From: mark-phpspam at vectrex dot org dot uk
Operating system: Linux
PHP version: 4.3.10
PHP Bug Type: Reproducible crash
Bug description: call_overloaded_function crashes under some circumstances
(DB_DataObject?)
Description:
------------
A crash which happens somewhere inside DB_DataObject when it's trying to
get stuff from MySQL. I don't know exactly where in PHP code, nor what
function it's calling at the time, but it might be just before or after
mysql_num_rows or is_a.
The only way I know to instrument it is using apd (a zend extension).
However, the bug is reproducable with no zend extensions.
The same code works correctly in PHP 4.3.8 with an identical config and
all other factors the same.
Config:
./configure --prefix=/home/mark/apache/php
--with-apxs2=/home/mark/apache/bin/apxs --with-curl --with-openssl
--with-gd --enable-mbstring --with-zlib --with-jpeg-dir=/usr
Apache version: 2.0.50
OS: Debian unstable, kernel 2.6.3 (if that makes a difference)
Reproduce code:
---------------
I have not isolated short code which can reproduce this, but it fails with
all my (large) apps which use DB_DataObject and MySQL.
I think it happens when calling DB_DataObject->fetch
Expected result:
----------------
It shouldn't crash
Actual result:
--------------
#0 call_overloaded_function (T=0xbfffc8ac, arg_count=-1073755988,
return_value=0xbfffc8ac)
at /home/mark/unpack/php-4.3.10/Zend/zend_execute.c:992
ce = (zend_class_entry *) 0x0
#1 0x40595fb0 in execute (op_array=0x82f2b20)
at /home/mark/unpack/php-4.3.10/Zend/zend_execute.c:1708
original_return_value = (zval **) 0x40417940
execute_data = {opline = 0x82f39f0, function_state = {
function_symbol_table = 0x81245c8, function = 0x836855c, reserved = {
0x4074b688, 0x81efb04, 0x5, 0xbfffccf8}}, fbc = 0x836855c, ce = 0x0,
object = {ptr = 0x81ef694}, Ts = 0xbfffc67c,
original_in_execution = 1 '\001', op_array = 0x82f2b20,
prev_execute_data = 0xbfffd0c0}
#2 0x40596184 in execute (op_array=0x81eef48)
at /home/mark/unpack/php-4.3.10/Zend/zend_execute.c:1686
calling_symbol_table = (HashTable *) 0x81efd74
original_return_value = (zval **) 0xbfffd220
execute_data = {opline = 0x81eecec, function_state = {
function_symbol_table = 0x8214fcc, function = 0x82f2b20, reserved = {
0x4074b688, 0xbfffd13c, 0xbfffd5a0, 0xbfffd118}}, fbc = 0x82f2b20,
ce = 0x0, object = {ptr = 0x0}, Ts = 0xbfffcd1c,
original_in_execution = 1 '\001', op_array = 0x81eef48,
prev_execute_data = 0xbfffd5c0}
#3 0x40596184 in execute (op_array=0x81e94ec)
at /home/mark/unpack/php-4.3.10/Zend/zend_execute.c:1686
calling_symbol_table = (HashTable *) 0x4076a0ec
original_return_value = (zval **) 0xbfffd638
execute_data = {opline = 0x81ed9d4, function_state = {
function_symbol_table = 0x81efd74, function = 0x81eef48, reserved = {
0x4074b688, 0x81e95d4, 0x0, 0xbfffd5f8}}, fbc = 0x81eef48, ce = 0x0,
object = {ptr = 0x0}, Ts = 0xbfffd13c, original_in_execution = 0 '\0',
op_array = 0x81e94ec, prev_execute_data = 0x0}
#4 0x40586231 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
at /home/mark/unpack/php-4.3.10/Zend/zend.c:900
files = 0xbfffd664 ""
i = 1
---Type <return> to continue, or q <return> to quit---
file_handle = (zend_file_handle *) 0xbffff860
orig_op_array = (zend_op_array *) 0x0
local_retval = (zval *) 0x0
#5 0x4055855f in php_execute_script (primary_file=0xbffff860)
at /home/mark/unpack/php-4.3.10/main/main.c:1736
orig_bailout = {{__jmpbuf = {1081390728, 1081516504, -1073743556,
-1073743528, -1073743984, 1079620072}, __mask_was_saved = 0,
__saved_mask = {__val = {0 <repeats 32 times>}}}}
orig_bailout_set = 1 '\001'
prepend_file_p = (zend_file_handle *) 0x0
append_file_p = (zend_file_handle *) 0x0
prepend_file = {type = 0 '\0', filename = 0x0, opened_path = 0x0,
handle = {fd = 0, fp = 0x0}, free_filename = 0 '\0'}
append_file = {type = 0 '\0', filename = 0x0, opened_path = 0x0,
handle = {fd = 0, fp = 0x0}, free_filename = 0 '\0'}
old_cwd = 0xbfffd66c "/home/mark/apache"
old_primary_file_path = 0x0
retval = 0
#6 0x4059b400 in php_handler (r=0x81e1668)
at
/home/mark/unpack/php-4.3.10/sapi/apache2handler/sapi_apache2.c:542
zfd = {type = 1 '\001',
filename = 0x81e29d8 "/home/mark/progs/listmanager/site/logon.php",
opened_path = 0x81e9604 "3�\202U\006", handle = {fd = 33, fp = 0x21},
free_filename = 0 '\0'}
ctx = (php_struct *) 0x81e3238
conf = (void *) 0xbfffc8ac
brigade = (apr_bucket_brigade *) 0x81e32b0
bucket = (apr_bucket *) 0xbfffc8ac
rv = -1073755988
parent_req = (request_rec *) 0x0
#7 0x0809b8d5 in ap_run_handler (r=0x81e1668) at config.c:151
pHook = (ap_LINK_handler_t *) 0xbfffc8ac
n = 6
rv = -1073755988
--
Edit bug report at http://bugs.php.net/?id=31252&edit=1
--
Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=31252&r=trysnapshot4
Try a CVS snapshot (php5.0):
http://bugs.php.net/fix.php?id=31252&r=trysnapshot50
Try a CVS snapshot (php5.1):
http://bugs.php.net/fix.php?id=31252&r=trysnapshot51
Fixed in CVS: http://bugs.php.net/fix.php?id=31252&r=fixedcvs
Fixed in release: http://bugs.php.net/fix.php?id=31252&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=31252&r=needtrace
Need Reproduce Script: http://bugs.php.net/fix.php?id=31252&r=needscript
Try newer version: http://bugs.php.net/fix.php?id=31252&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=31252&r=support
Expected behavior: http://bugs.php.net/fix.php?id=31252&r=notwrong
Not enough info:
http://bugs.php.net/fix.php?id=31252&r=notenoughinfo
Submitted twice:
http://bugs.php.net/fix.php?id=31252&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=31252&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=31252&r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=31252&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=31252&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=31252&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=31252&r=float
No Zend Extensions: http://bugs.php.net/fix.php?id=31252&r=nozend
MySQL Configuration Error: http://bugs.php.net/fix.php?id=31252&r=mysqlcfg
