Edit report at https://bugs.php.net/bug.php?id=64896&edit=1
ID: 64896
Comment by: arjen at react dot com
Reported by: mark dot chong at acquireap dot com
Summary: Segfault with gc_collect_cycles using unserialize on
certain objects
Status: Open
Type: Bug
Package: Reproducible crash
Operating System: ubuntu
PHP Version: 5.4.15
Block user comment: N
Private report: N
New Comment:
Still crashes 5.4-git, testscript attached.
Previous Comments:
------------------------------------------------------------------------
[2013-06-11 21:56:47] webm4st0r at gmail dot com
I believe I am hitting a similar issue to this through running some test
suites.
I've not yet been able to get a smaller script to reproduce the problem, though
the one in this issue does fail to run.
I have tested this on 5.4.16 on 64bit CentOS 6. I would be interested in
testing
a patch for this to determine if it truly is the same problem, as the crash I'm
seeing in the test run is during php_request_shutdown, sometimes within a
gc_collect_cycles, sometimes within a destroy_zend_class.
I am unable to reproduce these failures with zend.enable_gc = 0, or in a debug
build.
I can provide some stack traces for both failures I've seen if that would be
useful in looking into this.
------------------------------------------------------------------------
[2013-06-05 13:32:34] [email protected]
Ha, I can reproduce this with non-debug build now. thanks
------------------------------------------------------------------------
[2013-06-05 11:18:22] arjen at react dot com
I can confirm the segfault using PHP-5.4.15 build from php.net sources.
Backtrace is same as above @ https://gist.github.com/anonymous/5713123
Valgrind trace @ https://gist.github.com/anonymous/5713183
------------------------------------------------------------------------
[2013-05-30 21:17:17] sjon at hortensius dot net
@laruence I can reproduce this easily, see http://3v4l.org/Z9Bg7#v545 every
version of PHP since 5.4.5 segfaults on the script (without xdebug)
here is your backtrace without xdebug:
#0 0x0000000000608737 in ?? ()
#1 0x000000000061f349 in _zval_ptr_dtor ()
#2 0x000000000063b8d8 in zend_hash_destroy ()
#3 0x000000000062d37b in _zval_dtor_func ()
#4 0x000000000069e31d in ?? ()
#5 0x000000000065508f in execute ()
#6 0x0000000000621190 in zend_call_function ()
#7 0x0000000000644e55 in zend_call_method ()
#8 0x000000000064eab2 in zend_objects_destroy_object ()
#9 0x000000000064c9a8 in gc_collect_cycles ()
#10 0x000000000063e699 in ?? ()
#11 0x00000000006d6d6c in ?? ()
#12 0x000000000065508f in execute ()
#13 0x000000000062fb94 in zend_execute_scripts ()
#14 0x00000000005d1afc in php_execute_script ()
#15 0x00000000006d8d1f in ?? ()
#16 0x000000000042615d in ?? ()
#17 0x00007ffff690fa15 in __libc_start_main () from /usr/lib/libc.so.6
#18 0x00000000004261f9 in _start ()
With a debug-build; this problem seems unreproducable
------------------------------------------------------------------------
[2013-05-24 13:23:43] [email protected]
please disable xdebug then try again
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
https://bugs.php.net/bug.php?id=64896
--
Edit this bug report at https://bugs.php.net/bug.php?id=64896&edit=1
