Segfault during "make pear-install-packages" in HEAD

22 years ago by Derick Rethans — view source — reply

unread

Hello,

due to a (recent) change in the Zend Engine I get the following segfault
during make install:

make[1]: *** [install-pear-packages] Segmentation fault
make: *** [install-pear] Error 2

With valgrind:

[PEAR] DB - already installed: 1.5.0RC2
[PEAR] HTTP - already installed: 1.2.1
[PEAR] Mail - already installed: 1.1.1
[PEAR] Net_SMTP - already installed: 1.2.3
[PEAR] Net_Socket - already installed: 1.0.1
[PEAR] XML_Parser - already installed: 1.0.1
[PEAR] XML_RPC - already installed: 1.0.4
==3665== Use of uninitialised value of size 4
==3665== at 0x4002419F: strcmp (mac_replace_strmem.c:223)
==3665== by 0x8261C13: zend_is_callable (zend_API.c:1625)
==3665== by 0x8196A29: zif_call_user_func_array (basic_functions.c:2004)
==3665== by 0x8282D73: zend_do_fcall_common_helper (zend_execute.c:2541)
==3665==
==3665== Invalid read of size 1
==3665== at 0x4002419F: strcmp (mac_replace_strmem.c:223)
==3665== by 0x8261C13: zend_is_callable (zend_API.c:1625)
==3665== by 0x8196A29: zif_call_user_func_array (basic_functions.c:2004)
==3665== by 0x8282D73: zend_do_fcall_common_helper (zend_execute.c:2541)
==3665== Address 0x0 is not stack'd, malloc'd or free'd
Segmentation fault

GDB backtrace:

0x4052d700 in strcmp () from /lib/libc.so.6
(gdb) bt
#0 0x4052d700 in strcmp () from /lib/libc.so.6
#1 0x08261c14 in zend_is_callable (callable=0x408f9b80, syntax_only=0 '\0',
callable_name=0xbfffe53c) at /dat/dev/php/php-5.0dev/Zend/zend_API.c:1625
#2 0x08196a2a in zif_call_user_func_array (ht=2, return_value=0x4091294c,
this_ptr=0x0, return_value_used=0)
at /dat/dev/php/php-5.0dev/ext/standard/basic_functions.c:2004
#3 0x08282d74 in zend_do_fcall_common_helper (execute_data=0xbfffee50,
op_array=0x84e8458) at /dat/dev/php/php-5.0dev/Zend/zend_execute.c:2541
#4 0x082834bd in zend_do_fcall_handler (execute_data=0xbfffee50,
op_array=0x84e8458) at /dat/dev/php/php-5.0dev/Zend/zend_execute.c:2687
#5 0x0827f4d7 in execute (op_array=0x84e8458)
at /dat/dev/php/php-5.0dev/Zend/zend_execute.c:1269
#6 0x08252cd3 in zend_call_function (fci=0xbfffef90, fci_cache=0x0)
at /dat/dev/php/php-5.0dev/Zend/zend_execute_API.c:737
#7 0x082520d2 in call_user_function_ex (function_table=0x8474740,
object_pp=0x0, function_name=0x4063e188, retval_ptr_ptr=0xbfffeff8,
param_count=0, params=0x4092a3d0, no_separation=1, symbol_table=0x0)
at /dat/dev/php/php-5.0dev/Zend/zend_execute_API.c:513
#8 0x08251f9c in call_user_function (function_table=0x8474740, object_pp=0x0,
function_name=0x4063e188, retval_ptr=0xbffff030, param_count=0,
params=0x4063e150) at /dat/dev/php/php-5.0dev/Zend/zend_execute_API.c:488
#9 0x081976b7 in user_shutdown_function_call (
shutdown_function_entry=0x4063dd34)
---Type <return> to continue, or q <return> to quit---
at /dat/dev/php/php-5.0dev/ext/standard/basic_functions.c:2142
#10 0x08265013 in zend_hash_apply (ht=0x4063e5f0,
apply_func=0x8197673 <user_shutdown_function_call>)
at /dat/dev/php/php-5.0dev/Zend/zend_hash.c:658
#11 0x081979b3 in php_call_shutdown_functions ()
at /dat/dev/php/php-5.0dev/ext/standard/basic_functions.c:2223
#12 0x0821afca in php_request_shutdown (dummy=0x0)
at /dat/dev/php/php-5.0dev/main/main.c:1215
#13 0x0828c371 in main (argc=16, argv=0xbffff8d4)
at /dat/dev/php/php-5.0dev/sapi/cli/php_cli.c:1013

(gdb) frame 2
#2 0x08196a2a in zif_call_user_func_array (ht=2, return_value=0x4091294c,
this_ptr=0x0, return_value_used=0)
at /dat/dev/php/php-5.0dev/ext/standard/basic_functions.c:2004
2004 if (!zend_is_callable(*func, 0, &name)) {
(gdb) print name
$1 = 0x405fb85c "System::_removeTmpFiles"
(gdb) print *func
$2 = (zval *) 0x408f9b80
(gdb) print **func
$3 = {value = {lval = 1083282756, dval = 46.000343390546305, str = {
val = 0x40919544 "\b", len = 1078394891}, ht = 0x40919544, obj = {
handle = 1083282756, handlers = 0x4047000b}}, refcount = 2,
type = 4 '\004', is_ref = 0 '\0'}
(gdb) frame 1
#1 0x08261c14 in zend_is_callable (callable=0x408f9b80, syntax_only=0 '\0',
callable_name=0xbfffe53c) at
/dat/dev/php/php-5.0dev/Zend/zend_API.c:1625
1625 if (EG(active_op_array) && strcmp(lcname, "self") == 0) {
(gdb) print lcname
$4 = 0x0

regards,
Derick

22 years ago by Derick Rethans — view source — reply

unread

due to a (recent) change in the Zend Engine I get the following segfault
during make install:

<snip>

(gdb) print **func
$3 = {value = {lval = 1083282756, dval = 46.000343390546305, str = {
val = 0x40919544 "\b", len = 1078394891}, ht = 0x40919544, obj = {
handle = 1083282756, handlers = 0x4047000b}}, refcount = 2,
type = 4 '\004', is_ref = 0 '\0'}
(gdb) frame 1
#1 0x08261c14 in zend_is_callable (callable=0x408f9b80, syntax_only=0 '\0',
callable_name=0xbfffe53c) at
/dat/dev/php/php-5.0dev/Zend/zend_API.c:1625
1625 if (EG(active_op_array) && strcmp(lcname, "self") == 0) {
(gdb) print lcname
$4 = 0x0

This was caused by the missing line in zend_API.c that Ilia just put
back. Now it doesn't segfault anymore, it only leaks. :)

Derick