Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:87756
Return-Path: <xinchen.h@zend.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 13825 invoked from network); 14 Aug 2015 17:15:24 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 14 Aug 2015 17:15:24 -0000
Authentication-Results: pb1.pair.com smtp.mail=xinchen.h@zend.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=laruence@php.net; sender-id=unknown
Received-SPF: pass (pb1.pair.com: domain zend.com designates 209.85.213.45 as permitted sender)
X-PHP-List-Original-Sender: xinchen.h@zend.com
X-Host-Fingerprint: 209.85.213.45 mail-vk0-f45.google.com  
Received: from [209.85.213.45] ([209.85.213.45:34519] helo=mail-vk0-f45.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 85/33-10952-B222EC55 for <internals@lists.php.net>; Fri, 14 Aug 2015 13:15:23 -0400
Received: by vkaw128 with SMTP id w128so1827544vka.1
        for <internals@lists.php.net>; Fri, 14 Aug 2015 10:15:20 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20130820;
        h=x-gm-message-state:mime-version:in-reply-to:references:from:date
         :message-id:subject:to:cc:content-type;
        bh=om6+61HegJtqUCG9wfV16Cehl5A0HRaQ4TI8w4zU18A=;
        b=NLO0c+bEvtoNrJ3r6QAyM4KJgS/LzZa2laDH5Nr26WAnTEygLQLVeO/7PSrP4vEkOR
         H6zsjo2lCLiyBKhxT4EzGg20mqjle6FMuJdfkvme8sUa/OmXFRAe/0bHOnGTKQI3PY3E
         ktzPpbiX5an1BLMpSou8Hiq8cUp+y0EnlNuU5bJbIx0z+gUpWpZQmn9g3sQuUHVjoJlk
         GLV+dg0UxMTI9p0oSLMnF9yz868CVnzf7heEwJ08SkOFCvhlOzVmzYZkyliuVtpY3EDo
         qv/YmAWw/rCrW3uM+Nlnr2suVTzM5rH593do5uOMRvXX0VtRUavs0sOjcQfl35QRVJaT
         vJrw==
X-Gm-Message-State: ALoCoQmmG4YAPEYr6RTpoCm5FcjIOPztoqxIalHz6ofoiPZa52QJcy0+FzG+5Rn2KqhqVUcC15whbNq9Eur2MDnaUnALDB3cg0LNbR2DBGrQvFp2wzJ4o1unJgmiueVPuZfcdBcghs1mJmWIW62Ym3KtxCRBZ8jt/8jSeje60QVl/LafRBIlgiQ=
X-Received: by 10.52.162.36 with SMTP id xx4mr56791511vdb.57.1439572520569;
        Fri, 14 Aug 2015 10:15:20 -0700 (PDT)
Received: from mail-vk0-f52.google.com (mail-vk0-f52.google.com. [209.85.213.52])
        by smtp.gmail.com with ESMTPSA id fi9sm1492270vdb.27.2015.08.14.10.15.19
        for <internals@lists.php.net>
        (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Fri, 14 Aug 2015 10:15:20 -0700 (PDT)
Received: by vkbf67 with SMTP id f67so31984505vkb.3
        for <internals@lists.php.net>; Fri, 14 Aug 2015 10:15:19 -0700 (PDT)
X-Received: by 10.52.13.234 with SMTP id k10mr56577428vdc.77.1439572519527;
 Fri, 14 Aug 2015 10:15:19 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.31.12.1 with HTTP; Fri, 14 Aug 2015 10:15:00 -0700 (PDT)
In-Reply-To: <CAO3MkaBiX-vDk5xJwwNhvpGRtt_WR2uMSjA31WHcoU6xH0pWAA@mail.gmail.com>
References: <CAO3MkaBiX-vDk5xJwwNhvpGRtt_WR2uMSjA31WHcoU6xH0pWAA@mail.gmail.com>
Date: Sat, 15 Aug 2015 01:15:00 +0800
Message-ID: <CABBJUpcYRLxYJXAjbyzyjXCgiZox54Eqnzk16n6-tBhqoWCqeA@mail.gmail.com>
To: James Gilliland <neclimdul@gmail.com>
Cc: "internals@lists.php.net" <internals@lists.php.net>, Dmitry Stogov <dmitry@zend.com>
Content-Type: text/plain; charset=UTF-8
Subject: Re: [PHP-DEV] Need help finding segfault in php 7
From: laruence@php.net (Xinchen Hui)

Hey:


On Thu, Aug 13, 2015 at 8:36 PM, James Gilliland <neclimdul@gmail.com> wrote:
> So I've been trying for a couple days to narrow down this bug:
> https://bugs.php.net/bug.php?id=70242
>
> I can consistently recreate it with a complex test, but I have thus far not
> been able to find a pattern that helps me narrow down to a test script. I
> thought maybe I could reach out and see if I could get some help
> understanding what is happening in php and see if that has any clues.
>
>
> Seemingly important facts I've found digging through in gdb.
> 1) The connection related pointers on the stmt are already freed when the
> fault happens. It looks like the statement is being freed after the
> connection and the if (S->H->server) { surrounding the failing code is not
> sufficient to catch this
> 2) The trace has a spl_iterator in it so it seems like that is holding on
> to the stmt pointer. There is a IteratorIterator used on a PDO stmt in the
> code. But also in a lot of other non-triggering seemingly identical code
> and I haven't been able to get this to work.
> 3) The code in shutdown_executor that is triggering this is the 6th block
> of cleanups which seems to support 1). It is the block without any
> documentation which is sort of my luck in this.
>
> I'm guessing there is some way I need to trick a object to hold onto a
> reference through the other cleanups or something or trigger some sort of
> reference counter quirk but I just can't find it. Any help is appreciated.

thanks for the ssh access , I finally get the reason of this bug..

I  get a simple reproduce script and quick fix. all listed in
https://bugs.php.net/bug.php?id=70272&thanks=1

@dmitry: do you see a better solution ?

thanks


-- 
Xinchen Hui
@Laruence
http://www.laruence.com/