Opened 8 years ago

Closed 8 years ago

Last modified 8 years ago

#10 closed task (fixed)

Segfault with xcache.readonly_protection = On

Reported by: jfbustarret AT tf1.fr Owned by: moo
Priority: minor Milestone: 1.0.3
Component: cacher Version: 1.0.2
Keywords: Cc:
Application: PHP Version:
Other Exts: SAPI:
Probability: Blocked By:
Blocking:

Description (last modified by moo)

When using xcache.readonly_protection = On, I get the following segfault :

#0  xc_restore_zend_op_array (processor=0xbfc0d040, dst=0x82bbd18, src=0xb27950dc) at processor_real.c:13241
13241                           memcpy(dst, src, sizeof(zend_uint));
(gdb) print *src
$1 = {type = 2 '\002', function_name = 0x0, scope = 0x0, fn_flags = 0, prototype = 0x0, num_args = 0, required_num_args = 0, arg_info = 0x0,
  pass_rest_by_reference = 0 '\0', return_reference = 0 '\0', refcount = 0xb079516c, opcodes = 0xb4795170, last = 12, size = 12, vars = 0x0,
  last_var = 0, size_var = 0, T = 8, brk_cont_array = 0x0, last_brk_cont = 0, current_brk_cont = 4294967295, try_catch_array = 0x0,
  last_try_catch = 0, static_variables = 0x0, start_op = 0x0, backpatch_count = 0, done_pass_two = 1 '\001', uses_this = 0 '\0',
  filename = 0xb279508c "[... path ...]/index.php", line_start = 0, line_end = 0, doc_comment = 0x0, doc_comment_len = 0,
  reserved = {0x0, 0x0, 0x0, 0x0}, created_by_eval = 0 '\0'}
(gdb) bt
#0  xc_restore_zend_op_array (processor=0xbfc0d040, dst=0x82bbd18, src=0xb27950dc) at processor_real.c:13241
#1  0xb6ad74ee in xc_restore_xc_entry_t (processor=0xbfc0d040, dst=0xbfc0d440, src=0xb4795058) at processor_real.c:18877
#2  0xb6ad9402 in xc_processor_restore_xc_entry_t (dst=0xbfc0d440, src=0xb4795058, readonly_protection=1 '\001') at processor_real.c:805
#3  0xb6adb1e5 in xc_compile_file (h=0xbfc0f850, type=2) at /soft/sources/php/xcache-1.0-rc3/xcache.c:760

Platform is Linux (Suse 9.2)/PHP 5.1.4 w hardened-php 0.4.9/xcache 1.0RC3

xcache was configured with :
./configure --with-php-config=[...]/php-config --enable-xcache CFLAGS='-O2 -g'

(BTW : can you clean processor_real.c ?)

Change History (3)

comment:1 Changed 8 years ago by moo

  • Owner changed from somebody to moo
  • Status changed from new to assigned

good report. i'm looking into the segv.

it's out of my control to clean processor_real.c, cuz there's already rules for your "make clean", unless if i may add something like "make xcachesvnclean". but u can do "cat .cvsignore | xargs rm -f".

comment:2 Changed 8 years ago by moo

  • Resolution set to fixed
  • Status changed from assigned to closed

in #59, this bug was introduced by [11]

comment:3 Changed 8 years ago by moo

  • Component changed from component2 to cacher
  • Description modified (diff)
  • Milestone set to 1.0.3
  • Priority changed from trivial to minor
  • Version changed from 2.0 to 1.0.2
Note: See TracTickets for help on using tickets.