Edit report at https://bugs.php.net/bug.php?id=40479&edit=1
ID: 40479
Comment by: from dot php dot net at brainbox dot cz
Reported by: rrossi at maggioli dot it
Summary: zend_mm_heap corrupted
Status: Feedback
Type: Bug
Package: Reproducible crash
Operating System: Suse Linux 9.0
PHP Version: 5.2.1
Block user comment: N
Private report: N
New Comment:
I can reproduce the bug on Microsoft Windows XP SP3, with latest official PHP
5.3.8 NTS build.
When we run script from "f dot ardelian at gmail dot com", PHP does not output
"zend_mm_heap corrupted", but right after displaying the "If you see thisâ¦"
line CRASHES.
However, I found that when I call "gc_disable();" before script end, it
finishes successfully. This helped me run the test script without problems, but
didn't solve the issue in my other scripts.
<?
define('OBJECT_COUNT', 100 * 1000 * 10);
class Object {
private static $world = array();
private static $maxGuid = 0;
protected $_guid = null;
public function __construct() {
self::$world[$this->_guid = self::$maxGuid++] = $this;
}
public function __destruct() {
unset(self::$world[$this->_guid]);
}
}
for ($i = 0; $i < OBJECT_COUNT; ++$i) {
new Object();
}
// You probably won't see this because of the "zend_mm_heap corrupted"
echo 'If you see this, try to increase OBJECT_COUNT to 100,000';
gc_disable(); // ADDED - works for me - PHP does not crash
?>
Previous Comments:
------------------------------------------------------------------------
[2011-10-17 20:24:44] rob dot spekschoor at gmail dot com
problem solved by compiling apache with prefork. Somehow Apache worker MPM +
PHP 5.2 works fine but Apache worker MPM + PHP 5.3 fails terribly. Prefork
seems stable
------------------------------------------------------------------------
[2011-10-05 20:08:42] rob dot spekschoor at gmail dot com
I can also reproduce with script from 'f dot ardelian at gmail dot com' this
error on:
php --version
PHP 5.3.8-pl0-gentoo (cli) (built: Oct 4 2011 10:42:38)
Copyright (c) 1997-2011 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2011 Zend Technologies
------------------------------------------------------------------------
[2011-09-26 08:00:03] laacz at laacz dot lv
Second this by running code, provided by "f dot ardelian at gmail dot com" at
2011-08-31 07:49 UTC:
# php -q zend_mm_heap_corrupted.php
If you see this, try to increase OBJECT_COUNT to 100,000zend_mm_heap corrupted
# php --version
PHP 5.3.8 (cli) (built: Aug 29 2011 14:48:33)
Copyright (c) 1997-2011 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2011 Zend Technologies
with eAccelerator v0.9.6.1, Copyright (c) 2004-2010 eAccelerator, by
eAccelerator
with Xdebug v2.1.2, Copyright (c) 2002-2011, by Derick Rethans
------------------------------------------------------------------------
[2011-09-02 11:28:40] christoffer at westart dot se
I must agree with Florin, we are experiencing the same kinds of issues, both
with
CLI and mod_php, su_php and across 5.2.* and 5.3.*. We really need this to be
fixed. Any updates?
------------------------------------------------------------------------
[2011-08-31 07:49:32] f dot ardelian at gmail dot com
The cause is pretty clear to me: when the script ends, the garbage collector
starts to destroy the objects and the `unset()` in the destructor probably
invokes the garbage collector again. The error message doesn't always appear on
the screen nor in the error log (sometimes it does). The "Segmentation fault"
always appears in the error log. Breaks if PHP is installed using apt-get or
yum or comes with your Linux distro. Seems to work fine on Windows and codepads
(custom compiled PHPs). Definitely breaks on Debian. Don't forget to set
memory_limit to have enough room in memory to create all the objects (128M
seems to be enough on Debian to create 150,000 objects).
<?php
define('OBJECT_COUNT', 20 * 1000);
class Object {
private static $world = array();
private static $maxGuid = 0;
protected $_guid = null;
public function __construct() {
self::$world[$this->_guid = self::$maxGuid++] = $this;
}
public function __destruct() {
unset(self::$world[$this->_guid]);
}
}
for ($i = 0; $i < OBJECT_COUNT; ++$i) {
new Object();
}
// You probably won't see this because of the "zend_mm_heap corrupted"
echo 'If you see this, try to increase OBJECT_COUNT to 100,000';
?>
If this code pinpoints the four and a half years-old issue, email me a beer.
Florin Ardelian
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
https://bugs.php.net/bug.php?id=40479
--
Edit this bug report at https://bugs.php.net/bug.php?id=40479&edit=1
