[PHP-DEV] PHP 4.0 Bug #9016: PHP/Apache seg fault when serializing complex objects

[dave . bonora]

From:             [EMAIL PROTECTED]
Operating system: RedHat 6.1
PHP version:      4.0.4pl1
PHP Bug Type:     Reproduceable crash
Bug description:  PHP/Apache seg fault when serializing complex objects


I'm getting segmentation faults whenever I use the serialize function to serialize a 
tree of objects.

Consider the following (these are similar structures to what I'm actually using that 
are causing the crash):

class TreeNode {
   var $subNodes;
   function &getSubNodes() { return $this->subNodes; }
   function &addSubNode($newSubNode) {
       $this->subNodes[] = $newSubNode;
       return $this->subNodes[count($this->subNodes) - 1];
   }
   function deleteSubNode($pos) {
       array_splice($this->subNodes, $pos, 1);
   }
}

class Data extends TreeNode {
   var $var1;
   var $var2;
   var $var3;
   var $var4;
   var $var5;
   var $var6;
   var $var7;
 
   var $varArray1 = array();  // array of objects
   var $varArray2 = array();  // assoc. array
   var $varArray3 = array();  // assoc. array
   var $varArray4 = array();  // assoc. array
   var $varArray5 = array();  // assoc. array

   // multiple get/set functions for properties
   function getVar1() { return $this->var1; }
   function setVar1($newVal) { $this->var1 = $newVal; }
   ...
   ...
}

Now, imagine starting with a base Data object...
   $base = new Data();
and adding other sub nodes to it...
   $sub1 = &$base->addSubNode(new Data());
   $sub2 = &$base->addSubNode(new Data());
   $sub3 = &$base->addSubNode(new Data());
and adding sub nodes to sub nodes...
   $sub1->addSubNode(new Data());
   $sub1->addSubNode(new Data());
   $sub1->addSubNode(new Data());
   $sub2->addSubNode(new Data());
   $sub3->addSubNode(new Data());
etc, etc... to where you end up with a tree structure.

The segmentation fault is occuring when I'm trying to serialize the tree structure 
using the 'serialize' function.
   serialize($base);

Here's the error I get while running ./httpd -X in gdb:
Program received signal SIGSEGV, Segmentation fault.
__libc_free (mem=0x54) at malloc.c:3005
3005   malloc.c: No such file or directory

After I get that error, the script continues to execute.  But, sometimes I get the 
following in different areas where serialize($base) is being used multiple times:

Program received signal SIGSEGV, Segmentation fault.
_efree (ptr=0x0) at zend_alloc.c:211
211         CALCULATE_REAL_SIZE_AND_CACHE_INDEX(p->size);

Here's the gdb backtrace:
#0  _efree (ptr=0x0) at zend_alloc.c:211
#1  0x80c667d in php_var_serialize (buf=0x82ecaf4, struc=0x8314e30,
    var_hash=0xbfff5c5c) at var.c:311
#2  0x80c68ba in php_var_serialize (buf=0x82ecaf4, struc=0x8314e70,
    var_hash=0xbfff5c5c) at var.c:349
#3  0x80c68ba in php_var_serialize (buf=0x82ecaf4, struc=0x8314ea8,
    var_hash=0xbfff5c5c) at var.c:349
#4  0x80c68ba in php_var_serialize (buf=0x82ecaf4, struc=0x8314ee8,
    var_hash=0xbfff5c5c) at var.c:349
#5  0x80c68ba in php_var_serialize (buf=0x82ecaf4, struc=0x82ec0f0,
    var_hash=0xbfff5c5c) at var.c:349
#6  0x80c68ba in php_var_serialize (buf=0x82ecaf4, struc=0x83181a0,
    var_hash=0xbfff5c5c) at var.c:349
#7  0x80c68ba in php_var_serialize (buf=0x82ecaf4, struc=0x8315720,
    var_hash=0xbfff5c5c) at var.c:349
#8  0x80c68ba in php_var_serialize (buf=0x82ecaf4, struc=0x81fd404,
    var_hash=0xbfff5c5c) at var.c:349
#9  0x80c71ec in php_if_serialize (ht=1, return_value=0x82ecaf4,
this_ptr=0x0,
    return_value_used=1) at var.c:631
#10 0x81048bc in execute (op_array=0x82d39c4) at ./zend_execute.c:1519
#11 0x8104aa1 in execute (op_array=0x8208650) at ./zend_execute.c:1559
#12 0x8104aa1 in execute (op_array=0x81ff41c) at ./zend_execute.c:1559
#13 0x80dee38 in zend_execute_scripts (type=8, file_count=3) at zend.c:729
#14 0x807d2d8 in php_execute_script (primary_file=0xbffffa24) at
main.c:1221
#15 0x80ea08e in apache_php_module_main (r=0x81e8144,
display_source_mode=0)
    at sapi_apache.c:89
#16 0x807aed6 in send_php ()
#17 0x807af08 in send_parsed_php ()
#18 0x810ea03 in ap_invoke_handler ()
#19 0x8121f39 in process_request_internal ()
#20 0x8121f9c in ap_process_request ()
#21 0x811983e in child_main ()
#22 0x81199cc in make_child ()
#23 0x8119b29 in startup_children ()
#24 0x811a156 in standalone_main ()
#25 0x811a8e3 in main ()
#26 0x400ad9cb in __libc_start_main (main=0x811a59c <main>, argc=2,
    argv=0xbffffbd4, init=0x8061e04 <_init>, fini=0x8147e7c <_fini>,
    rtld_fini=0x4000ae60 <_dl_fini>, stack_end=0xbffffbcc)
    at ../sysdeps/generic/libc-start.c:92


I'm using RedHat 6.1 / Apache 1.3.12 / PHP 4.0.4pl1
PHP is configured as a DSO
configure options for PHP are " --with-apxs=/usr/local/apache/bin/apxs --with-mysql 
--with-ftp --with-xml --enable-track-vars

Hope that helps.  I can try to create a script that can recreate the problem, but I've 
been unsuccessful in the couple of times I've already tried.  Let me know what else 
you need of me.


-- 
Edit Bug report at: http://bugs.php.net/?id=9016&edit=1



-- 
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]