id,summary,reporter,owner,description,type,status,priority,milestone,component,version,resolution,keywords,cc,blockedby,phpversion,appname,pending,exts,sapi,probability,blocking
109,Increment with ReadOnlyProtection causes crash,oli,moo,"Hi,

We are running xcache on a medium size website. Lately we experience some stability problem with apache childs crashing. Since we did not used the ReadOnlyProtection we switched it on. Since then, things got even worse. We found out, that every call to xcache_inc with a previously defined key results in a segfault. You should able to reproduce the crash with the following php code:

{{{
<?php
    xcache_set('test', 10, 0);
    xcache_inc('test');
?>
}}}

Coredump:

{{{
(gdb) bt full
#0  0xb7691423 in xc_var_inc_dec (inc=1, ht=<value optimized out>, return_value=0x80f5778, return_value_ptr=0x0, this_ptr=0x0,
    return_value_used=0) at /usr/local/src/apache/xcache-1.2-dev/xcache.c:2012
        __orig_bailout = (jmp_buf *) 0xbfc07ab0
        __bailout = {{__jmpbuf = {-1217819508, -1077913172, 0, -1077913288, -1077913600, -1217850763}, __mask_was_saved = 0,
    __saved_mask = {__val = {0, 3217054008, 3217053728, 3077118116, 0, 0, 0, 0, 136423056, 0, 1, 16, 15, 9, 0, 136452504, 136452504,
        136453080, 136453152, 0, 1, 0, 0, 3077147788, 0, 0, 3217054248, 3217049392, 3077120052, 0, 3078507310, 3080448512}}}}
        xce = {type = XC_TYPE_VAR, hvalue = 7489, next = 0xb7e685a6, cache = 0xb66fd01c, size = 3080447972, refcount = 1,
  hits = 7489, ctime = 24, atime = -1234186212, dtime = 88, ttl = 0, name = {lval = 135235152, dval = 8.5547982065744084e-314,
    str = {val = 0x80f8650 ""test"", len = 4}, ht = 0x80f8650, obj = {handle = 135235152, handlers = 0x4}}, data = {php = 0xbfc05928,
    var = 0xbfc05928}, have_references = 158 '\236'}
        stored_xce = (xc_entry_t *) 0xb6705068
        var = {value = 0xb76911bb}
        stored_var = (xc_entry_data_var_t *) 0xb23050ac
        name = (zval *) 0x80f5760
        count = 1
        value = <value optimized out>
        oldzval = {value = {lval = 4, dval = 7.4133700810315886e-270, str = {val = 0x4 <Address 0x4 out of bounds>,
      len = 135222496}, ht = 0x4, obj = {handle = 4, handlers = 0x80f54e0}}, refcount = 3217054176, type = 20 '\024',
  is_ref = 0 '\0'}
#1  0xb6cbc6b8 in zend_do_fcall_common_helper_SPEC () from /usr/apache_back/libexec/libphp5.so
No symbol table info available.
#2  0x00000000 in ?? ()
No symbol table info available.
}}}

We verified this with two different systems:
 * Debian Linux, Apache 1.3.37, PHP 5.2.1, XCache 1.2 (stable)
 * Debian Linux, Apache 1.3.37, PHP 5.2.3, XCache 1.2.1-dev (latest)

Contact me, if you need any further information.

Best regards,

Oli",defect,closed,major,1.2.1,cacher,1.2-dev,fixed,good_report,,,5.2.3,,0,,apache1,,