ID: 51159
Updated by: [email protected]
Reported By: achristianson at yakabod dot com
-Status: Open
+Status: Feedback
-Bug Type: Reproducible crash
+Bug Type: Session related
Operating System: CentOS 5.4
PHP Version: 5.3.1
New Comment:
Try turn garbage collection of so we know if it's that.. zend.enable_gc
= off, IIRC. :)
Previous Comments:
------------------------------------------------------------------------
[2010-02-26 19:08:01] achristianson at yakabod dot com
We tried this with Zend MM and garbage collection turned on and off. No
change in result.
------------------------------------------------------------------------
[2010-02-26 18:49:11] achristianson at yakabod dot com
Small typo: I put 5.2.1 and 5.2.3RC3 text along with my backtraces. I
meant to type 5.3.1 and 5.3.2RC3 respectively.
------------------------------------------------------------------------
[2010-02-26 18:39:55] achristianson at yakabod dot com
Description:
------------
Use of session_set_save_handler seems to cause memory corruption under
certain conditions.
Inside of _write, there is code that causes a fatal error. The
corruption seems to not happen if this is removed.
I get the problem in both 5.3.1 and 5.3.2RC3
Reproduce code:
---------------
<?php
session_set_save_handler('_open', '_close', '_read', '_write',
'_destroy', '_gc');
session_start();
session_write_close();
function _write() {
self::$x = null;
}
function _destroy() {}
function _gc() {}
function _open() {}
function _close() {}
function _read() {}
for($i = 0; $i < 10000; $i++)
{
$exampleArray[] = new C();
}
class C { }
Expected result:
----------------
No segmentation fault
Actual result:
--------------
5.2.1 backtrace:
Program received signal SIGSEGV, Segmentation fault.
0x014899c0 in ZEND_ASSIGN_SPEC_CV_CONST_HANDLER
(execute_data=0x9a6ee80) at /root/php-5.3.1/Zend/zend_execute.c:302
302 zval ***ptr = &CV_OF(node->u.var);
(gdb) bt
#0 0x014899c0 in ZEND_ASSIGN_SPEC_CV_CONST_HANDLER
(execute_data=0x9a6ee80) at /root/php-5.3.1/Zend/zend_execute.c:302
#1 0x0142d55d in execute (op_array=0x9a0e260) at /root/php-
5.3.1/Zend/zend_vm_execute.h:104
#2 0x0140bd57 in zend_execute_scripts (type=8, retval=0x0,
file_count=3) at /root/php-5.3.1/Zend/zend.c:1194
#3 0x013bbf4e in php_execute_script (primary_file=0xbfa7c8c0) at
/root/php-5.3.1/main/main.c:2225
#4 0x0148ad2b in php_handler (r=0x9a56160) at /root/php-
5.3.1/sapi/apache2handler/sapi_apache2.c:648
#5 0x08077bf3 in ap_invoke_handler ()
#6 0x080868df in ap_process_request ()
#7 0x080839e8 in ?? ()
#8 0x09a56160 in ?? ()
#9 0x00000004 in ?? ()
#10 0x09a56160 in ?? ()
#11 0x0987c2f8 in ?? ()
#12 0x00000002 in ?? ()
#13 0x09a43be8 in ?? ()
#14 0xbfa7c9c8 in ?? ()
#15 0x0807ff45 in ap_process_connection ()
5.2.3RC3 backtrace:
Program received signal SIGSEGV, Segmentation fault.
_zval_ptr_dtor (zval_ptr=0xbf900928) at /root/php-
5.3.2RC3/Zend/zend.h:385
385 return --pz->refcount__gc;
(gdb) bt
#0 _zval_ptr_dtor (zval_ptr=0xbf900928) at /root/php-
5.3.2RC3/Zend/zend.h:385
#1 0x014674fc in zend_do_fcall_common_helper_SPEC
(execute_data=0x8558d30) at /root/php-5.3.2RC3/Zend/zend_execute.h:316
#2 0x01441b3d in execute (op_array=0x84f66d0) at /root/php-
5.3.2RC3/Zend/zend_vm_execute.h:104
#3 0x01420207 in zend_execute_scripts (type=8, retval=0x0,
file_count=3) at /root/php-5.3.2RC3/Zend/zend.c:1194
#4 0x013cfe7e in php_execute_script (primary_file=0xbf902c10) at
/root/php-5.3.2RC3/main/main.c:2260
#5 0x0149f22b in php_handler (r=0x853e5b8) at /root/php-
5.3.2RC3/sapi/apache2handler/sapi_apache2.c:655
#6 0x08077bf3 in ap_invoke_handler ()
#7 0x080868df in ap_process_request ()
#8 0x080839e8 in ?? ()
#9 0x0853e5b8 in ?? ()
#10 0x00000004 in ?? ()
#11 0x0853e5b8 in ?? ()
#12 0x08388758 in ?? ()
#13 0x00000002 in ?? ()
#14 0x0852c040 in ?? ()
#15 0xbf902d18 in ?? ()
#16 0x0807ff45 in ap_process_connection ()
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=51159&edit=1
