[PHP-BUG] Bug #62432 [NEW]: ReflectionMethod random corrupt memory on high concurrent

[xuefer at gmail dot com]

From:             xuefer at gmail dot com
Operating system: Windows
PHP version:      5.3.14
Package:          Reflection related
Bug Type:         Bug
Bug description:ReflectionMethod random corrupt memory on high concurrent

Description:
------------
ReflectionMethod crash zend memory manager randomly on high concurrent


Configuration File (php.ini) Path       C:\Windows
Loaded Configuration File       (none)
Scan this dir for additional .ini files (none)
Additional .ini files parsed    (none)
Zend Extension Build    API220090626,TS,VC9
PHP Extension Build     API20090626,TS,VC9
Debug Build     no
Thread Safety   enabled
Zend Memory Manager     enabled

Configuration

apache2handler

Apache Version  Apache/2.2.22 (Win32) mod_ssl/2.2.22 OpenSSL/0.9.8t
PHP/5.3.14

apache is loaded with module alias_module authz_host_module and php,
nothing 
else

Test script:
---------------
<?php

class C
{
    function method()
    {
    }
}

new ReflectionMethod("C::method");
?>

ab.exe -n 30000 -c 60 http://localhost/test.php
This is ApacheBench, Version 2.3 <$Revision: 655654 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/

Benchmarking localhost (be patient)
Total of 983 requests completed
apr_poll: The timeout specified has expired (70007)


Expected result:
----------------
no crash

Actual result:
--------------
The thread 'Win32 Thread' (0x1e98) has exited with code 0 (0x0).
Unhandled exception at 0x69e2c7d7 (php5ts.dll) in httpd.exe: 0xC0000005:
Access 
violation reading location 0x29bffacc.

>       php5ts.dll!_zend_mm_free_int(_zend_mm_heap * heap=0x0edf8a20, void * 
p=0x00000000)  Line 2028        C
        php5ts.dll!_efree(void * ptr=0x023dd588)  Line 2361 + 0xa bytes C
        php5ts.dll!_zval_dtor_func(_zval_struct * zvalue=0x023fe918)  Line 36 + 
0xc bytes       C
        php5ts.dll!_zval_ptr_dtor(_zval_struct * * zval_ptr=0x10f00dbc)  Line 
447 + 0xc bytes C
        php5ts.dll!_zend_hash_add_or_update(_hashtable * ht=0x10f00d80, const 
char * arKey=0x6a1b4d00, unsigned int nKeyLength=0x00000006, void * 
pData=0x0995fab8, unsigned int nDataSize=0x00000004, void * *
pDest=0x00000000, 
int flag=0x00000001)  Line 237 + 0x6 bytes      C
        php5ts.dll!zim_reflection_method___construct(int ht=0x00000001, 
_zval_struct * return_value=0x10f02778, _zval_struct * * 
return_value_ptr=0x00000000, _zval_struct * this_ptr=0x10f00d60, int 
return_value_used=0x00000000, void * * * tsrm_ls=0x0efbb728)  Line 2532 C
        php5ts.dll!zend_do_fcall_common_helper_SPEC(_zend_execute_data * 
execute_data=0x10f30080, void * * * tsrm_ls=0x0efbb701)  Line 320 + 0x41
bytes   
C
        php5ts.dll!ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER(_zend_execute_data * 
execute_data=0x00000005, void * * * tsrm_ls=0x0f0c4868)  Line 426       C
        php5ts.dll!execute(_zend_op_array * op_array=0x10f00880, void * * * 
tsrm_ls=0x0efbb700)  Line 107 + 0xa bytes       C
        php5ts.dll!zend_execute_scripts(int type=0x00000008, void * * * 
tsrm_ls=0x0efbb728, _zval_struct * * retval=0x00000000, int 
file_count=0x00000003, ...)  Line 1237  C
        php5ts.dll!php_execute_script(_zend_file_handle * 
primary_file=0x0995fe34, void * * * tsrm_ls=0x0efbb728)  Line 2308 + 0x12
bytes   
C
        php5apache2_2.dll!php_handler(request_rec * r=0x0bc82100)  Line 669 + 
0xe bytes       C
        libhttpd.dll!6ff02435()         
        [Frames below may be incorrect and/or missing, no symbols loaded for 
libhttpd.dll]   
        libhttpd.dll!6ff027c0()         
        libhttpd.dll!6ff0f01e()         
        libhttpd.dll!6ff0adbc()         
        libhttpd.dll!6ff050a5()         
        libhttpd.dll!6ff05363()         
        libhttpd.dll!6ff1df6c()         
        msvcrt.dll!74921287()   
        msvcrt.dll!74921328()   
        kernel32.dll!@BaseThreadInitThunk@12()  + 0x12 bytes    
        ntdll.dll!___RtlUserThreadStart@8()  + 0x27 bytes       
        ntdll.dll!__RtlUserThreadStart@8()  + 0x1b bytes        


-- 
Edit bug report at https://bugs.php.net/bug.php?id=62432&edit=1
-- 
Try a snapshot (PHP 5.4):            
https://bugs.php.net/fix.php?id=62432&r=trysnapshot54
Try a snapshot (PHP 5.3):            
https://bugs.php.net/fix.php?id=62432&r=trysnapshot53
Try a snapshot (trunk):              
https://bugs.php.net/fix.php?id=62432&r=trysnapshottrunk
Fixed in SVN:                        
https://bugs.php.net/fix.php?id=62432&r=fixed
Fixed in SVN and need be documented: 
https://bugs.php.net/fix.php?id=62432&r=needdocs
Fixed in release:                    
https://bugs.php.net/fix.php?id=62432&r=alreadyfixed
Need backtrace:                      
https://bugs.php.net/fix.php?id=62432&r=needtrace
Need Reproduce Script:               
https://bugs.php.net/fix.php?id=62432&r=needscript
Try newer version:                   
https://bugs.php.net/fix.php?id=62432&r=oldversion
Not developer issue:                 
https://bugs.php.net/fix.php?id=62432&r=support
Expected behavior:                   
https://bugs.php.net/fix.php?id=62432&r=notwrong
Not enough info:                     
https://bugs.php.net/fix.php?id=62432&r=notenoughinfo
Submitted twice:                     
https://bugs.php.net/fix.php?id=62432&r=submittedtwice
register_globals:                    
https://bugs.php.net/fix.php?id=62432&r=globals
PHP 4 support discontinued:          
https://bugs.php.net/fix.php?id=62432&r=php4
Daylight Savings:                    https://bugs.php.net/fix.php?id=62432&r=dst
IIS Stability:                       
https://bugs.php.net/fix.php?id=62432&r=isapi
Install GNU Sed:                     
https://bugs.php.net/fix.php?id=62432&r=gnused
Floating point limitations:          
https://bugs.php.net/fix.php?id=62432&r=float
No Zend Extensions:                  
https://bugs.php.net/fix.php?id=62432&r=nozend
MySQL Configuration Error:           
https://bugs.php.net/fix.php?id=62432&r=mysqlcfg