ID: 25275
Comment by: moregan at flr dot follett dot com
Reported By: rehsack at liwing dot de
Status: Open
Bug Type: Reproducible crash
Operating System: FreeBSD 5.1 i386
PHP Version: 4.3.3
New Comment:
CLI PHP 4.3.3 segfaults for us with the example script too:
#0 0x081076bd in php_strlcpy (dst=0x8182ec0 "-", src=0x5a5a5a5a
<Address 0x5a5a5a5a out of bounds>, siz=1024)
at /usr/src/php-4.3.3/main/strlcpy.c:58
#1 0x080fdcdc in php_error_cb (type=8, error_filename=0x5a5a5a5a
<Address 0x5a5a5a5a out of bounds>, error_lineno=35,
format=0x8175460 "Use of undefined constant %s - assumed '%s'",
args=0xbfffb7f8 "ln\036\bln\036\b4n\036\b\006")
at /usr/src/php-4.3.3/main/main.c:615
#2 0x0812f29f in zend_error (type=8, format=0x8175460 "Use of
undefined constant %s - assumed '%s'")
at /usr/src/php-4.3.3/Zend/zend.c:751
#3 0x08140968 in execute (op_array=0x81e69ac) at
/usr/src/php-4.3.3/Zend/zend_execute.c:1989
#4 0x0813f58f in execute (op_array=0x81df29c) at
/usr/src/php-4.3.3/Zend/zend_execute.c:1660
#5 0x0812f778 in zend_execute_scripts (type=8, retval=0x0,
file_count=3) at /usr/src/php-4.3.3/Zend/zend.c:885
#6 0x080ffef5 in php_execute_script (primary_file=0xbfffdfa0) at
/usr/src/php-4.3.3/main/main.c:1723
#7 0x0814505e in main (argc=1, argv=0xbfffe034) at
/usr/src/php-4.3.3/sapi/cli/php_cli.c:818
#8 0x420158d4 in __libc_start_main () from /lib/i686/libc.so.6
Red Hat 8.0. configure:
./configure \
--disable-all \
--enable-debug \
\
--prefix=/usr/local \
--with-apache=/usr/src/apache_1.3.28 \
--with-oci8=/u01/app/oracle/product/8.1.7 \
\
--enable-cli \
--disable-cgi \
\
--enable-inline-optimization \
--enable-track-vars \
--enable-session \
--enable-trans-sid \
--without-mysql \
--without-pear \
--with-pcre-regex \
--enable-ftp \
--enable-posix \
--disable-short-tags \
--disable-xml \
\
--enable-sockets \
--with-xmlrpc \
Previous Comments:
------------------------------------------------------------------------
[2003-08-28 10:23:42] rehsack at liwing dot de
Sorry, misunderstood. Thought you've asked for php.ini.
# ./configure --enable-versioning --enable-memory-limit
--with-layout=GNU --with-zlib-dir=/usr --disable-all --with-regex=php
--disable-ipv6 --with-apxs=/usr/local/sbin/apxs --with-bz2=/usr
--with-dom=/usr/local --with-dom-xslt=/usr/local
--with-dom-exslt=/usr/local --with-gettext=/usr/local
--with-gmp=/usr/local --with-iconv=/usr/local --with-mcrypt=/usr/local
--with-mhash=/usr/local --with-mysql=/usr/local --with-ldap=/usr/local
--with-openssl=/usr --enable-pcntl --with-pcre-regex=yes --enable-posix
--with-readline --enable-session --enable-sockets --enable-sysvsem
--enable-sysvshm --enable-tokenizer --enable-xml
--with-expat-dir=/usr/local --with-xmlrpc --enable-xslt
--with-xslt-sablot=/usr/local --with-zlib=yes --prefix=/usr/local
i386-portbld-freebsd5.1
CC="cc"
CFLAGS="-O -pipe -g"
Addition: deaggregating from classes by adding name of
class to deaggregate doesn't dump.
------------------------------------------------------------------------
[2003-08-28 06:33:06] [EMAIL PROTECTED]
That script does not crash for me.
What was the configure line you used to configure PHP?
------------------------------------------------------------------------
[2003-08-28 06:32:15] [EMAIL PROTECTED]
<?php
class FDefaultContentAccess
{
function InitFDefaultContentAccess()
{
$this->Flags |= 1;
}
}
class FDirectContentAccess
{
function InitFDirectContentAccess()
{
$this->Flags |= 2;
$this->Flags &= ~3;
}
}
class FFilePhysicalAccess
{
var $Flags;
function FFilePhysicalAccess( )
{
aggregate( $this, "FDirectContentAccess" );
$this->InitFDirectContentAccess();
aggregate( $this, "FDefaultContentAccess" );
$this->InitFDefaultContentAccess();
}
function CleanUp()
{
fwrite( STDERR, "before deaggregate\n");
deaggregate( $this );
fwrite( STDERR, "after deaggregate\n");
}
} // end of class FFilePhysicalAccess
$inst = new FFilePhysicalAccess();
$inst->CleanUp();
?>
------------------------------------------------------------------------
[2003-08-27 11:35:16] rehsack at liwing dot de
Description:
------------
When I excecute a test-skript on my workstation, php crashs. The crash
is since php-4.3.3, prior releases or release candidates didn't.
The information from gdb are:
$ gdb --args php test/documenttest.php
GNU gdb 5.2.1 (FreeBSD)
Copyright 2002 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and
you are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for
details.
This GDB was configured as "i386-undermydesk-freebsd"...
(gdb) run
Starting program: /usr/local/bin/php test/documenttest.php
Program received signal SIGBUS, Bus error.
0x08146eb5 in _efree (ptr=0x8a8828c) at
/usr/ports/lang/php4/work/php-4.3.3/Zend/zend_alloc.c:259
259 REMOVE_POINTER_FROM_LIST(p);
(gdb) The program is running. Exit anyway? (y or n) y
[EMAIL PROTECTED] $ gdb --args php test/documenttest.php
GNU gdb 5.2.1 (FreeBSD)
Copyright 2002 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and
you are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for
details.
This GDB was configured as "i386-undermydesk-freebsd"...
(gdb) run
Starting program: /usr/local/bin/php test/documenttest.php
Program received signal SIGBUS, Bus error.
0x08146eb5 in _efree (ptr=0x8a8828c) at
/usr/ports/lang/php4/work/php-4.3.3/Zend/zend_alloc.c:259
259 REMOVE_POINTER_FROM_LIST(p);
(gdb) bt
#0 0x08146eb5 in _efree (ptr=0x8a8828c) at
/usr/ports/lang/php4/work/php-4.3.3/Zend/zend_alloc.c:259
#1 0x081545d1 in _zval_dtor (zvalue=0x8a88280) at
/usr/ports/lang/php4/work/php-4.3.3/Zend/zend_variables.c:61
#2 0x0814e03f in _zval_ptr_dtor (zval_ptr=0x8a88280) at
/usr/ports/lang/php4/work/php-4.3.3/Zend/zend_execute_API.c:291
#3 0x0816188b in execute (op_array=0x837ac0c) at
/usr/ports/lang/php4/work/php-4.3.3/Zend/zend_execute_locks.h:26
#4 0x081636b4 in execute (op_array=0x8261600) at
/usr/ports/lang/php4/work/php-4.3.3/Zend/zend_execute.c:1660
#5 0x081636b4 in execute (op_array=0x863ef0c) at
/usr/ports/lang/php4/work/php-4.3.3/Zend/zend_execute.c:1660
#6 0x081636b4 in execute (op_array=0x8397f8c) at
/usr/ports/lang/php4/work/php-4.3.3/Zend/zend_execute.c:1660
#7 0x081636b4 in execute (op_array=0x864530c) at
/usr/ports/lang/php4/work/php-4.3.3/Zend/zend_execute.c:1660
#8 0x081636b4 in execute (op_array=0x83b448c) at
/usr/ports/lang/php4/work/php-4.3.3/Zend/zend_execute.c:1660
#9 0x081636b4 in execute (op_array=0x83a3e8c) at
/usr/ports/lang/php4/work/php-4.3.3/Zend/zend_execute.c:1660
#10 0x081636b4 in execute (op_array=0x8982d8c) at
/usr/ports/lang/php4/work/php-4.3.3/Zend/zend_execute.c:1660
#11 0x081636b4 in execute (op_array=0x827610c) at
/usr/ports/lang/php4/work/php-4.3.3/Zend/zend_execute.c:1660
#12 0x081636b4 in execute (op_array=0x8276d8c) at
/usr/ports/lang/php4/work/php-4.3.3/Zend/zend_execute.c:1660
#13 0x081636b4 in execute (op_array=0x8990300) at
/usr/ports/lang/php4/work/php-4.3.3/Zend/zend_execute.c:1660
#14 0x081636b4 in execute (op_array=0x8964a0c) at
/usr/ports/lang/php4/work/php-4.3.3/Zend/zend_execute.c:1660
#15 0x081651e7 in execute (op_array=0x8945c0c) at
/usr/ports/lang/php4/work/php-4.3.3/Zend/zend_execute.c:2181
#16 0x081651e7 in execute (op_array=0x824598c) at
/usr/ports/lang/php4/work/php-4.3.3/Zend/zend_execute.c:2181
#17 0x081651e7 in execute (op_array=0x824578c) at
/usr/ports/lang/php4/work/php-4.3.3/Zend/zend_execute.c:2181
#18 0x081651e7 in execute (op_array=0x8232e8c) at
/usr/ports/lang/php4/work/php-4.3.3/Zend/zend_execute.c:2181
#19 0x08155feb in zend_execute_scripts (type=8, retval=0x0,
file_count=3) at /usr/ports/lang/php4/work/php-4.3.3/Zend/zend.c:885
#20 0x0812b0be in php_execute_script (primary_file=0xbfbff904) at
/usr/ports/lang/php4/work/php-4.3.3/main/main.c:1723
#21 0x0816a568 in main (argc=2, argv=0xbfbff964) at
/usr/ports/lang/php4/work/php-4.3.3/sapi/cli/php_cli.c:818
#22 0x0806c200 in _start ()
(gdb) display *p
1: *p = {pNext = 0xd0d0d0d0, pLast = 0xd0d0d0d0, size = 1355862224,
cached = 1}
(gdb) up
#1 0x081545d1 in _zval_dtor (zvalue=0x8a88280) at
/usr/ports/lang/php4/work/php-4.3.3/Zend/zend_variables.c:61
61
FREE_HASHTABLE(zvalue->value.obj.properties);
(gdb) display zvalue->value
2: zvalue->value = {lval = -791621424, dval = -1.993854408381186e+81,
str = {
val = 0xd0d0d0d0 <Error reading address 0xd0d0d0d0: Bad address>,
len = -791621424}, ht = 0xd0d0d0d0, obj = {ce = 0xd0d0d0d0,
properties = 0xd0d0d0d0}}
(gdb) up
#2 0x0814e03f in _zval_ptr_dtor (zval_ptr=0x8a88280) at
/usr/ports/lang/php4/work/php-4.3.3/Zend/zend_execute_API.c:291
291 zval_dtor(*zval_ptr);
(gdb) display *zval_ptr
3: *zval_ptr = (zval *) 0xd0d0d0d0
(gdb) up
#3 0x0816188b in execute (op_array=0x837ac0c) at
/usr/ports/lang/php4/work/php-4.3.3/Zend/zend_execute_locks.h:26
26
zval_ptr_dtor(&EG(garbage)[--EG(garbage_ptr)]);
(gdb) quit
Reproduce code:
---------------
Code is to long, but I can send a php.core file.
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=25275&edit=1
