ID: 21478
Updated by: [EMAIL PROTECTED]
Reported By: [EMAIL PROTECTED]
-Status: Open
+Status: Verified
Bug Type: Scripting Engine problem
Operating System: linux
PHP Version: 4CVS-2003-01-06 (dev)
New Comment:
#0 0x40108fdd in chunk_free (ar_ptr=0x4019ff80, p=0x82ca930) at
malloc.c:3131
#1 0x40108ea3 in __libc_free (mem=0x82ca938) at malloc.c:3054
#2 0x080bf61c in shutdown_memory_manager (silent=0, clean_cache=0)
at /home/rei/PHP_CVS/php4/Zend/zend_alloc.c:462
#3 0x080a94e6 in php_request_shutdown (dummy=0x0) at
/home/rei/PHP_CVS/php4/main/main.c:1069
#4 0x080e25a6 in main (argc=2, argv=0xbffff764) at
/home/rei/PHP_CVS/php4/sapi/cli/php_cli.c:801
#5 0x400b5f5c in __libc_start_main (main=0x80e1ca0 <main>, argc=2,
ubp_av=0xbffff764,
init=0x8059428 <_init>, fini=0x80e288c <_fini>,
rtld_fini=0x4000ce30 <_dl_fini>,
stack_end=0xbffff75c) at ../sysdeps/generic/libc-start.c:129
Here is the backtrace of the crash, what is indeed most curious is that
the crash ONLY occurs when PHP is compiled with -0N optimization flags.
Previous Comments:
------------------------------------------------------------------------
[2003-01-07 00:04:07] [EMAIL PROTECTED]
It seems this error does not occour as a direct result of
stream_get_filters but is instead coincidental.
I was testing code in the streams/filters implementation in PHP-CVS
using the following script:
<?php
/* Define our filter class */
class rot13_filter extends php_user_filter {
function read($length) {
$tempstr = parent::read($length);
for($i = 0; $i < strlen($tempstr); $i++)
if (($tempstr[$i] >= 'A' AND $tempstr[$i] <= 'M') OR
($tempstr[$i] >= 'a' AND $tempstr[$i] <= 'm')) $tempstr[$i] =
chr(ord($tempstr[$i]) + 13);
else if (($tempstr[$i] >= 'N' AND $tempstr[$i] <= 'Z') OR
($tempstr[$i] >= 'n' AND $tempstr[$i] <= 'z'))
$tempstr[$i] = chr(ord($tempstr[$i]) - 13);
return $tempstr;
}
function write($data) {
for($i = 0; $i < strlen($data); $i++)
if (($data[$i] >= 'A' AND $data[$i] <= 'M') OR
($data[$i] >= 'a' AND $data[$i] <= 'm')) $data[$i] =
chr(ord($data[$i]) + 13);
else if (($data[$i] >= 'N' AND $data[$i] <= 'Z') OR
($data[$i] >= 'n' AND $data[$i] <= 'z')) $data[$i] =
chr(ord($data[$i]) - 13);
return parent::write($data);
}
}
var_dump(stream_get_filters(true));
/* Register our filter with PHP */
stream_register_filter("rot13", "rot13_filter")
or die("Failed to register filter");
var_dump(stream_get_filters(true));
$fp = fopen("foo-bar.txt","w");
stream_filter_append($fp, "string.rot13");
stream_filter_append($fp, "string.toupper");
stream_filter_append($fp, "rot13");
var_dump(stream_get_filters(true));
fwrite($fp,"This is a test.\n");
fclose($fp);
readfile("foo-bar.txt");
print "\n\n";
?>
And discovered a consistently reproducable crash upon script exit.
Oddly, compiling with --enable-debug causes the segfault to stop
occouring. (Making a backtrace difficult)
After exploration I discovered that commenting out one of the
occourances of stream_get_filters() would prevent the segfault so I
believed the fault to be in that function.
But here's the wierd twist:
Turns out that if you do something as innocuous as add:
$myvar = "";
to the end of that script, the segfault goes away.
After putting in a series of watches I tracked the segfault down to the
call to: ZEND_DO_FREE(ptr) on line 462 of Zend/zend_alloc.c in
shutdown_memory_manager.
The value of ptr looks reasonable and is in the same neighborhood as
other calls in the i/j loops.
I wish I could give you something better to work with but this is a
seriously elusive heisenbug.
I'll continue to explore the code locally, but I don't pretend to know
the Zend engine as well as many of you others.
- [EMAIL PROTECTED]
CVS: 2003-01-06
./configure --without-mysql --disable-cgi
------------------------------------------------------------------------
[2003-01-06 19:00:02] [EMAIL PROTECTED]
This is a note to myself to fix this.
When stream_get_filters(true) is called between
stream_register_filter() and stream_fitler_(ap|pre)pend(), engine will
segfault on script exit.
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=21478&edit=1
