Ticket #102 (closed defect: fixed)

Opened 14 months ago

Last modified 12 months ago

Segmentation fault with xcache.var_size=16K and small array

Reported by: blueyed Owned by: moo
Priority: major Milestone: 1.2.2
Component: cacher Version: 1.2-dev
Keywords: Cc:
Blocked By: PHP Version: PHP_5_2
Application: Need User Feedback: no
Other Exts: SAPI: Irrelevant
Probability: Always Blocking:

Description

I wanted to store just a small array and therefor have set xcache.var_size to 16K.

Unfortunately this resulted in a segmentation fault, either because of xcache_get() or xcache_set() - I have not investigated further.

After setting xcache.var_size to 512K it worked and the size of the data itself (an array) gets displayed as "482.00 b" in the XCache admin.

Change History

Changed 14 months ago by blueyed

Apparently XCache needs more space than only for the data alone. I've now set var_size=64K and this is what it reports: 

        Slots     Size    Avail
var#0  8.00 K  64.00 K  31.42 K

So, the bug now seems to be that XCache segfaults, when var_size is too small to store the data, rather than ignoring it and _maybe_ issueing a notice/warning.

Changed 14 months ago by moo

  • status changed from new to assigned

thanks, does it segv when starting up or when you xcache_set ?

Changed 12 months ago by judas_iscariote

  • sapi changed from FastCGI to Irrelevant
  • probability set to Always
  • milestone set to 1.2.2 
use xcache-test.ini and 

gdb --args /opt/php5-dev/bin/php -dxcache.var_size=1K -r "xcache_set('foo', array_fill(0,12,mt_rand()));" 

Program received signal SIGSEGV, Segmentation fault.
0x00002b3e0a7cee48 in xc_shm_destroy (shm=0xc189e0) at /home/cristian/xcache-stable/xc_shm.c:89
89              shm->handlers->destroy(shm);

(gdb) bt full
#0  0x00002b3e0a7cee48 in xc_shm_destroy (shm=0xc189e0) at /home/cristian/xcache-stable/xc_shm.c:89
No locals.
#1  0x00002b3e0a7ca563 in xc_init (module_number=29) at /home/cristian/xcache-stable/xcache.c:1468
        shm = (xc_shm_t *) 0xc189e0
        shmsize = 67109888
#2  0x00002b3e0a7cd595 in zm_startup_xcache (type=1, module_number=29) at /home/cristian/xcache-stable/xcache.c:2671
        env = 0x0
        ext = (zend_extension *) 0x0
        lpos = (zend_llist_position) 0x0
#3  0x000000000070da8e in zend_startup_module_ex (module=0xc6a8b0) at /home/cristian/php5/Zend/zend_API.c:1466
        name_len = 11070
        lcname = 0x70df98 "��UH\211�H\201�"
#4  0x000000000070f5fa in zend_startup_module (module=0xc6a8b0) at /home/cristian/php5/Zend/zend_API.c:1867
No locals.
#5  0x00002b3e0a7cd871 in xcache_zend_startup (extension=0xb3ec30) at /home/cristian/xcache-stable/xcache.c:2834
No locals.
#6  0x00000000007130c7 in zend_extension_startup (extension=0xb3ec30) at /home/cristian/php5/Zend/zend_extensions.c:138
No locals.
#7  0x00000000006fa3ab in zend_llist_apply_with_del (l=0xadcb20, func=0x7130a0 <zend_extension_startup>) at /home/cristian/php5/Zend/zend_llist.c:180
        element = (zend_llist_element *) 0xb3ec20
        next = (zend_llist_element *) 0x0
#8  0x0000000000713132 in zend_startup_extensions () at /home/cristian/php5/Zend/zend_extensions.c:159
No locals.
#9  0x00000000006a68fe in php_module_startup (sf=0xad4fa0, additional_modules=0x0, num_additional_modules=0) at /home/cristian/php5/main/main.c:1809
        zuf = {error_function = 0x6a4110 <php_error_cb>, printf_function = 0x6a3289 <php_printf>, write_function = 0x6a60aa <php_body_write_wrapper>,
  fopen_function = 0x6a4ec9 <php_fopen_wrapper_for_zend>, message_handler = 0x6a50c1 <php_message_handler_for_zend>, block_interruptions = 0, unblock_interruptions = 0,
  get_configuration_directive = 0x6a5064 <php_get_configuration_directive_for_zend>, ticks_function = 0x6ba262 <php_run_ticks>, on_timeout = 0x6a55a4 <php_on_timeout>,
  stream_open_function = 0x6a4f4c <php_stream_open_for_zend>, vspprintf_function = 0x6acb94 <vspprintf>, getenv_function = 0x6b2985 <sapi_getenv>}
---Type <return> to continue, or q <return> to quit---
        zuv = {import_use_extension = 0x81e368 ".php", import_use_extension_length = 11358080, html_errors = 1 '\001'}
        module_number = 0
        php_os = 0x81e2e7 "Linux"
#10 0x000000000078cd96 in php_cli_startup (sapi_module=0xad4fa0) at /home/cristian/php5/sapi/cli/php_cli.c:358
No locals.
#11 0x000000000078dad2 in main (argc=4, argv=0x7fffa1662128) at /home/cristian/php5/sapi/cli/php_cli.c:728
        exit_status = 0
        c = -1
        file_handle = {type = 0 '\0', filename = 0x2b3e0a596668 "��C", opened_path = 0x2b3e09d089b0 "", handle = {fd = 4351820, fp = 0x42674c, stream = {handle = 0x42674c,
      reader = 0x2b3e0a263d80 <data.7078+64800>, closer = 0x40e9e0, fteller = 0x100000000, interactive = 1955}}, free_filename = 0 '\0'}
        behavior = 1
        reflection_what = 0x0
        orig_optind = 1
        orig_optarg = 0x0
        arg_free = 0x0
        arg_excp = (char **) 0x7fffa1661f48
        script_file = 0x0
        interactive = 0
        module_started = 0
        request_started = 0
        lineno = 0
        exec_direct = 0x0
        exec_run = 0x0
        exec_begin = 0x0
        exec_end = 0x0
        param_error = 0x0
        hide_argv = 0
        ini_entries_len = 129

Changed 12 months ago by moo

  • status changed from assigned to closed
  • resolution set to fixed

fixed in [465], [467]. but i'm not sure if the case judas_iscariote reproduced is the same issue as this ticket

Changed 12 months ago by judas_iscariote

It works ok after your patches, thanks.

Note: See TracTickets for help on using tickets.