Bug #52389 [Opn]: Memory (de)allocation problem for pgsql notices

[aharvey]

Edit report at http://bugs.php.net/bug.php?id=52389&edit=1

 ID:               52389
 Updated by:       ahar...@php.net
 Reported by:      miroslav dot zacek at skype dot net
 Summary:          Memory (de)allocation problem for pgsql notices
 Status:           Open
 Type:             Bug
 Package:          PostgreSQL related
 Operating System: Linux (Kubuntu)
 PHP Version:      5.3.2

 New Comment:

The original description without the double encoding:



In the ext/pgsql.c pgsql_globals->notices structure is allocated as

persistent but individual messages non persistent. Thus the destructor

_php_pgsql_notice_ptr_dtor happens to try to free memory that was

already freed by the garbage collector and the thread exits with

segmentation fault.



Program received signal SIGSEGV, Segmentation fault.

0x00007ffff3cd3013 in _zend_mm_free_int (heap=0x7ffff844b5c0,
p=0x7ffff9397390) 

at /usr/src/php_no_suhosin/php5-5.3.2/Zend/zend_alloc.c:2018

2018            if (ZEND_MM_IS_FREE_BLOCK(next_block)) {

(gdb) backtrace

#0  0x00007ffff3cd3013 in _zend_mm_free_int (heap=0x7ffff844b5c0, 

p=0x7ffff9397390) at
/usr/src/php_no_suhosin/php5-5.3.2/Zend/zend_alloc.c:2018

#1  0x00007ffff3cd3de1 in _efree (ptr=0x7ffff9397390) at 

/usr/src/php_no_suhosin/php5-5.3.2/Zend/zend_alloc.c:2351

#2  0x00007fffeb4d3419 in _php_pgsql_notice_ptr_dtor
(ptr=0x7ffff9396708) at 

/tmp/pgsql/pgsql.c:841


Previous Comments:
------------------------------------------------------------------------
[2010-07-21 15:50:43] miroslav dot zacek at skype dot net

Description:
------------
In the ext/pgsql.c pgsql_globals->notices structure is allocated as
persistent but individual messages non persistent. Thus the destructor
_php_pgsql_notice_ptr_dtor happens to try to free memory that was
already freed by the garbage collector and the thread exits with
segmentation fault.

Program received signal SIGSEGV,
Segmentation fault.
0x00007ffff3cd3013 in _zend_mm_free_int
(heap=0x7ffff844b5c0, p=0x7ffff9397390) at
/usr/src/php_no_suhosin/php5-5.3.2/Zend/zend_alloc.c:2018
2018 
          if (ZEND_MM_IS_FREE_BLOCK(next_block)) {
(gdb)
backtrace
#0  0x00007ffff3cd3013 in _zend_mm_free_int
(heap=0x7ffff844b5c0, p=0x7ffff9397390) at
/usr/src/php_no_suhosin/php5-5.3.2/Zend/zend_alloc.c:2018
#1 
0x00007ffff3cd3de1 in _efree (ptr=0x7ffff9397390) at
/usr/src/php_no_suhosin/php5-5.3.2/Zend/zend_alloc.c:2351
#2 
0x00007fffeb4d3419 in _php_pgsql_notice_ptr_dtor (ptr=0x7ffff9396708) at
/tmp/pgsql/pgsql.c:841




------------------------------------------------------------------------



-- 
Edit this bug report at http://bugs.php.net/bug.php?id=52389&edit=1