From: Operating system: Debian Squeeze PHP version: 5.4.0 Package: Scripting Engine problem Bug Type: Bug Bug description:Zend's Memory Management seems to be completely buggy since 5.4.0
Description: ------------ I'm currently developing an HTTP-Server in PHP ( https://github.com/pp3345/Pancake ) which uses the Zend-Extension DeepTrace ( https://github.com/NeoXiD/DeepTrace ). Since PHP 5.4 I'm experiencing crashs under some circumstances. For example, when running typo3 (Version 4.6.6 Blank Package) Pancake's PHPWorkers often crash when trying to run typo3's installer with strange errors like those: PHP Fatal error: Call to undefined function â() in /var/vhosts/pancake/default/typo3/typo3_src- 4.6.6/typo3/sysext/install/mod/class.tx_install_session.php on line 395 PHP Fatal error: Couldn't execute method â0/::t3lib_autoloader::autoload in Unknown on line 0 PHP Fatal error: Allowed memory size of 268435456 bytes exhausted (tried to allocate 12624869704 bytes) in validpathstr on line 926 PHP Fatal error: Cannot call overloaded function for non-object in /var/vhosts/pancake/default/typo3/typo3_src- 4.6.6/t3lib/config_default.php on line 924 (this line is only trying to run a public static function of some class!) Often they even crash without showing any errors. Another example is Wordpress, which crashes only under 1 specific (at least I only found 1 till now) circumstance: When trying to run die() when trying to delete a comment in the adminpanel. Pancake configures DeepTrace to set a user-defined handler for the exit-opcode. So then DeepTrace calls Pancake's function to handle the exit, which still seems to run fine, but then zend_fcall_info_call() causes a crash, AFTER executing my handler. This only happens in this specific case under Wordpress, I couldn't reproduce it with other calls to die(). But I found a way to avoid this crash. Look at these three lines of code from Wordpress: wp-admin/admin-ajax.php line 195 ------------------------------- if ( !$total || !$per_page || !$page || !$url ) { die( (string) time() ); } This is the die() that causes the crash. It only crashes if these three lines are in EXACTLY this way. So if I for example do this: if ( !$total || !$per_page || !$page || !$url || !$some_dummy_that_does_not_even_exist) { die( (string) time() ); } or this: if ( !$total || !$per_page || !$page || !$url ) { some_dummy_function_that_does_not_do_anything(); die( (string) time() ); } it will not crash. I believe that there is a serious bug in the parser / the memory management that causes this strange behaviour. I tried to use valgrind to find out what exactly is causing the crashs: http://dev.pp3345.de/valgrind_pancake_crash.txt As you can see, Zend causes a lot of errors including a General Protection Fault and it tries to access memory addresses that don't even exist. These problems seem to be reproducible as it will also crash with similar errors on other machines with Pancake and this configuration. Anyway, I was unable to find a way to reproduce it outside Pancake and I'm really sorry for that. I commited the current version of Pancake but please be aware that the delivered version of DeepTrace is outdated so you'll probably need to compile it again yourself. -- Edit bug report at https://bugs.php.net/bug.php?id=61576&edit=1 -- Try a snapshot (PHP 5.4): https://bugs.php.net/fix.php?id=61576&r=trysnapshot54 Try a snapshot (PHP 5.3): https://bugs.php.net/fix.php?id=61576&r=trysnapshot53 Try a snapshot (trunk): https://bugs.php.net/fix.php?id=61576&r=trysnapshottrunk Fixed in SVN: https://bugs.php.net/fix.php?id=61576&r=fixed Fixed in SVN and need be documented: https://bugs.php.net/fix.php?id=61576&r=needdocs Fixed in release: https://bugs.php.net/fix.php?id=61576&r=alreadyfixed Need backtrace: https://bugs.php.net/fix.php?id=61576&r=needtrace Need Reproduce Script: https://bugs.php.net/fix.php?id=61576&r=needscript Try newer version: https://bugs.php.net/fix.php?id=61576&r=oldversion Not developer issue: https://bugs.php.net/fix.php?id=61576&r=support Expected behavior: https://bugs.php.net/fix.php?id=61576&r=notwrong Not enough info: https://bugs.php.net/fix.php?id=61576&r=notenoughinfo Submitted twice: https://bugs.php.net/fix.php?id=61576&r=submittedtwice register_globals: https://bugs.php.net/fix.php?id=61576&r=globals PHP 4 support discontinued: https://bugs.php.net/fix.php?id=61576&r=php4 Daylight Savings: https://bugs.php.net/fix.php?id=61576&r=dst IIS Stability: https://bugs.php.net/fix.php?id=61576&r=isapi Install GNU Sed: https://bugs.php.net/fix.php?id=61576&r=gnused Floating point limitations: https://bugs.php.net/fix.php?id=61576&r=float No Zend Extensions: https://bugs.php.net/fix.php?id=61576&r=nozend MySQL Configuration Error: https://bugs.php.net/fix.php?id=61576&r=mysqlcfg
