ID: 32685 Updated by: [EMAIL PROTECTED] Reported By: david at davidheath dot org -Status: Open +Status: Feedback Bug Type: Reproducible crash Operating System: mandrake linux 10.1 PHP Version: 4CVS-2005-04-14 New Comment:
Please try using this CVS snapshot: http://snaps.php.net/php4-STABLE-latest.tar.gz For Windows: http://snaps.php.net/win32/php4-win32-STABLE-latest.zip Previous Comments: ------------------------------------------------------------------------ [2005-04-19 13:53:19] ericvanblokland at gmail dot com This maybe related to an issue I encountered. My guess is this code will work fine with php5 http://bugs.php.net/bug.php?id=31624 ------------------------------------------------------------------------ [2005-04-13 10:51:34] david at davidheath dot org > 1) Does it also crash when you replace file reading by > assignment from string? yes it does, see http://www.davidheath.org/php_bug/crash2.php.txt I've also noticed that I had a mistake in the original repro script (crash.php.txt), which I've now corrected (the filename on line 4 was wrong). This may explain why you couldn't repro. However, having changed that I now get: [EMAIL PROTECTED] repro]$ /usr/local/php-4.3-CVS-13apr05/bin/php crash.php Content-type: text/html X-Powered-By: PHP/4.3.12-dev free(): invalid pointer 0x81b14a8! ALSO, another important observation. The crash sometimes seems to not happen if I execute the script in a different directory. For example: [EMAIL PROTECTED] repro]$ pwd /tmp/repro [EMAIL PROTECTED] repro]$ ls crash2.php [EMAIL PROTECTED] repro]$ /usr/local/php-4.3-CVS-13apr05/bin/php crash2.php Content-type: text/html X-Powered-By: PHP/4.3.12-dev [EMAIL PROTECTED] repro]$ mkdir -p foo/bar [EMAIL PROTECTED] repro]$ cd foo/bar [EMAIL PROTECTED] bar]$ cp ../../crash2.php . [EMAIL PROTECTED] bar]$ /usr/local/php-4.3-CVS-13apr05/bin/php crash2.php Content-type: text/html X-Powered-By: PHP/4.3.12-dev Segmentation fault (core dumped) ------------------------------------------------------------------------ [2005-04-13 10:32:48] david at davidheath dot org Hi, I tried again with CVS HEAD (from PHP_4_3 branch). Still crashes. [EMAIL PROTECTED] dh]$ /usr/local/php-4.3-CVS-13apr05/bin/php crash.php Content-type: text/html X-Powered-By: PHP/4.3.12-dev Segmentation fault (core dumped) [EMAIL PROTECTED] dh]$ ------------------------------------------------------------------------ [2005-04-12 20:37:20] [EMAIL PROTECTED] Two questions: 1) Does it also crash when you replace file reading by assignment from string? 2) Did you try 5.0 or HEAD? ------------------------------------------------------------------------ [2005-04-12 18:16:17] david at davidheath dot org Description: ------------ The attached program always segfaults. I have stripped out as much code as possible whilst ensuring that it still segfaults, I'm afraid I haven't been able to make the repro code any simpler. The problem is either something to do with the assignment by reference on line 11 in the test2::exists() method, or otherwise something to do with the use of unserialize(). I'm using the standard build of php4.3.11 with no special modules. Reproduce code: --------------- $ wget http://www.davidheath.org/php_bug/crash.php.txt $ wget http://www.davidheath.org/php_bug/testfile $ mv crash.php.txt crash.php $ php crash.php Expected result: ---------------- no segfault, no output at all Actual result: -------------- [EMAIL PROTECTED] dh]$ /usr/local/php4.3.11/bin/php.4.3.11 crash.php Content-type: text/html X-Powered-By: PHP/4.3.11 Segmentation fault (core dumped) When I run with debug build, it doesn't segfault: [EMAIL PROTECTED] dh]$ /usr/local/php4.3.11_debug/bin/php.4.3.11 crash.php Content-type: text/html X-Powered-By: PHP/4.3.11 /home/heathd/downloads/php-4.3.11/Zend/zend_execute.c(279) : Freeing 0x081EA8A4 (12 bytes), script=crash.php /home/heathd/downloads/php-4.3.11/Zend/zend_execute.c(282) : Freeing 0x081EA704 (28 bytes), script=crash.php /home/heathd/downloads/php-4.3.11/Zend/zend_variables.c(111) : Actual location (location was relayed) ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=32685&edit=1
