Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:42961 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 30061 invoked from network); 6 Feb 2009 09:17:30 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 6 Feb 2009 09:17:30 -0000 Authentication-Results: pb1.pair.com header.from=php-dev.list@daevel.net; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=php-dev.list@daevel.net; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain daevel.net designates 91.121.160.166 as permitted sender) X-PHP-List-Original-Sender: php-dev.list@daevel.net X-Host-Fingerprint: 91.121.160.166 scrubby.daevel.fr Linux 2.6 Received: from [91.121.160.166] ([91.121.160.166:45745] helo=scrubby.daevel.fr) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 38/B3-07057-7200C894 for ; Fri, 06 Feb 2009 04:17:30 -0500 Received: from 213-245-197-58.rev.numericable.fr ([213.245.197.58] helo=[192.168.1.3]) by scrubby.daevel.fr with esmtpsa (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.68) (envelope-from ) id 1LVMpx-00051f-28 for internals@lists.php.net; Fri, 06 Feb 2009 10:17:25 +0100 Message-ID: <498C002C.6090802@daevel.net> Date: Fri, 06 Feb 2009 10:17:32 +0100 User-Agent: Mozilla-Thunderbird 2.0.0.19 (X11/20090103) MIME-Version: 1.0 To: internals@lists.php.net Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Invalid read at zend_objects_store_del_ref_by_handle From: php-dev.list@daevel.net ("Olivier B.") Hello, I have an other memory corruption problem ; I had the problem on PHP 5.2.6 on Debian Lenny (64bits), so I re-checked with the CVS version (php5.2-200902060730). When I run my (really huge) cli-script with valgrind, I obtain this : ==22716== Invalid read of size 4 ==22716== at 0x73EC38: zend_objects_store_del_ref_by_handle (zend_objects_API.c:203) ==22716== by 0x73EAA3: zend_objects_store_del_ref (zend_objects_API.c:168) ==22716== by 0x7148A1: _zval_dtor_func (zend_variables.c:52) ==22716== by 0x740190: _zval_dtor (zend_variables.h:35) ==22716== by 0x744E02: zend_assign_to_variable (zend_execute.c:804) ==22716== by 0x796752: ZEND_ASSIGN_SPEC_CV_VAR_HANDLER (zend_vm_execute.h:24593) ==22716== by 0x740F3A: execute (zend_vm_execute.h:92) ==22716== by 0x74169B: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:234) ==22716== by 0x742357: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:322) ==22716== by 0x740F3A: execute (zend_vm_execute.h:92) ==22716== by 0x74169B: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:234) ==22716== by 0x742357: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:322) ==22716== Address 0x71f3ac0 is 9,064 bytes inside a block of size 49,152 free'd ==22716== at 0x4C22741: realloc (vg_replace_malloc.c:429) ==22716== by 0x6F4BEB: _erealloc (zend_alloc.c:2314) ==22716== by 0x73E8CA: zend_objects_store_put (zend_objects_API.c:110) ==22716== by 0x73A654: zend_objects_new (zend_objects.c:132) ==22716== by 0x71B49D: _object_and_properties_init (zend_API.c:949) ==22716== by 0x71B5A8: _object_init_ex (zend_API.c:965) ==22716== by 0x4F72F1: do_fetch (pdo_stmt.c:1033) ==22716== by 0x4F8B9D: zim_PDOStatement_fetchObject (pdo_stmt.c:1454) ==22716== by 0x7414CA: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:200) ==22716== by 0x742357: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:322) ==22716== by 0x740F3A: execute (zend_vm_execute.h:92) ==22716== by 0x74169B: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:234) ==22716== ==22716== Invalid read of size 4 ==22716== at 0x73ED3B: zend_objects_store_del_ref_by_handle (zend_objects_API.c:216) ==22716== by 0x73EAA3: zend_objects_store_del_ref (zend_objects_API.c:168) ==22716== by 0x7148A1: _zval_dtor_func (zend_variables.c:52) ==22716== by 0x740190: _zval_dtor (zend_variables.h:35) ==22716== by 0x744E02: zend_assign_to_variable (zend_execute.c:804) ==22716== by 0x796752: ZEND_ASSIGN_SPEC_CV_VAR_HANDLER (zend_vm_execute.h:24593) ==22716== by 0x740F3A: execute (zend_vm_execute.h:92) ==22716== by 0x74169B: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:234) ==22716== by 0x742357: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:322) ==22716== by 0x740F3A: execute (zend_vm_execute.h:92) ==22716== by 0x74169B: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:234) ==22716== by 0x742357: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:322) ==22716== Address 0x71f3ac0 is 9,064 bytes inside a block of size 49,152 free'd ==22716== at 0x4C22741: realloc (vg_replace_malloc.c:429) ==22716== by 0x6F4BEB: _erealloc (zend_alloc.c:2314) ==22716== by 0x73E8CA: zend_objects_store_put (zend_objects_API.c:110) ==22716== by 0x73A654: zend_objects_new (zend_objects.c:132) ==22716== by 0x71B49D: _object_and_properties_init (zend_API.c:949) ==22716== by 0x71B5A8: _object_init_ex (zend_API.c:965) ==22716== by 0x4F72F1: do_fetch (pdo_stmt.c:1033) ==22716== by 0x4F8B9D: zim_PDOStatement_fetchObject (pdo_stmt.c:1454) ==22716== by 0x7414CA: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:200) ==22716== by 0x742357: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:322) ==22716== by 0x740F3A: execute (zend_vm_execute.h:92) ==22716== by 0x74169B: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:234) ==22716== ==22716== Invalid write of size 4 ==22716== at 0x73ED45: zend_objects_store_del_ref_by_handle (zend_objects_API.c:216) ==22716== by 0x73EAA3: zend_objects_store_del_ref (zend_objects_API.c:168) ==22716== by 0x7148A1: _zval_dtor_func (zend_variables.c:52) ==22716== by 0x740190: _zval_dtor (zend_variables.h:35) ==22716== by 0x744E02: zend_assign_to_variable (zend_execute.c:804) ==22716== by 0x796752: ZEND_ASSIGN_SPEC_CV_VAR_HANDLER (zend_vm_execute.h:24593) ==22716== by 0x740F3A: execute (zend_vm_execute.h:92) ==22716== by 0x74169B: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:234) ==22716== by 0x742357: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:322) ==22716== by 0x740F3A: execute (zend_vm_execute.h:92) ==22716== by 0x74169B: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:234) ==22716== by 0x742357: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:322) ==22716== Address 0x71f3ac0 is 9,064 bytes inside a block of size 49,152 free'd ==22716== at 0x4C22741: realloc (vg_replace_malloc.c:429) ==22716== by 0x6F4BEB: _erealloc (zend_alloc.c:2314) ==22716== by 0x73E8CA: zend_objects_store_put (zend_objects_API.c:110) ==22716== by 0x73A654: zend_objects_new (zend_objects.c:132) ==22716== by 0x71B49D: _object_and_properties_init (zend_API.c:949) ==22716== by 0x71B5A8: _object_init_ex (zend_API.c:965) ==22716== by 0x4F72F1: do_fetch (pdo_stmt.c:1033) ==22716== by 0x4F8B9D: zim_PDOStatement_fetchObject (pdo_stmt.c:1454) ==22716== by 0x7414CA: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:200) ==22716== by 0x742357: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:322) ==22716== by 0x740F3A: execute (zend_vm_execute.h:92) ==22716== by 0x74169B: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:234) I'm really not sure to can give a "test case" to reproduce the problem ; so, is this valgrind output suffisant ?