From: sebastian Operating system: Linux PHP version: 5.3SVN-2010-10-24 (SVN) Package: Scripting Engine problem Bug Type: Bug Bug description:Segfault in zend_hash_get_current_data_ex
Description: ------------ I can only reproduce this with PHPUnit and the Symfony2 testsuite. Expected result: ---------------- No segfault. Actual result: -------------- GNU gdb (GDB) 7.1-ubuntu Copyright (C) 2010 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-linux-gnu". For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>... Reading symbols from /usr/local/php-5.3/bin/php...done. (gdb) r /usr/local/bin/phpunit --filter CrawlerTest::testClear Starting program: /usr/local/php-5.3/bin/php /usr/local/bin/phpunit --filter CrawlerTest::testClear [Thread debugging using libthread_db enabled] PHPUnit @package_version@ by Sebastian Bergmann. Program received signal SIGSEGV, Segmentation fault. 0x0000000000955383 in zend_hash_get_current_data_ex (ht=0x54892f8, pData=0x7fffffffb9a0, pos=0x7fffffffb998) at /usr/local/src/php/src/branches/PHP_5_3/Zend/zend_hash.c:1166 1166 *pData = p->pData; (gdb) bt #0 0x0000000000955383 in zend_hash_get_current_data_ex (ht=0x54892f8, pData=0x7fffffffb9a0, pos=0x7fffffffb998) at /usr/local/src/php/src/branches/PHP_5_3/Zend/zend_hash.c:1166 #1 0x0000000000797dbb in zim_spl_SplObjectStorage_removeAll (ht=1, return_value=0x5476948, return_value_ptr=0x0, this_ptr=0x5476de8, return_value_used=0) at /usr/local/src/php/src/branches/PHP_5_3/ext/spl/spl_observer.c:424 #2 0x0000000000979b35 in zend_do_fcall_common_helper_SPEC (execute_data=0x7ffff7e7dd08) at /usr/local/src/php/src/branches/PHP_5_3/Zend/zend_vm_execute.h:316 #3 0x000000000097a2c0 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0x7ffff7e7dd08) at /usr/local/src/php/src/branches/PHP_5_3/Zend/zend_vm_execute.h:421 #4 0x0000000000978eea in execute (op_array=0x5478880) at /usr/local/src/php/src/branches/PHP_5_3/Zend/zend_vm_execute.h:107 #5 0x0000000000932ba0 in zend_call_function (fci=0x7fffffffbd20, fci_cache=0x7fffffffbd70) at /usr/local/src/php/src/branches/PHP_5_3/Zend/zend_execute_API.c:964 #6 0x00000000006f6efc in zim_reflection_method_invokeArgs (ht=2, return_value=0x5476f78, return_value_ptr=0x0, this_ptr=0x5477420, return_value_used=1) at /usr/local/src/php/src/branches/PHP_5_3/ext/reflection/php_reflection.c:2738 #7 0x0000000000979b35 in zend_do_fcall_common_helper_SPEC (execute_data=0x7ffff7e7cea8) at /usr/local/src/php/src/branches/PHP_5_3/Zend/zend_vm_execute.h:316 #8 0x000000000097a2c0 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0x7ffff7e7cea8) at /usr/local/src/php/src/branches/PHP_5_3/Zend/zend_vm_execute.h:421 #9 0x0000000000978eea in execute (op_array=0x4bb6c18) at /usr/local/src/php/src/branches/PHP_5_3/Zend/zend_vm_execute.h:107 #10 0x0000000000943599 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /usr/local/src/php/src/branches/PHP_5_3/Zend/zend.c:1194 #11 0x00000000008c3e34 in php_execute_script (primary_file=0x7fffffffe4a0) at /usr/local/src/php/src/branches/PHP_5_3/main/main.c:2260 #12 0x0000000000a3083a in main (argc=4, argv=0x7fffffffe708) at /usr/local/src/php/src/branches/PHP_5_3/sapi/cli/php_cli.c:1193 ==16795== Memcheck, a memory error detector ==16795== Copyright (C) 2002-2009, and GNU GPL'd, by Julian Seward et al. ==16795== Using Valgrind-3.6.0.SVN-Debian and LibVEX; rerun with -h for copyright info ==16795== Command: /usr/local/php-5.3/bin/php /usr/local/bin/phpunit --filter CrawlerTest::testClear ==16795== Parent PID: 18102 ==16795== ==16795== Invalid read of size 8 ==16795== at 0x955141: zend_hash_move_forward_ex (zend_hash.c:1089) ==16795== by 0x797D9F: zim_spl_SplObjectStorage_removeAll (spl_observer.c:426) ==16795== by 0x979B34: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:316) ==16795== by 0x97A2BF: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:421) ==16795== by 0x978EE9: execute (zend_vm_execute.h:107) ==16795== by 0x932B9F: zend_call_function (zend_execute_API.c:964) ==16795== by 0x6F6EFB: zim_reflection_method_invokeArgs (php_reflection.c:2738) ==16795== by 0x979B34: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:316) ==16795== by 0x97A2BF: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:421) ==16795== by 0x978EE9: execute (zend_vm_execute.h:107) ==16795== by 0x943598: zend_execute_scripts (zend.c:1194) ==16795== by 0x8C3E33: php_execute_script (main.c:2260) ==16795== Address 0xd4bbfd0 is 32 bytes inside a block of size 87 free'd ==16795== at 0x4C270BD: free (vg_replace_malloc.c:366) ==16795== by 0x91B7D5: _efree (zend_alloc.c:2348) ==16795== by 0x953A20: zend_hash_del_key_or_index (zend_hash.c:505) ==16795== by 0x79726A: spl_object_storage_detach (spl_observer.c:179) ==16795== by 0x797D88: zim_spl_SplObjectStorage_removeAll (spl_observer.c:425) ==16795== by 0x979B34: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:316) ==16795== by 0x97A2BF: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:421) ==16795== by 0x978EE9: execute (zend_vm_execute.h:107) ==16795== by 0x932B9F: zend_call_function (zend_execute_API.c:964) ==16795== by 0x6F6EFB: zim_reflection_method_invokeArgs (php_reflection.c:2738) ==16795== by 0x979B34: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:316) ==16795== by 0x97A2BF: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:421) ==16795== ==16795== ==16795== HEAP SUMMARY: ==16795== in use at exit: 52,294 bytes in 1,629 blocks ==16795== total heap usage: 3,172,159 allocs, 3,170,530 frees, 236,918,334 bytes allocated ==16795== ==16795== 32 bytes in 1 blocks are definitely lost in loss record 19 of 89 ==16795== at 0x4C274A8: malloc (vg_replace_malloc.c:236) ==16795== by 0x91B75C: _emalloc (zend_alloc.c:2338) ==16795== by 0x97B6E8: ZEND_RECV_INIT_SPEC_CONST_HANDLER (zend_vm_execute.h:817) ==16795== by 0x978EE9: execute (zend_vm_execute.h:107) ==16795== by 0x943598: zend_execute_scripts (zend.c:1194) ==16795== by 0x8C3E33: php_execute_script (main.c:2260) ==16795== by 0xA30839: main (php_cli.c:1193) ==16795== ==16795== 96 bytes in 3 blocks are definitely lost in loss record 33 of 89 ==16795== at 0x4C274A8: malloc (vg_replace_malloc.c:236) ==16795== by 0x91B75C: _emalloc (zend_alloc.c:2338) ==16795== by 0x97A675: ZEND_NEW_SPEC_HANDLER (zend_vm_execute.h:475) ==16795== by 0x978EE9: execute (zend_vm_execute.h:107) ==16795== by 0x943598: zend_execute_scripts (zend.c:1194) ==16795== by 0x8C3E33: php_execute_script (main.c:2260) ==16795== by 0xA30839: main (php_cli.c:1193) ==16795== ==16795== 532 (32 direct, 500 indirect) bytes in 1 blocks are definitely lost in loss record 60 of 89 ==16795== at 0x4C274A8: malloc (vg_replace_malloc.c:236) ==16795== by 0x91B75C: _emalloc (zend_alloc.c:2338) ==16795== by 0x8D7701: php_build_argv (php_variables.c:474) ==16795== by 0x8D866C: php_hash_environment (php_variables.c:738) ==16795== by 0x8C25E2: php_request_startup (main.c:1440) ==16795== by 0xA306EA: main (php_cli.c:1089) ==16795== ==16795== 4,586 (232 direct, 4,354 indirect) bytes in 1 blocks are definitely lost in loss record 88 of 89 ==16795== at 0x4C274A8: malloc (vg_replace_malloc.c:236) ==16795== by 0x91B75C: _emalloc (zend_alloc.c:2338) ==16795== by 0x8FA99B: compile_file (zend_language_scanner.l:324) ==16795== by 0x6D7ED3: phar_compile_file (phar.c:3393) ==16795== by 0x9434B2: zend_execute_scripts (zend.c:1186) ==16795== by 0x8C3E33: php_execute_script (main.c:2260) ==16795== by 0xA30839: main (php_cli.c:1193) ==16795== ==16795== LEAK SUMMARY: ==16795== definitely lost: 392 bytes in 6 blocks ==16795== indirectly lost: 4,854 bytes in 37 blocks ==16795== possibly lost: 0 bytes in 0 blocks ==16795== still reachable: 47,048 bytes in 1,586 blocks ==16795== suppressed: 0 bytes in 0 blocks ==16795== Reachable blocks (those to which a pointer was found) are not shown. ==16795== To see them, rerun with: --leak-check=full --show-reachable=yes ==16795== ==16795== For counts of detected and suppressed errors, rerun with: -v ==16795== ERROR SUMMARY: 5 errors from 5 contexts (suppressed: 6 from 6) -- Edit bug report at http://bugs.php.net/bug.php?id=53144&edit=1 -- Try a snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=53144&r=trysnapshot52 Try a snapshot (PHP 5.3): http://bugs.php.net/fix.php?id=53144&r=trysnapshot53 Try a snapshot (trunk): http://bugs.php.net/fix.php?id=53144&r=trysnapshottrunk Fixed in SVN: http://bugs.php.net/fix.php?id=53144&r=fixed Fixed in SVN and need be documented: http://bugs.php.net/fix.php?id=53144&r=needdocs Fixed in release: http://bugs.php.net/fix.php?id=53144&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=53144&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=53144&r=needscript Try newer version: http://bugs.php.net/fix.php?id=53144&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=53144&r=support Expected behavior: http://bugs.php.net/fix.php?id=53144&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=53144&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=53144&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=53144&r=globals PHP 4 support discontinued: http://bugs.php.net/fix.php?id=53144&r=php4 Daylight Savings: http://bugs.php.net/fix.php?id=53144&r=dst IIS Stability: http://bugs.php.net/fix.php?id=53144&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=53144&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=53144&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=53144&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=53144&r=mysqlcfg
