Edit report at https://bugs.php.net/bug.php?id=63305&edit=1
ID: 63305
Updated by: larue...@php.net
Reported by: johan dot groth at sorona dot se
Summary: zend_mm_heap corrupted with traits
Status: Assigned
Type: Bug
Package: Scripting Engine problem
Operating System: All
PHP Version: 5.4.8
Assigned To: dmitry
Block user comment: N
Private report: N
New Comment:
A simple reproduce script:
<?php
new Attachment("");
function __autoload($class) {
switch ($class) {
case "Attachment":
eval(<<<'PHP'
class Attachment extends File {
}
PHP
);
break;
case "File":
eval(<<<'PHP'
class File {
use TDatabaseObject {
TDatabaseObject::__construct as private databaseObjectConstruct;
}
public function __construct() {
}
}
PHP
);
break;
case "TDatabaseObject":
eval(<<<'PHP'
trait TDatabaseObject {
public function __construct() {
}
}
PHP
);
break;
}
return TRUE;
}
Previous Comments:
------------------------------------------------------------------------
[2012-10-22 10:25:59] larue...@php.net
thanks, I can reproduce now, dmitry, seems related to the previous traits bug
we
fixed.
------------------------------------------------------------------------
[2012-10-22 06:38:15] johan dot groth at sorona dot se
I could not find a way to upload anything to this report so I created a
temporary repository over at github with the source. I hope this is OK, you can
find it here: https://github.com/jgroth/php-crash
Something I found interesting while removing as much code as possible from my
application was that I could not remove comments for some methods in some of
the classes/interfaces. Doing so would not reproduce the bug. Also, when I
turned off error reporting, I did not get the bug either.
Note that there is one "Notice" error reported by PHP in this test application.
I do not have any such errors in the full application, but still got a php
crash.
------------------------------------------------------------------------
[2012-10-20 04:39:27] larue...@php.net
great, if it's okey, you can tar your application as a reproduce script for us
------------------------------------------------------------------------
[2012-10-19 12:35:49] johan dot groth at sorona dot se
Ok, so I have somewhat been able to reproduce the problem. I can still not do
it in a small script, but I have been able to remove enough code from my
application so I can send it to anyone who might be looking into this issue.
The application is based on CodeIgniter, so it's basicly the CI code + a few
extra files from my application.
------------------------------------------------------------------------
[2012-10-19 09:31:48] johan dot groth at sorona dot se
As I said I was not able to get a stacktrace on windows, so I decided to try it
on ubuntu. After building the same php version I used on windows, I was able to
get php to crash with my application.
However, I was not able to get a stacktrace in this case either. It just says
"No stack." at the end. I did get some other messages but I doubt it will be of
any help.
I want to help as much as I can on this, but I'm not familiar with core dumps
and stacktraces. If I could get some help generating these I would appreciate
it.
jgroth@ubuntu:~$ gdb php
GNU gdb (GDB) 7.5-ubuntu
Copyright (C) 2012 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /usr/local/bin/php...done.
(gdb) run /home/jgroth/crash-test/sorona-tms/src/main/php/index.php test
Starting program: /usr/local/bin/php
/home/jgroth/crash-test/sorona-tms/src/main/php/index.php test
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[Fri Oct 19 02:21:01 2012] Script:
'/home/jgroth/crash-test/sorona-tms/src/main/php/index.php'
---------------------------------------
/tmp/php-5.4.8/Zend/zend_opcode.c(404) : Block 0x016854a8 status:
Invalid pointer: ((prev=0x00000248) != (prev.size=0x00000510))
---------------------------------------
[Fri Oct 19 02:21:01 2012] Script:
'/home/jgroth/crash-test/sorona-tms/src/main/php/index.php'
---------------------------------------
/tmp/php-5.4.8/Zend/zend_opcode.c(404) : Block 0x01682188 status:
Invalid pointer: ((size=0x00000108) != (next.prev=0x000001b0))
Invalid pointer: ((prev=0x000000a9) != (prev.size=0x000001b0))
---------------------------------------
[Fri Oct 19 02:21:01 2012] Script:
'/home/jgroth/crash-test/sorona-tms/src/main/php/index.php'
---------------------------------------
/tmp/php-5.4.8/Zend/zend_opcode.c(404) : Block 0x016857d0 status:
Beginning: Freed
Start: OK
End: OK
---------------------------------------
[Inferior 1 (process 6653) exited normally]
(gdb) bt
No stack.
(gdb)
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
https://bugs.php.net/bug.php?id=63305
--
Edit this bug report at https://bugs.php.net/bug.php?id=63305&edit=1
