ID: 21478
Updated by: [EMAIL PROTECTED]
-Summary: stream_get_filters(true) can cause segfault on script
exit
Reported By: [EMAIL PROTECTED]
Status: Open
-Bug Type: Reproducible crash
+Bug Type: Scripting Engine problem
Operating System: linux
PHP Version: 4CVS-2003-01-06 (dev)
Assigned To: pollita
New Comment:
It seems this error does not occour as a direct result of
stream_get_filters but is instead coincidental.
I was testing code in the streams/filters implementation in PHP-CVS
using the following script:
<?php
/* Define our filter class */
class rot13_filter extends php_user_filter {
function read($length) {
$tempstr = parent::read($length);
for($i = 0; $i < strlen($tempstr); $i++)
if (($tempstr[$i] >= 'A' AND $tempstr[$i] <= 'M') OR
($tempstr[$i] >= 'a' AND $tempstr[$i] <= 'm')) $tempstr[$i] =
chr(ord($tempstr[$i]) + 13);
else if (($tempstr[$i] >= 'N' AND $tempstr[$i] <= 'Z') OR
($tempstr[$i] >= 'n' AND $tempstr[$i] <= 'z'))
$tempstr[$i] = chr(ord($tempstr[$i]) - 13);
return $tempstr;
}
function write($data) {
for($i = 0; $i < strlen($data); $i++)
if (($data[$i] >= 'A' AND $data[$i] <= 'M') OR
($data[$i] >= 'a' AND $data[$i] <= 'm')) $data[$i] =
chr(ord($data[$i]) + 13);
else if (($data[$i] >= 'N' AND $data[$i] <= 'Z') OR
($data[$i] >= 'n' AND $data[$i] <= 'z')) $data[$i] =
chr(ord($data[$i]) - 13);
return parent::write($data);
}
}
var_dump(stream_get_filters(true));
/* Register our filter with PHP */
stream_register_filter("rot13", "rot13_filter")
or die("Failed to register filter");
var_dump(stream_get_filters(true));
$fp = fopen("foo-bar.txt","w");
stream_filter_append($fp, "string.rot13");
stream_filter_append($fp, "string.toupper");
stream_filter_append($fp, "rot13");
var_dump(stream_get_filters(true));
fwrite($fp,"This is a test.\n");
fclose($fp);
readfile("foo-bar.txt");
print "\n\n";
?>
And discovered a consistently reproducable crash upon script exit.
Oddly, compiling with --enable-debug causes the segfault to stop
occouring. (Making a backtrace difficult)
After exploration I discovered that commenting out one of the
occourances of stream_get_filters() would prevent the segfault so I
believed the fault to be in that function.
But here's the wierd twist:
Turns out that if you do something as innocuous as add:
$myvar = "";
to the end of that script, the segfault goes away.
After putting in a series of watches I tracked the segfault down to the
call to: ZEND_DO_FREE(ptr) on line 462 of Zend/zend_alloc.c in
shutdown_memory_manager.
The value of ptr looks reasonable and is in the same neighborhood as
other calls in the i/j loops.
I wish I could give you something better to work with but this is a
seriously elusive heisenbug.
I'll continue to explore the code locally, but I don't pretend to know
the Zend engine as well as many of you others.
- [EMAIL PROTECTED]
CVS: 2003-01-06
./configure --without-mysql --disable-cgi
Previous Comments:
------------------------------------------------------------------------
[2003-01-06 19:00:02] [EMAIL PROTECTED]
This is a note to myself to fix this.
When stream_get_filters(true) is called between
stream_register_filter() and stream_fitler_(ap|pre)pend(), engine will
segfault on script exit.
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=21478&edit=1
