Edit report at http://bugs.php.net/bug.php?id=52389&edit=1
ID: 52389 Comment by: clint at ubuntu dot com Reported by: miroslav dot zacek at skype dot net Summary: Memory (de)allocation problem for pgsql notices Status: Open Type: Bug Package: PostgreSQL related Operating System: Linux (Kubuntu) PHP Version: 5.3.2 Block user comment: N New Comment: I've not seen the segfault that Miroslav is reporting. However, I applied the patch to the latest version of php in Ubuntu (5.3.3- ubuntu4) and there was no problem running phppgadmin as ethan suggests. I would guess Ethan's problem is more likely this one: https://sourceforge.net/tracker/? func=detail&aid=2954087&group_id=37132&atid=418980 Which basically says that phppgadmin won't support php 5.3 in their stable tree. Previous Comments: ------------------------------------------------------------------------ [2010-08-03 00:04:45] ethan at remindercall dot com I've applied this patch to the 5.3.2 sources and it causes new problems - PHPPgAdmin doesn't even function with the patch applied. ------------------------------------------------------------------------ [2010-08-02 10:10:42] miroslav dot zacek at skype dot net GNU gdb (GDB) 7.1-ubuntu Copyright (C) 2010 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-linux-gnu". For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>... Reading symbols from /usr/sbin/apache2...done. (gdb) handle SIG33 pass nostop noprint Signal Stop Print Pass to program Description SIG33 No No Yes Real-time event 33 (gdb) set pagination 0 (gdb) run Starting program: /usr/sbin/apache2 -k start -X [Thread debugging using libthread_db enabled] [New Thread 0x7fffe9619710 (LWP 1339)] [Thread 0x7fffe9619710 (LWP 1339) exited] Program received signal SIGSEGV, Segmentation fault. 0x00007ffff3d98343 in _zend_mm_free_canary_int (heap=0x7ffff83fdca0, p=0x37000000d1) at /build/buildd/php5-5.3.2/Zend/zend_alloc_canary.c:2090 2090 SUHOSIN_MM_CHECK_CANARIES(mm_block, "efree()"); (gdb) backtrace full #0 0x00007ffff3d98343 in _zend_mm_free_canary_int (heap=0x7ffff83fdca0, p=0x37000000d1) at /build/buildd/php5-5.3.2/Zend/zend_alloc_canary.c:2090 p = 0x7ffff3d79bc0 "H\203\354\bH\213GHH\205\300t\017\213\267\230" mm_block = 0x7ffff91a00d0 next_block = 0x7ffff3d79bc0 size = 4165624496 #1 0x00007fffebee2761 in _php_pgsql_notice_ptr_dtor (ptr=0x7ffff83fdca0) at /build/buildd/php5-5.3.2/ext/pgsql/pgsql.c:835 notice = 0x7ffff87ad648 #2 0x00007ffff3d84b98 in zend_hash_clean (ht=0x7fffec0f9168) at /build/buildd/php5-5.3.2/Zend/zend_hash.c:753 p = 0x7ffff9298b50 #3 0x00007fffebee9410 in zm_deactivate_pgsql (type=-130032480, module_number=209) at /build/buildd/php5-5.3.2/ext/pgsql/pgsql.c:1034 No locals. #4 0x00007ffff3d79bdc in module_registry_cleanup (module=0x7ffff83fdca0) at /build/buildd/php5-5.3.2/Zend/zend_API.c:2150 No locals. #5 0x00007ffff3d84734 in zend_hash_reverse_apply (ht=0x7ffff44701c0, apply_func=0x7ffff3d79bc0 <module_registry_cleanup>) at /build/buildd/php5-5.3.2/Zend/zend_hash.c:957 result = 0 p = 0x7ffff84a62b0 #6 0x00007ffff3d7864d in zend_deactivate_modules () at /build/buildd/php5-5.3.2/Zend/zend.c:938 __orig_bailout = 0x0 __bailout = {{__jmpbuf = {0, 0, 4098291904, 32767, 3240731330, 2033281132, 4167622472, 32767}, __mask_was_saved = 793223874, __saved_mask = {__val = {0, 32767, 0, 0, 1, 4294967295, 4162878232, 32767, 0, 0, 0, 0, 4179820304, 32767, 4294958864, 1836}}}} __orig_bailout = 0x0 __bailout = {{__jmpbuf = {0, 0, 4098291904, 32767, 3240731330, 2033281132, 4167622472, 32767}, __mask_was_saved = 793223874, __saved_mask = {__val = {0, 32767, 0, 0, 1, 4294967295, 4162878232, 32767, 0, 0, 0, 0, 4179820304, 32767, 4294958864, 1836}}}} #7 0x00007ffff3d24565 in php_request_shutdown (dummy=0x7ffff83fdca0) at /build/buildd/php5-5.3.2/main/main.c:1623 report_memleaks = 0 '\000' #8 0x00007ffff3e04dc7 in php_handler (r=0x7ffff3e04dc7) at /build/buildd/php5-5.3.2/sapi/apache2handler/sapi_apache2.c:512 ctx = 0x7ffff91b5b08 conf = 0x7ffff868df48 brigade = 0x0 bucket = 0x679b8d7abd51d2 rv = 2059227602 parent_req = 0x1 #9 0x00007ffff7fd6140 in ap_run_handler (r=0x7ffff868df48) at /build/buildd/apache2-2.2.14/server/config.c:159 n = 3 rv = 2059227602 #10 0x00007ffff7fd9aa8 in ap_invoke_handler (r=0x7ffff868df48) at /build/buildd/apache2-2.2.14/server/config.c:373 handler = 0x0 result = 0 old_handler = 0x7ffff83747d0 "application/x-httpd-php" ignore = <value optimized out> #11 0x00007ffff7fe749c in ap_internal_redirect (new_uri=<value optimized out>, r=<value optimized out>) at /build/buildd/apache2-2.2.14/modules/http/http_request.c:501 new = 0x7ffff868df48 access_status = 2059227602 #12 0x00007ffff7fe7517 in ap_process_request (r=0x7ffff86937c8) at /build/buildd/apache2-2.2.14/modules/http/http_request.c:296 access_status = 2059227602 #13 0x00007ffff7fe4528 in ap_process_http_connection (c=0x7ffff8683648) at /build/buildd/apache2-2.2.14/modules/http/http_core.c:190 r = 0x7ffff86937c8 csd = 0x7ffff8683458 #14 0x00007ffff7fddcf8 in ap_run_process_connection (c=0x7ffff8683648) at /build/buildd/apache2-2.2.14/server/connection.c:43 n = 1 rv = 2059227602 #15 0x00007ffff7fec037 in child_main (child_num_arg=<value optimized out>) at /build/buildd/apache2-2.2.14/server/mpm/prefork/prefork.c:662 current_conn = <value optimized out> csd = 0x7ffff8683458 ptrans = 0x7ffff86833d8 allocator = 0x7ffff86812d0 status = <value optimized out> i = <value optimized out> lr = <value optimized out> pollset = 0x7ffff8681470 sbh = 0x7ffff8681468 bucket_alloc = 0x7ffff86856d8 last_poll_idx = 0 #16 0x00007ffff7fec306 in make_child (s=0x7ffff8214938, slot=0) at /build/buildd/apache2-2.2.14/server/mpm/prefork/prefork.c:702 No locals. #17 0x00007ffff7fec953 in ap_mpm_run (_pconf=<value optimized out>, plog=<value optimized out>, s=<value optimized out>) at /build/buildd/apache2-2.2.14/server/mpm/prefork/prefork.c:978 index = <value optimized out> remaining_children_to_start = <value optimized out> rv = <value optimized out> #18 0x00007ffff7fc2350 in main (argc=4, argv=0x7fffffffe728) at /build/buildd/apache2-2.2.14/server/main.c:742 c = 88 'X' configtestonly = <value optimized out> confname = 0x7ffff7fee92b "/etc/apache2/apache2.conf" def_server_root = 0x7ffff7ff252b "" temp_error_log = 0x0 error = <value optimized out> process = 0x7ffff820c220 server_conf = 0x7ffff8214938 pglobal = 0x7ffff820c128 pconf = 0x7ffff820e138 plog = 0x7ffff82422d8 ptemp = 0x7ffff8216178 pcommands = 0x7ffff8210148 opt = 0x7ffff8210240 rv = <value optimized out> mod = <value optimized out> optarg = 0x0 (gdb) info registers rax 0x679b8d7abd51d2 29162954553119186 rbx 0x7ffff83fdca0 140737358322848 rcx 0x7ffff7f8b000 140737353658368 rdx 0xb495beeed0237dbf -5434227442449154625 rsi 0x37000000d1 236223201489 rdi 0x7ffff83fdca0 140737358322848 rbp 0x37000000d1 0x37000000d1 rsp 0x7fffffffdd40 0x7fffffffdd40 r8 0x7ffff83feba0 140737358326688 r9 0x0 0 r10 0x0 0 r11 0x728 1832 r12 0x7ffff91a00d0 140737372618960 r13 0x7ffff3d79bc0 140737284381632 r14 0x7ffff84a62b0 140737359012528 r15 0x7ffff8207b18 140737356266264 rip 0x7ffff3d98343 0x7ffff3d98343 <_zend_mm_free_canary_int+51> eflags 0x10206 [ PF IF RF ] cs 0x33 51 ss 0x2b 43 ds 0x0 0 es 0x0 0 fs 0x0 0 gs 0x0 0 (gdb) x/16i $pc => 0x7ffff3d98343 <_zend_mm_free_canary_int+51>: cmp %rax,-0x28(%rsi) 0x7ffff3d98347 <_zend_mm_free_canary_int+55>: lea -0x28(%rsi),%r12 0x7ffff3d9834b <_zend_mm_free_canary_int+59>: mov -0x20(%rsi),%r14 0x7ffff3d9834f <_zend_mm_free_canary_int+63>: mov -0x10(%rsi),%r13 0x7ffff3d98353 <_zend_mm_free_canary_int+67>: je 0x7ffff3d98460 <_zend_mm_free_canary_int+336> 0x7ffff3d98359 <_zend_mm_free_canary_int+73>: mov 0x6b25f8(%rip),%rcx # 0x7ffff444a958 0x7ffff3d98360 <_zend_mm_free_canary_int+80>: xor %eax,%eax 0x7ffff3d98362 <_zend_mm_free_canary_int+82>: mov %r12,%rdx 0x7ffff3d98365 <_zend_mm_free_canary_int+85>: lea 0x402bf4(%rip),%rsi # 0x7ffff419af60 0x7ffff3d9836c <_zend_mm_free_canary_int+92>: mov $0x1,%edi 0x7ffff3d98371 <_zend_mm_free_canary_int+97>: callq *(%rcx) 0x7ffff3d98373 <_zend_mm_free_canary_int+99>: mov $0x2,%edi 0x7ffff3d98378 <_zend_mm_free_canary_int+104>: callq 0x7ffff3d39650 <suhosin_get_config> 0x7ffff3d9837d <_zend_mm_free_canary_int+109>: test %al,%al 0x7ffff3d9837f <_zend_mm_free_canary_int+111>: je 0x7ffff3d98506 <_zend_mm_free_canary_int+502> 0x7ffff3d98385 <_zend_mm_free_canary_int+117>: mov 0x8a8(%rbx),%rax (gdb) thread apply all backtrace Thread 1 (Thread 0x7ffff7f61740 (LWP 1335)): #0 0x00007ffff3d98343 in _zend_mm_free_canary_int (heap=0x7ffff83fdca0, p=0x37000000d1) at /build/buildd/php5-5.3.2/Zend/zend_alloc_canary.c:2090 #1 0x00007fffebee2761 in _php_pgsql_notice_ptr_dtor (ptr=0x7ffff83fdca0) at /build/buildd/php5-5.3.2/ext/pgsql/pgsql.c:835 #2 0x00007ffff3d84b98 in zend_hash_clean (ht=0x7fffec0f9168) at /build/buildd/php5-5.3.2/Zend/zend_hash.c:753 #3 0x00007fffebee9410 in zm_deactivate_pgsql (type=-130032480, module_number=209) at /build/buildd/php5-5.3.2/ext/pgsql/pgsql.c:1034 #4 0x00007ffff3d79bdc in module_registry_cleanup (module=0x7ffff83fdca0) at /build/buildd/php5-5.3.2/Zend/zend_API.c:2150 #5 0x00007ffff3d84734 in zend_hash_reverse_apply (ht=0x7ffff44701c0, apply_func=0x7ffff3d79bc0 <module_registry_cleanup>) at /build/buildd/php5-5.3.2/Zend/zend_hash.c:957 #6 0x00007ffff3d7864d in zend_deactivate_modules () at /build/buildd/php5-5.3.2/Zend/zend.c:938 #7 0x00007ffff3d24565 in php_request_shutdown (dummy=0x7ffff83fdca0) at /build/buildd/php5-5.3.2/main/main.c:1623 #8 0x00007ffff3e04dc7 in php_handler (r=0x7ffff3e04dc7) at /build/buildd/php5-5.3.2/sapi/apache2handler/sapi_apache2.c:512 #9 0x00007ffff7fd6140 in ap_run_handler (r=0x7ffff868df48) at /build/buildd/apache2-2.2.14/server/config.c:159 #10 0x00007ffff7fd9aa8 in ap_invoke_handler (r=0x7ffff868df48) at /build/buildd/apache2-2.2.14/server/config.c:373 #11 0x00007ffff7fe749c in ap_internal_redirect (new_uri=<value optimized out>, r=<value optimized out>) at /build/buildd/apache2-2.2.14/modules/http/http_request.c:501 #12 0x00007ffff7fe7517 in ap_process_request (r=0x7ffff86937c8) at /build/buildd/apache2-2.2.14/modules/http/http_request.c:296 #13 0x00007ffff7fe4528 in ap_process_http_connection (c=0x7ffff8683648) at /build/buildd/apache2-2.2.14/modules/http/http_core.c:190 #14 0x00007ffff7fddcf8 in ap_run_process_connection (c=0x7ffff8683648) at /build/buildd/apache2-2.2.14/server/connection.c:43 #15 0x00007ffff7fec037 in child_main (child_num_arg=<value optimized out>) at /build/buildd/apache2-2.2.14/server/mpm/prefork/prefork.c:662 #16 0x00007ffff7fec306 in make_child (s=0x7ffff8214938, slot=0) at /build/buildd/apache2-2.2.14/server/mpm/prefork/prefork.c:702 #17 0x00007ffff7fec953 in ap_mpm_run (_pconf=<value optimized out>, plog=<value optimized out>, s=<value optimized out>) at /build/buildd/apache2-2.2.14/server/mpm/prefork/prefork.c:978 #18 0x00007ffff7fc2350 in main (argc=4, argv=0x7fffffffe728) at /build/buildd/apache2-2.2.14/server/main.c:742 (gdb) l 2085 } 2086 2087 mm_block = ZEND_MM_HEADER_OF(p); 2088 size = ZEND_MM_BLOCK_SIZE(mm_block); 2089 #if SUHOSIN_PATCH 2090 SUHOSIN_MM_CHECK_CANARIES(mm_block, "efree()"); 2091 #endif 2092 ZEND_MM_CHECK_PROTECTION(mm_block); 2093 2094 #if ZEND_DEBUG || ZEND_MM_HEAP_PROTECTION ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/bug.php?id=52389 -- Edit this bug report at http://bugs.php.net/bug.php?id=52389&edit=1
