[PHP-BUG] Bug #61390 [NEW]: Segfault occurs in simple flatfile test
From: Operating system: Linux PHP version: 5.4.0 Package: DBM/DBA related Bug Type: Bug Bug description:Segfault occurs in simple flatfile test Description: I have a simple test case that dba_opens a flatfile once which returns a resource descriptor, inserts a key and value into that flatfile, opens the same flatfile again returning a second resource, closes the second resource, and again reads the a key from the first descriptor. This causes a seg fault. Test script: --- Note, this test case requires the dba extension to be installed. Expected result: I expect that instead of seg faulting on the final line, that it would instead print: This is a test insert 1 Actual result: -- (gdb) bt #0 flatfile_findkey (dba=0x0, key_datum=...) at /home/corey/php-5.4.0/ext/dba/libflatfile/flatfile.c:172 #1 0x004f05dd in flatfile_fetch (dba=0x0, key_datum=...) at /home/corey/php-5.4.0/ext/dba/libflatfile/flatfile.c:90 #2 0x004ef0fe in dba_fetch_flatfile (info=, key=0x7fcd5cb42a10 "key1", keylen=4, skip=, newlen=0x7fff6396689c) at /home/corey/php-5.4.0/ext/dba/dba_flatfile.c:70 #3 0x004ed1fb in zif_dba_fetch (ht=2, return_value=0x7fcd5cc57cb0, return_value_ptr=, this_ptr=, return_value_used=) at /home/corey/php-5.4.0/ext/dba/dba.c:1020 #4 0x00722b83 in zend_do_fcall_common_helper_SPEC (execute_data=) at /home/corey/php-5.4.0/Zend/zend_vm_execute.h:642 #5 0x006dd2c5 in execute (op_array=0x7fcd5cc560a8) at /home/corey/php-5.4.0/Zend/zend_vm_execute.h:410 #6 0x0067f585 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /home/corey/php-5.4.0/Zend/zend.c:1272 #7 0x00622109 in php_execute_script (primary_file=0x7fff63968f70) at /home/corey/php-5.4.0/main/main.c:2473 #8 0x007253ee in do_cli (argc=2, argv=0x7fff63969368) at /home/corey/php-5.4.0/sapi/cli/php_cli.c:983 #9 0x00725c9f in main (argc=2, argv=0x7fff63969368) at /home/corey/php-5.4.0/sapi/cli/php_cli.c:1356 Here's the valgrind memcheck log: ==18497== Memcheck, a memory error detector ==18497== Copyright (C) 2002-2009, and GNU GPL'd, by Julian Seward et al. ==18497== Using Valgrind-3.5.0 and LibVEX; rerun with -h for copyright info ==18497== Command: /usr/bin/php new.php ==18497== Parent PID: 17376 ==18497== ==18497== Invalid read of size 8 ==18497==at 0xB2E009B: ??? (in /usr/lib64/php/modules/dba.so) ==18497==by 0x5FDE3C: ??? (in /usr/bin/php) ==18497==by 0x5D6793: execute (in /usr/bin/php) ==18497==by 0x5B3965: zend_execute_scripts (in /usr/bin/php) ==18497==by 0x5603F2: php_execute_script (in /usr/bin/php) ==18497==by 0x64688C: ??? (in /usr/bin/php) ==18497==by 0x3C0D41EE5C: (below main) (in /lib64/libc-2.13.so) ==18497== Address 0x5216d88 is 56 bytes inside a block of size 88 free'd ==18497==at 0x4A05187: free (vg_replace_malloc.c:325) ==18497==by 0x5C16CD: ??? (in /usr/bin/php) ==18497==by 0x5BE0D4: ??? (in /usr/bin/php) ==18497==by 0x5BF93B: zend_hash_apply_with_argument (in /usr/bin/php) ==18497==by 0x5C175D: ??? (in /usr/bin/php) ==18497==by 0x5BF5AB: zend_hash_del_key_or_index (in /usr/bin/php) ==18497==by 0x5C1888: _zend_list_delete (in /usr/bin/php) ==18497==by 0xB2DF3D3: ??? (in /usr/lib64/php/modules/dba.so) ==18497==by 0x5FDE3C: ??? (in /usr/bin/php) ==18497==by 0x5D6793: execute (in /usr/bin/php) ==18497==by 0x5B3965: zend_execute_scripts (in /usr/bin/php) ==18497==by 0x5603F2: php_execute_script (in /usr/bin/php) ==18497==by 0x64688C: ??? (in /usr/bin/php) ==18497==by 0x3C0D41EE5C: (below main) (in /lib64/libc-2.13.so) ==18497== ==18497== Invalid read of size 8 ==18497==at 0xB2E2376: ??? (in /usr/lib64/php/modules/dba.so) ==18497==by 0xB2E00BF: ??? (in /usr/lib64/php/modules/dba.so) ==18497==by 0x5FDE3C: ??? (in /usr/bin/php) ==18497==by 0x5D6793: execute (in /usr/bin/php) ==18497==by 0x5B3965: zend_execute_scripts (in /usr/bin/php) ==18497==by 0x5603F2: php_execute_script (in /usr/bin/php) ==18497==by 0x64688C: ??? (in /usr/bin/php) ==18497==by 0x3C0D41EE5C: (below main) (in /lib64/libc-2.13.so) ==18497== Address 0x5216d50 is 0 bytes inside a block of size 88 free'd ==18497==at 0x4A05187: free (vg_replace_malloc.c:325) ==18497==by 0x5C16CD: ??? (in /usr/bin/php) ==18497==by 0x5BE0D4: ??? (in /usr/bin/php) ==18497==by 0x5BF93B: zend_hash_apply_with_argument (in /usr/bin/php) ==18497==by 0x5C175D: ??? (in /usr/bin/php) ==18497==by 0x5BF5AB: zend_hash_del_key_or_index (in /usr/bin/php) ==18497==by 0x5C1888: _zend_list_delete (in /usr/bin/php) ==18497==by 0xB2DF3D3: ??? (in /usr/lib64/php/modules/dba.so) ==18497==by 0x5FDE3C: ??? (in /usr/bin/php) ==18497==by 0x5D6793: execute (in /usr/bin/php) ==18497==by 0x5B3965: zend_execute_scripts (in /usr/bin/php) ==18497==by 0x5603F2: php_execute_script (in /u
Bug #61390 [Opn]: Segfault occurs in simple flatfile test
Edit report at https://bugs.php.net/bug.php?id=61390&edit=1 ID: 61390 User updated by:cjashfor at linux dot vnet dot ibm dot com Reported by:cjashfor at linux dot vnet dot ibm dot com Summary:Segfault occurs in simple flatfile test Status: Open Type: Bug Package:DBM/DBA related Operating System: Linux PHP Version:5.4.0 Block user comment: N Private report: N New Comment: The first echo in the test case is incorrect. It should read: echo "open ./test0.dbm as a flatfile db, and insert a key\n" Previous Comments: [2012-03-14 19:08:02] cjashfor at linux dot vnet dot ibm dot com Description: I have a simple test case that dba_opens a flatfile once which returns a resource descriptor, inserts a key and value into that flatfile, opens the same flatfile again returning a second resource, closes the second resource, and again reads the a key from the first descriptor. This causes a seg fault. Test script: --- Note, this test case requires the dba extension to be installed. Expected result: I expect that instead of seg faulting on the final line, that it would instead print: This is a test insert 1 Actual result: -- (gdb) bt #0 flatfile_findkey (dba=0x0, key_datum=...) at /home/corey/php-5.4.0/ext/dba/libflatfile/flatfile.c:172 #1 0x004f05dd in flatfile_fetch (dba=0x0, key_datum=...) at /home/corey/php-5.4.0/ext/dba/libflatfile/flatfile.c:90 #2 0x004ef0fe in dba_fetch_flatfile (info=, key=0x7fcd5cb42a10 "key1", keylen=4, skip=, newlen=0x7fff6396689c) at /home/corey/php-5.4.0/ext/dba/dba_flatfile.c:70 #3 0x004ed1fb in zif_dba_fetch (ht=2, return_value=0x7fcd5cc57cb0, return_value_ptr=, this_ptr=, return_value_used=) at /home/corey/php-5.4.0/ext/dba/dba.c:1020 #4 0x00722b83 in zend_do_fcall_common_helper_SPEC (execute_data=) at /home/corey/php-5.4.0/Zend/zend_vm_execute.h:642 #5 0x006dd2c5 in execute (op_array=0x7fcd5cc560a8) at /home/corey/php-5.4.0/Zend/zend_vm_execute.h:410 #6 0x0067f585 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /home/corey/php-5.4.0/Zend/zend.c:1272 #7 0x00622109 in php_execute_script (primary_file=0x7fff63968f70) at /home/corey/php-5.4.0/main/main.c:2473 #8 0x007253ee in do_cli (argc=2, argv=0x7fff63969368) at /home/corey/php-5.4.0/sapi/cli/php_cli.c:983 #9 0x00725c9f in main (argc=2, argv=0x7fff63969368) at /home/corey/php-5.4.0/sapi/cli/php_cli.c:1356 Here's the valgrind memcheck log: ==18497== Memcheck, a memory error detector ==18497== Copyright (C) 2002-2009, and GNU GPL'd, by Julian Seward et al. ==18497== Using Valgrind-3.5.0 and LibVEX; rerun with -h for copyright info ==18497== Command: /usr/bin/php new.php ==18497== Parent PID: 17376 ==18497== ==18497== Invalid read of size 8 ==18497==at 0xB2E009B: ??? (in /usr/lib64/php/modules/dba.so) ==18497==by 0x5FDE3C: ??? (in /usr/bin/php) ==18497==by 0x5D6793: execute (in /usr/bin/php) ==18497==by 0x5B3965: zend_execute_scripts (in /usr/bin/php) ==18497==by 0x5603F2: php_execute_script (in /usr/bin/php) ==18497==by 0x64688C: ??? (in /usr/bin/php) ==18497==by 0x3C0D41EE5C: (below main) (in /lib64/libc-2.13.so) ==18497== Address 0x5216d88 is 56 bytes inside a block of size 88 free'd ==18497==at 0x4A05187: free (vg_replace_malloc.c:325) ==18497==by 0x5C16CD: ??? (in /usr/bin/php) ==18497==by 0x5BE0D4: ??? (in /usr/bin/php) ==18497==by 0x5BF93B: zend_hash_apply_with_argument (in /usr/bin/php) ==18497==by 0x5C175D: ??? (in /usr/bin/php) ==18497==by 0x5BF5AB: zend_hash_del_key_or_index (in /usr/bin/php) ==18497==by 0x5C1888: _zend_list_delete (in /usr/bin/php) ==18497==by 0xB2DF3D3: ??? (in /usr/lib64/php/modules/dba.so) ==18497==by 0x5FDE3C: ??? (in /usr/bin/php) ==18497==by 0x5D6793: execute (in /usr/bin/php) ==18497==by 0x5B3965: zend_execute_scripts (in /usr/bin/php) ==18497==by 0x5603F2: php_execute_script (in /usr/bin/php) ==18497==by 0x64688C: ??? (in /usr/bin/php) ==18497==by 0x3C0D41EE5C: (below main) (in /lib64/libc-2.13.so) ==18497== ==18497== Invalid read of size 8 ==18497==at 0xB2E2376: ??? (in /usr/lib64/php/modules/dba.so) ==18497==by 0xB2E00BF: ??? (in /usr/lib64/php/modules/dba.so) ==18497==by 0x5FDE3C: ??? (in /usr/bin/php) ==18497==by 0x5D6793: execute (in /usr/bin/php) ==18497==by 0x5B3965: zend_execute_scripts (in /usr/bin/php) ==18497==by 0x5603F2: php_execute_script (in /usr/bin/php) ==18497==by 0x64688C: ??? (in /usr/bin/php) ==18497==by 0x3C0D41EE5C: (below main) (in /lib64/libc-2.13.so) ==18497== Address 0x5216d50 is 0 bytes inside a block of size 88 free'd ==18497==at 0x4A05187: free (vg_re
Bug #61390 [Com]: Segfault occurs in simple flatfile test
Edit report at https://bugs.php.net/bug.php?id=61390&edit=1 ID: 61390 Comment by: cjashfor at linux dot vnet dot ibm dot com Reported by:cjashfor at linux dot vnet dot ibm dot com Summary:Segfault occurs in simple flatfile test Status: Open Type: Bug Package:DBM/DBA related Operating System: Linux PHP Version:5.4.0 Block user comment: N Private report: N New Comment: The first valgrind memcheck I ran was on the installed php, and so it's missing some file/line# information. Here's one where I ran it on the php where I built it; it contains complete file/line# info: ==18593== Memcheck, a memory error detector ==18593== Copyright (C) 2002-2009, and GNU GPL'd, by Julian Seward et al. ==18593== Using Valgrind-3.5.0 and LibVEX; rerun with -h for copyright info ==18593== Command: /home/corey/php-5.4.0/sapi/cli/php new.php ==18593== Parent PID: 17376 ==18593== ==18593== Invalid read of size 8 ==18593==at 0x4ED1D9: zif_dba_fetch (dba.c:1018) ==18593==by 0x722B82: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:642) ==18593==by 0x6DD2C4: execute (zend_vm_execute.h:410) ==18593==by 0x67F584: zend_execute_scripts (zend.c:1272) ==18593==by 0x622108: php_execute_script (main.c:2473) ==18593==by 0x7253ED: do_cli (php_cli.c:983) ==18593==by 0x725C9E: main (php_cli.c:1356) ==18593== Address 0x51e48e8 is 56 bytes inside a block of size 88 free'd ==18593==at 0x4A05187: free (vg_replace_malloc.c:325) ==18593==by 0x68D55D: plist_entry_destructor (zend_list.c:209) ==18593==by 0x689D0E: zend_hash_apply_deleter (zend_hash.c:650) ==18593==by 0x68B7CB: zend_hash_apply_with_argument (zend_hash.c:743) ==18593==by 0x68D5ED: list_entry_destructor (zend_list.c:183) ==18593==by 0x68B3F0: zend_hash_del_key_or_index (zend_hash.c:531) ==18593==by 0x68D6D6: _zend_list_delete (zend_list.c:57) ==18593==by 0x4ED35F: zif_dba_close (dba.c:969) ==18593==by 0x722B82: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:642) ==18593==by 0x6DD2C4: execute (zend_vm_execute.h:410) ==18593==by 0x67F584: zend_execute_scripts (zend.c:1272) ==18593==by 0x622108: php_execute_script (main.c:2473) ==18593==by 0x7253ED: do_cli (php_cli.c:983) ==18593==by 0x725C9E: main (php_cli.c:1356) ==18593== ==18593== Invalid read of size 8 ==18593==at 0x4EF0E6: dba_fetch_flatfile (dba_flatfile.c:67) ==18593==by 0x4ED1FA: zif_dba_fetch (dba.c:1020) ==18593==by 0x722B82: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:642) ==18593==by 0x6DD2C4: execute (zend_vm_execute.h:410) ==18593==by 0x67F584: zend_execute_scripts (zend.c:1272) ==18593==by 0x622108: php_execute_script (main.c:2473) ==18593==by 0x7253ED: do_cli (php_cli.c:983) ==18593==by 0x725C9E: main (php_cli.c:1356) ==18593== Address 0x51e48b0 is 0 bytes inside a block of size 88 free'd ==18593==at 0x4A05187: free (vg_replace_malloc.c:325) ==18593==by 0x68D55D: plist_entry_destructor (zend_list.c:209) ==18593==by 0x689D0E: zend_hash_apply_deleter (zend_hash.c:650) ==18593==by 0x68B7CB: zend_hash_apply_with_argument (zend_hash.c:743) ==18593==by 0x68D5ED: list_entry_destructor (zend_list.c:183) ==18593==by 0x68B3F0: zend_hash_del_key_or_index (zend_hash.c:531) ==18593==by 0x68D6D6: _zend_list_delete (zend_list.c:57) ==18593==by 0x4ED35F: zif_dba_close (dba.c:969) ==18593==by 0x722B82: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:642) ==18593==by 0x6DD2C4: execute (zend_vm_execute.h:410) ==18593==by 0x67F584: zend_execute_scripts (zend.c:1272) ==18593==by 0x622108: php_execute_script (main.c:2473) ==18593==by 0x7253ED: do_cli (php_cli.c:983) ==18593==by 0x725C9E: main (php_cli.c:1356) ==18593== ==18593== Invalid read of size 8 ==18593==at 0x4F047A: flatfile_findkey (flatfile.c:172) ==18593==by 0x4F05DC: flatfile_fetch (flatfile.c:90) ==18593==by 0x4EF0FD: dba_fetch_flatfile (dba_flatfile.c:70) ==18593==by 0x4ED1FA: zif_dba_fetch (dba.c:1020) ==18593==by 0x722B82: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:642) ==18593==by 0x6DD2C4: execute (zend_vm_execute.h:410) ==18593==by 0x67F584: zend_execute_scripts (zend.c:1272) ==18593==by 0x622108: php_execute_script (main.c:2473) ==18593==by 0x7253ED: do_cli (php_cli.c:983) ==18593==by 0x725C9E: main (php_cli.c:1356) ==18593== Address 0x51e5050 is 16 bytes inside a block of size 48 free'd ==18593==at 0x4A05187: free (vg_replace_malloc.c:325) ==18593==by 0x4ED39F: dba_close (dba.c:401) ==18593==by 0x68D55D: plist_entry_destructor (zend_list.c:209) ==18593==by 0x689D0E: zend_hash_apply_deleter (zend_hash.c:650) ==18593==by 0x68B7CB: zend_hash_apply_with_argument (zend_hash.c:743) ==18593==by 0x68D5ED: list_entry_destructor (zend_list.c:183) ==18593==by 0x
Bug #61390 [Com]: Segfault occurs in simple flatfile test
Edit report at https://bugs.php.net/bug.php?id=61390&edit=1 ID: 61390 Comment by: cjashfor at linux dot vnet dot ibm dot com Reported by:cjashfor at linux dot vnet dot ibm dot com Summary:Segfault occurs in simple flatfile test Status: Open Type: Bug Package:DBM/DBA related Operating System: Linux PHP Version:5.4.0 Block user comment: N Private report: N New Comment: >From what I can tell from debugging, what's happening is that on the first >dba_popen, a dba_info structure is allocated for the first resource. On the second dba_popen, since it's the same file, the dba_info from the first resource is reused. I don't know if this alone is a legitimate thing to do, because now two resources are sharing the same dba_info. At the very least, I would think that some sort of reference counter is need in dba_info to track how many resources are linked to it. When the first resource is closed, the dba_info structure is free'd at dba.c:dba_close():423. Consequently, when the second resource is referenced, it's using an already-free'd dba_info structure, and this causes a seg fault. If it's truly OK to have to resources reference the same dba_info structure, one solution might be to add a reference counter to dba_info, and to set it to 1 on the initial allocation, and increment it when linking to it on subsequent dba_popens. When closing resources, the reference counter is decremented, and the structure is released only when the count reaches zero. Any thoughts? Previous Comments: ------------ [2012-03-14 19:28:48] cjashfor at linux dot vnet dot ibm dot com The first valgrind memcheck I ran was on the installed php, and so it's missing some file/line# information. Here's one where I ran it on the php where I built it; it contains complete file/line# info: ==18593== Memcheck, a memory error detector ==18593== Copyright (C) 2002-2009, and GNU GPL'd, by Julian Seward et al. ==18593== Using Valgrind-3.5.0 and LibVEX; rerun with -h for copyright info ==18593== Command: /home/corey/php-5.4.0/sapi/cli/php new.php ==18593== Parent PID: 17376 ==18593== ==18593== Invalid read of size 8 ==18593==at 0x4ED1D9: zif_dba_fetch (dba.c:1018) ==18593==by 0x722B82: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:642) ==18593==by 0x6DD2C4: execute (zend_vm_execute.h:410) ==18593==by 0x67F584: zend_execute_scripts (zend.c:1272) ==18593==by 0x622108: php_execute_script (main.c:2473) ==18593==by 0x7253ED: do_cli (php_cli.c:983) ==18593==by 0x725C9E: main (php_cli.c:1356) ==18593== Address 0x51e48e8 is 56 bytes inside a block of size 88 free'd ==18593==at 0x4A05187: free (vg_replace_malloc.c:325) ==18593==by 0x68D55D: plist_entry_destructor (zend_list.c:209) ==18593==by 0x689D0E: zend_hash_apply_deleter (zend_hash.c:650) ==18593==by 0x68B7CB: zend_hash_apply_with_argument (zend_hash.c:743) ==18593==by 0x68D5ED: list_entry_destructor (zend_list.c:183) ==18593==by 0x68B3F0: zend_hash_del_key_or_index (zend_hash.c:531) ==18593==by 0x68D6D6: _zend_list_delete (zend_list.c:57) ==18593==by 0x4ED35F: zif_dba_close (dba.c:969) ==18593==by 0x722B82: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:642) ==18593==by 0x6DD2C4: execute (zend_vm_execute.h:410) ==18593==by 0x67F584: zend_execute_scripts (zend.c:1272) ==18593==by 0x622108: php_execute_script (main.c:2473) ==18593==by 0x7253ED: do_cli (php_cli.c:983) ==18593==by 0x725C9E: main (php_cli.c:1356) ==18593== ==18593== Invalid read of size 8 ==18593==at 0x4EF0E6: dba_fetch_flatfile (dba_flatfile.c:67) ==18593==by 0x4ED1FA: zif_dba_fetch (dba.c:1020) ==18593==by 0x722B82: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:642) ==18593==by 0x6DD2C4: execute (zend_vm_execute.h:410) ==18593==by 0x67F584: zend_execute_scripts (zend.c:1272) ==18593==by 0x622108: php_execute_script (main.c:2473) ==18593==by 0x7253ED: do_cli (php_cli.c:983) ==18593==by 0x725C9E: main (php_cli.c:1356) ==18593== Address 0x51e48b0 is 0 bytes inside a block of size 88 free'd ==18593==at 0x4A05187: free (vg_replace_malloc.c:325) ==18593==by 0x68D55D: plist_entry_destructor (zend_list.c:209) ==18593==by 0x689D0E: zend_hash_apply_deleter (zend_hash.c:650) ==18593==by 0x68B7CB: zend_hash_apply_with_argument (zend_hash.c:743) ==18593==by 0x68D5ED: list_entry_destructor (zend_list.c:183) ==18593==by 0x68B3F0: zend_hash_del_key_or_index (zend_hash.c:531) ==18593==by 0x68D6D6: _zend_list_delete (zend_list.c:57) ==18593==by 0x4ED35F: zif_dba_close (dba.c:969) ==18593==by 0x722B82: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:642) ==18593==by 0x6DD2C4: execute (zend_vm_execute.h:410) ==1859
Bug #51278 [Com]: Crash when using reopened persistent connection after one resource closed
Edit report at https://bugs.php.net/bug.php?id=51278&edit=1 ID: 51278 Comment by: cjashfor at linux dot vnet dot ibm dot com Reported by:christopher dot jones at oraclel dot com Summary:Crash when using reopened persistent connection after one resource closed Status: Open Type: Bug Package:DBM/DBA related Operating System: Linux PHP Version:5.3SVN-2010-03-12 (SVN) Block user comment: N Private report: N New Comment: Shouldn't someone at least be assigned to fix this bug? I reported what appears to be an identical bug - 61390 - and it was closed after just a small amount of discussion from the developers, followed by inactivity. Previous Comments: [2010-03-12 01:17:26] christopher dot jones at oraclel dot com Description: Do two dba_popen() calls using the same file. Close one resource with dba_close(). Then do a dba_fetch on the still open resource. This results in a crash in flatfile_findkey() with a NULL dba pointer. Program received signal SIGSEGV, Segmentation fault. 0x0817c3b4 in flatfile_findkey (dba=0x0, key_datum=...) at /home/cjones/phpsrc/php/php- src/branches/PHP_5_3/ext/dba/libflatfile/flatfile.c:173 (gdb) bt #0 0x0817c3b4 in flatfile_findkey (dba=0x0, key_datum=...) at /home/cjones/phpsrc/php/php- src/branches/PHP_5_3/ext/dba/libflatfile/flatfile.c:173 #1 0x0817bfaa in flatfile_fetch (dba=0x0, key_datum=...) at /home/cjones/phpsrc/php/php- src/branches/PHP_5_3/ext/dba/libflatfile/flatfile.c:91 #2 0x0817a671 in dba_fetch_flatfile (info=0x89abb20, key=0x897b2bc "key1", keylen=4, skip=0, newlen=0xbfffd348) at /home/cjones/phpsrc/php/php- src/branches/PHP_5_3/ext/dba/dba_flatfile.c:70 #3 0x0817871b in zif_dba_fetch (ht=2, return_value=0x897a638, return_value_ptr=0x0, this_ptr=0x0, return_value_used=1) at /home/cjones/phpsrc/php/php-src/branches/PHP_5_3/ext/dba/dba.c:1025 #4 0x0844ccf0 in zend_do_fcall_common_helper_SPEC (execute_data=0x89abcc8) at /home/cjones/phpsrc/php/php-src/branches/PHP_5_3/Zend/zend_vm_execute.h:313 #5 0x084507ae in ZEND_DO_FCALL_SPEC_CONST_HANDLER (execute_data=0x89abcc8) at /home/cjones/phpsrc/php/php-src/branches/PHP_5_3/Zend/zend_vm_execute.h:1603 #6 0x0844c38d in execute (op_array=0x897ac98) at /home/cjones/phpsrc/php/php- src/branches/PHP_5_3/Zend/zend_vm_execute.h:104 #7 0x0841ff12 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /home/cjones/phpsrc/php/php-src/branches/PHP_5_3/Zend/zend.c:1194 #8 0x083b6c16 in php_execute_script (primary_file=0xb7c4) at /home/cjones/phpsrc/php/php-src/branches/PHP_5_3/main/main.c:2260 #9 0x084dd733 in main (argc=2, argv=0xb954) at /home/cjones/phpsrc/php/php- src/branches/PHP_5_3/sapi/cli/php_cli.c:1192 Test script: --- See ext/dba/tests/dba015.phpt -- Edit this bug report at https://bugs.php.net/bug.php?id=51278&edit=1
Bug #61390 [Com]: Segfault occurs in simple flatfile test
Edit report at https://bugs.php.net/bug.php?id=61390&edit=1 ID: 61390 Comment by: cjashfor at linux dot vnet dot ibm dot com Reported by:cjashfor at linux dot vnet dot ibm dot com Summary:Segfault occurs in simple flatfile test Status: No Feedback Type: Bug Package:DBM/DBA related Operating System: Linux PHP Version:5.4.0 Assigned To:dmitry Block user comment: N Private report: N New Comment: This bug should be re-opened because it hasn't been fixed. I don't know what the correct solution is in the implementation, but the bug shouldn't be closed till it's resolved. Previous Comments: [2013-02-18 00:35:45] php-bugs at lists dot php dot net No feedback was provided. The bug is being suspended because we assume that you are no longer experiencing the problem. If this is not the case and you are able to provide the information that was requested earlier, please do so and change the status of the bug back to "Open". Thank you. [2012-05-21 13:54:41] dmi...@php.net why dba_close() closes a persistent resource? In comparison mysql_close() doesn't close connection opened using mysql_pconnect() and as result ext/mysql doesn't make this problem. BTW: ZE resources have refcount, but unfortunately it couldn't help in this case. [2012-03-31 01:37:19] yohg...@php.net The needs of resource reference counter is pointed out by Stefan Esser many years ago. I'm not sure who is the right person, but I'll assign this to Dmitry for now so that someone could take care of this. -------------------- [2012-03-16 19:33:42] cjashfor at linux dot vnet dot ibm dot com >From what I can tell from debugging, what's happening is that on the first >dba_popen, a dba_info structure is allocated for the first resource. On the second dba_popen, since it's the same file, the dba_info from the first resource is reused. I don't know if this alone is a legitimate thing to do, because now two resources are sharing the same dba_info. At the very least, I would think that some sort of reference counter is need in dba_info to track how many resources are linked to it. When the first resource is closed, the dba_info structure is free'd at dba.c:dba_close():423. Consequently, when the second resource is referenced, it's using an already-free'd dba_info structure, and this causes a seg fault. If it's truly OK to have to resources reference the same dba_info structure, one solution might be to add a reference counter to dba_info, and to set it to 1 on the initial allocation, and increment it when linking to it on subsequent dba_popens. When closing resources, the reference counter is decremented, and the structure is released only when the count reaches zero. Any thoughts? -------------------------------- [2012-03-14 19:28:48] cjashfor at linux dot vnet dot ibm dot com The first valgrind memcheck I ran was on the installed php, and so it's missing some file/line# information. Here's one where I ran it on the php where I built it; it contains complete file/line# info: ==18593== Memcheck, a memory error detector ==18593== Copyright (C) 2002-2009, and GNU GPL'd, by Julian Seward et al. ==18593== Using Valgrind-3.5.0 and LibVEX; rerun with -h for copyright info ==18593== Command: /home/corey/php-5.4.0/sapi/cli/php new.php ==18593== Parent PID: 17376 ==18593== ==18593== Invalid read of size 8 ==18593==at 0x4ED1D9: zif_dba_fetch (dba.c:1018) ==18593==by 0x722B82: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:642) ==18593==by 0x6DD2C4: execute (zend_vm_execute.h:410) ==18593==by 0x67F584: zend_execute_scripts (zend.c:1272) ==18593==by 0x622108: php_execute_script (main.c:2473) ==18593==by 0x7253ED: do_cli (php_cli.c:983) ==18593==by 0x725C9E: main (php_cli.c:1356) ==18593== Address 0x51e48e8 is 56 bytes inside a block of size 88 free'd ==18593==at 0x4A05187: free (vg_replace_malloc.c:325) ==18593==by 0x68D55D: plist_entry_destructor (zend_list.c:209) ==18593==by 0x689D0E: zend_hash_apply_deleter (zend_hash.c:650) ==18593==by 0x68B7CB: zend_hash_apply_with_argument (zend_hash.c:743) ==18593==by 0x68D5ED: list_entry_destructor (zend_list.c:183) ==18593==by 0x68B3F0: zend_hash_del_key_or_index (zend_hash.c:531) ==18593==by 0x68D6D6: _zend_list_delete (zend_list.c:57) ==18593==by 0x4ED35F: zif_dba_close (dba.c:969) ==18593==by 0x722B82: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:642) ==18593==b
