Edit report at https://bugs.php.net/bug.php?id=64452&edit=1
ID: 64452 Patch added by: a...@php.net Reported by: mattfic...@php.net Summary: oo Zip PHPTs crash intermittently Status: Open Type: Bug Package: Zip Related Operating System: Windows PHP Version: 5.5Git-2013-03-19 (snap) Block user comment: N Private report: N New Comment: The following patch has been added/updated: Patch Name: 64452.patch Revision: 1363716237 URL: https://bugs.php.net/patch-display.php?bug=64452&patch=64452.patch&revision=1363716237 Previous Comments: ------------------------------------------------------------------------ [2013-03-19 15:12:55] a...@php.net The following patch has been added/updated: Patch Name: 64452.patch Revision: 1363705975 URL: https://bugs.php.net/patch-display.php?bug=64452&patch=64452.patch&revision=1363705975 ------------------------------------------------------------------------ [2013-03-19 12:30:59] a...@php.net Reproduced the same on linux, here's what valgrind says ==17169== Invalid free() / delete / delete[] ==17169== at 0x4024B3A: free (vg_replace_malloc.c:366) ==17169== by 0x4C48831: _zip_dirent_finalize (zip_dirent.c:162) ==17169== by 0x4C4693B: zip_close (zip_close.c:306) ==17169== by 0x4C3E9A4: c_ziparchive_close (php_zip.c:1555) ==17169== by 0x4DD0D81: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:542) ==17169== by 0x4DD16A2: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:674) ==17169== by 0x4DD029A: execute_ex (zend_vm_execute.h:356) ==17169== by 0x4DD0364: zend_execute (zend_vm_execute.h:381) ==17169== by 0x4D919F5: zend_execute_scripts (zend.c:1316) ==17169== by 0x4CEBF47: php_execute_script (main.c:2479) ==17169== by 0x4E4526A: php_handler (sapi_apache2.c:667) ==17169== by 0x809072E: ap_run_handler (config.c:169) ==17169== Invalid free() / delete / delete[] ==17169== at 0x4024B3A: free (vg_replace_malloc.c:366) ==17169== by 0x4C48849: _zip_dirent_finalize (zip_dirent.c:164) ==17169== by 0x4C4693B: zip_close (zip_close.c:306) ==17169== by 0x4C3E9A4: c_ziparchive_close (php_zip.c:1555) ==17169== by 0x4DD0D81: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:542) ==17169== by 0x4DD16A2: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:674) ==17169== by 0x4DD029A: execute_ex (zend_vm_execute.h:356) ==17169== by 0x4DD0364: zend_execute (zend_vm_execute.h:381) ==17169== by 0x4D919F5: zend_execute_scripts (zend.c:1316) ==17169== by 0x4CEBF47: php_execute_script (main.c:2479) ==17169== by 0x4E4526A: php_handler (sapi_apache2.c:667) ==17169== by 0x809072E: ap_run_handler (config.c:169) ==17169== ==17169== Invalid free() / delete / delete[] ==17169== at 0x4024B3A: free (vg_replace_malloc.c:366) ==17169== by 0x4C48819: _zip_dirent_finalize (zip_dirent.c:160) ==17169== by 0x4C4693B: zip_close (zip_close.c:306) ==17169== by 0x4C3D1BB: php_zip_object_free_storage (php_zip.c:1054) ==17169== by 0x4DC8D41: zend_objects_store_del_ref_by_handle_ex (zend_objects_API.c:221) ==17169== by 0x4DC89CD: zend_objects_store_del_ref (zend_objects_API.c:173) ==17169== by 0x4D8CBD6: _zval_dtor_func (zend_variables.c:54) ==17169== by 0x4D79F34: _zval_dtor (zend_variables.h:35) ==17169== by 0x4D7A03E: i_zval_ptr_dtor (zend_execute.h:81) ==17169== by 0x4D7BCD3: _zval_ptr_dtor (zend_execute_API.c:428) ==17169== by 0x4D8D034: _zval_ptr_dtor_wrapper (zend_variables.c:182) ==17169== by 0x4DA2A48: zend_hash_apply_deleter (zend_hash.c:650) It's always _zip_dirent_finalize on various lines, that function does actually only free() calls. ------------------------------------------------------------------------ [2013-03-19 04:49:53] mattfic...@php.net Description: ------------ Running this PHPT on Apache with PHP 5.5-03-19 intermittently crashes: ext/zip/tests/oo_addemptydir.phpt I tested some other ext/zip/tests/oo_* including oo_addfile and oo_open and oo_streams, with this revision and they do not crash. Expected result: ---------------- Test pass Actual result: -------------- eax=054cf6e4 ebx=00000000 ecx=7fffffff edx=00000000 esi=00360000 edi=7577cad4 eip=7797dcbb esp=054cf6d4 ebp=054cf74c iopl=0 nv up ei pl zr na pe nc cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246 ntdll!RtlpNtEnumerateSubKey+0x1b26: 7797dcbb eb12 jmp ntdll!RtlpNtEnumerateSubKey+0x1b3a (7797dccf) 054cf74c 7797ebc1 ntdll!RtlpNtEnumerateSubKey+0x1b26 054cf75c 7797eca1 ntdll!RtlpNtEnumerateSubKey+0x2a2c 054cf790 7792de10 ntdll!RtlpNtEnumerateSubKey+0x2b0c 054cf7c0 757714d1 ntdll!RtlUlonglongByteSwap+0xb70 054cf7d4 6d29dcc2 kernel32!HeapFree+0x14 054cf7e8 6b47e76f MSVCR110!free+0x1a 054cf7f8 6b47e3b3 php5ts!_zip_dirent_finalize+0xf [c:\php-sdk\snap_5_5\vc11\x86\ts-windows-vc11-x86\ext\zip\lib\zip_dirent.c @ 162] 054cf884 6b47c345 php5ts!zip_close+0x6d3 [c:\php-sdk\snap_5_5\vc11\x86\ts-windows-vc11-x86\ext\zip\lib\zip_close.c @ 307] 054cf88c 6b227942 php5ts!php_zip_object_free_storage+0x15 [c:\php-sdk\snap_5_5\vc11\x86\ts-windows-vc11-x86\ext\zip\php_zip.c @ 1054] 054cf944 6b2276c8 php5ts!zend_objects_store_del_ref_by_handle_ex+0x1a2 [c:\php-sdk\snap_5_5\vc11\x86\ts-windows-vc11-x86\zend\zend_objects_api.c @ 221] 054cf95c 6b50283e php5ts!zend_objects_store_del_ref+0x18 [c:\php-sdk\snap_5_5\vc11\x86\ts-windows-vc11-x86\zend\zend_objects_api.c @ 173] 054cf974 6b1eb459 php5ts!_zval_dtor_func+0x316e5e [c:\php-sdk\snap_5_5\vc11\x86\ts-windows-vc11-x86\zend\zend_variables.c @ 54] 054cf98c 6b1f985e php5ts!_zval_ptr_dtor+0x59 [c:\php-sdk\snap_5_5\vc11\x86\ts-windows-vc11-x86\zend\zend_execute_api.c @ 428] 054cf9a4 6b2906f1 php5ts!zend_hash_reverse_apply+0xbe [c:\php-sdk\snap_5_5\vc11\x86\ts-windows-vc11-x86\zend\zend_hash.c @ 804] 054cfa10 6b2572a9 php5ts!shutdown_destructors+0x71 [c:\php-sdk\snap_5_5\vc11\x86\ts-windows-vc11-x86\zend\zend_execute_api.c @ 218] 054cfa68 6b256c78 php5ts!zend_call_destructors+0x49 [c:\php-sdk\snap_5_5\vc11\x86\ts-windows-vc11-x86\zend\zend.c @ 924] 054cfd74 6f9a1566 php5ts!php_request_shutdown+0x108 [c:\php-sdk\snap_5_5\vc11\x86\ts-windows-vc11-x86\main\main.c @ 1743] 054cfea8 6d2341d5 php5apache2_4!php_handler+0x486 [c:\php-sdk\snap_5_5\vc11\x86\ts-windows-vc11-x86\sapi\apache2handler\sapi_apache2.c @ 680] 054cfec0 6d23356d libhttpd!ap_run_handler+0x25 [g:\php-sdk\lib_builds\vc11\x86\httpd-2.4.3-makefile\server\config.c @ 169] 054cfed8 6d242424 libhttpd!ap_invoke_handler+0xdd [g:\php-sdk\lib_builds\vc11\x86\httpd-2.4.3-makefile\server\config.c @ 432] 054cfef8 6d2424b1 libhttpd!ap_process_async_request+0x184 [g:\php-sdk\lib_builds\vc11\x86\httpd-2.4.3-makefile\modules\http\http_request.c @ 317] 054cff0c 6d23d8a1 libhttpd!ap_process_request+0x11 [g:\php-sdk\lib_builds\vc11\x86\httpd-2.4.3-makefile\modules\http\http_request.c @ 363] 054cff28 6d236545 libhttpd!ap_process_http_sync_connection+0x61 [g:\php-sdk\lib_builds\vc11\x86\httpd-2.4.3-makefile\modules\http\http_core.c @ 190] 054cff40 6d25ae62 libhttpd!ap_run_process_connection+0x25 [g:\php-sdk\lib_builds\vc11\x86\httpd-2.4.3-makefile\server\connection.c @ 41] 054cff68 75773677 libhttpd!worker_main+0x112 [g:\php-sdk\lib_builds\vc11\x86\httpd-2.4.3-makefile\server\mpm\winnt\child.c @ 840] 054cff74 778e9d72 kernel32!BaseThreadInitThunk+0x12 054cffb4 778e9d45 ntdll!RtlInitializeExceptionChain+0x63 054cffcc 00000000 ntdll!RtlInitializeExceptionChain+0x36 ------------------------------------------------------------------------ -- Edit this bug report at https://bugs.php.net/bug.php?id=64452&edit=1
