Ticket #227 (new defect)

Opened 2 years ago

Last modified 3 months ago

ea svn282 php 5.2.0 horde 3 segfault

Reported by: stanojr Assigned to: somebody
Priority: major Milestone:
Component: eAccelerator Version: 0.9.5
Keywords: Cc:

Description 

ea svn282 php 5.2.0 horde 3 x86_64 segfaults (just after login)

php.ini
extension="eaccelerator.so"
eaccelerator.shm_size="64"
eaccelerator.cache_dir="/apachetmp/eaccelerator5"
eaccelerator.enable="1"
eaccelerator.optimizer="1"
eaccelerator.check_mtime="1"
eaccelerator.debug="0"
eaccelerator.filter=""
eaccelerator.shm_max="2M"
eaccelerator.shm_ttl="600"
eaccelerator.shm_prune_period="0"
eaccelerator.shm_only="0"
eaccelerator.compress="1"
eaccelerator.compress_level="9"
eaccelerator.sessions="none"

here is bt full from gdb
#0  _zend_hash_add_or_update (ht=0x2ac3f5b94488, arKey=0x9 <Address 0x9 out of bounds>, 
    nKeyLength=4074981025, pData=0x7fffb9913168, nDataSize=8, pDest=0x0, flag=2)
    at /usr/src/apache/php-5.2.0/Zend/zend_hash.h:252
	p = (Bucket *) 0x2ac3f5a8cd00
#1  0x00002ac3f5a8ccee in calc_zval (zv=0x2ac3f5b94488)
    at /usr/src/apache/eaccelerator-svn282/ea_store.c:45
No locals.
#2  0x00002ac3f5a8cbbb in calc_hash_int (source=0x2ac3f5b94488, start=0xf2e346a1, 
    calc_bucket=0x2ac3f5a8cd00 <calc_zval_ptr>)
    at /usr/src/apache/eaccelerator-svn282/ea_store.c:105
	p = (Bucket *) 0x2ac3fb5adf80
#3  0x00002ac3f5a8cca7 in calc_zval (zv=0x2ac3f5b94488)
    at /usr/src/apache/eaccelerator-svn282/ea_store.c:124
No locals.
#4  0x00002ac3f5a8cbbb in calc_hash_int (source=0x2ac3f5b94488, start=0xf2e346a1, 
    calc_bucket=0x2ac3f5a8cd00 <calc_zval_ptr>)
    at /usr/src/apache/eaccelerator-svn282/ea_store.c:105
	p = (Bucket *) 0x2ac3f12760d0
#5  0x00002ac3f5a8d1cf in calc_op_array (from=0x2ac3fb639688)
    at /usr/src/apache/eaccelerator-svn282/ea_store.c:217
	q = (Bucket *) 0xf2e346a1
	opline = (zend_op *) 0x2ac3f74dda78
	end = (zend_op *) 0x2ac3f74dda78
#6  0x00002ac3f5a8cbbb in calc_hash_int (source=0x2ac3f5b94488, start=0xf2e346a1, 
    calc_bucket=0x2ac3f5a8cd30 <calc_op_array>)
    at /usr/src/apache/eaccelerator-svn282/ea_store.c:105
	p = (Bucket *) 0x2ac3f12768f0
#7  0x00002ac3f5a8d554 in calc_size (
    key=0x2ac3f12926f0 "/data/web/webmail.xxxxxxxxxxxxx/horde/imp/lib/Auth/imp.php", 
    op_array=0x2ac3fb5e92f0, f=0x0, c=0xdb92b0)
    at /usr/src/apache/eaccelerator-svn282/ea_store.c:279
	b = (Bucket *) 0x2ac3fb5f9760
	x = 0xdb92f0 "auth_imp"
	len = 59
#8  0x00002ac3f5a802bc in eaccelerator_store (
    key=0x2ac3f12926f0 "/data/web/webmail.xxxxxxxxxxxxx/horde/imp/lib/Auth/imp.php", 
    buf=0x7fffb9915650, nreloads=1, op_array=0x2ac3fb5e92f0, f=0x0, c=0xdb92b0)
    at /usr/src/apache/eaccelerator-svn282/eaccelerator.c:801
	__orig_bailout = (jmp_buf *) 0x7fffb991a8b0
	__bailout = {{__jmpbuf = {140736306689616, 0, 140736306697808, 140736306693712, 1, 
      1166026974, 140736306688736, 47021128417893}, __mask_was_saved = 0, __saved_mask = {__val = {
        47021076423161, 140736306688944, 0, 47017006989313, 1, 47017006989316, 4294967297, 0, 
        47017006989312, 0, 0, 0, 0, 42, 140736306689616, 0}}}}
	p = (ea_cache_entry *) 0x0
	len = 58
	use_shm = 1
	ret = 0
	size = -1181665712
#9  0x00002ac3f5a80dce in eaccelerator_compile_file (file_handle=0x7fffb9916760, type=2)
    at /usr/src/apache/eaccelerator-svn282/eaccelerator.c:1300
	__orig_bailout = (jmp_buf *) 0x7fffb991a8b0
	__bailout = {{__jmpbuf = {140736306689616, 0, 140736306697808, 140736306693712, 1, 
      1166026974, 140736306689056, 47021128420597}, __mask_was_saved = 0, __saved_mask = {__val = {
        140736306689328, 47021077505523, 133, 140736306702192, 47021068589830, 47021052880464, 
        47021076292202, 0, 140736306693024, 140736306694272, 47021128447481, 0, 281479271677952, 
        281479271743489, 281479271743489, 0}}}}
	function_table_tail = (Bucket *) 0x0
	class_table_tail = (Bucket *) 0xdbcab0
	ea_bailout = 0
	t = (zend_op_array *) 0x2ac3fb5e92f0
	buf = {st_dev = 64512, st_ino = 208241712, st_nlink = 1, st_mode = 33188, st_uid = 1340, 
  st_gid = 1340, pad0 = 0, st_rdev = 0, st_size = 10418, st_blksize = 4096, st_blocks = 24, 
  st_atim = {tv_sec = 1166026344, tv_nsec = 188189399}, st_mtim = {tv_sec = 1144645424, 
    tv_nsec = 0}, st_ctim = {tv_sec = 1164810732, tv_nsec = 126034000}, __unused = {0, 0, 0}}
	realname = "/data/web/webmail.xxxxxxxxxxxxx/horde/imp/lib/Auth/imp.php\000őĂ*\000\000Xţ ÷Ă*\000\000\234Ú¨őĂ*\000\000\002\000\000\000\000\000\000\000Đ\033Ą÷Ă*\000\000\000\000\000\000\000Ř\000\000\220\032Ą÷Ă*\000\000đ\222^űĂ*\000\000Ŕż^űĂ*\000\000@\000\000\000\000\000\000\000uߨőĂ*\000\000@DšőĂ*\000\000A\227\237÷Ă*\000\000\000{aűĂ*\000\000ě\227\237÷Ă*\000\000đ@ ÷Ă*\000\000\217ç¨őĂ*\000\000\210DšőĂ*\000\000"...
	nreloads = 1
	compile_time = 1166026374
	stat_result = -1181661616
	ok_to_cache = 9
#10 0x00002ac3f29328b9 in ZEND_INCLUDE_OR_EVAL_SPEC_TMP_HANDLER (execute_data=0x7fffb9916ae0)
    at /usr/src/apache/php-5.2.0/Zend/zend_vm_execute.h:4526
	file_handle = {type = 5 '\005', 
  filename = 0x2ac3f1276650 "/data/web/webmail.xxxxxxxxxxxxx/horde/config/../imp/lib/Auth/imp.php", opened_path = 0x2ac3f12926f0 "/data/web/webmail.xxxxxxxxxxxxx/horde/imp/lib/Auth/imp.php", 
  handle = {fd = -248944760, fp = 0x2ac3f1296788, stream = {handle = 0x2ac3f1296788, 
      reader = 0x2ac3f28d6860 <_php_stream_read>, 
      closer = 0x2ac3f28c56e0 <stream_closer_for_zend>, 
      fteller = 0x2ac3f28c56f0 <stream_fteller_for_zend>, interactive = 0}}, 
  free_filename = 0 '\0'}
	cwd = "\000¤Ú", '\0' <repeats 30 times>, "X\221š˙\177\000\000 (Ű\000\000\000\000\000\222 fűĂ*\000 \001\000\000\000\000\000\000\000ĐY\221š˙\177\000\000\000\020\000\000\000\000\000\000\000Z\221š˙\177\000\000\000\000\000\000\000\000\000\000`7Ř\000\025\000\000\000<ŠÚ\000\000\000\000\000 \204Ű", '\0' <repeats 13 times>, " ĽÚ\000\000\000\000\000ŕťŮ\000\000\000\000\000@Y\221š˙\177\000\000<ŠÚ", '\0' <repeats 13 times>, "\220¨Ú\000\000\000\000\000`X\221š˙\177\000\000P\000\000\000\000\000\000\0001\000\000\000\000\000\000\000\001\000\000\000\000\000\000\000\000Y\221š˙\177\000\000¸U\022ňĂ*\000\000őE"...
	state = {cwd = 0xdb9390 "\230\0064ňĂ*", cwd_length = 58}
	opline = (zend_op *) 0x2ac3f74db3a0
	new_op_array = (zend_op_array *) 0x0
	original_return_value = (zval **) 0x7fffb9916db8
	return_value_used = 0
	inc_filename = (zval *) 0x7fffb9916898
	tmp_inc_filename = {value = {lval = 140736306702488, dval = 6.9532974264276488e-310, 
    str = {val = 0x7fffb9916898 "Pf'ńĂ*", len = -145902928}, ht = 0x7fffb9916898, obj = {
      handle = 3113314456, handlers = 0x2ac3f74db2b0}}, refcount = 3113314496, type = 255 '˙', 
  is_ref = 127 '\177'}
	failure_retval = 0 '\0'
#11 0x00002ac3f2923ae1 in execute (op_array=0x2ac3f1264f08)
    at /usr/src/apache/php-5.2.0/Zend/zend_vm_execute.h:92
	execute_data = {opline = 0x2ac3f74db3a0, function_state = {
    function_symbol_table = 0x2ac3f126edc8, function = 0x2ac3f1264f08, reserved = {0x2ac3f126e3f0, 
      0x68747561, 0x7272ee73da33c5b7, 0x8}}, fbc = 0x0, op_array = 0x2ac3f1264f08, object = 0x0, 
  Ts = 0x7fffb9916870, CVs = 0x7fffb9916820, original_in_execution = 1 '\001', 
  symbol_table = 0x2ac3f126e398, prev_execute_data = 0x7fffb9916e10, 
  old_error_reporting = 0x7fffb99169b0}
#12 0x00002ac3f2923de3 in zend_do_fcall_common_helper_SPEC (execute_data=0x7fffb9916e10)
    at /usr/src/apache/php-5.2.0/Zend/zend_vm_execute.h:234
	opline = (zend_op *) 0x2ac3f74dd7a8
	original_return_value = (zval **) 0x7fffb99176d8
	current_scope = (zend_class_entry *) 0x2ac3f1260de8
	current_this = (zval *) 0x0
	return_value_used = 1
	should_change_scope = 1 '\001'
#13 0x00002ac3f2923ae1 in execute (op_array=0x2ac3f1265060)
    at /usr/src/apache/php-5.2.0/Zend/zend_vm_execute.h:92
	execute_data = {opline = 0x2ac3f74dd7a8, function_state = {
    function_symbol_table = 0x2ac3f126e398, function = 0x2ac3f1264f08, reserved = {0x7fffb9916eb8, 
      0x68747561, 0x7fffb9916eb0, 0x2ac3fb5e7698}}, fbc = 0x2ac3f1264f08, 
  op_array = 0x2ac3f1265060, object = 0x0, Ts = 0x7fffb9916cc0, CVs = 0x7fffb9916c90, 
  original_in_execution = 1 '\001', symbol_table = 0x2ac3f126e3f0, 
  prev_execute_data = 0x7fffb9917bc0, old_error_reporting = 0x0}
#14 0x00002ac3f2923de3 in zend_do_fcall_common_helper_SPEC (execute_data=0x7fffb9917bc0)
    at /usr/src/apache/php-5.2.0/Zend/zend_vm_execute.h:234
	opline = (zend_op *) 0x2ac3fb623c70
	original_return_value = (zval **) 0x7fffb9918458
	current_scope = (zend_class_entry *) 0x2ac3fb5e6eb0
	current_this = (zval *) 0x0
	return_value_used = 1
	should_change_scope = 1 '\001'
#15 0x00002ac3f2923ae1 in execute (op_array=0x2ac3f1235710)
    at /usr/src/apache/php-5.2.0/Zend/zend_vm_execute.h:92
	execute_data = {opline = 0x2ac3fb623c70, function_state = {
    function_symbol_table = 0x2ac3f126e3f0, function = 0x2ac3f1265060, reserved = {0x2ac3f2e55fc8, 
      0x737365735f706d69, 0x31006e6f69, 0x8}}, fbc = 0x2ac3f1265060, op_array = 0x2ac3f1235710, 
  object = 0x0, Ts = 0x7fffb9917090, CVs = 0x7fffb9916fc0, original_in_execution = 1 '\001', 
  symbol_table = 0x2ac3f126e1f0, prev_execute_data = 0x7fffb99185d0, old_error_reporting = 0x0}
#16 0x00002ac3f2923de3 in zend_do_fcall_common_helper_SPEC (execute_data=0x7fffb99185d0)
    at /usr/src/apache/php-5.2.0/Zend/zend_vm_execute.h:234
	opline = (zend_op *) 0x2ac3f125eb00
	original_return_value = (zval **) 0x7fffb99186c0
	current_scope = (zend_class_entry *) 0x0
	current_this = (zval *) 0x0
	return_value_used = 1
	should_change_scope = 1 '\001'
#17 0x00002ac3f2923ae1 in execute (op_array=0x2ac3f12333e0)
    at /usr/src/apache/php-5.2.0/Zend/zend_vm_execute.h:92
	execute_data = {opline = 0x2ac3f125eb00, function_state = {
    function_symbol_table = 0x2ac3f126e1f0, function = 0x2ac3f1235710, reserved = {0x0, 0x3, 
      0x2ac3f28d8ee7, 0x2ac3f12337a8}}, fbc = 0x2ac3f1235710, op_array = 0x2ac3f12333e0, 
  object = 0x0, Ts = 0x7fffb9917e10, CVs = 0x7fffb9917d70, original_in_execution = 0 '\0', 
  symbol_table = 0x2ac3f2e55fc8, prev_execute_data = 0x0, old_error_reporting = 0x0}
#18 0x00002ac3f2906e77 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at /usr/src/apache/php-5.2.0/Zend/zend.c:1097
	files = {{gp_offset = 40, fp_offset = 48, overflow_arg_area = 0x7fffb9918860, 
    reg_save_area = 0x7fffb9918770}}
	i = 1
	file_handle = (zend_file_handle *) 0x7fffb991ab20
	orig_op_array = (zend_op_array *) 0x0
	orig_retval_ptr_ptr = (zval **) 0x0
	local_retval = (zval *) 0x0
#19 0x00002ac3f28c6ccd in php_execute_script (primary_file=0x7fffb991ab20)
    at /usr/src/apache/php-5.2.0/main/main.c:1758
	realfile = "\000\231\221š˙\177\000\000\020\001\000\000\000\000\000\000ń\000\000\000\000\000\000\000 \0064ňĂ*\000\000č\000\000\000\000\000\000\000č\000\000\000\000\000\000\000\200ăź\000\000\000\000\000\r\000\000\000\000\000\000\000\020\000\000\000\000\000\000\000\202;\027ňĂ*\000\000đĐËżĄ\027×?Póź\000\000\000\000\000č\000\000\000\000\000\000\000Ç\020\221ňĂ*\000\000\024]Ş\023nç\032\000X\234\221š˙\177\000\000\020ýź\000č\000\000\000`\234\221š˙\177\000\000\220\231\221š˙\177\000\000\r\000\000\000\000\000\000\000\200\235\221š˙\177\000\000\f\000\000\000\000\000\000\000\r\000\000\000\000\000\000\000\200\235\221š˙\177\000\000\f\000\000\000\000\000\000\000"...
	prepend_file_p = (zend_file_handle *) 0x0
	append_file_p = (zend_file_handle *) 0x0
	prepend_file = {type = 0 '\0', filename = 0x0, opened_path = 0x0, handle = {fd = 0, 
    fp = 0x0, stream = {handle = 0x0, reader = 0, closer = 0, fteller = 0, interactive = 0}}, 
  free_filename = 0 '\0'}
	append_file = {type = 0 '\0', filename = 0x0, opened_path = 0x0, handle = {fd = 0, 
    fp = 0x0, stream = {handle = 0x0, reader = 0, closer = 0, fteller = 0, interactive = 0}}, 
  free_filename = 0 '\0'}
	old_cwd = 0x7fffb9918870 "/"
	retval = 0
#20 0x00002ac3f2993526 in php_handler (r=0xc66090)
    at /usr/src/apache/php-5.2.0/sapi/apache2handler/sapi_apache2.c:592
	zfd = {type = 5 '\005', 
  filename = 0xc6a298 "/data/web/webmail.xxxxxxxxxxxxx/horde/imp/redirect.php", 
  opened_path = 0x2ac3f12334d8 "", handle = {fd = -249350672, fp = 0x2ac3f12335f0, stream = {
      handle = 0x2ac3f12335f0, reader = 0x2ac3f28d6860 <_php_stream_read>, 
      closer = 0x2ac3f28c56e0 <stream_closer_for_zend>, 
      fteller = 0x2ac3f28c56f0 <stream_fteller_for_zend>, interactive = 0}}, 
  free_filename = 0 '\0'}
	ctx = (php_struct * volatile) 0xc70a18
	conf = (void *) 0xc6e890
	brigade = (apr_bucket_brigade * volatile) 0xc73550
	bucket = (apr_bucket *) 0xffffffff
	rv = -1
	parent_req = (request_rec * volatile) 0x0
#21 0x000000000045d6a0 in ap_run_handler ()
No symbol table info available.
#22 0x000000000045df49 in ap_invoke_handler ()
No symbol table info available.
#23 0x000000000043b885 in ap_process_request ()
No symbol table info available.
#24 0x000000000043524e in ap_process_http_connection ()
No symbol table info available.
#25 0x000000000046c8f9 in ap_run_process_connection ()
No symbol table info available.
#26 0x000000000046cd3e in ap_process_connection ()
No symbol table info available.
#27 0x000000000045bc80 in child_main ()
No symbol table info available.
#28 0x000000000045be08 in make_child ()
No symbol table info available.
#29 0x000000000045be87 in startup_children ()
No symbol table info available.
#30 0x000000000045c2eb in ap_mpm_run ()
No symbol table info available.
#31 0x00000000004647e8 in main ()
No symbol table info available.

Change History

02/13/07 17:14:23 changed by bart

  • version set to 0.9.5.

I'm not able to get horde configured so it doesn't a recursive loop that loads frames.

04/09/08 14:36:58 changed by bladder

I havnt get it done neither. schüchtern