php5-fpm segfault while xcache_get a key with object in data

[sskaje]

Env:

linux CentOS 5.5 x64/Ubuntu 11.10 x86;
nginx;
php5-fpm 5.3.3/5.3.6;
xcache 1.3.1/1.3.2;

Code below:

<?php

class a{
    public $a = 1;
}
$a = array(
    'a' => 1,
);

if (!($b = xcache_get('key'))) {
    $b = array(
#        'b' =>  $a,
        'b' =>  new a,
    );

    xcache_set('key', $b, 2);
}

var_dump($b);

Do

curl ​http://172.16.9.252:8080/1.php

twice in 1 second, Nginx would say a 502 at the second time.

Check out the fpm log

WARNING: [pool www] child 1380 exited on signal 11 (SIGSEGV - core dumped)

Use

    $b = array(
        'b' =>  $a,
#        'b' =>  new a,
    );

code above works well.
Or, comment the var_dump line, no coredump reported.

BackTrace?:

(gdb) bt
#0  0x0833d35b in zend_std_get_properties ()
#1  0x0827b99c in php_var_dump ()
#2  0x0827bbdd in ?? ()
#3  0x08328236 in zend_hash_apply_with_arguments ()
#4  0x0827b8ed in php_var_dump ()
#5  0x0079a85c in zif_xdebug_var_dump (ht=1, return_value=0x99d178c, return_value_ptr=0x0, this_ptr=0x0, return_value_used=0)
    at /build/buildd/xdebug-2.1.0/build-php5/xdebug.c:1444
#6  0x083b2e75 in execute_internal ()
#7  0x0079a474 in xdebug_execute_internal (current_execute_data=0x9a096e4, return_value_used=0) at /build/buildd/xdebug-2.1.0/build-php5/xdebug.c:1339
#8  0x08397505 in ?? ()
#9  0x0834264e in execute ()
#10 0x0079a123 in xdebug_execute (op_array=0x99d116c) at /build/buildd/xdebug-2.1.0/build-php5/xdebug.c:1272
#11 0x0831b3a9 in zend_execute_scripts ()
#12 0x082c22de in php_execute_script ()
#13 0x0806a148 in ?? ()
#14 0x00b68113 in __libc_start_main () from /lib/i386-linux-gnu/libc.so.6
#15 0x0806ad99 in _start ()
(gdb) source /tmp/php5-5.3.6/.gdbinit
Redefine command "____executor_globals"? (y or n) [answered Y; input not from terminal]
Redefine command "print_cvs"? (y or n) [answered Y; input not from terminal]
Redefine command "dump_bt"? (y or n) [answered Y; input not from terminal]
Redefine command "printzv"? (y or n) [answered Y; input not from terminal]
Redefine command "____printzv_contents"? (y or n) [answered Y; input not from terminal]
Redefine command "____printzv"? (y or n) [answered Y; input not from terminal]
Redefine command "____print_const_table"? (y or n) [answered Y; input not from terminal]
Redefine command "print_const_table"? (y or n) [answered Y; input not from terminal]
Redefine command "____print_ht"? (y or n) [answered Y; input not from terminal]
Redefine command "print_ht"? (y or n) [answered Y; input not from terminal]
Redefine command "print_htptr"? (y or n) [answered Y; input not from terminal]
Redefine command "print_htstr"? (y or n) [answered Y; input not from terminal]
Redefine command "____print_ft"? (y or n) [answered Y; input not from terminal]
Redefine command "print_ft"? (y or n) [answered Y; input not from terminal]
Redefine command "____print_inh_class"? (y or n) [answered Y; input not from terminal]
Redefine command "____print_inh_iface"? (y or n) [answered Y; input not from terminal]
Redefine command "print_inh"? (y or n) [answered Y; input not from terminal]
Redefine command "print_pi"? (y or n) [answered Y; input not from terminal]
Redefine command "____print_str"? (y or n) [answered Y; input not from terminal]
Redefine command "printzn"? (y or n) [answered Y; input not from terminal]
Redefine command "printzops"? (y or n) [answered Y; input not from terminal]
Redefine command "zbacktrace"? (y or n) [answered Y; input not from terminal]
Redefine command "zmemcheck"? (y or n) [answered Y; input not from terminal]
(gdb) dump_bt
Missing argument 0 in user function.
(gdb)

Is this backtrace correct?

[moo]

duplicate of #37