From: [EMAIL PROTECTED]
Operating system: Linux 2 2.16
PHP version: 4.0.6
PHP Bug Type: Reproducible crash
Bug description: Disturbing memory corruption/crash
I've been attemping to track down a case of memory corruption that showed
itself with 'new ClassName' returning null or 'gettype()' on the result
returning a garbage string. I'm using php as a module with apache, and with
the zend optimiser, although the effect is the same with or without the
optimiser enabled. Apart from other bugs in 4.0.6 that I've reported, up
until now things have been fine with some largish runs of up to a few 1000
lines of code.
Whilst this is reproduceable 100% with my application, unfortunately I
can't contribute a smaller program yet to demonstrate this despite various
attempts, but I'll try some more on this as there's not a lot to go on
otherwise. Perhaps someone can do a purify run with a solaris build?
The effect of getting a null result from new or garbage from gettype()
first showed when new'ing a trivial class before one that amongst other
things used shared memory and semaphores via the put_var/get_var routine
family. Something that has aparantly been working well and flawlessly so
far. It was the result of newing the complex class that was corrupted.
Curiously, moving the trivial (empty) class construction after the more
complex one 'cured' the problem.
The complex constructor was calling a function returning array data by
reference that came from calling a function that returned array data by
value. This had been obtained via shm_get_var. Another change that made the
problem disappear was to return the data either by value or by reference in
*both* cases, although performance analysis showed this to be slower in
both cases.
The presumed crash (the browser lost its connection to the server) occured
when I called the function twice that ultimately returned the data from
shared memory. Again this didn't happen when returning consistently by
value or reference.
Of course the workarounds don't mean that the problem wasn't still
happening, but perhaps that what is probably corruption didn't have an
impact at that point.
So the problem may be related to the use of the sem and shm routines,
returning 300 element associative arrays of integer to strings by a mixture
or reference/value or something else. It may also be in the code outside of
php of course.
Sorry that I can't give more to go on but there is most definitely a
problem lurking somewhere.
Please feel free to email me with any things that I might try to get a
further handle on the problem with my own application in the (currently
likely) event that I can't reproduce with a simpler application.
For library versions, ldd on httpd gives the following:
libpam.so.0 => /lib/libpam.so.0 (0x40019000)
libdl.so.2 => /lib/libdl.so.2 (0x40021000)
libz.so.1 => /usr/lib/libz.so.1 (0x40025000)
libcrypt.so.1 => /lib/libcrypt.so.1 (0x40034000)
libresolv.so.2 => /lib/libresolv.so.2 (0x40061000)
libm.so.6 => /lib/libm.so.6 (0x40070000)
libnsl.so.1 => /lib/libnsl.so.1 (0x4008e000)
libgdbm.so.2 => /usr/lib/libgdbm.so.2 (0x400a5000)
libc.so.6 => /lib/libc.so.6 (0x400ac000)
/lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)
Cheers,
Nick
--
Edit bug report at: http://bugs.php.net/?id=12448&edit=1
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
