Edit report at http://bugs.php.net/bug.php?id=53347&edit=1
ID: 53347 Updated by: paj...@php.net Reported by: sebast...@php.net Summary: Segfault in zend_is_inconsistent() -Status: Open +Status: Feedback Type: Bug Package: Reproducible crash Operating System: Linux PHP Version: trunk-SVN-2010-11-18 (SVN) Block user comment: N Private report: N New Comment: Thank you for this bug report. To properly diagnose the problem, we need a short but complete example script to be able to reproduce this bug ourselves. A proper reproducing script starts with <?php and ends with ?>, is max. 10-20 lines long and does not require any external resources such as databases, etc. If the script requires a database to demonstrate the issue, please make sure it creates all necessary tables, stored procedures etc. Please avoid embedding huge scripts into the report. Previous Comments: ------------------------------------------------------------------------ [2010-11-18 20:03:40] sebast...@php.net Description: ------------ PHP 5.3.99 (current trunk) segfaults in zend_is_inconsistent(). Test script: --------------- The segfault is triggered by code that is part of ezcConsoleTools, for instance by just invoking phploc on the commandline. Unfortunately, I was not able to reduce this further, yet. Expected result: ---------------- No segfault. Actual result: -------------- s...@thinkpad ~ % USE_ZEND_ALLOC=0 valgrind --leak-check=full php /usr/local/src/phploc/phploc.php ==1760== Memcheck, a memory error detector ==1760== Copyright (C) 2002-2010, and GNU GPL'd, by Julian Seward et al. ==1760== Using Valgrind-3.6.0.SVN-Debian and LibVEX; rerun with -h for copyright info ==1760== Command: php /usr/local/src/phploc/phploc.php ==1760== ==1760== Invalid read of size 4 ==1760== at 0x92C021: _zend_is_inconsistent (zend_hash.c:54) ==1760== by 0x92EDAE: zend_hash_quick_find (zend_hash.c:929) ==1760== by 0xA49488: zend_fetch_var_address_helper_SPEC_CV_UNUSED (zend_vm_execute.h:33194) ==1760== by 0xA49DEF: ZEND_FETCH_IS_SPEC_CV_UNUSED_HANDLER (zend_vm_execute.h:33294) ==1760== by 0x957F02: execute (zend_vm_execute.h:410) ==1760== by 0x91CD93: zend_execute_scripts (zend.c:1195) ==1760== by 0x89661E: php_execute_script (main.c:2341) ==1760== by 0xA57D89: main (php_cli.c:1254) ==1760== Address 0x44 is not stack'd, malloc'd or (recently) free'd ==1760== ==1760== ==1760== Process terminating with default action of signal 11 (SIGSEGV) ==1760== Access not within mapped region at address 0x44 ==1760== at 0x92C021: _zend_is_inconsistent (zend_hash.c:54) ==1760== by 0x92EDAE: zend_hash_quick_find (zend_hash.c:929) ==1760== by 0xA49488: zend_fetch_var_address_helper_SPEC_CV_UNUSED (zend_vm_execute.h:33194) ==1760== by 0xA49DEF: ZEND_FETCH_IS_SPEC_CV_UNUSED_HANDLER (zend_vm_execute.h:33294) ==1760== by 0x957F02: execute (zend_vm_execute.h:410) ==1760== by 0x91CD93: zend_execute_scripts (zend.c:1195) ==1760== by 0x89661E: php_execute_script (main.c:2341) ==1760== by 0xA57D89: main (php_cli.c:1254) ==1760== If you believe this happened as a result of a stack ==1760== overflow in your program's main thread (unlikely but ==1760== possible), you can try to increase the size of the ==1760== main thread stack using the --main-stacksize= flag. ==1760== The main thread stack size used in this run was 8388608. ==1760== ==1760== HEAP SUMMARY: ==1760== in use at exit: 3,823,481 bytes in 18,002 blocks ==1760== total heap usage: 34,509 allocs, 16,507 frees, 5,584,071 bytes allocated ==1760== ==1760== LEAK SUMMARY: ==1760== definitely lost: 0 bytes in 0 blocks ==1760== indirectly lost: 0 bytes in 0 blocks ==1760== possibly lost: 0 bytes in 0 blocks ==1760== still reachable: 3,823,481 bytes in 18,002 blocks ==1760== suppressed: 0 bytes in 0 blocks ==1760== Reachable blocks (those to which a pointer was found) are not shown. ==1760== To see them, rerun with: --leak-check=full --show-reachable=yes ==1760== ==1760== For counts of detected and suppressed errors, rerun with: -v ==1760== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 4 from 4) zsh: segmentation fault USE_ZEND_ALLOC=0 valgrind --leak-check=full php s...@thinkpad ~ % gdb php GNU gdb (GDB) 7.2-ubuntu Copyright (C) 2010 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-linux-gnu". For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>... Reading symbols from /usr/local/php-5.4/bin/php...done. (gdb) r /usr/local/src/phploc/phploc.php Starting program: /usr/local/php-5.4/bin/php /usr/local/src/phploc/phploc.php [Thread debugging using libthread_db enabled] Program received signal SIGSEGV, Segmentation fault. 0x000000000092c021 in _zend_is_inconsistent (ht=0x0, file=0xf8d9e8 "/usr/local/src/php/src/php/php-src/trunk/Zend/zend_hash.c", line=929) at /usr/local/src/php/src/php/php-src/trunk/Zend/zend_hash.c:54 54 if (ht->inconsistent==HT_OK) { (gdb) bt #0 0x000000000092c021 in _zend_is_inconsistent (ht=0x0, file=0xf8d9e8 "/usr/local/src/php/src/php/php-src/trunk/Zend/zend_hash.c", line=929) at /usr/local/src/php/src/php/php-src/trunk/Zend/zend_hash.c:54 #1 0x000000000092edaf in zend_hash_quick_find (ht=0x0, arKey=0x7ffff7ecc7e0 "color", nKeyLength=6, h=6953399188164, pData=0x7fffffffbe80) at /usr/local/src/php/src/php/php-src/trunk/Zend/zend_hash.c:929 #2 0x0000000000a49489 in zend_fetch_var_address_helper_SPEC_CV_UNUSED (type=3, execute_data=0x7ffff7f92338) at /usr/local/src/php/src/php/php-src/trunk/Zend/zend_vm_execute.h:33194 #3 0x0000000000a49df0 in ZEND_FETCH_IS_SPEC_CV_UNUSED_HANDLER (execute_data=0x7ffff7f92338) at /usr/local/src/php/src/php/php-src/trunk/Zend/zend_vm_execute.h:33294 #4 0x0000000000957f03 in execute (op_array=0x7ffff3627810) at /usr/local/src/php/src/php/php-src/trunk/Zend/zend_vm_execute.h:410 #5 0x000000000091cd94 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /usr/local/src/php/src/php/php-src/trunk/Zend/zend.c:1195 #6 0x000000000089661f in php_execute_script (primary_file=0x7fffffffe520) at /usr/local/src/php/src/php/php-src/trunk/main/main.c:2341 #7 0x0000000000a57d8a in main (argc=2, argv=0x7fffffffe788) at /usr/local/src/php/src/php/php-src/trunk/sapi/cli/php_cli.c:1254 ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/bug.php?id=53347&edit=1
