From: sebastian Operating system: Linux PHP version: trunk-SVN-2010-11-18 (SVN) Package: Reproducible crash Bug Type: Bug Bug description:Segfault in zend_is_inconsistent()
Description: ------------ PHP 5.3.99 (current trunk) segfaults in zend_is_inconsistent(). Test script: --------------- The segfault is triggered by code that is part of ezcConsoleTools, for instance by just invoking phploc on the commandline. Unfortunately, I was not able to reduce this further, yet. Expected result: ---------------- No segfault. Actual result: -------------- s...@thinkpad ~ % USE_ZEND_ALLOC=0 valgrind --leak-check=full php /usr/local/src/phploc/phploc.php ==1760== Memcheck, a memory error detector ==1760== Copyright (C) 2002-2010, and GNU GPL'd, by Julian Seward et al. ==1760== Using Valgrind-3.6.0.SVN-Debian and LibVEX; rerun with -h for copyright info ==1760== Command: php /usr/local/src/phploc/phploc.php ==1760== ==1760== Invalid read of size 4 ==1760== at 0x92C021: _zend_is_inconsistent (zend_hash.c:54) ==1760== by 0x92EDAE: zend_hash_quick_find (zend_hash.c:929) ==1760== by 0xA49488: zend_fetch_var_address_helper_SPEC_CV_UNUSED (zend_vm_execute.h:33194) ==1760== by 0xA49DEF: ZEND_FETCH_IS_SPEC_CV_UNUSED_HANDLER (zend_vm_execute.h:33294) ==1760== by 0x957F02: execute (zend_vm_execute.h:410) ==1760== by 0x91CD93: zend_execute_scripts (zend.c:1195) ==1760== by 0x89661E: php_execute_script (main.c:2341) ==1760== by 0xA57D89: main (php_cli.c:1254) ==1760== Address 0x44 is not stack'd, malloc'd or (recently) free'd ==1760== ==1760== ==1760== Process terminating with default action of signal 11 (SIGSEGV) ==1760== Access not within mapped region at address 0x44 ==1760== at 0x92C021: _zend_is_inconsistent (zend_hash.c:54) ==1760== by 0x92EDAE: zend_hash_quick_find (zend_hash.c:929) ==1760== by 0xA49488: zend_fetch_var_address_helper_SPEC_CV_UNUSED (zend_vm_execute.h:33194) ==1760== by 0xA49DEF: ZEND_FETCH_IS_SPEC_CV_UNUSED_HANDLER (zend_vm_execute.h:33294) ==1760== by 0x957F02: execute (zend_vm_execute.h:410) ==1760== by 0x91CD93: zend_execute_scripts (zend.c:1195) ==1760== by 0x89661E: php_execute_script (main.c:2341) ==1760== by 0xA57D89: main (php_cli.c:1254) ==1760== If you believe this happened as a result of a stack ==1760== overflow in your program's main thread (unlikely but ==1760== possible), you can try to increase the size of the ==1760== main thread stack using the --main-stacksize= flag. ==1760== The main thread stack size used in this run was 8388608. ==1760== ==1760== HEAP SUMMARY: ==1760== in use at exit: 3,823,481 bytes in 18,002 blocks ==1760== total heap usage: 34,509 allocs, 16,507 frees, 5,584,071 bytes allocated ==1760== ==1760== LEAK SUMMARY: ==1760== definitely lost: 0 bytes in 0 blocks ==1760== indirectly lost: 0 bytes in 0 blocks ==1760== possibly lost: 0 bytes in 0 blocks ==1760== still reachable: 3,823,481 bytes in 18,002 blocks ==1760== suppressed: 0 bytes in 0 blocks ==1760== Reachable blocks (those to which a pointer was found) are not shown. ==1760== To see them, rerun with: --leak-check=full --show-reachable=yes ==1760== ==1760== For counts of detected and suppressed errors, rerun with: -v ==1760== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 4 from 4) zsh: segmentation fault USE_ZEND_ALLOC=0 valgrind --leak-check=full php s...@thinkpad ~ % gdb php GNU gdb (GDB) 7.2-ubuntu Copyright (C) 2010 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-linux-gnu". For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>... Reading symbols from /usr/local/php-5.4/bin/php...done. (gdb) r /usr/local/src/phploc/phploc.php Starting program: /usr/local/php-5.4/bin/php /usr/local/src/phploc/phploc.php [Thread debugging using libthread_db enabled] Program received signal SIGSEGV, Segmentation fault. 0x000000000092c021 in _zend_is_inconsistent (ht=0x0, file=0xf8d9e8 "/usr/local/src/php/src/php/php-src/trunk/Zend/zend_hash.c", line=929) at /usr/local/src/php/src/php/php-src/trunk/Zend/zend_hash.c:54 54 if (ht->inconsistent==HT_OK) { (gdb) bt #0 0x000000000092c021 in _zend_is_inconsistent (ht=0x0, file=0xf8d9e8 "/usr/local/src/php/src/php/php-src/trunk/Zend/zend_hash.c", line=929) at /usr/local/src/php/src/php/php-src/trunk/Zend/zend_hash.c:54 #1 0x000000000092edaf in zend_hash_quick_find (ht=0x0, arKey=0x7ffff7ecc7e0 "color", nKeyLength=6, h=6953399188164, pData=0x7fffffffbe80) at /usr/local/src/php/src/php/php-src/trunk/Zend/zend_hash.c:929 #2 0x0000000000a49489 in zend_fetch_var_address_helper_SPEC_CV_UNUSED (type=3, execute_data=0x7ffff7f92338) at /usr/local/src/php/src/php/php-src/trunk/Zend/zend_vm_execute.h:33194 #3 0x0000000000a49df0 in ZEND_FETCH_IS_SPEC_CV_UNUSED_HANDLER (execute_data=0x7ffff7f92338) at /usr/local/src/php/src/php/php-src/trunk/Zend/zend_vm_execute.h:33294 #4 0x0000000000957f03 in execute (op_array=0x7ffff3627810) at /usr/local/src/php/src/php/php-src/trunk/Zend/zend_vm_execute.h:410 #5 0x000000000091cd94 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /usr/local/src/php/src/php/php-src/trunk/Zend/zend.c:1195 #6 0x000000000089661f in php_execute_script (primary_file=0x7fffffffe520) at /usr/local/src/php/src/php/php-src/trunk/main/main.c:2341 #7 0x0000000000a57d8a in main (argc=2, argv=0x7fffffffe788) at /usr/local/src/php/src/php/php-src/trunk/sapi/cli/php_cli.c:1254 -- Edit bug report at http://bugs.php.net/bug.php?id=53347&edit=1 -- Try a snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=53347&r=trysnapshot52 Try a snapshot (PHP 5.3): http://bugs.php.net/fix.php?id=53347&r=trysnapshot53 Try a snapshot (trunk): http://bugs.php.net/fix.php?id=53347&r=trysnapshottrunk Fixed in SVN: http://bugs.php.net/fix.php?id=53347&r=fixed Fixed in SVN and need be documented: http://bugs.php.net/fix.php?id=53347&r=needdocs Fixed in release: http://bugs.php.net/fix.php?id=53347&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=53347&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=53347&r=needscript Try newer version: http://bugs.php.net/fix.php?id=53347&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=53347&r=support Expected behavior: http://bugs.php.net/fix.php?id=53347&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=53347&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=53347&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=53347&r=globals PHP 4 support discontinued: http://bugs.php.net/fix.php?id=53347&r=php4 Daylight Savings: http://bugs.php.net/fix.php?id=53347&r=dst IIS Stability: http://bugs.php.net/fix.php?id=53347&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=53347&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=53347&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=53347&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=53347&r=mysqlcfg
