ID: 27876
Comment by: robinv at ecosse dot net
Reported By: aashley at optimiser dot com
Status: Assigned
Bug Type: Zend Engine 2 problem
Operating System: Linux
PHP Version: 5CVS-2004-04-05 (dev)
Assigned To: andi
New Comment:
Simpler test case:
<?php
class TestClass
{
var $bar;
function TestClass()
{
list($foo) = $this->bar = array(1);
print $foo;
}
}
$testObject = new TestClass;
?>
running dbd on core dump:
[...]
Core was generated by `/home/robin/bin/php -f ../bug.php'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /lib/libcrypt.so.1...done.
Loaded symbols for /lib/libcrypt.so.1
Reading symbols from /lib/libresolv.so.2...done.
Loaded symbols for /lib/libresolv.so.2
Reading symbols from /lib/i686/libm.so.6...done.
Loaded symbols for /lib/i686/libm.so.6
Reading symbols from /lib/libdl.so.2...done.
Loaded symbols for /lib/libdl.so.2
Reading symbols from /lib/libnsl.so.1...done.
Loaded symbols for /lib/libnsl.so.1
Reading symbols from /lib/libz.so.1...done.
Loaded symbols for /lib/libz.so.1
Reading symbols from /usr/lib/libxml2.so.2...done.
Loaded symbols for /usr/lib/libxml2.so.2
Reading symbols from /lib/i686/libpthread.so.0...done.
Loaded symbols for /lib/i686/libpthread.so.0
Reading symbols from /lib/i686/libc.so.6...done.
Loaded symbols for /lib/i686/libc.so.6
Reading symbols from /lib/ld-linux.so.2...done.
Loaded symbols for /lib/ld-linux.so.2
#0 zend_mm_alloc (heap=0x81ec480, size=220) at
/home/robin/src/php-5.0.0RC1/Zend/zend_mm.c:308
308 if (p->size == true_size) {
(gdb) list
303 }
304 }
305 }
306
307 for (p = heap->free_buckets[0]; p; p =
p->next_free_block) {
308 if (p->size == true_size) {
309 best_fit = p;
310 break;
311 }
312 if ((p->size > true_size) && (!best_fit ||
(best_fit->size > p->size))) { /* better fit */
(gdb) print p
$1 = (zend_mm_free_block *) 0x33146c00
(gdb) print p->size
Cannot access memory at address 0x33146c00
(gdb) print best_fit
$2 = (zend_mm_free_block *) 0x40332cab
(gdb) print best_fit->size
$3 = 972800
(gdb) print true_size
$4 = 232
Previous Comments:
------------------------------------------------------------------------
[2004-04-09 11:38:51] aashley at optimiser dot com
I havent had much luck creating a simpler example so far. I'll have
another try tomorrow... errr later today.
------------------------------------------------------------------------
[2004-04-09 10:11:10] [EMAIL PROTECTED]
Please try and created a shorter reproducing script. I can't debug this
bug report otherwise.
------------------------------------------------------------------------
[2004-04-06 03:05:15] [EMAIL PROTECTED]
Zend Engine 2 related, assinging to Andi.
------------------------------------------------------------------------
[2004-04-05 22:49:05] aashley at optimiser dot com
Description:
------------
When testing our site in PHP5 I can across a repeatable segmentation
fault whenever the HTML_QuickForm_Controller::run() function was
called. The problem was tracked to line 131 of Controller.php in
HTML_QuickForm_Controller 1.0.2. The problem occured in both
PHP-5.0.0-RC1 and the php5-200404041830 snapshot. I have unfortunatly
been unable to create a simpler test case that causes the problem
however it is readily repeatable in HTML_QuickForm_Controller.
Reproduce code:
---------------
Problem Line 131:
list($page, $action) = $this->_actionName = $this->getActionName();
Changing the line to this prevents this problem from occuring.
$this->_actionName = $this->getActionName();
list($page, $action) = $this->_actionName;
Expected result:
----------------
$page and $action are set to the first and second items in the array
respectivly
Actual result:
--------------
segmentation fault.
#0 0x40849f31 in zend_fetch_dim_r_handler (execute_data=0xbfffcdb0,
opline=0x413d5814, op_array=0x413d35e4)
at /root/php5-200404041830/Zend/zend_execute.c:58
#1 0x408485e8 in execute (op_array=0x413d35e4) at
/root/php5-200404041830/Zend/zend_execute.c:1391
#2 0x4084be09 in zend_do_fcall_common_helper (execute_data=0xbfffd330,
opline=0x413d28d0, op_array=0x413b8dbc)
at /root/php5-200404041830/Zend/zend_execute.c:2728
#3 0x4084c113 in zend_do_fcall_by_name_handler
(execute_data=0xbfffcc2c, opline=0x0, op_array=0x0)
at /root/php5-200404041830/Zend/zend_execute.c:2810
#4 0x408485e8 in execute (op_array=0x413b8dbc) at
/root/php5-200404041830/Zend/zend_execute.c:1391
#5 0x40829bff in zend_execute_scripts (type=8, retval=0x0,
file_count=3) at /root/php5-200404041830/Zend/zend.c:1057
#6 0x407efc9f in php_execute_script (primary_file=0xbffff5e0) at
/root/php5-200404041830/main/main.c:1630
#7 0x40853954 in php_handler (r=0x82510f8) at
/root/php5-200404041830/sapi/apache2handler/sapi_apache2.c:556
#8 0x080692e1 in ap_invoke_handler ()
#9 0x080664bf in ap_process_request ()
#10 0x08060e27 in _start ()
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=27876&edit=1
