I've been debugging a problem with my memory manager for quite a while (I was playing with different block sizes) when I discovered there doesn't seem to be a bug but the heap gets corrupted by some other place in PHP. It just happens that the memory manager makes this problem appear sooner.
The problem seems to be in xmlCleanupParser() of the simplexml extension. Not sure if this is a bug in simplexml or libXML2.
On an empty script I get the following reports from valgrind. Can someone with a more intimate knowledge of this module or libXML2 please take a look? (bug.php is an empty script)
Thanks, Andi
[andi@ ~/php5]$ valgrind sapi/cli/php bug.php
==2074== Memcheck, a.k.a. Valgrind, a memory error detector for x86-linux.
==2074== Copyright (C) 2002-2003, and GNU GPL'd, by Julian Seward.
==2074== Using valgrind-20030725, a program supervision framework for x86-linux.
==2074== Copyright (C) 2000-2003, and GNU GPL'd, by Julian Seward.
==2074== Estimated CPU clock rate is 551 MHz
==2074== For more details, rerun with: -v
==2074==
==2074== Invalid read of size 4
==2074== at 0x403A8D4C: __pthread_mutex_destroy (vg_libpthread.c:1010)
==2074== by 0x40344CFC: xmlFreeMutex (threads.c:138)
==2074== by 0x40344189: xmlCleanupGlobals (globals.c:49)
==2074== by 0x402F7C39: xmlCleanupParser (parser.c:11179)
==2074== Address 0x418FC32C is 4 bytes inside a block of size 24 free'd
==2074== at 0x40025722: free (vg_replace_malloc.c:220)
==2074== by 0x40344D04: xmlFreeMutex (threads.c:142)
==2074== by 0x40344189: xmlCleanupGlobals (globals.c:49)
==2074== by 0x402F7C39: xmlCleanupParser (parser.c:11179)
==2074==
==2074== Invalid write of size 4
==2074== at 0x403A8D69: __pthread_mutex_destroy (vg_libpthread.c:1019)
==2074== by 0x40344CFC: xmlFreeMutex (threads.c:138)
==2074== by 0x40344189: xmlCleanupGlobals (globals.c:49)
==2074== by 0x402F7C39: xmlCleanupParser (parser.c:11179)
==2074== Address 0x418FC32C is 4 bytes inside a block of size 24 free'd
==2074== at 0x40025722: free (vg_replace_malloc.c:220)
==2074== by 0x40344D04: xmlFreeMutex (threads.c:142)
==2074== by 0x40344189: xmlCleanupGlobals (globals.c:49)
==2074== by 0x402F7C39: xmlCleanupParser (parser.c:11179)
==2074==
==2074== Invalid write of size 4
==2074== at 0x403A8D70: __pthread_mutex_destroy (vg_libpthread.c:1020)
==2074== by 0x40344CFC: xmlFreeMutex (threads.c:138)
==2074== by 0x40344189: xmlCleanupGlobals (globals.c:49)
==2074== by 0x402F7C39: xmlCleanupParser (parser.c:11179)
==2074== Address 0x418FC330 is 8 bytes inside a block of size 24 free'd
==2074== at 0x40025722: free (vg_replace_malloc.c:220)
==2074== by 0x40344D04: xmlFreeMutex (threads.c:142)
==2074== by 0x40344189: xmlCleanupGlobals (globals.c:49)
==2074== by 0x402F7C39: xmlCleanupParser (parser.c:11179)
==2074==
==2074== Invalid write of size 4
==2074== at 0x403A8D77: __pthread_mutex_destroy (vg_libpthread.c:1021)
==2074== by 0x40344CFC: xmlFreeMutex (threads.c:138)
==2074== by 0x40344189: xmlCleanupGlobals (globals.c:49)
==2074== by 0x402F7C39: xmlCleanupParser (parser.c:11179)
==2074== Address 0x418FC334 is 12 bytes inside a block of size 24 free'd
==2074== at 0x40025722: free (vg_replace_malloc.c:220)
==2074== by 0x40344D04: xmlFreeMutex (threads.c:142)
==2074== by 0x40344189: xmlCleanupGlobals (globals.c:49)
==2074== by 0x402F7C39: xmlCleanupParser (parser.c:11179)
==2074==
==2074== Invalid free() / delete / delete[]
==2074== at 0x40025722: free (vg_replace_malloc.c:220)
==2074== by 0x40344D04: xmlFreeMutex (threads.c:142)
==2074== by 0x40344189: xmlCleanupGlobals (globals.c:49)
==2074== by 0x402F7C39: xmlCleanupParser (parser.c:11179)
==2074== Address 0x418FC328 is 0 bytes inside a block of size 24 free'd
==2074== at 0x40025722: free (vg_replace_malloc.c:220)
==2074== by 0x40344D04: xmlFreeMutex (threads.c:142)
==2074== by 0x40344189: xmlCleanupGlobals (globals.c:49)
==2074== by 0x402F7C39: xmlCleanupParser (parser.c:11179)
==2074==
==2074== ERROR SUMMARY: 5 errors from 5 contexts (suppressed: 4 from 2)
==2074== malloc/free: in use at exit: 288 bytes in 3 blocks.
==2074== malloc/free: 3457 allocs, 3455 frees, 513425 bytes allocated.
==2074== For a detailed leak analysis, rerun with: --leak-check=yes
==2074== For counts of detected errors, rerun with: -v
-- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
