Edit report at http://bugs.php.net/bug.php?id=54460&edit=1
ID: 54460
Comment by: decoder-php at own-hero dot net
Reported by: courtois at templeet dot org
Summary: memory leaks
Status: Open
Type: Bug
Package: Reproducible crash
Operating System: debian squeeze
PHP Version: 5.3.6
Block user comment: N
Private report: N
New Comment:
The following is an automatically reduced testcase that can be run in
the same way as described here for the original testcase:
<?php
class TempleetRedirect extends Exception {};
Function parseform($template) {
$txt = eval_list($templatecache[$template]['template']);
}
Function eval_list($array) {
throw new TempleetRedirect($file);
}
Function parsetemplate($template) {
$txt = parseform($template);
}
try
{
$output=parsetemplate($global_var['template']);
}
catch (TempleetRedirect $r)
{
exit();
}
?>
Previous Comments:
------------------------------------------------------------------------
[2011-04-04 06:48:06] courtois at templeet dot org
To call it from command line I simulated a cgi call with this script:
#!/bin/sh
PHPRC="/var/www/dev4.sociatomdev.com/"
export PHPRC
export USE_ZEND_ALLOC=0
export REQUEST_URI=/auth/packageinstall.html.en
export SCRIPT_NAME=/templeet.php
export QUERY_STRING=
export REQUEST_METHOD=GET
export REDIRECT_STATUS=404
export REDIRECT_URL=/templeet.php
export DOCUMENT_ROOT=/var/www/dev4.sociatomdev.com/chroot/htdocs
export SCRIPT_FILENAME=/templeet.php
export SERVER_NAME=localhost
export SERVER_PROTOCOL=HTTP/1.0
export REDIRECT_HANDLER=php-cgi
export
PATH_TRANSLATED=/var/www/dev4.sociatomdev.com/chroot/htdocs/templeet.php
exec valgrind --leak-check=full
/home/courtois/test2/php-5.3.6/sapi/cgi/php-cgi
------------------------------------------------------------------------
[2011-04-03 23:35:17] decoder-php at own-hero dot net
Hello,
do you happen to have a testcase that runs on command line, or can your
testcase be run on command line instead of using Apache? That would
allow me to automatically reduce the testcase.
Best,
Chris
------------------------------------------------------------------------
[2011-04-03 21:28:12] courtois at templeet dot org
Description:
------------
memory leaks leed to memory exhaustion (see valgrind trace below)
PHP 5.3.6
'./configure' '--prefix=/usr/local/php53' '--with-mysql' '--with-mysqli'
'--with-gd' '--with-zlib' '--enable-debug' '--disable-cli'
called with cgi
memory exhaustion appears with zend memory manager.
Test script:
---------------
bug can be reproduced by downloading Templeet installer at:
http://t4.templeet.org/templeet.php/makeinstaller/?action=makeinstaller&dists[core]=201104030716&dists[templeet4_admin]=201103010804
install Templeet by calling the php file downloaded.
in templeet/serverconf.php :
set $config['usepagecache'] and $config['usetemplatecache'] to 0
go to the package install page : auth/packageinstall.html.en
Actual result:
--------------
==22302== Memcheck, a memory error detector
==22302== Copyright (C) 2002-2010, and GNU GPL'd, by Julian Seward et
al.
==22302== Using Valgrind-3.6.0.SVN-Debian and LibVEX; rerun with -h for
copyright info
==22302== Command: /home/courtois/test2/php-5.3.6/sapi/cgi/php-cgi
==22302==
/var/www/dev4.sociatomdev.com/chroot/htdocs/templeet/fetch.php(215) :
Warning - Cannot modify header information - headers already sent by
(output started at
/var/www/dev4.sociatomdev.com/chroot/htdocs/templeet/fetch.php:580)
==22302==
==22302== HEAP SUMMARY:
==22302== in use at exit: 60,706 bytes in 1,591 blocks
==22302== total heap usage: 1,815,703 allocs, 1,814,112 frees,
302,914,393 bytes allocated
==22302==
==22302== 21 (20 direct, 1 indirect) bytes in 1 blocks are definitely
lost in loss record 27 of 136
==22302== at 0x4023F50: malloc (vg_replace_malloc.c:236)
==22302== by 0x8400D36: _emalloc (zend_alloc.c:2348)
==22302== by 0x844BADE: zend_assign_to_variable_reference
(zend_execute.c:413)
==22302== by 0x84D6FF2: ZEND_ASSIGN_REF_SPEC_CV_VAR_HANDLER
(zend_vm_execute.h:27383)
==22302== by 0x844E8AA: execute (zend_vm_execute.h:107)
==22302== by 0x8421BD7: zend_execute_scripts (zend.c:1194)
==22302== by 0x83B8CC8: php_execute_script (main.c:2268)
==22302== by 0x84E649E: main (cgi_main.c:2109)
==22302==
==22302== 21 (20 direct, 1 indirect) bytes in 1 blocks are definitely
lost in loss record 28 of 136
==22302== at 0x4023F50: malloc (vg_replace_malloc.c:236)
==22302== by 0x8400D36: _emalloc (zend_alloc.c:2348)
==22302== by 0x844CE48: zend_assign_to_variable (zend_execute.c:714)
==22302== by 0x84C5B07: ZEND_ASSIGN_SPEC_CV_CONST_HANDLER
(zend_vm_execute.h:24059)
==22302== by 0x844E8AA: execute (zend_vm_execute.h:107)
==22302== by 0x8421BD7: zend_execute_scripts (zend.c:1194)
==22302== by 0x83B8CC8: php_execute_script (main.c:2268)
==22302== by 0x84E649E: main (cgi_main.c:2109)
==22302==
==22302== 39 bytes in 3 blocks are possibly lost in loss record 46 of
136
==22302== at 0x4023F50: malloc (vg_replace_malloc.c:236)
==22302== by 0x8400D36: _emalloc (zend_alloc.c:2348)
==22302== by 0x84010EA: _estrndup (zend_alloc.c:2503)
==22302== by 0x83E748F: zend_scan_escape_string
(zend_language_scanner.l:740)
==22302== by 0x83E90AC: lex_scan (zend_language_scanner.l:2037)
==22302== by 0x840E952: zendlex (zend_compile.c:4954)
==22302== by 0x83E1482: zendparse (zend_language_parser.c:3280)
==22302== by 0x83E6D7F: compile_file (zend_language_scanner.l:364)
==22302== by 0x82658C4: phar_compile_file (phar.c:3393)
==22302== by 0x8421B37: zend_execute_scripts (zend.c:1186)
==22302== by 0x83B8CC8: php_execute_script (main.c:2268)
==22302== by 0x84E649E: main (cgi_main.c:2109)
==22302==
==22302== 40 bytes in 2 blocks are definitely lost in loss record 54 of
136
==22302== at 0x4023F50: malloc (vg_replace_malloc.c:236)
==22302== by 0x8400D36: _emalloc (zend_alloc.c:2348)
==22302== by 0x84BE49D: zend_send_by_var_helper_SPEC_CV
(zend_vm_execute.h:22135)
==22302== by 0x84BEBC5: ZEND_SEND_VAR_SPEC_CV_HANDLER
(zend_vm_execute.h:22242)
==22302== by 0x844E8AA: execute (zend_vm_execute.h:107)
==22302== by 0x8421BD7: zend_execute_scripts (zend.c:1194)
==22302== by 0x83B8CC8: php_execute_script (main.c:2268)
==22302== by 0x84E649E: main (cgi_main.c:2109)
==22302==
==22302== 54 (20 direct, 34 indirect) bytes in 1 blocks are definitely
lost in loss record 65 of 136
==22302== at 0x4023F50: malloc (vg_replace_malloc.c:236)
==22302== by 0x8400D36: _emalloc (zend_alloc.c:2348)
==22302== by 0x844C52A: zend_assign_to_object (zend_execute.c:558)
==22302== by 0x84C531D: ZEND_ASSIGN_OBJ_SPEC_CV_CONST_HANDLER
(zend_vm_execute.h:23966)
==22302== by 0x844E8AA: execute (zend_vm_execute.h:107)
==22302== by 0x8421BD7: zend_execute_scripts (zend.c:1194)
==22302== by 0x83B8CC8: php_execute_script (main.c:2268)
==22302== by 0x84E649E: main (cgi_main.c:2109)
==22302==
==22302== 75 bytes in 12 blocks are possibly lost in loss record 73 of
136
==22302== at 0x4023F50: malloc (vg_replace_malloc.c:236)
==22302== by 0x8400D36: _emalloc (zend_alloc.c:2348)
==22302== by 0x84010EA: _estrndup (zend_alloc.c:2503)
==22302== by 0x83E748F: zend_scan_escape_string
(zend_language_scanner.l:740)
==22302== by 0x83EB434: lex_scan (zend_language_scanner.l:1870)
==22302== by 0x840E952: zendlex (zend_compile.c:4954)
==22302== by 0x83E1482: zendparse (zend_language_parser.c:3280)
==22302== by 0x83E6D7F: compile_file (zend_language_scanner.l:364)
==22302== by 0x82658C4: phar_compile_file (phar.c:3393)
==22302== by 0x8421B37: zend_execute_scripts (zend.c:1186)
==22302== by 0x83B8CC8: php_execute_script (main.c:2268)
==22302== by 0x84E649E: main (cgi_main.c:2109)
==22302==
==22302== 85 bytes in 11 blocks are possibly lost in loss record 77 of
136
==22302== at 0x4023F50: malloc (vg_replace_malloc.c:236)
==22302== by 0x8400D36: _emalloc (zend_alloc.c:2348)
==22302== by 0x84010EA: _estrndup (zend_alloc.c:2503)
==22302== by 0x83F3D83: lex_scan (zend_language_scanner.l:1036)
==22302== by 0x840E952: zendlex (zend_compile.c:4954)
==22302== by 0x83E1482: zendparse (zend_language_parser.c:3280)
==22302== by 0x83E6D7F: compile_file (zend_language_scanner.l:364)
==22302== by 0x82658C4: phar_compile_file (phar.c:3393)
==22302== by 0x8421B37: zend_execute_scripts (zend.c:1186)
==22302== by 0x83B8CC8: php_execute_script (main.c:2268)
==22302== by 0x84E649E: main (cgi_main.c:2109)
==22302==
==22302== 92 (80 direct, 12 indirect) bytes in 4 blocks are definitely
lost in loss record 82 of 136
==22302== at 0x4023F50: malloc (vg_replace_malloc.c:236)
==22302== by 0x8400D36: _emalloc (zend_alloc.c:2348)
==22302== by 0x844F09E: zend_do_fcall_common_helper_SPEC
(zend_vm_execute.h:300)
==22302== by 0x8452D45: ZEND_DO_FCALL_SPEC_CONST_HANDLER
(zend_vm_execute.h:1606)
==22302== by 0x844E8AA: execute (zend_vm_execute.h:107)
==22302== by 0x8421BD7: zend_execute_scripts (zend.c:1194)
==22302== by 0x83B8CC8: php_execute_script (main.c:2268)
==22302== by 0x84E649E: main (cgi_main.c:2109)
==22302==
==22302== 100 bytes in 7 blocks are possibly lost in loss record 84 of
136
==22302== at 0x4023F50: malloc (vg_replace_malloc.c:236)
==22302== by 0x8400D36: _emalloc (zend_alloc.c:2348)
==22302== by 0x841E742: zend_str_tolower_dup (zend_operators.c:1884)
==22302== by 0x8405CB6: zend_do_begin_dynamic_function_call
(zend_compile.c:1683)
==22302== by 0x84057F8: zend_do_begin_function_call
(zend_compile.c:1575)
==22302== by 0x83E3F78: zendparse (zend_language_parser.c:4652)
==22302== by 0x83E6D7F: compile_file (zend_language_scanner.l:364)
==22302== by 0x82658C4: phar_compile_file (phar.c:3393)
==22302== by 0x8421B37: zend_execute_scripts (zend.c:1186)
==22302== by 0x83B8CC8: php_execute_script (main.c:2268)
==22302== by 0x84E649E: main (cgi_main.c:2109)
==22302==
==22302== 100 bytes in 12 blocks are possibly lost in loss record 85 of
136
==22302== at 0x4023F50: malloc (vg_replace_malloc.c:236)
==22302== by 0x8400D36: _emalloc (zend_alloc.c:2348)
==22302== by 0x84010EA: _estrndup (zend_alloc.c:2503)
==22302== by 0x83EC50D: lex_scan (zend_language_scanner.l:1672)
==22302== by 0x840E952: zendlex (zend_compile.c:4954)
==22302== by 0x83E1482: zendparse (zend_language_parser.c:3280)
==22302== by 0x83E6D7F: compile_file (zend_language_scanner.l:364)
==22302== by 0x82658C4: phar_compile_file (phar.c:3393)
==22302== by 0x8421B37: zend_execute_scripts (zend.c:1186)
==22302== by 0x83B8CC8: php_execute_script (main.c:2268)
==22302== by 0x84E649E: main (cgi_main.c:2109)
==22302==
==22302== 122 bytes in 9 blocks are possibly lost in loss record 90 of
136
==22302== at 0x4023F50: malloc (vg_replace_malloc.c:236)
==22302== by 0x8400D36: _emalloc (zend_alloc.c:2348)
==22302== by 0x84010EA: _estrndup (zend_alloc.c:2503)
==22302== by 0x83E9E0E: lex_scan (zend_language_scanner.l:1695)
==22302== by 0x840E952: zendlex (zend_compile.c:4954)
==22302== by 0x83E1482: zendparse (zend_language_parser.c:3280)
==22302== by 0x83E6D7F: compile_file (zend_language_scanner.l:364)
==22302== by 0x82658C4: phar_compile_file (phar.c:3393)
==22302== by 0x8421B37: zend_execute_scripts (zend.c:1186)
==22302== by 0x83B8CC8: php_execute_script (main.c:2268)
==22302== by 0x84E649E: main (cgi_main.c:2109)
==22302==
==22302== 182 bytes in 14 blocks are possibly lost in loss record 100 of
136
==22302== at 0x4023F50: malloc (vg_replace_malloc.c:236)
==22302== by 0x8400D36: _emalloc (zend_alloc.c:2348)
==22302== by 0x84010EA: _estrndup (zend_alloc.c:2503)
==22302== by 0x83EB237: lex_scan (zend_language_scanner.l:1817)
==22302== by 0x840E952: zendlex (zend_compile.c:4954)
==22302== by 0x83E1482: zendparse (zend_language_parser.c:3280)
==22302== by 0x83E6D7F: compile_file (zend_language_scanner.l:364)
==22302== by 0x82658C4: phar_compile_file (phar.c:3393)
==22302== by 0x8421B37: zend_execute_scripts (zend.c:1186)
==22302== by 0x83B8CC8: php_execute_script (main.c:2268)
==22302== by 0x84E649E: main (cgi_main.c:2109)
==22302==
==22302== 322 bytes in 34 blocks are possibly lost in loss record 112 of
136
==22302== at 0x4023F50: malloc (vg_replace_malloc.c:236)
==22302== by 0x8400D36: _emalloc (zend_alloc.c:2348)
==22302== by 0x841E742: zend_str_tolower_dup (zend_operators.c:1884)
==22302== by 0x840579D: zend_do_begin_function_call
(zend_compile.c:1571)
==22302== by 0x83E3F78: zendparse (zend_language_parser.c:4652)
==22302== by 0x83E6D7F: compile_file (zend_language_scanner.l:364)
==22302== by 0x82658C4: phar_compile_file (phar.c:3393)
==22302== by 0x8421B37: zend_execute_scripts (zend.c:1186)
==22302== by 0x83B8CC8: php_execute_script (main.c:2268)
==22302== by 0x84E649E: main (cgi_main.c:2109)
==22302==
==22302== 482 (144 direct, 338 indirect) bytes in 1 blocks are
definitely lost in loss record 116 of 136
==22302== at 0x4023F50: malloc (vg_replace_malloc.c:236)
==22302== by 0x8400D36: _emalloc (zend_alloc.c:2348)
==22302== by 0x83E6C86: compile_file (zend_language_scanner.l:334)
==22302== by 0x82658C4: phar_compile_file (phar.c:3393)
==22302== by 0x8421B37: zend_execute_scripts (zend.c:1186)
==22302== by 0x83B8CC8: php_execute_script (main.c:2268)
==22302== by 0x84E649E: main (cgi_main.c:2109)
==22302==
==22302== 613 (60 direct, 553 indirect) bytes in 3 blocks are definitely
lost in loss record 117 of 136
==22302== at 0x4023F50: malloc (vg_replace_malloc.c:236)
==22302== by 0x8400D36: _emalloc (zend_alloc.c:2348)
==22302== by 0x84BEA56: ZEND_SEND_REF_SPEC_CV_HANDLER
(zend_vm_execute.h:22226)
==22302== by 0x844E8AA: execute (zend_vm_execute.h:107)
==22302== by 0x8421BD7: zend_execute_scripts (zend.c:1194)
==22302== by 0x83B8CC8: php_execute_script (main.c:2268)
==22302== by 0x84E649E: main (cgi_main.c:2109)
==22302==
==22302== 679 (120 direct, 559 indirect) bytes in 6 blocks are
definitely lost in loss record 121 of 136
==22302== at 0x4023F50: malloc (vg_replace_malloc.c:236)
==22302== by 0x8400D36: _emalloc (zend_alloc.c:2348)
==22302== by 0x844CEFB: zend_assign_to_variable (zend_execute.c:724)
==22302== by 0x84CCEAB: ZEND_ASSIGN_SPEC_CV_TMP_HANDLER
(zend_vm_execute.h:25697)
==22302== by 0x844E8AA: execute (zend_vm_execute.h:107)
==22302== by 0x8421BD7: zend_execute_scripts (zend.c:1194)
==22302== by 0x83B8CC8: php_execute_script (main.c:2268)
==22302== by 0x84E649E: main (cgi_main.c:2109)
==22302==
==22302== 14,467 (88 direct, 14,379 indirect) bytes in 2 blocks are
definitely lost in loss record 135 of 136
==22302== at 0x4023F50: malloc (vg_replace_malloc.c:236)
==22302== by 0x8400D36: _emalloc (zend_alloc.c:2348)
==22302== by 0x8415A60: zend_rebuild_symbol_table
(zend_execute_API.c:1699)
==22302== by 0x844CFEC: zend_get_target_symbol_table
(zend_execute.c:766)
==22302== by 0x8452290: zend_fetch_var_address_helper_SPEC_CONST
(zend_vm_execute.h:1340)
==22302== by 0x8452904: ZEND_FETCH_R_SPEC_CONST_HANDLER
(zend_vm_execute.h:1424)
==22302== by 0x844E8AA: execute (zend_vm_execute.h:107)
==22302== by 0x8421BD7: zend_execute_scripts (zend.c:1194)
==22302== by 0x83B8CC8: php_execute_script (main.c:2268)
==22302== by 0x84E649E: main (cgi_main.c:2109)
==22302==
==22302== 17,328 bytes in 1 blocks are possibly lost in loss record 136
of 136
==22302== at 0x4024046: realloc (vg_replace_malloc.c:525)
==22302== by 0x8400DF7: _erealloc (zend_alloc.c:2369)
==22302== by 0x84176D6: pass_two (zend_opcode.c:380)
==22302== by 0x83E6DDB: compile_file (zend_language_scanner.l:376)
==22302== by 0x82658C4: phar_compile_file (phar.c:3393)
==22302== by 0x8421B37: zend_execute_scripts (zend.c:1186)
==22302== by 0x83B8CC8: php_execute_script (main.c:2268)
==22302== by 0x84E649E: main (cgi_main.c:2109)
==22302==
==22302== LEAK SUMMARY:
==22302== definitely lost: 592 bytes in 21 blocks
==22302== indirectly lost: 15,877 bytes in 524 blocks
==22302== possibly lost: 18,353 bytes in 103 blocks
==22302== still reachable: 25,884 bytes in 943 blocks
==22302== suppressed: 0 bytes in 0 blocks
==22302== Reachable blocks (those to which a pointer was found) are not
shown.
==22302== To see them, rerun with: --leak-check=full
--show-reachable=yes
==22302==
==22302== For counts of detected and suppressed errors, rerun with: -v
==22302== ERROR SUMMARY: 18 errors from 18 contexts (suppressed: 38 from
11)
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/bug.php?id=54460&edit=1
