Edit report at https://bugs.php.net/bug.php?id=61390&edit=1
ID: 61390
Comment by: cjashfor at linux dot vnet dot ibm dot com
Reported by: cjashfor at linux dot vnet dot ibm dot com
Summary: Segfault occurs in simple flatfile test
Status: Open
Type: Bug
Package: DBM/DBA related
Operating System: Linux
PHP Version: 5.4.0
Block user comment: N
Private report: N
New Comment:
>From what I can tell from debugging, what's happening is that on the first
>dba_popen, a dba_info structure is allocated for the first resource.
On the second dba_popen, since it's the same file, the dba_info from the first
resource is reused. I don't know if this alone is a legitimate thing to do,
because now two resources are sharing the same dba_info. At the very least, I
would think that some sort of reference counter is need in dba_info to track
how many resources are linked to it.
When the first resource is closed, the dba_info structure is free'd at
dba.c:dba_close():423. Consequently, when the second resource is referenced,
it's using an already-free'd dba_info structure, and this causes a seg fault.
If it's truly OK to have to resources reference the same dba_info structure,
one solution might be to add a reference counter to dba_info, and to set it to
1 on the initial allocation, and increment it when linking to it on subsequent
dba_popens. When closing resources, the reference counter is decremented, and
the structure is released only when the count reaches zero.
Any thoughts?
Previous Comments:
------------------------------------------------------------------------
[2012-03-14 19:28:48] cjashfor at linux dot vnet dot ibm dot com
The first valgrind memcheck I ran was on the installed php, and so it's missing
some file/line# information. Here's one where I ran it on the php where I
built it; it contains complete file/line# info:
==18593== Memcheck, a memory error detector
==18593== Copyright (C) 2002-2009, and GNU GPL'd, by Julian Seward et al.
==18593== Using Valgrind-3.5.0 and LibVEX; rerun with -h for copyright info
==18593== Command: /home/corey/php-5.4.0/sapi/cli/php new.php
==18593== Parent PID: 17376
==18593==
==18593== Invalid read of size 8
==18593== at 0x4ED1D9: zif_dba_fetch (dba.c:1018)
==18593== by 0x722B82: zend_do_fcall_common_helper_SPEC
(zend_vm_execute.h:642)
==18593== by 0x6DD2C4: execute (zend_vm_execute.h:410)
==18593== by 0x67F584: zend_execute_scripts (zend.c:1272)
==18593== by 0x622108: php_execute_script (main.c:2473)
==18593== by 0x7253ED: do_cli (php_cli.c:983)
==18593== by 0x725C9E: main (php_cli.c:1356)
==18593== Address 0x51e48e8 is 56 bytes inside a block of size 88 free'd
==18593== at 0x4A05187: free (vg_replace_malloc.c:325)
==18593== by 0x68D55D: plist_entry_destructor (zend_list.c:209)
==18593== by 0x689D0E: zend_hash_apply_deleter (zend_hash.c:650)
==18593== by 0x68B7CB: zend_hash_apply_with_argument (zend_hash.c:743)
==18593== by 0x68D5ED: list_entry_destructor (zend_list.c:183)
==18593== by 0x68B3F0: zend_hash_del_key_or_index (zend_hash.c:531)
==18593== by 0x68D6D6: _zend_list_delete (zend_list.c:57)
==18593== by 0x4ED35F: zif_dba_close (dba.c:969)
==18593== by 0x722B82: zend_do_fcall_common_helper_SPEC
(zend_vm_execute.h:642)
==18593== by 0x6DD2C4: execute (zend_vm_execute.h:410)
==18593== by 0x67F584: zend_execute_scripts (zend.c:1272)
==18593== by 0x622108: php_execute_script (main.c:2473)
==18593== by 0x7253ED: do_cli (php_cli.c:983)
==18593== by 0x725C9E: main (php_cli.c:1356)
==18593==
==18593== Invalid read of size 8
==18593== at 0x4EF0E6: dba_fetch_flatfile (dba_flatfile.c:67)
==18593== by 0x4ED1FA: zif_dba_fetch (dba.c:1020)
==18593== by 0x722B82: zend_do_fcall_common_helper_SPEC
(zend_vm_execute.h:642)
==18593== by 0x6DD2C4: execute (zend_vm_execute.h:410)
==18593== by 0x67F584: zend_execute_scripts (zend.c:1272)
==18593== by 0x622108: php_execute_script (main.c:2473)
==18593== by 0x7253ED: do_cli (php_cli.c:983)
==18593== by 0x725C9E: main (php_cli.c:1356)
==18593== Address 0x51e48b0 is 0 bytes inside a block of size 88 free'd
==18593== at 0x4A05187: free (vg_replace_malloc.c:325)
==18593== by 0x68D55D: plist_entry_destructor (zend_list.c:209)
==18593== by 0x689D0E: zend_hash_apply_deleter (zend_hash.c:650)
==18593== by 0x68B7CB: zend_hash_apply_with_argument (zend_hash.c:743)
==18593== by 0x68D5ED: list_entry_destructor (zend_list.c:183)
==18593== by 0x68B3F0: zend_hash_del_key_or_index (zend_hash.c:531)
==18593== by 0x68D6D6: _zend_list_delete (zend_list.c:57)
==18593== by 0x4ED35F: zif_dba_close (dba.c:969)
==18593== by 0x722B82: zend_do_fcall_common_helper_SPEC
(zend_vm_execute.h:642)
==18593== by 0x6DD2C4: execute (zend_vm_execute.h:410)
==18593== by 0x67F584: zend_execute_scripts (zend.c:1272)
==18593== by 0x622108: php_execute_script (main.c:2473)
==18593== by 0x7253ED: do_cli (php_cli.c:983)
==18593== by 0x725C9E: main (php_cli.c:1356)
==18593==
==18593== Invalid read of size 8
==18593== at 0x4F047A: flatfile_findkey (flatfile.c:172)
==18593== by 0x4F05DC: flatfile_fetch (flatfile.c:90)
==18593== by 0x4EF0FD: dba_fetch_flatfile (dba_flatfile.c:70)
==18593== by 0x4ED1FA: zif_dba_fetch (dba.c:1020)
==18593== by 0x722B82: zend_do_fcall_common_helper_SPEC
(zend_vm_execute.h:642)
==18593== by 0x6DD2C4: execute (zend_vm_execute.h:410)
==18593== by 0x67F584: zend_execute_scripts (zend.c:1272)
==18593== by 0x622108: php_execute_script (main.c:2473)
==18593== by 0x7253ED: do_cli (php_cli.c:983)
==18593== by 0x725C9E: main (php_cli.c:1356)
==18593== Address 0x51e5050 is 16 bytes inside a block of size 48 free'd
==18593== at 0x4A05187: free (vg_replace_malloc.c:325)
==18593== by 0x4ED39F: dba_close (dba.c:401)
==18593== by 0x68D55D: plist_entry_destructor (zend_list.c:209)
==18593== by 0x689D0E: zend_hash_apply_deleter (zend_hash.c:650)
==18593== by 0x68B7CB: zend_hash_apply_with_argument (zend_hash.c:743)
==18593== by 0x68D5ED: list_entry_destructor (zend_list.c:183)
==18593== by 0x68B3F0: zend_hash_del_key_or_index (zend_hash.c:531)
==18593== by 0x68D6D6: _zend_list_delete (zend_list.c:57)
==18593== by 0x4ED35F: zif_dba_close (dba.c:969)
==18593== by 0x722B82: zend_do_fcall_common_helper_SPEC
(zend_vm_execute.h:642)
==18593== by 0x6DD2C4: execute (zend_vm_execute.h:410)
==18593== by 0x67F584: zend_execute_scripts (zend.c:1272)
==18593== by 0x622108: php_execute_script (main.c:2473)
==18593== by 0x7253ED: do_cli (php_cli.c:983)
==18593== by 0x725C9E: main (php_cli.c:1356)
==18593==
==18593== Invalid read of size 4
==18593== at 0x637DC6: _php_stream_seek (streams.c:1208)
==18593== by 0x4F0492: flatfile_findkey (flatfile.c:172)
==18593== by 0x4F05DC: flatfile_fetch (flatfile.c:90)
==18593== by 0x4EF0FD: dba_fetch_flatfile (dba_flatfile.c:70)
==18593== by 0x4ED1FA: zif_dba_fetch (dba.c:1020)
==18593== by 0x722B82: zend_do_fcall_common_helper_SPEC
(zend_vm_execute.h:642)
==18593== by 0x6DD2C4: execute (zend_vm_execute.h:410)
==18593== by 0x67F584: zend_execute_scripts (zend.c:1272)
==18593== by 0x622108: php_execute_script (main.c:2473)
==18593== by 0x7253ED: do_cli (php_cli.c:983)
==18593== by 0x725C9E: main (php_cli.c:1356)
==18593== Address 0x51e4ce8 is 120 bytes inside a block of size 224 free'd
==18593== at 0x4A05187: free (vg_replace_malloc.c:325)
==18593== by 0x6399E0: _php_stream_free (streams.c:536)
==18593== by 0x4ED3F5: dba_close (dba.c:415)
==18593== by 0x68D55D: plist_entry_destructor (zend_list.c:209)
==18593== by 0x689D0E: zend_hash_apply_deleter (zend_hash.c:650)
==18593== by 0x68B7CB: zend_hash_apply_with_argument (zend_hash.c:743)
==18593== by 0x68D5ED: list_entry_destructor (zend_list.c:183)
==18593== by 0x68B3F0: zend_hash_del_key_or_index (zend_hash.c:531)
==18593== by 0x68D6D6: _zend_list_delete (zend_list.c:57)
==18593== by 0x4ED35F: zif_dba_close (dba.c:969)
==18593== by 0x722B82: zend_do_fcall_common_helper_SPEC
(zend_vm_execute.h:642)
==18593== by 0x6DD2C4: execute (zend_vm_execute.h:410)
==18593== by 0x67F584: zend_execute_scripts (zend.c:1272)
==18593== by 0x622108: php_execute_script (main.c:2473)
==18593== by 0x7253ED: do_cli (php_cli.c:983)
==18593== by 0x725C9E: main (php_cli.c:1356)
==18593==
==18593== Invalid read of size 4
==18593== at 0x637DD0: _php_stream_seek (streams.c:1214)
==18593== by 0x4F0492: flatfile_findkey (flatfile.c:172)
==18593== by 0x4F05DC: flatfile_fetch (flatfile.c:90)
==18593== by 0x4EF0FD: dba_fetch_flatfile (dba_flatfile.c:70)
==18593== by 0x4ED1FA: zif_dba_fetch (dba.c:1020)
==18593== by 0x722B82: zend_do_fcall_common_helper_SPEC
(zend_vm_execute.h:642)
==18593== by 0x6DD2C4: execute (zend_vm_execute.h:410)
==18593== by 0x67F584: zend_execute_scripts (zend.c:1272)
==18593== by 0x622108: php_execute_script (main.c:2473)
==18593== by 0x7253ED: do_cli (php_cli.c:983)
==18593== by 0x725C9E: main (php_cli.c:1356)
==18593== Address 0x51e4d08 is 152 bytes inside a block of size 224 free'd
==18593== at 0x4A05187: free (vg_replace_malloc.c:325)
==18593== by 0x6399E0: _php_stream_free (streams.c:536)
==18593== by 0x4ED3F5: dba_close (dba.c:415)
==18593== by 0x68D55D: plist_entry_destructor (zend_list.c:209)
==18593== by 0x689D0E: zend_hash_apply_deleter (zend_hash.c:650)
==18593== by 0x68B7CB: zend_hash_apply_with_argument (zend_hash.c:743)
==18593== by 0x68D5ED: list_entry_destructor (zend_list.c:183)
==18593== by 0x68B3F0: zend_hash_del_key_or_index (zend_hash.c:531)
==18593== by 0x68D6D6: _zend_list_delete (zend_list.c:57)
==18593== by 0x4ED35F: zif_dba_close (dba.c:969)
==18593== by 0x722B82: zend_do_fcall_common_helper_SPEC
(zend_vm_execute.h:642)
==18593== by 0x6DD2C4: execute (zend_vm_execute.h:410)
==18593== by 0x67F584: zend_execute_scripts (zend.c:1272)
==18593== by 0x622108: php_execute_script (main.c:2473)
==18593== by 0x7253ED: do_cli (php_cli.c:983)
==18593== by 0x725C9E: main (php_cli.c:1356)
==18593==
==18593== Invalid read of size 8
==18593== at 0x637DE4: _php_stream_seek (streams.c:1225)
==18593== by 0x4F0492: flatfile_findkey (flatfile.c:172)
==18593== by 0x4F05DC: flatfile_fetch (flatfile.c:90)
==18593== by 0x4EF0FD: dba_fetch_flatfile (dba_flatfile.c:70)
==18593== by 0x4ED1FA: zif_dba_fetch (dba.c:1020)
==18593== by 0x722B82: zend_do_fcall_common_helper_SPEC
(zend_vm_execute.h:642)
==18593== by 0x6DD2C4: execute (zend_vm_execute.h:410)
==18593== by 0x67F584: zend_execute_scripts (zend.c:1272)
==18593== by 0x622108: php_execute_script (main.c:2473)
==18593== by 0x7253ED: do_cli (php_cli.c:983)
==18593== by 0x725C9E: main (php_cli.c:1356)
==18593== Address 0x51e4d10 is 160 bytes inside a block of size 224 free'd
==18593== at 0x4A05187: free (vg_replace_malloc.c:325)
==18593== by 0x6399E0: _php_stream_free (streams.c:536)
==18593== by 0x4ED3F5: dba_close (dba.c:415)
==18593== by 0x68D55D: plist_entry_destructor (zend_list.c:209)
==18593== by 0x689D0E: zend_hash_apply_deleter (zend_hash.c:650)
==18593== by 0x68B7CB: zend_hash_apply_with_argument (zend_hash.c:743)
==18593== by 0x68D5ED: list_entry_destructor (zend_list.c:183)
==18593== by 0x68B3F0: zend_hash_del_key_or_index (zend_hash.c:531)
==18593== by 0x68D6D6: _zend_list_delete (zend_list.c:57)
==18593== by 0x4ED35F: zif_dba_close (dba.c:969)
==18593== by 0x722B82: zend_do_fcall_common_helper_SPEC
(zend_vm_execute.h:642)
==18593== by 0x6DD2C4: execute (zend_vm_execute.h:410)
==18593== by 0x67F584: zend_execute_scripts (zend.c:1272)
==18593== by 0x622108: php_execute_script (main.c:2473)
==18593== by 0x7253ED: do_cli (php_cli.c:983)
==18593== by 0x725C9E: main (php_cli.c:1356)
==18593==
==18593== Invalid read of size 8
==18593== at 0x637E10: _php_stream_seek (streams.c:1237)
==18593== by 0x4F0492: flatfile_findkey (flatfile.c:172)
==18593== by 0x4F05DC: flatfile_fetch (flatfile.c:90)
==18593== by 0x4EF0FD: dba_fetch_flatfile (dba_flatfile.c:70)
==18593== by 0x4ED1FA: zif_dba_fetch (dba.c:1020)
==18593== by 0x722B82: zend_do_fcall_common_helper_SPEC
(zend_vm_execute.h:642)
==18593== by 0x6DD2C4: execute (zend_vm_execute.h:410)
==18593== by 0x67F584: zend_execute_scripts (zend.c:1272)
==18593== by 0x622108: php_execute_script (main.c:2473)
==18593== by 0x7253ED: do_cli (php_cli.c:983)
==18593== by 0x725C9E: main (php_cli.c:1356)
==18593== Address 0x51e4c70 is 0 bytes inside a block of size 224 free'd
==18593== at 0x4A05187: free (vg_replace_malloc.c:325)
==18593== by 0x6399E0: _php_stream_free (streams.c:536)
==18593== by 0x4ED3F5: dba_close (dba.c:415)
==18593== by 0x68D55D: plist_entry_destructor (zend_list.c:209)
==18593== by 0x689D0E: zend_hash_apply_deleter (zend_hash.c:650)
==18593== by 0x68B7CB: zend_hash_apply_with_argument (zend_hash.c:743)
==18593== by 0x68D5ED: list_entry_destructor (zend_list.c:183)
==18593== by 0x68B3F0: zend_hash_del_key_or_index (zend_hash.c:531)
==18593== by 0x68D6D6: _zend_list_delete (zend_list.c:57)
==18593== by 0x4ED35F: zif_dba_close (dba.c:969)
==18593== by 0x722B82: zend_do_fcall_common_helper_SPEC
(zend_vm_execute.h:642)
==18593== by 0x6DD2C4: execute (zend_vm_execute.h:410)
==18593== by 0x67F584: zend_execute_scripts (zend.c:1272)
==18593== by 0x622108: php_execute_script (main.c:2473)
==18593== by 0x7253ED: do_cli (php_cli.c:983)
==18593== by 0x725C9E: main (php_cli.c:1356)
==18593==
==18593== Invalid read of size 8
==18593== at 0x637E90: _php_stream_seek (streams.c:1240)
==18593== by 0x4F0492: flatfile_findkey (flatfile.c:172)
==18593== by 0x4F05DC: flatfile_fetch (flatfile.c:90)
==18593== by 0x4EF0FD: dba_fetch_flatfile (dba_flatfile.c:70)
==18593== by 0x4ED1FA: zif_dba_fetch (dba.c:1020)
==18593== by 0x722B82: zend_do_fcall_common_helper_SPEC
(zend_vm_execute.h:642)
==18593== by 0x6DD2C4: execute (zend_vm_execute.h:410)
==18593== by 0x67F584: zend_execute_scripts (zend.c:1272)
==18593== by 0x622108: php_execute_script (main.c:2473)
==18593== by 0x7253ED: do_cli (php_cli.c:983)
==18593== by 0x725C9E: main (php_cli.c:1356)
==18593== Address 0x51e4c98 is 40 bytes inside a block of size 224 free'd
==18593== at 0x4A05187: free (vg_replace_malloc.c:325)
==18593== by 0x6399E0: _php_stream_free (streams.c:536)
==18593== by 0x4ED3F5: dba_close (dba.c:415)
==18593== by 0x68D55D: plist_entry_destructor (zend_list.c:209)
==18593== by 0x689D0E: zend_hash_apply_deleter (zend_hash.c:650)
==18593== by 0x68B7CB: zend_hash_apply_with_argument (zend_hash.c:743)
==18593== by 0x68D5ED: list_entry_destructor (zend_list.c:183)
==18593== by 0x68B3F0: zend_hash_del_key_or_index (zend_hash.c:531)
==18593== by 0x68D6D6: _zend_list_delete (zend_list.c:57)
==18593== by 0x4ED35F: zif_dba_close (dba.c:969)
==18593== by 0x722B82: zend_do_fcall_common_helper_SPEC
(zend_vm_execute.h:642)
==18593== by 0x6DD2C4: execute (zend_vm_execute.h:410)
==18593== by 0x67F584: zend_execute_scripts (zend.c:1272)
==18593== by 0x622108: php_execute_script (main.c:2473)
==18593== by 0x7253ED: do_cli (php_cli.c:983)
==18593== by 0x725C9E: main (php_cli.c:1356)
==18593==
==18593== Invalid read of size 8
==18593== at 0x63D666: php_stdiop_seek (plain_wrapper.c:454)
==18593== by 0x637ECA: _php_stream_seek (streams.c:1250)
==18593== by 0x4F0492: flatfile_findkey (flatfile.c:172)
==18593== by 0x4F05DC: flatfile_fetch (flatfile.c:90)
==18593== by 0x4EF0FD: dba_fetch_flatfile (dba_flatfile.c:70)
==18593== by 0x4ED1FA: zif_dba_fetch (dba.c:1020)
==18593== by 0x722B82: zend_do_fcall_common_helper_SPEC
(zend_vm_execute.h:642)
==18593== by 0x6DD2C4: execute (zend_vm_execute.h:410)
==18593== by 0x67F584: zend_execute_scripts (zend.c:1272)
==18593== by 0x622108: php_execute_script (main.c:2473)
==18593== by 0x7253ED: do_cli (php_cli.c:983)
==18593== by 0x725C9E: main (php_cli.c:1356)
==18593== Address 0x51e4c78 is 8 bytes inside a block of size 224 free'd
==18593== at 0x4A05187: free (vg_replace_malloc.c:325)
==18593== by 0x6399E0: _php_stream_free (streams.c:536)
==18593== by 0x4ED3F5: dba_close (dba.c:415)
==18593== by 0x68D55D: plist_entry_destructor (zend_list.c:209)
==18593== by 0x689D0E: zend_hash_apply_deleter (zend_hash.c:650)
==18593== by 0x68B7CB: zend_hash_apply_with_argument (zend_hash.c:743)
==18593== by 0x68D5ED: list_entry_destructor (zend_list.c:183)
==18593== by 0x68B3F0: zend_hash_del_key_or_index (zend_hash.c:531)
==18593== by 0x68D6D6: _zend_list_delete (zend_list.c:57)
==18593== by 0x4ED35F: zif_dba_close (dba.c:969)
==18593== by 0x722B82: zend_do_fcall_common_helper_SPEC
(zend_vm_execute.h:642)
==18593== by 0x6DD2C4: execute (zend_vm_execute.h:410)
==18593== by 0x67F584: zend_execute_scripts (zend.c:1272)
==18593== by 0x622108: php_execute_script (main.c:2473)
==18593== by 0x7253ED: do_cli (php_cli.c:983)
==18593== by 0x725C9E: main (php_cli.c:1356)
==18593==
==18593== Invalid read of size 1
==18593== at 0x63D66A: php_stdiop_seek (plain_wrapper.c:459)
==18593== by 0x637ECA: _php_stream_seek (streams.c:1250)
==18593== by 0x4F0492: flatfile_findkey (flatfile.c:172)
==18593== by 0x4F05DC: flatfile_fetch (flatfile.c:90)
==18593== by 0x4EF0FD: dba_fetch_flatfile (dba_flatfile.c:70)
==18593== by 0x4ED1FA: zif_dba_fetch (dba.c:1020)
==18593== by 0x722B82: zend_do_fcall_common_helper_SPEC
(zend_vm_execute.h:642)
==18593== by 0x6DD2C4: execute (zend_vm_execute.h:410)
==18593== by 0x67F584: zend_execute_scripts (zend.c:1272)
==18593== by 0x622108: php_execute_script (main.c:2473)
==18593== by 0x7253ED: do_cli (php_cli.c:983)
==18593== by 0x725C9E: main (php_cli.c:1356)
==18593== Address 0xc is not stack'd, malloc'd or (recently) free'd
==18593==
==18593==
==18593== Process terminating with default action of signal 11 (SIGSEGV):
dumping core
==18593== Access not within mapped region at address 0xC
==18593== at 0x63D66A: php_stdiop_seek (plain_wrapper.c:459)
==18593== by 0x637ECA: _php_stream_seek (streams.c:1250)
==18593== by 0x4F0492: flatfile_findkey (flatfile.c:172)
==18593== by 0x4F05DC: flatfile_fetch (flatfile.c:90)
==18593== by 0x4EF0FD: dba_fetch_flatfile (dba_flatfile.c:70)
==18593== by 0x4ED1FA: zif_dba_fetch (dba.c:1020)
==18593== by 0x722B82: zend_do_fcall_common_helper_SPEC
(zend_vm_execute.h:642)
==18593== by 0x6DD2C4: execute (zend_vm_execute.h:410)
==18593== by 0x67F584: zend_execute_scripts (zend.c:1272)
==18593== by 0x622108: php_execute_script (main.c:2473)
==18593== by 0x7253ED: do_cli (php_cli.c:983)
==18593== by 0x725C9E: main (php_cli.c:1356)
==18593== If you believe this happened as a result of a stack
==18593== overflow in your program's main thread (unlikely but
==18593== possible), you can try to increase the size of the
==18593== main thread stack using the --main-stacksize= flag.
==18593== The main thread stack size used in this run was 8388608.
==18593==
==18593== HEAP SUMMARY:
==18593== in use at exit: 3,002,667 bytes in 11,181 blocks
==18593== total heap usage: 11,584 allocs, 403 frees, 3,083,863 bytes
allocated
==18593==
==18593== LEAK SUMMARY:
==18593== definitely lost: 0 bytes in 0 blocks
==18593== indirectly lost: 0 bytes in 0 blocks
==18593== possibly lost: 0 bytes in 0 blocks
==18593== still reachable: 3,002,667 bytes in 11,181 blocks
==18593== suppressed: 0 bytes in 0 blocks
==18593== Rerun with --leak-check=full to see details of leaked memory
==18593==
==18593== For counts of detected and suppressed errors, rerun with: -v
==18593== ERROR SUMMARY: 10 errors from 10 contexts (suppressed: 6 from 4)
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
https://bugs.php.net/bug.php?id=61390
--
Edit this bug report at https://bugs.php.net/bug.php?id=61390&edit=1
