ID: 49098
Updated by: t...@php.net
Reported By: bugs at timj dot co dot uk
-Status: Feedback
+Status: Open
Bug Type: Session related
Operating System: Linux
PHP Version: 5.2.10
New Comment:
Yep. Also checked on 5.2, just in case.
Here's some valgrind from 5.3 for info:
==17517== Invalid free() / delete / delete[]
==17517== at 0x4A0633D: free (vg_replace_malloc.c:323)
==17517== by 0xABA17B9: php_mysqli_set_error (mysqli.c:1004)
==17517== by 0xABA61DD: zif_mysqli_real_connect (mysqli_api.c:1476)
==17517== by 0x656BD2: zend_do_fcall_common_helper_SPEC
(zend_vm_execute.h:200)
==17517== by 0x652AFB: execute (zend_vm_execute.h:92)
==17517== by 0x656545: zend_do_fcall_common_helper_SPEC
(zend_vm_execute.h:234)
==17517== by 0x652AFB: execute (zend_vm_execute.h:92)
==17517== by 0x656545: zend_do_fcall_common_helper_SPEC
(zend_vm_execute.h:234)
==17517== by 0x652AFB: execute (zend_vm_execute.h:92)
==17517== by 0x656545: zend_do_fcall_common_helper_SPEC
(zend_vm_execute.h:234)
==17517== by 0x652AFB: execute (zend_vm_execute.h:92)
==17517== by 0x656545: zend_do_fcall_common_helper_SPEC
(zend_vm_execute.h:234)
==17517== Address 0xba0af20 is 0 bytes inside a block of size 1
free'd
==17517== at 0x4A0633D: free (vg_replace_malloc.c:323)
==17517== by 0xABA1348: zm_deactivate_mysqli (mysqli.c:711)
==17517== by 0x63165B: module_registry_cleanup (zend_API.c:1976)
==17517== by 0x63A3B3: zend_hash_reverse_apply (zend_hash.c:755)
==17517== by 0x6301EC: zend_deactivate_modules (zend.c:838)
==17517== by 0x5ED964: php_request_shutdown (main.c:1475)
==17517== by 0x6A065B: main (php_cli.c:1343)
==17517==
Previous Comments:
------------------------------------------------------------------------
[2009-11-11 22:50:47] j...@php.net
What's the valgrind output then, same as before?
------------------------------------------------------------------------
[2009-11-11 22:48:14] t...@php.net
Reverting the change from r281844 doesn't seem to fix it (tested on
5.3-snap200911111930)
------------------------------------------------------------------------
[2009-11-11 20:41:46] t...@php.net
Yes it still segfaults in the same way in 5.3-snap200911111930.
Essentially the same valgrind output.
Going back to the original issue, it started happening in 5.2.10. A
diff of the "mysqli" directory between 5.2.9 and 5.2.10 shows only one
change: mysqli_api.c in SVN r281844.
------------------------------------------------------------------------
[2009-11-11 08:48:02] j...@php.net
To narrow this down a bit: Does it happen with latest PHP 5.3 snapshot?
------------------------------------------------------------------------
[2009-11-10 23:35:57] ras...@php.net
Looks like an ext/mysqli problem, but I looked through the code and I
don't see a case where MyG(error_msg) is free'ed without being NULL'ed
or immediately re-allocated. It isn't NULL'ed in the RSHUTDOWN, but it
is NULL'ed in the RINIT, so there should be no way to get to
php_mysqli_set_error() without it being either NULL or correctly
allocated.
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/49098
--
Edit this bug report at http://bugs.php.net/?id=49098&edit=1
