From: rehsack at liwing dot de
Operating system: FreeBSD 5.1 i386
PHP version: 4.3.3
PHP Bug Type: Reproducible crash
Bug description: script crashs in _efree (ptr=0x8a8828c) at
php-4.3.3/Zend/zend_alloc.c:259
Description:
------------
When I excecute a test-skript on my workstation, php crashs. The crash is
since php-4.3.3, prior releases or release candidates didn't.
The information from gdb are:
$ gdb --args php test/documenttest.php
GNU gdb 5.2.1 (FreeBSD)
Copyright 2002 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you
are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for
details.
This GDB was configured as "i386-undermydesk-freebsd"...
(gdb) run
Starting program: /usr/local/bin/php test/documenttest.php
Program received signal SIGBUS, Bus error.
0x08146eb5 in _efree (ptr=0x8a8828c) at
/usr/ports/lang/php4/work/php-4.3.3/Zend/zend_alloc.c:259
259 REMOVE_POINTER_FROM_LIST(p);
(gdb) The program is running. Exit anyway? (y or n) y
[EMAIL PROTECTED] $ gdb --args php test/documenttest.php
GNU gdb 5.2.1 (FreeBSD)
Copyright 2002 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you
are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for
details.
This GDB was configured as "i386-undermydesk-freebsd"...
(gdb) run
Starting program: /usr/local/bin/php test/documenttest.php
Program received signal SIGBUS, Bus error.
0x08146eb5 in _efree (ptr=0x8a8828c) at
/usr/ports/lang/php4/work/php-4.3.3/Zend/zend_alloc.c:259
259 REMOVE_POINTER_FROM_LIST(p);
(gdb) bt
#0 0x08146eb5 in _efree (ptr=0x8a8828c) at
/usr/ports/lang/php4/work/php-4.3.3/Zend/zend_alloc.c:259
#1 0x081545d1 in _zval_dtor (zvalue=0x8a88280) at
/usr/ports/lang/php4/work/php-4.3.3/Zend/zend_variables.c:61
#2 0x0814e03f in _zval_ptr_dtor (zval_ptr=0x8a88280) at
/usr/ports/lang/php4/work/php-4.3.3/Zend/zend_execute_API.c:291
#3 0x0816188b in execute (op_array=0x837ac0c) at
/usr/ports/lang/php4/work/php-4.3.3/Zend/zend_execute_locks.h:26
#4 0x081636b4 in execute (op_array=0x8261600) at
/usr/ports/lang/php4/work/php-4.3.3/Zend/zend_execute.c:1660
#5 0x081636b4 in execute (op_array=0x863ef0c) at
/usr/ports/lang/php4/work/php-4.3.3/Zend/zend_execute.c:1660
#6 0x081636b4 in execute (op_array=0x8397f8c) at
/usr/ports/lang/php4/work/php-4.3.3/Zend/zend_execute.c:1660
#7 0x081636b4 in execute (op_array=0x864530c) at
/usr/ports/lang/php4/work/php-4.3.3/Zend/zend_execute.c:1660
#8 0x081636b4 in execute (op_array=0x83b448c) at
/usr/ports/lang/php4/work/php-4.3.3/Zend/zend_execute.c:1660
#9 0x081636b4 in execute (op_array=0x83a3e8c) at
/usr/ports/lang/php4/work/php-4.3.3/Zend/zend_execute.c:1660
#10 0x081636b4 in execute (op_array=0x8982d8c) at
/usr/ports/lang/php4/work/php-4.3.3/Zend/zend_execute.c:1660
#11 0x081636b4 in execute (op_array=0x827610c) at
/usr/ports/lang/php4/work/php-4.3.3/Zend/zend_execute.c:1660
#12 0x081636b4 in execute (op_array=0x8276d8c) at
/usr/ports/lang/php4/work/php-4.3.3/Zend/zend_execute.c:1660
#13 0x081636b4 in execute (op_array=0x8990300) at
/usr/ports/lang/php4/work/php-4.3.3/Zend/zend_execute.c:1660
#14 0x081636b4 in execute (op_array=0x8964a0c) at
/usr/ports/lang/php4/work/php-4.3.3/Zend/zend_execute.c:1660
#15 0x081651e7 in execute (op_array=0x8945c0c) at
/usr/ports/lang/php4/work/php-4.3.3/Zend/zend_execute.c:2181
#16 0x081651e7 in execute (op_array=0x824598c) at
/usr/ports/lang/php4/work/php-4.3.3/Zend/zend_execute.c:2181
#17 0x081651e7 in execute (op_array=0x824578c) at
/usr/ports/lang/php4/work/php-4.3.3/Zend/zend_execute.c:2181
#18 0x081651e7 in execute (op_array=0x8232e8c) at
/usr/ports/lang/php4/work/php-4.3.3/Zend/zend_execute.c:2181
#19 0x08155feb in zend_execute_scripts (type=8, retval=0x0, file_count=3)
at /usr/ports/lang/php4/work/php-4.3.3/Zend/zend.c:885
#20 0x0812b0be in php_execute_script (primary_file=0xbfbff904) at
/usr/ports/lang/php4/work/php-4.3.3/main/main.c:1723
#21 0x0816a568 in main (argc=2, argv=0xbfbff964) at
/usr/ports/lang/php4/work/php-4.3.3/sapi/cli/php_cli.c:818
#22 0x0806c200 in _start ()
(gdb) display *p
1: *p = {pNext = 0xd0d0d0d0, pLast = 0xd0d0d0d0, size = 1355862224, cached
= 1}
(gdb) up
#1 0x081545d1 in _zval_dtor (zvalue=0x8a88280) at
/usr/ports/lang/php4/work/php-4.3.3/Zend/zend_variables.c:61
61
FREE_HASHTABLE(zvalue->value.obj.properties);
(gdb) display zvalue->value
2: zvalue->value = {lval = -791621424, dval = -1.993854408381186e+81, str
= {
val = 0xd0d0d0d0 <Error reading address 0xd0d0d0d0: Bad address>, len
= -791621424}, ht = 0xd0d0d0d0, obj = {ce = 0xd0d0d0d0,
properties = 0xd0d0d0d0}}
(gdb) up
#2 0x0814e03f in _zval_ptr_dtor (zval_ptr=0x8a88280) at
/usr/ports/lang/php4/work/php-4.3.3/Zend/zend_execute_API.c:291
291 zval_dtor(*zval_ptr);
(gdb) display *zval_ptr
3: *zval_ptr = (zval *) 0xd0d0d0d0
(gdb) up
#3 0x0816188b in execute (op_array=0x837ac0c) at
/usr/ports/lang/php4/work/php-4.3.3/Zend/zend_execute_locks.h:26
26 zval_ptr_dtor(&EG(garbage)[--EG(garbage_ptr)]);
(gdb) quit
Reproduce code:
---------------
Code is to long, but I can send a php.core file.
--
Edit bug report at http://bugs.php.net/?id=25275&edit=1
--
Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=25275&r=trysnapshot4
Try a CVS snapshot (php5): http://bugs.php.net/fix.php?id=25275&r=trysnapshot5
Fixed in CVS: http://bugs.php.net/fix.php?id=25275&r=fixedcvs
Fixed in release: http://bugs.php.net/fix.php?id=25275&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=25275&r=needtrace
Try newer version: http://bugs.php.net/fix.php?id=25275&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=25275&r=support
Expected behavior: http://bugs.php.net/fix.php?id=25275&r=notwrong
Not enough info: http://bugs.php.net/fix.php?id=25275&r=notenoughinfo
Submitted twice: http://bugs.php.net/fix.php?id=25275&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=25275&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=25275&r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=25275&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=25275&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=25275&r=gnused
