From: [EMAIL PROTECTED] Operating system: Linux Redhat 6.2, 7.1 PHP version: 4.0.6 PHP Bug Type: Reproducible crash Bug description: Double efree bug in 4.0.6 pgsql.so makes NOTICE msgs crash httpd eventually
It's difficult to provide a short script for this since it's a storage problem - but it happens very consistently in our setup, eliminating the NOTICE messages caused the crashes to stop, and I believe I know where the bug is. Take a look at php-4.0.6/ext/pgsql/pgsql.c. Observe that it has a static pointer "last_notice" that holds a copy, allocated via estrdup, of the most recent PostgreSQL notice message. It frees this copy when it receives a new one. It tests the pointer against NULL to determine whether to free it - but after freeing it with efree, does not set the pointer to NULL again. Thus it is possible to call efree twice on the same storage. Since that storage may have been reallocated in other parts of the code, freeing it here can be (and is) disastrous if httpd runs long enough. I will create a test script that crashes consistently if necessary. -- Edit bug report at: http://bugs.php.net/?id=14016&edit=1 -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
