#109 closed defect (fixed)
Increment with ReadOnlyProtection causes crash
| Reported by: | oli | Owned by: | moo |
|---|---|---|---|
| Priority: | major | Milestone: | 1.2.1 |
| Component: | cacher | Version: | 1.2-dev |
| Keywords: | good_report | Cc: | |
| Blocked By: | PHP Version: | 5.2.3 | |
| Application: | Need User Feedback: | no | |
| Other Exts: | SAPI: | apache1 | |
| Probability: | Blocking: |
Description
Hi,
We are running xcache on a medium size website. Lately we experience some stability problem with apache childs crashing. Since we did not used the ReadOnlyProtection? we switched it on. Since then, things got even worse. We found out, that every call to xcache_inc with a previously defined key results in a segfault. You should able to reproduce the crash with the following php code:
<?php
xcache_set('test', 10, 0);
xcache_inc('test');
?>
Coredump:
(gdb) bt full
#0 0xb7691423 in xc_var_inc_dec (inc=1, ht=<value optimized out>, return_value=0x80f5778, return_value_ptr=0x0, this_ptr=0x0,
return_value_used=0) at /usr/local/src/apache/xcache-1.2-dev/xcache.c:2012
__orig_bailout = (jmp_buf *) 0xbfc07ab0
__bailout = {{__jmpbuf = {-1217819508, -1077913172, 0, -1077913288, -1077913600, -1217850763}, __mask_was_saved = 0,
__saved_mask = {__val = {0, 3217054008, 3217053728, 3077118116, 0, 0, 0, 0, 136423056, 0, 1, 16, 15, 9, 0, 136452504, 136452504,
136453080, 136453152, 0, 1, 0, 0, 3077147788, 0, 0, 3217054248, 3217049392, 3077120052, 0, 3078507310, 3080448512}}}}
xce = {type = XC_TYPE_VAR, hvalue = 7489, next = 0xb7e685a6, cache = 0xb66fd01c, size = 3080447972, refcount = 1,
hits = 7489, ctime = 24, atime = -1234186212, dtime = 88, ttl = 0, name = {lval = 135235152, dval = 8.5547982065744084e-314,
str = {val = 0x80f8650 "test", len = 4}, ht = 0x80f8650, obj = {handle = 135235152, handlers = 0x4}}, data = {php = 0xbfc05928,
var = 0xbfc05928}, have_references = 158 '\236'}
stored_xce = (xc_entry_t *) 0xb6705068
var = {value = 0xb76911bb}
stored_var = (xc_entry_data_var_t *) 0xb23050ac
name = (zval *) 0x80f5760
count = 1
value = <value optimized out>
oldzval = {value = {lval = 4, dval = 7.4133700810315886e-270, str = {val = 0x4 <Address 0x4 out of bounds>,
len = 135222496}, ht = 0x4, obj = {handle = 4, handlers = 0x80f54e0}}, refcount = 3217054176, type = 20 '\024',
is_ref = 0 '\0'}
#1 0xb6cbc6b8 in zend_do_fcall_common_helper_SPEC () from /usr/apache_back/libexec/libphp5.so
No symbol table info available.
#2 0x00000000 in ?? ()
No symbol table info available.
We verified this with two different systems:
- Debian Linux, Apache 1.3.37, PHP 5.2.1, XCache 1.2 (stable)
- Debian Linux, Apache 1.3.37, PHP 5.2.3, XCache 1.2.1-dev (latest)
Contact me, if you need any further information.
Best regards,
Oli
Change History (4)
comment:1 Changed 6 years ago by judas_iscariote
- Keywords good_report added
- Milestone set to 1.2.1
comment:3 Changed 6 years ago by moo
- Resolution set to fixed
- Status changed from assigned to closed
comment:4 Changed 6 years ago by oli
Many thanks for the fast bug fix. Great support and nice work. We currently running 1.2.1-dev-r433 with ReadOnlyProtection? and it seams to work fine. None of the childs died for more then a hour. Without ReadOnlyProtection? this almost never happened.
right. reproduced here. as a workaround turn off the readonly protection and use current 1.2.1-dev where some apache1 incompatibilities were solved recently.