Edit report at https://bugs.php.net/bug.php?id=54460&edit=1
ID: 54460 Updated by: [email protected] Reported by: courtois at templeet dot org Summary: memory leaks -Status: Open +Status: Feedback Type: Bug Package: Reproducible crash Operating System: debian squeeze PHP Version: 5.3.6 Block user comment: N Private report: N New Comment: Please try using this snapshot: http://snaps.php.net/php5.3-latest.tar.gz For Windows: http://windows.php.net/snapshots/ Previous Comments: ------------------------------------------------------------------------ [2011-04-09 14:34:15] decoder-php at own-hero dot net The following is an automatically reduced testcase that can be run in the same way as described here for the original testcase: <?php class TempleetRedirect extends Exception {}; Function parseform($template) { $txt = eval_list($templatecache[$template]['template']); } Function eval_list($array) { throw new TempleetRedirect($file); } Function parsetemplate($template) { $txt = parseform($template); } try { $output=parsetemplate($global_var['template']); } catch (TempleetRedirect $r) { exit(); } ?> ------------------------------------------------------------------------ [2011-04-04 06:48:06] courtois at templeet dot org To call it from command line I simulated a cgi call with this script: #!/bin/sh PHPRC="/var/www/dev4.sociatomdev.com/" export PHPRC export USE_ZEND_ALLOC=0 export REQUEST_URI=/auth/packageinstall.html.en export SCRIPT_NAME=/templeet.php export QUERY_STRING= export REQUEST_METHOD=GET export REDIRECT_STATUS=404 export REDIRECT_URL=/templeet.php export DOCUMENT_ROOT=/var/www/dev4.sociatomdev.com/chroot/htdocs export SCRIPT_FILENAME=/templeet.php export SERVER_NAME=localhost export SERVER_PROTOCOL=HTTP/1.0 export REDIRECT_HANDLER=php-cgi export PATH_TRANSLATED=/var/www/dev4.sociatomdev.com/chroot/htdocs/templeet.php exec valgrind --leak-check=full /home/courtois/test2/php-5.3.6/sapi/cgi/php-cgi ------------------------------------------------------------------------ [2011-04-03 23:35:17] decoder-php at own-hero dot net Hello, do you happen to have a testcase that runs on command line, or can your testcase be run on command line instead of using Apache? That would allow me to automatically reduce the testcase. Best, Chris ------------------------------------------------------------------------ [2011-04-03 21:28:12] courtois at templeet dot org Description: ------------ memory leaks leed to memory exhaustion (see valgrind trace below) PHP 5.3.6 './configure' '--prefix=/usr/local/php53' '--with-mysql' '--with-mysqli' '--with-gd' '--with-zlib' '--enable-debug' '--disable-cli' called with cgi memory exhaustion appears with zend memory manager. Test script: --------------- bug can be reproduced by downloading Templeet installer at: http://t4.templeet.org/templeet.php/makeinstaller/?action=makeinstaller&dists[core]=201104030716&dists[templeet4_admin]=201103010804 install Templeet by calling the php file downloaded. in templeet/serverconf.php : set $config['usepagecache'] and $config['usetemplatecache'] to 0 go to the package install page : auth/packageinstall.html.en Actual result: -------------- ==22302== Memcheck, a memory error detector ==22302== Copyright (C) 2002-2010, and GNU GPL'd, by Julian Seward et al. ==22302== Using Valgrind-3.6.0.SVN-Debian and LibVEX; rerun with -h for copyright info ==22302== Command: /home/courtois/test2/php-5.3.6/sapi/cgi/php-cgi ==22302== /var/www/dev4.sociatomdev.com/chroot/htdocs/templeet/fetch.php(215) : Warning - Cannot modify header information - headers already sent by (output started at /var/www/dev4.sociatomdev.com/chroot/htdocs/templeet/fetch.php:580) ==22302== ==22302== HEAP SUMMARY: ==22302== in use at exit: 60,706 bytes in 1,591 blocks ==22302== total heap usage: 1,815,703 allocs, 1,814,112 frees, 302,914,393 bytes allocated ==22302== ==22302== 21 (20 direct, 1 indirect) bytes in 1 blocks are definitely lost in loss record 27 of 136 ==22302== at 0x4023F50: malloc (vg_replace_malloc.c:236) ==22302== by 0x8400D36: _emalloc (zend_alloc.c:2348) ==22302== by 0x844BADE: zend_assign_to_variable_reference (zend_execute.c:413) ==22302== by 0x84D6FF2: ZEND_ASSIGN_REF_SPEC_CV_VAR_HANDLER (zend_vm_execute.h:27383) ==22302== by 0x844E8AA: execute (zend_vm_execute.h:107) ==22302== by 0x8421BD7: zend_execute_scripts (zend.c:1194) ==22302== by 0x83B8CC8: php_execute_script (main.c:2268) ==22302== by 0x84E649E: main (cgi_main.c:2109) ==22302== ==22302== 21 (20 direct, 1 indirect) bytes in 1 blocks are definitely lost in loss record 28 of 136 ==22302== at 0x4023F50: malloc (vg_replace_malloc.c:236) ==22302== by 0x8400D36: _emalloc (zend_alloc.c:2348) ==22302== by 0x844CE48: zend_assign_to_variable (zend_execute.c:714) ==22302== by 0x84C5B07: ZEND_ASSIGN_SPEC_CV_CONST_HANDLER (zend_vm_execute.h:24059) ==22302== by 0x844E8AA: execute (zend_vm_execute.h:107) ==22302== by 0x8421BD7: zend_execute_scripts (zend.c:1194) ==22302== by 0x83B8CC8: php_execute_script (main.c:2268) ==22302== by 0x84E649E: main (cgi_main.c:2109) ==22302== ==22302== 39 bytes in 3 blocks are possibly lost in loss record 46 of 136 ==22302== at 0x4023F50: malloc (vg_replace_malloc.c:236) ==22302== by 0x8400D36: _emalloc (zend_alloc.c:2348) ==22302== by 0x84010EA: _estrndup (zend_alloc.c:2503) ==22302== by 0x83E748F: zend_scan_escape_string (zend_language_scanner.l:740) ==22302== by 0x83E90AC: lex_scan (zend_language_scanner.l:2037) ==22302== by 0x840E952: zendlex (zend_compile.c:4954) ==22302== by 0x83E1482: zendparse (zend_language_parser.c:3280) ==22302== by 0x83E6D7F: compile_file (zend_language_scanner.l:364) ==22302== by 0x82658C4: phar_compile_file (phar.c:3393) ==22302== by 0x8421B37: zend_execute_scripts (zend.c:1186) ==22302== by 0x83B8CC8: php_execute_script (main.c:2268) ==22302== by 0x84E649E: main (cgi_main.c:2109) ==22302== ==22302== 40 bytes in 2 blocks are definitely lost in loss record 54 of 136 ==22302== at 0x4023F50: malloc (vg_replace_malloc.c:236) ==22302== by 0x8400D36: _emalloc (zend_alloc.c:2348) ==22302== by 0x84BE49D: zend_send_by_var_helper_SPEC_CV (zend_vm_execute.h:22135) ==22302== by 0x84BEBC5: ZEND_SEND_VAR_SPEC_CV_HANDLER (zend_vm_execute.h:22242) ==22302== by 0x844E8AA: execute (zend_vm_execute.h:107) ==22302== by 0x8421BD7: zend_execute_scripts (zend.c:1194) ==22302== by 0x83B8CC8: php_execute_script (main.c:2268) ==22302== by 0x84E649E: main (cgi_main.c:2109) ==22302== ==22302== 54 (20 direct, 34 indirect) bytes in 1 blocks are definitely lost in loss record 65 of 136 ==22302== at 0x4023F50: malloc (vg_replace_malloc.c:236) ==22302== by 0x8400D36: _emalloc (zend_alloc.c:2348) ==22302== by 0x844C52A: zend_assign_to_object (zend_execute.c:558) ==22302== by 0x84C531D: ZEND_ASSIGN_OBJ_SPEC_CV_CONST_HANDLER (zend_vm_execute.h:23966) ==22302== by 0x844E8AA: execute (zend_vm_execute.h:107) ==22302== by 0x8421BD7: zend_execute_scripts (zend.c:1194) ==22302== by 0x83B8CC8: php_execute_script (main.c:2268) ==22302== by 0x84E649E: main (cgi_main.c:2109) ==22302== ==22302== 75 bytes in 12 blocks are possibly lost in loss record 73 of 136 ==22302== at 0x4023F50: malloc (vg_replace_malloc.c:236) ==22302== by 0x8400D36: _emalloc (zend_alloc.c:2348) ==22302== by 0x84010EA: _estrndup (zend_alloc.c:2503) ==22302== by 0x83E748F: zend_scan_escape_string (zend_language_scanner.l:740) ==22302== by 0x83EB434: lex_scan (zend_language_scanner.l:1870) ==22302== by 0x840E952: zendlex (zend_compile.c:4954) ==22302== by 0x83E1482: zendparse (zend_language_parser.c:3280) ==22302== by 0x83E6D7F: compile_file (zend_language_scanner.l:364) ==22302== by 0x82658C4: phar_compile_file (phar.c:3393) ==22302== by 0x8421B37: zend_execute_scripts (zend.c:1186) ==22302== by 0x83B8CC8: php_execute_script (main.c:2268) ==22302== by 0x84E649E: main (cgi_main.c:2109) ==22302== ==22302== 85 bytes in 11 blocks are possibly lost in loss record 77 of 136 ==22302== at 0x4023F50: malloc (vg_replace_malloc.c:236) ==22302== by 0x8400D36: _emalloc (zend_alloc.c:2348) ==22302== by 0x84010EA: _estrndup (zend_alloc.c:2503) ==22302== by 0x83F3D83: lex_scan (zend_language_scanner.l:1036) ==22302== by 0x840E952: zendlex (zend_compile.c:4954) ==22302== by 0x83E1482: zendparse (zend_language_parser.c:3280) ==22302== by 0x83E6D7F: compile_file (zend_language_scanner.l:364) ==22302== by 0x82658C4: phar_compile_file (phar.c:3393) ==22302== by 0x8421B37: zend_execute_scripts (zend.c:1186) ==22302== by 0x83B8CC8: php_execute_script (main.c:2268) ==22302== by 0x84E649E: main (cgi_main.c:2109) ==22302== ==22302== 92 (80 direct, 12 indirect) bytes in 4 blocks are definitely lost in loss record 82 of 136 ==22302== at 0x4023F50: malloc (vg_replace_malloc.c:236) ==22302== by 0x8400D36: _emalloc (zend_alloc.c:2348) ==22302== by 0x844F09E: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:300) ==22302== by 0x8452D45: ZEND_DO_FCALL_SPEC_CONST_HANDLER (zend_vm_execute.h:1606) ==22302== by 0x844E8AA: execute (zend_vm_execute.h:107) ==22302== by 0x8421BD7: zend_execute_scripts (zend.c:1194) ==22302== by 0x83B8CC8: php_execute_script (main.c:2268) ==22302== by 0x84E649E: main (cgi_main.c:2109) ==22302== ==22302== 100 bytes in 7 blocks are possibly lost in loss record 84 of 136 ==22302== at 0x4023F50: malloc (vg_replace_malloc.c:236) ==22302== by 0x8400D36: _emalloc (zend_alloc.c:2348) ==22302== by 0x841E742: zend_str_tolower_dup (zend_operators.c:1884) ==22302== by 0x8405CB6: zend_do_begin_dynamic_function_call (zend_compile.c:1683) ==22302== by 0x84057F8: zend_do_begin_function_call (zend_compile.c:1575) ==22302== by 0x83E3F78: zendparse (zend_language_parser.c:4652) ==22302== by 0x83E6D7F: compile_file (zend_language_scanner.l:364) ==22302== by 0x82658C4: phar_compile_file (phar.c:3393) ==22302== by 0x8421B37: zend_execute_scripts (zend.c:1186) ==22302== by 0x83B8CC8: php_execute_script (main.c:2268) ==22302== by 0x84E649E: main (cgi_main.c:2109) ==22302== ==22302== 100 bytes in 12 blocks are possibly lost in loss record 85 of 136 ==22302== at 0x4023F50: malloc (vg_replace_malloc.c:236) ==22302== by 0x8400D36: _emalloc (zend_alloc.c:2348) ==22302== by 0x84010EA: _estrndup (zend_alloc.c:2503) ==22302== by 0x83EC50D: lex_scan (zend_language_scanner.l:1672) ==22302== by 0x840E952: zendlex (zend_compile.c:4954) ==22302== by 0x83E1482: zendparse (zend_language_parser.c:3280) ==22302== by 0x83E6D7F: compile_file (zend_language_scanner.l:364) ==22302== by 0x82658C4: phar_compile_file (phar.c:3393) ==22302== by 0x8421B37: zend_execute_scripts (zend.c:1186) ==22302== by 0x83B8CC8: php_execute_script (main.c:2268) ==22302== by 0x84E649E: main (cgi_main.c:2109) ==22302== ==22302== 122 bytes in 9 blocks are possibly lost in loss record 90 of 136 ==22302== at 0x4023F50: malloc (vg_replace_malloc.c:236) ==22302== by 0x8400D36: _emalloc (zend_alloc.c:2348) ==22302== by 0x84010EA: _estrndup (zend_alloc.c:2503) ==22302== by 0x83E9E0E: lex_scan (zend_language_scanner.l:1695) ==22302== by 0x840E952: zendlex (zend_compile.c:4954) ==22302== by 0x83E1482: zendparse (zend_language_parser.c:3280) ==22302== by 0x83E6D7F: compile_file (zend_language_scanner.l:364) ==22302== by 0x82658C4: phar_compile_file (phar.c:3393) ==22302== by 0x8421B37: zend_execute_scripts (zend.c:1186) ==22302== by 0x83B8CC8: php_execute_script (main.c:2268) ==22302== by 0x84E649E: main (cgi_main.c:2109) ==22302== ==22302== 182 bytes in 14 blocks are possibly lost in loss record 100 of 136 ==22302== at 0x4023F50: malloc (vg_replace_malloc.c:236) ==22302== by 0x8400D36: _emalloc (zend_alloc.c:2348) ==22302== by 0x84010EA: _estrndup (zend_alloc.c:2503) ==22302== by 0x83EB237: lex_scan (zend_language_scanner.l:1817) ==22302== by 0x840E952: zendlex (zend_compile.c:4954) ==22302== by 0x83E1482: zendparse (zend_language_parser.c:3280) ==22302== by 0x83E6D7F: compile_file (zend_language_scanner.l:364) ==22302== by 0x82658C4: phar_compile_file (phar.c:3393) ==22302== by 0x8421B37: zend_execute_scripts (zend.c:1186) ==22302== by 0x83B8CC8: php_execute_script (main.c:2268) ==22302== by 0x84E649E: main (cgi_main.c:2109) ==22302== ==22302== 322 bytes in 34 blocks are possibly lost in loss record 112 of 136 ==22302== at 0x4023F50: malloc (vg_replace_malloc.c:236) ==22302== by 0x8400D36: _emalloc (zend_alloc.c:2348) ==22302== by 0x841E742: zend_str_tolower_dup (zend_operators.c:1884) ==22302== by 0x840579D: zend_do_begin_function_call (zend_compile.c:1571) ==22302== by 0x83E3F78: zendparse (zend_language_parser.c:4652) ==22302== by 0x83E6D7F: compile_file (zend_language_scanner.l:364) ==22302== by 0x82658C4: phar_compile_file (phar.c:3393) ==22302== by 0x8421B37: zend_execute_scripts (zend.c:1186) ==22302== by 0x83B8CC8: php_execute_script (main.c:2268) ==22302== by 0x84E649E: main (cgi_main.c:2109) ==22302== ==22302== 482 (144 direct, 338 indirect) bytes in 1 blocks are definitely lost in loss record 116 of 136 ==22302== at 0x4023F50: malloc (vg_replace_malloc.c:236) ==22302== by 0x8400D36: _emalloc (zend_alloc.c:2348) ==22302== by 0x83E6C86: compile_file (zend_language_scanner.l:334) ==22302== by 0x82658C4: phar_compile_file (phar.c:3393) ==22302== by 0x8421B37: zend_execute_scripts (zend.c:1186) ==22302== by 0x83B8CC8: php_execute_script (main.c:2268) ==22302== by 0x84E649E: main (cgi_main.c:2109) ==22302== ==22302== 613 (60 direct, 553 indirect) bytes in 3 blocks are definitely lost in loss record 117 of 136 ==22302== at 0x4023F50: malloc (vg_replace_malloc.c:236) ==22302== by 0x8400D36: _emalloc (zend_alloc.c:2348) ==22302== by 0x84BEA56: ZEND_SEND_REF_SPEC_CV_HANDLER (zend_vm_execute.h:22226) ==22302== by 0x844E8AA: execute (zend_vm_execute.h:107) ==22302== by 0x8421BD7: zend_execute_scripts (zend.c:1194) ==22302== by 0x83B8CC8: php_execute_script (main.c:2268) ==22302== by 0x84E649E: main (cgi_main.c:2109) ==22302== ==22302== 679 (120 direct, 559 indirect) bytes in 6 blocks are definitely lost in loss record 121 of 136 ==22302== at 0x4023F50: malloc (vg_replace_malloc.c:236) ==22302== by 0x8400D36: _emalloc (zend_alloc.c:2348) ==22302== by 0x844CEFB: zend_assign_to_variable (zend_execute.c:724) ==22302== by 0x84CCEAB: ZEND_ASSIGN_SPEC_CV_TMP_HANDLER (zend_vm_execute.h:25697) ==22302== by 0x844E8AA: execute (zend_vm_execute.h:107) ==22302== by 0x8421BD7: zend_execute_scripts (zend.c:1194) ==22302== by 0x83B8CC8: php_execute_script (main.c:2268) ==22302== by 0x84E649E: main (cgi_main.c:2109) ==22302== ==22302== 14,467 (88 direct, 14,379 indirect) bytes in 2 blocks are definitely lost in loss record 135 of 136 ==22302== at 0x4023F50: malloc (vg_replace_malloc.c:236) ==22302== by 0x8400D36: _emalloc (zend_alloc.c:2348) ==22302== by 0x8415A60: zend_rebuild_symbol_table (zend_execute_API.c:1699) ==22302== by 0x844CFEC: zend_get_target_symbol_table (zend_execute.c:766) ==22302== by 0x8452290: zend_fetch_var_address_helper_SPEC_CONST (zend_vm_execute.h:1340) ==22302== by 0x8452904: ZEND_FETCH_R_SPEC_CONST_HANDLER (zend_vm_execute.h:1424) ==22302== by 0x844E8AA: execute (zend_vm_execute.h:107) ==22302== by 0x8421BD7: zend_execute_scripts (zend.c:1194) ==22302== by 0x83B8CC8: php_execute_script (main.c:2268) ==22302== by 0x84E649E: main (cgi_main.c:2109) ==22302== ==22302== 17,328 bytes in 1 blocks are possibly lost in loss record 136 of 136 ==22302== at 0x4024046: realloc (vg_replace_malloc.c:525) ==22302== by 0x8400DF7: _erealloc (zend_alloc.c:2369) ==22302== by 0x84176D6: pass_two (zend_opcode.c:380) ==22302== by 0x83E6DDB: compile_file (zend_language_scanner.l:376) ==22302== by 0x82658C4: phar_compile_file (phar.c:3393) ==22302== by 0x8421B37: zend_execute_scripts (zend.c:1186) ==22302== by 0x83B8CC8: php_execute_script (main.c:2268) ==22302== by 0x84E649E: main (cgi_main.c:2109) ==22302== ==22302== LEAK SUMMARY: ==22302== definitely lost: 592 bytes in 21 blocks ==22302== indirectly lost: 15,877 bytes in 524 blocks ==22302== possibly lost: 18,353 bytes in 103 blocks ==22302== still reachable: 25,884 bytes in 943 blocks ==22302== suppressed: 0 bytes in 0 blocks ==22302== Reachable blocks (those to which a pointer was found) are not shown. ==22302== To see them, rerun with: --leak-check=full --show-reachable=yes ==22302== ==22302== For counts of detected and suppressed errors, rerun with: -v ==22302== ERROR SUMMARY: 18 errors from 18 contexts (suppressed: 38 from 11) ------------------------------------------------------------------------ -- Edit this bug report at https://bugs.php.net/bug.php?id=54460&edit=1
