Hi, further debugging reveals: REMOVE_POINTER_FROM_LIST(ptr) expands to
0 if (ptr==(alloc_globals.head)) {
1 (alloc_globals.head) = ptr->pNext;
2 } else {
3 ptr->pLast->pNext = ptr->pNext;
4 }
5
6 if (ptr->pNext) {
7 ptr->pNext->pLast = ptr->pLast;
8 }
The first condition [0] is false, so [3] gets executed. gdb says
that ptr->pLast == 0x10:
(gdb) p ptr->pLast
$9 = (struct _zend_mem_header *) 0x10
(gdb) p ptr->pLast->pNext
Cannot access memory at address 0x10
So this must be the cause of the segmentation fault. A workaround that
comes to mind is to #define ZEND_DISABLE_MEMORY_CACHE 1 but I don't
know if that may have serious performance implications.
Cheers,
Jörg
--
Joerg "joergland" Wendland | http://www.wendlandnet.de/joerg/
GPG: 51CF8417 FP: 79C0 7671 AFC7 315E 657A F318 57A3 7FBD 51CF 8417
signature.asc
Description: Digital signature
