id	summary	reporter	owner	description	type	status	priority	milestone	component	version	resolution	keywords	cc	blockedby	phpversion	appname	pending	exts	sapi	probability	blocking
109	Increment with ReadOnlyProtection causes crash	oli	moo	"Hi,

We are running xcache on a medium size website. Lately we experience some stability problem with apache childs crashing. Since we did not used the ReadOnlyProtection we switched it on. Since then, things got even worse. We found out, that every call to xcache_inc with a previously defined key results in a segfault. You should able to reproduce the crash with the following php code:

{{{
<?php
    xcache_set('test', 10, 0);
    xcache_inc('test');
?>
}}}

Coredump:

{{{
(gdb) bt full
#0  0xb7691423 in xc_var_inc_dec (inc=1, ht=<value optimized out>, return_value=0x80f5778, return_value_ptr=0x0, this_ptr=0x0,
    return_value_used=0) at /usr/local/src/apache/xcache-1.2-dev/xcache.c:2012
        __orig_bailout = (jmp_buf *) 0xbfc07ab0
        __bailout = {{__jmpbuf = {-1217819508, -1077913172, 0, -1077913288, -1077913600, -1217850763}, __mask_was_saved = 0,
    __saved_mask = {__val = {0, 3217054008, 3217053728, 3077118116, 0, 0, 0, 0, 136423056, 0, 1, 16, 15, 9, 0, 136452504, 136452504,
        136453080, 136453152, 0, 1, 0, 0, 3077147788, 0, 0, 3217054248, 3217049392, 3077120052, 0, 3078507310, 3080448512}}}}
        xce = {type = XC_TYPE_VAR, hvalue = 7489, next = 0xb7e685a6, cache = 0xb66fd01c, size = 3080447972, refcount = 1,
  hits = 7489, ctime = 24, atime = -1234186212, dtime = 88, ttl = 0, name = {lval = 135235152, dval = 8.5547982065744084e-314,
    str = {val = 0x80f8650 ""test"", len = 4}, ht = 0x80f8650, obj = {handle = 135235152, handlers = 0x4}}, data = {php = 0xbfc05928,
    var = 0xbfc05928}, have_references = 158 '\236'}
        stored_xce = (xc_entry_t *) 0xb6705068
        var = {value = 0xb76911bb}
        stored_var = (xc_entry_data_var_t *) 0xb23050ac
        name = (zval *) 0x80f5760
        count = 1
        value = <value optimized out>
        oldzval = {value = {lval = 4, dval = 7.4133700810315886e-270, str = {val = 0x4 <Address 0x4 out of bounds>,
      len = 135222496}, ht = 0x4, obj = {handle = 4, handlers = 0x80f54e0}}, refcount = 3217054176, type = 20 '\024',
  is_ref = 0 '\0'}
#1  0xb6cbc6b8 in zend_do_fcall_common_helper_SPEC () from /usr/apache_back/libexec/libphp5.so
No symbol table info available.
#2  0x00000000 in ?? ()
No symbol table info available.
}}}

We verified this with two different systems:
 * Debian Linux, Apache 1.3.37, PHP 5.2.1, XCache 1.2 (stable)
 * Debian Linux, Apache 1.3.37, PHP 5.2.3, XCache 1.2.1-dev (latest)

Contact me, if you need any further information.

Best regards,

Oli"	defect	closed	major	1.2.1	cacher	1.2-dev	fixed	good_report			5.2.3		0		apache1