve_size = 8192U
reserve = 0x8b7f560
overflow = 0
internal = 0
cached = 456U
cache = (0x8b90590, 0x8b90700, 0x8b90718, 0x8b90558,
0x8b90918, (nil), (nil), (nil), (nil), (nil), 0x8b8faa0, (nil), (nil),
(nil), (nil), 0x8b8c1e8, (nil), (nil), (nil), (nil), (nil), (nil), (nil),
(nil), (nil), (nil), (nil), (nil), (nil), (nil), (nil), (nil))
free_buckets = (0x8b7f3b8, 0x8b7f3b8, 0x8b7f3c0, 0x8b7f3c0,
0x8b7f3c8, 0x8b7f3c8, 0x8b7f3d0, 0x8b7f3d0, 0x8b7f3d8, 0x8b7f3d8,
0x8b7f3e0, 0x8b7f3e0, 0x8b7f3e8, 0x8b7f3e8, 0x8b7f3f0, 0x8b7f3f0,
0x8b7f3f8, 0x8b7f3f8, 0x8b7f400, 0x8b7f400, 0x8b7f408, 0x8b7f408,
0x8b7f410, 0x8b7f410, 0x8b7f418, 0x8b7f418, 0x8b7f420, 0x8b7f420,
0x8b7f428, 0x8b7f428, 0x8b7f430, 0x8b7f430, 0x8b7f438, 0x8b7f438,
0x8b7f440, 0x8b7f440, 0x8b7f448, 0x8b7f448, 0x8b7f450, 0x8b7f450,
0x8b7f458, 0x8b7f458, 0x8b7f460, 0x8b7f460, 0x8b7f468, 0x8b7f468,
0x8b7f470, 0x8b7f470, 0x8b7f478, 0x8b7f478, 0x8b7f480, 0x8b7f480,
0x8b7f488, 0x8b7f488, 0x8b7f490, 0x8b7f490, 0x8b7f498, 0x8b7f498,
0x8b7f4a0, 0x8b7f4a0, 0x8b90b20, 0x8b90b20, 0x8b7f4b0, 0x8b7f4b0)
large_free_buckets = ((nil), (nil), (nil), (nil), (nil), (nil), (nil),
(nil), 0x8b8fef8, (nil), (nil), 0x8b8e7a8, (nil), (nil), (nil), (nil),
(nil), 0x8b93a00, (nil), (nil), (nil), (nil), (nil), (nil), (nil), (nil),
(nil), (nil), (nil), (nil), (nil), (nil))
rest_buckets = (0x8b7f538, 0x8b7f538)
}
--
Edit bug report at http://bugs.php.net/?id=50145&edit=1
--
Try a snapshot (PHP 5.2):
http://bugs.php.net/fix.php?id=50145&r=trysnapshot52
Try a snapshot (PHP 5.3):
http://bugs.php.net/fix.php?id=50145&r=trysnapshot53
Try a snapshot (PHP 6.0):
http://bugs.php.net/fix.php?id=50145&r=trysnapshot60
Fixed in SVN:
http://bugs.php.net/fix.php?id=50145&r=fixed
Fixed in SVN and need be documented:
http://bugs.php.net/fix.php?id=50145&r=needdocs
Fixed in release:
http://bugs.php.net/fix.php?id=50145&r=alreadyfixed
Need backtrace:
http://bugs.php.net/fix.php?id=50145&r=needtrace
Need Reproduce Script:
http://bugs.php.net/fix.php?id=50145&r=needscript
Try newer version:
http://bugs.php.net/fix.php?id=50145&r=oldversion
Not developer issue:
http://bugs.php.net/fix.php?id=50145&r=support
Expected behavior:
http://bugs.php.net/fix.php?id=50145&r=notwrong
Not enough info:
http://bugs.php.net/fix.php?id=50145&r=notenoughinfo
Submitted twice:
http://bugs.php.net/fix.php?id=50145&r=submittedtwice
register_globals:
http://bugs.php.net/fix.php?id=50145&r=globals
PHP 4 support discontinued: http://bugs.php.net/fix.php?id=50145&r=php4
Daylight Savings: http://bugs.php.net/fix.php?id=50145&r=dst
IIS Stability:
http://bugs.php.net/fix.php?id=50145&r=isapi
Install GNU Sed:
http://bugs.php.net/fix.php?id=50145&r=gnused
Floating point limitations:
http://bugs.php.net/fix.php?id=50145&r=float
No Zend Extensions:
http://bugs.php.net/fix.php?id=50145&r=nozend
MySQL Configuration Error:
http://bugs.php.net/fix.php?id=50145&r=mysqlcfg
