Edit report at https://bugs.php.net/bug.php?id=60598&edit=1
ID: 60598 Updated by: larue...@php.net Reported by: arekm at maven dot pl Summary: cli/apache sapi segfault on objects manipulation Status: Feedback Type: Bug Package: Reproducible crash Operating System: Linux PHP Version: 5.4.0RC3 Block user comment: N Private report: N New Comment: I made a patch, could you please verify it? thanks Previous Comments: ------------------------------------------------------------------------ [2013-08-29 11:09:44] larue...@php.net The following patch has been added/updated: Patch Name: bug60598 Revision: 1377774584 URL: https://bugs.php.net/patch-display.php?bug=60598&patch=bug60598&revision=1377774584 ------------------------------------------------------------------------ [2013-08-28 13:25:45] manuel-php at mausz dot at Still the same with 5.4.19 # php -n test.php If you see this, try to increase OBJECT_COUNT to 100,000Segmentation fault ------------------------------------------------------------------------ [2013-08-28 13:05:43] ras...@php.net Please try again with 5.4.19. There were some fixes related to this applied in 5.4.18. ------------------------------------------------------------------------ [2013-06-05 11:51:34] arjen at react dot com Problem still present in php-5.4.15 verified from php.net src. See https://gist.github.com/anonymous/5713352 for bt. ------------------------------------------------------------------------ [2012-11-25 15:07:30] manuel-php at mausz dot at Same on git master: [object_properties_init] name=Object addr=2e3b42b0 pt_addr=2e3b6270 pt[0]_addr=2e3b4dc8 pt[0].handle=#0 [zend_std_write_property] name=_guid (=pt[0]) old_addr=2e3b4dc8 new_addr=2e3b42f8 new.handle=#0 [object_properties_init] name=Object addr=2e3b6688 pt_addr=2e3b6a60 pt[0]_addr=2e3b4dc8 pt[0].handle=#0 [zend_std_write_property] name=_guid (=pt[0]) old_addr=2e3b4dc8 new_addr=2e3b66d0 new.handle=#1 [zval_collect_white] adding zval to zval_to_free-list zval: addr=2e3b42f8 refcnt=2 handle=#0 [gc_collect_cycles] freeing zval zval: addr=2e3b42f8 refcnt=2 handle=#0 ^^ - 1st zval free [zend_object_std_dtor] object=Object addr=2e3b42b0 pt_addr=2e3b6270 calling zval_ptr_dtor for pt[0]_addr=2e3b42f8 pt[0].refcnt=1515870810 ^^ - 2nd zval free pt[0].handle=#1515870810 [zend_object_std_dtor] object=Object addr=2e3b6688 pt_addr=2e3b6a60 calling zval_ptr_dtor for pt[0]_addr=2e3b66d0 pt[0].refcnt=1 pt[0].handle=#1 Patch for my debug output: https://gist.github.com/095e8dc10c3e18afb3e6 I recommend enabling ZEND_MM_HEAP_PROTECTION. This is why refcnt+handle is 0x5a5a5a5a on 2nd free. ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at https://bugs.php.net/bug.php?id=60598 -- Edit this bug report at https://bugs.php.net/bug.php?id=60598&edit=1
