Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:23057 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 48291 invoked by uid 1010); 30 Apr 2006 19:16:03 -0000 Delivered-To: ezmlm-scan-internals@lists.php.net Delivered-To: ezmlm-internals@lists.php.net Received: (qmail 48270 invoked from network); 30 Apr 2006 19:16:03 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 30 Apr 2006 19:16:03 -0000 Received: from ([127.0.0.1:13546]) by pb1.pair.com (ecelerity 2.0 beta r(6323M)) with ECSTREAM id DE/1E-18514-2FC05544 for ; Sun, 30 Apr 2006 15:16:02 -0400 X-PHP-List-Original-Sender: magreenblatt@gmail.com X-Host-Fingerprint: 64.233.184.234 wproxy.gmail.com Linux 2.4/2.6 Received: from ([64.233.184.234:34617] helo=wproxy.gmail.com) by pb1.pair.com (ecelerity 2.0 beta r(6323M)) with SMTP id A9/FD-18514-A8905544 for ; Sun, 30 Apr 2006 15:01:30 -0400 Received: by wproxy.gmail.com with SMTP id 68so467998wra for ; Sun, 30 Apr 2006 12:01:27 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:mime-version:content-type; b=lDBwYYGuLWR4drYrJMhFu48YYDOE2Z1L/xOBwjSRkHm9K67xVJGXnF3TuHtd+4B5ymeKoXmM5/9RfosQeyfLpLrHgBpdzo6nlWzhIsc5+EswhxTpacnJBQMtEJyOMl7lZA/RJpHMAc/Qq1W29ejnB+nKQiqbBmzLdAGDsmKTT6E= Received: by 10.65.153.13 with SMTP id f13mr2232520qbo; Sun, 30 Apr 2006 12:01:27 -0700 (PDT) Received: by 10.65.38.18 with HTTP; Sun, 30 Apr 2006 12:01:27 -0700 (PDT) Message-ID: Date: Sun, 30 Apr 2006 15:01:27 -0400 To: internals@lists.php.net MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_6154_11085995.1146423687256" Subject: corrupt CG(auto_globals) in zend_is_auto_global() From: magreenblatt@gmail.com ("Marshall Greenblatt") ------=_Part_6154_11085995.1146423687256 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Hi All, I'm currently in the process of building an SAPI client and I'm experiencin= g a crash using PHP 5.1.2 with both the current release sources and with the newest snapshot (php5.1-200604301630) on the Win32 platform. The crash happens consistently with both the release and debug TS builds of the PHP library. The crash seems to be caused by a corrupted CG(auto_globals) HashTable pointer. The zend_is_auto_global() function passes this pointer to zend_hash_find() where it fails the IS_CONSISTENT() test. I've created a small demo application (see below) that duplicates this crash consistently on my platform. I've spent two days trying to debug this problem but my knowledge of zend internals are sorely lacking. Any suggestions on further debugging steps o= r modifications to the test code that may resolve this crash would be greatly appreciated :-). Regards, Marshall Greenblatt [PLATFORM] Microsoft Windows 2000 Professional 5.0.2195 Service Pack 4 Build 2195 Pavilion zv5200 (DP523AV) x86 Family 15 Model 4 Stepping 10 AuthenticAMD ~797 Mhz [PHP CONFIGURE OPTIONS] call cscript /nologo configure.js --enable-cli --disable-cgi --enable-sockets --enable-exif --enable-mbstring --with-mime-magic --disable-ipv6 --disable-bcmath --without-gd --without-libxml --enable-debug [PHP CONFIGURE OUTPUT] Saving configure options to config.nice.bat Checking for cl.exe ... Checking for cl.exe ... Detected MS compiler version 12 Checking for link.exe ... C:\PROGRA~1\MICROS~3\VC98\BIN Checking for nmake.exe ... Checking for lib.exe ... Checking for bison.exe ... Checking for flex.exe ... Checking for re2c.exe ... Checking for zip.exe ... Checking for lemon.exe ... Checking for mc.exe ... C:\PROGRA~1\MICROS~3\VC98\BIN Checking for arpa\nameser.h ... ..\win32build\include Checking for library resolv.lib ... ..\bindlib_w32\Debug\resolv.lib Build dir: Debug_TS PHP Core: php5ts_debug.dll and php5ts_debug.lib Checking for NewAPIs.h ... Enabling SAPI sapi\cli Checking for library oleaut32.lib ... oleaut32.lib Enabling extension ext\com_dotnet Checking for mscoree.h ... Checking for mscoree.h ... Checking for timelib_config.h ... ext/date/lib Enabling extension ext\standard Enabling extension ext\mbstring Enabling extension ext\mime_magic Enabling extension ext\reflection Enabling extension ext\tokenizer Enabling extension ext\calendar Checking for library ws2_32.lib ... ws2_32.lib Enabling extension ext\sockets Enabling extension ext\session Checking for iconv.h ... Checking for iconv.h ... Enabling extension ext\ctype Enabling extension ext\zlib Checking for library zlib.lib ... ..\win32build\lib\zlib.lib Checking for zlib.h ... ..\win32build\include Enabling extension ext\pcre Enabling extension ext\odbc Enabling extension ext\hash Enabling extension ext\date Enabling extension ext\spl Enabling extension ext\ftp Enabling extension ext\exif Creating build dirs... Generating files... Generating Makefile Generating main/internal_functions.c [content unchanged; skipping] Generating main/config.w32.h Done. [DEMO COMPILE OPTIONS] /nologo /MDd /W3 /Gm /GX /ZI /Od /I "TSRM" /I "Zend" /D "_DEBUG" /D "ZTS" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "PHP_WIN32" /D "ZEND_WIN32" /FR"Debug/" /Fp"Debug/Test.pch" /YX /Fo"Debug/" /Fd"Debug/" /FD /GZ /c [DEMO LINK OPTIONS] php5ts_debug.lib kernel32.lib user32.lib /nologo /subsystem:console /incremental:yes /pdb:"Debug/Demo.pdb" /debug /machine:I386 /nodefaultlib:"msvcrtd.lib msvcrt.lib" /out:"Debug/Example.exe" /pdbtype:sept [DEMO PROGRAM] #include
#include
#include
#include
#include
#include #ifdef PHP_WIN32 #include #include #endif static int context_ub_write(const char *str, uint str_length TSRMLS_DC) { printf("%*s", str_length, str); return str_length; } static void context_flush(void *server_context) { fflush(stdout); } static void context_register_variables(zval *track_vars_array TSRMLS_DC) { // load standard server variables php_import_environment_variables(track_vars_array TSRMLS_CC); } static void context_log_message(char *message) { fprintf(stderr, "LOG: %s", message); } sapi_module_struct php_context_sapimodule =3D { "embed", // name "PHP Embedded Library", // pretty name NULL, // startup php_module_shutdown_wrapper, // shutdown NULL, // activate NULL, // deactivate context_ub_write, // unbuffered write context_flush, // flush NULL, // get uid NULL, // getenv php_error, // error handler NULL, // header handler NULL, // send headers handler NULL, // send header handler NULL, // read POST data NULL, // read Cookies context_register_variables, // register server variables context_log_message, // Log message NULL, // Get request time STANDARD_SAPI_MODULE_PROPERTIES }; #define INI_HARDCODE(name, value) \ zend_alter_ini_entry(name, strlen(name) + 1, value, strlen(value), \ PHP_INI_SYSTEM, PHP_INI_STAGE_ACTIVATE) int main(void) { // test code char *code =3D "$var =3D 'my string';"; #ifdef ZTS TSRMLS_D; #endif // STARTUP php_context_sapimodule.phpinfo_as_text =3D 1; php_context_sapimodule.php_ini_ignore =3D 1; #ifdef ZTS tsrm_startup(1, 1, 0, NULL); #endif // starting the SAPI engine sapi_startup(&php_context_sapimodule); if(php_module_startup(&php_context_sapimodule, NULL, 0) =3D=3D FAILURE)= { printf("Module startup failed\n"); return 1; } // EXECUTION #ifdef ZTS TSRMLS_C =3D (void ***)ts_resource_ex(0, NULL); #endif if(php_request_startup(TSRMLS_C) =3D=3D FAILURE) { printf("Request startup failed\n"); return 1; } SG(headers_sent) =3D 1; SG(request_info).no_headers =3D 1; zend_first_try { CG(in_compilation) =3D 0; EG(uninitialized_zval_ptr) =3D NULL; // load hard-coded ini values INI_HARDCODE("report_zend_debug", "0"); INI_HARDCODE("display_errors", "1"); INI_HARDCODE("register_argc_argv", "1"); INI_HARDCODE("html_errors", "0"); INI_HARDCODE("implicit_flush", "1"); INI_HARDCODE("output_buffering", "0"); INI_HARDCODE("max_execution_time", "0"); INI_HARDCODE("log_errors", "1"); PG(during_request_startup) =3D 0; // execute code zend_eval_string_ex(code, NULL, "Embedded code", 1 TSRMLS_CC); } zend_end_try(); php_request_shutdown(NULL); // SHUTDOWN php_module_shutdown(TSRMLS_C); sapi_shutdown(); #ifdef ZTS tsrm_shutdown(); #endif return 0; } [STACK TRACE] _zend_bailout(char * 0x104910f4 `string', unsigned int 67) line 767 + 20 bytes _zend_is_inconsistent(_hashtable * 0x00eff700, char * 0x104910f4 `string', int 847) line 67 + 21 bytes zend_hash_find(_hashtable * 0x00eff700, char * 0x00dc58c8, unsigned int 4, void * * 0x0012e554) line 847 + 25 bytes zend_is_auto_global(char * 0x00dc58c8, unsigned int 3, void * * * 0x00da2d90) line 3955 + 42 bytes fetch_simple_variable_ex(_znode * 0x0012e884, _znode * 0x0012e8f0, int 1, unsigned char 83, void * * * 0x00da2d90) line 345 + 52 bytes fetch_simple_variable(_znode * 0x0012e884, _znode * 0x0012e8f0, int 1, void * * * 0x00da2d90) line 383 + 23 bytes zendparse(void * 0x00da2d90) line 4298 + 37 bytes compile_string(_zval_struct * 0x0012fd94, char * 0x00413050 `string', void * * * 0x00da2d90) line 3232 + 9 bytes zend_eval_string(char * 0x00413144 `string', _zval_struct * 0x00000000, char * 0x00413050 `string', void * * * 0x00da2d90) line 1073 + 17 bytes zend_eval_string_ex(char * 0x00413144 `string', _zval_struct * 0x00000000, char * 0x00413050 `string', int 1, void * * * 0x00da2d90) line 1119 + 2= 1 bytes main() line 126 + 25 bytes ------=_Part_6154_11085995.1146423687256--