id	summary	reporter	owner	description	type	status	priority	milestone	component	version	resolution	keywords	cc	blockedby	phpversion	appname	pending	exts	sapi	probability	blocking
55	xcache crashes php tokenizer on certain special situation	judas_iscariote	moo	"xcache crashes php tokenizer, on a special situation, only with xcache_readonly_protection=On 
in both zts and non-zts mode.

Im yet to isolate shortly,currenlty I have only the backtrace.


{{{
#0  0x00000000006df60f in lex_scan (zendlval=0x7fffaf90dd00, tsrm_ls=0x9f5030) at /home/cristian/php5/Zend/zend_language_scanner.l:1310
1310            zendlval->value.str.len = strlen(func_name);
(gdb) bt full
#0  0x00000000006df60f in lex_scan (zendlval=0x7fffaf90dd00, tsrm_ls=0x9f5030) at /home/cristian/php5/Zend/zend_language_scanner.l:1310
        func_name = 0x5a5a5a5a0000007b <Address 0x5a5a5a5a0000007b out of bounds>
        yy_current_state = 614
        yy_cp = 0x2b42fc5e3938 """"
        yy_bp = 0x2b42fc5e392c ""__FUNCTION__""
        yy_act = 108
#1  0x000000000068c80b in tokenize (return_value=0x2b42fd0cb018, tsrm_ls=0x9f5030) at /home/cristian/php5/ext/tokenizer/tokenizer.c:314
        token = {value = {lval = 47566701869343, dval = 2.3501073279614979e-310, str = {
      val = 0x2b42fc5e391f ""\n"", ' ' <repeats 12 times>, ""__FUNCTION__"", len = 13}, ht = 0x2b42fc5e391f, obj = {handle = 4234033439,
      handlers = 0xd}}, refcount = 0, type = 0 '\0', is_ref = 127 '\177'}
        keyword = (zval *) 0x2b42fcace9f0
        token_type = 370
        destroy = 0 '\0'
#2  0x000000000068cfac in zif_token_get_all (ht=1, return_value=0x2b42fd0cb018, return_value_ptr=0x0, this_ptr=0x0, return_value_used=1,
    tsrm_ls=0x9f5030) at /home/cristian/php5/ext/tokenizer/tokenizer.c:498
        source = 0x2b42fc5de2e0 ""<?php\n/**\n * ezcConsoleToolsOutputTest \n * \n * @package ConsoleTools\n * @subpackage Tests\n * @version 1.1.3\n * @copyright Copyright (C) 2005, 2006 eZ systems as. All rights reserved.\n * @license http:""...
        argc = 1
        source_len = 16622
        source_z = {value = {lval = 47566701866400, dval = 2.3501073278160943e-310, str = {
      val = 0x2b42fc5e2da0 ""<?php\n/**\n * ezcConsoleToolsOutputTest \n * \n * @package ConsoleTools\n * @subpackage Tests\n * @version 1.1.3\n * @copyright Copyright (C) 2005, 2006 eZ systems as. All rights reserved.\n * @license http:""..., len = 16622}, ht = 0x2b42fc5e2da0, obj = {
      handle = 4234030496, handlers = 0x40ee}}, refcount = 0, type = 6 '\006', is_ref = 0 '\0'}
        original_lex_state = {buffer_state = 0x0, state = 0, in = 0x0, lineno = 0, filename = 0x0}
#3  0x000000000074506a in zend_do_fcall_common_helper_SPEC (execute_data=0x7fffaf90e0d0, tsrm_ls=0x9f5030)
    at /home/cristian/php5/Zend/zend_vm_execute.h:200
        return_reference = 0 '\0'
        opline = (zend_op *) 0x2b42fb28dfd0
        original_return_value = (zval **) 0x9f5030
        current_scope = (zend_class_entry *) 0x0
        current_this = (zval *) 0x0
        return_value_used = 1
        should_change_scope = 0 '\0'
        ctor_opline = (zend_op *) 0x2b42fb28df58
---Type <return> to continue, or q <return> to quit---
#4  0x00000000007462b5 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0x7fffaf90e0d0, tsrm_ls=0x9f5030)
    at /home/cristian/php5/Zend/zend_vm_execute.h:322
No locals.
#5  0x00000000007449fd in execute (op_array=0x2b42fb28cf90, tsrm_ls=0x9f5030) at /home/cristian/php5/Zend/zend_vm_execute.h:92
        execute_data = {opline = 0x2b42fb28dfd0, function_state = {function_symbol_table = 0x0, function = 0xb41600, reserved = {
      0x2b42fb27dae8, 0x7fffaf90e110, 0x726fb09c0ebad7ed, 0x2b42fb208ea0}}, fbc = 0xb41600, op_array = 0x2b42fb28cf90, object = 0x0,
  Ts = 0x7fffaf90df10, CVs = 0x7fffaf90def0, original_in_execution = 1 '\001', symbol_table = 0x2b42fc54eea8,
  prev_execute_data = 0x7fffaf90f860, old_error_reporting = 0x0}
#6  0x0000000000745317 in zend_do_fcall_common_helper_SPEC (execute_data=0x7fffaf90f860, tsrm_ls=0x9f5030)
    at /home/cristian/php5/Zend/zend_vm_execute.h:234
        opline = (zend_op *) 0x2b42fb1e0630
        original_return_value = (zval **) 0x7fffaf90fa50
        current_scope = (zend_class_entry *) 0x2b42fb27dab8
        current_this = (zval *) 0x2b42fb279cb0
        return_value_used = 1
        should_change_scope = 1 '\001'
        ctor_opline = (zend_op *) 0x2b42fb1e05b8
#7  0x00000000007462b5 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0x7fffaf90f860, tsrm_ls=0x9f5030)
    at /home/cristian/php5/Zend/zend_vm_execute.h:322
No locals.
#8  0x00000000007449fd in execute (op_array=0x2b42fb278878, tsrm_ls=0x9f5030) at /home/cristian/php5/Zend/zend_vm_execute.h:92
        execute_data = {opline = 0x2b42fb1e0630, function_state = {function_symbol_table = 0x2b42fc54eea8, function = 0x2b42fb28cf90,
    reserved = {0x8, 0x7fffaf90f8a0, 0x2b42fc554960, 0x7fffaf90f8f0}}, fbc = 0x2b42fb28cf90, op_array = 0x2b42fb278878,
  object = 0x2b42fb279cb0, Ts = 0x7fffaf90e310, CVs = 0x7fffaf90e270, original_in_execution = 1 '\001', symbol_table = 0x2b42fc5548c8,
  prev_execute_data = 0x7fffaf90faa0, old_error_reporting = 0x0}
#9  0x0000000000745317 in zend_do_fcall_common_helper_SPEC (execute_data=0x7fffaf90faa0, tsrm_ls=0x9f5030)
    at /home/cristian/php5/Zend/zend_vm_execute.h:234
        opline = (zend_op *) 0x2b42fb295510
        original_return_value = (zval **) 0x7fffaf90fe08
        current_scope = (zend_class_entry *) 0x2b42fb27dab8
        current_this = (zval *) 0x2b42fb279cb0
        return_value_used = 1
        should_change_scope = 1 '\001'
        ctor_opline = (zend_op *) 0x2b42fb295498
---Type <return> to continue, or q <return> to quit---
#10 0x00000000007462b5 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0x7fffaf90faa0, tsrm_ls=0x9f5030)
    at /home/cristian/php5/Zend/zend_vm_execute.h:322
No locals.
#11 0x00000000007449fd in execute (op_array=0x2b42fb294eb0, tsrm_ls=0x9f5030) at /home/cristian/php5/Zend/zend_vm_execute.h:92
        execute_data = {opline = 0x2b42fb295510, function_state = {function_symbol_table = 0x2b42fc5548c8, function = 0x2b42fb278878,
    reserved = {0x8, 0x7fffaf90fae0, 0x2b42fc5546f8, 0x7fffaf90fb30}}, fbc = 0x2b42fb278878, op_array = 0x2b42fb294eb0,
  object = 0x2b42fb279cb0, Ts = 0x7fffaf90fa20, CVs = 0x7fffaf90fa00, original_in_execution = 1 '\001', symbol_table = 0x2b42fc554660,
  prev_execute_data = 0x7fffaf90feb0, old_error_reporting = 0x0}
#12 0x0000000000745317 in zend_do_fcall_common_helper_SPEC (execute_data=0x7fffaf90feb0, tsrm_ls=0x9f5030)
    at /home/cristian/php5/Zend/zend_vm_execute.h:234
        opline = (zend_op *) 0x2b42fb276aa8
        original_return_value = (zval **) 0x7fffaf90ffe8
        current_scope = (zend_class_entry *) 0x0
        current_this = (zval *) 0x0
        return_value_used = 1
        should_change_scope = 1 '\001'
        ctor_opline = (zend_op *) 0x2b42fb276a30
#13 0x00000000007462b5 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0x7fffaf90feb0, tsrm_ls=0x9f5030)
    at /home/cristian/php5/Zend/zend_vm_execute.h:322
No locals.
#14 0x00000000007449fd in execute (op_array=0x2b42fb275c68, tsrm_ls=0x9f5030) at /home/cristian/php5/Zend/zend_vm_execute.h:92
        execute_data = {opline = 0x2b42fb276aa8, function_state = {function_symbol_table = 0x2b42fc554660, function = 0x2b42fb294eb0,
    reserved = {0x2b42fb275da0, 0x7fffaf912570, 0x9f5030, 0x7fffaf90ff20}}, fbc = 0x2b42fb294eb0, op_array = 0x2b42fb275c68,
  object = 0x2b42fb279cb0, Ts = 0x7fffaf90fc70, CVs = 0x7fffaf90fc40, original_in_execution = 0 '\0', symbol_table = 0x9f9488,
  prev_execute_data = 0x0, old_error_reporting = 0x0}
#15 0x0000000000718215 in zend_execute_scripts (type=8, tsrm_ls=0x9f5030, retval=0x0, file_count=3) at /home/cristian/php5/Zend/zend.c:1100
        files = {{gp_offset = 48, fp_offset = 48, overflow_arg_area = 0x7fffaf910180, reg_save_area = 0x7fffaf9100b0}}
        i = 1
        file_handle = (zend_file_handle *) 0x7fffaf912570
        orig_op_array = (zend_op_array *) 0x0
        orig_retval_ptr_ptr = (zval **) 0x0
        local_retval = (zval *) 0x0
#16 0x00000000006a2d35 in php_execute_script (primary_file=0x7fffaf912570, tsrm_ls=0x9f5030) at /home/cristian/php5/main/main.c:1781
        realfile = ""/srv/www/htdocs/flyspray/compat.php\000lar_text\000\000\000\000\006\000\000\177\000\000�q\000\000\000\000\000strip_tags\---Type <return> to continue, or q <return> to quit---
000\000\000\000\000\000\006\000\000\177\000\000�q\000\000\000\000\000ltrim\000\000\000m\206\000\000\000\000\000�\001B+\000\000�\001B+\000\000\000\000\000\000\000\000\000\000�\000\000\000\000\000\020\001\000\000\000\000\000\000\200I\001B+\000\000�\001B+\000\000@\000\000\000\000\000\000\000\020\002\000\000\000\000\000\000\235i\000\000\000\000\000�024\221\177\000\000""...
        __orig_bailout = (jmp_buf *) 0x7fffaf912420
        __bailout = {{__jmpbuf = {13, -69681406510797953, 0, 140736138913744, 0, 0, -69681406510806673, -69789443644300871},
    __mask_was_saved = 0, __saved_mask = {__val = {8809896, 47566693528520, 13, 140736138908336, 47566680651074, 8024600, 0, 11698912,
        11725152, 47566695774080, 32768, 47566695774080, 47566693883056, 13, 8024624, 0}}}}
        prepend_file_p = (zend_file_handle *) 0x0
        append_file_p = (zend_file_handle *) 0x0
        prepend_file = {type = 0 '\0', filename = 0x0, opened_path = 0x0, handle = {fd = 0, fp = 0x0, stream = {handle = 0x0, reader = 0,
      closer = 0, fteller = 0, interactive = 0}}, free_filename = 0 '\0'}
        append_file = {type = 0 '\0', filename = 0x0, opened_path = 0x0, handle = {fd = 0, fp = 0x0, stream = {handle = 0x0, reader = 0,
      closer = 0, fteller = 0, interactive = 0}}, free_filename = 0 '\0'}
        old_cwd = 0x7fffaf9101a0 """"
        retval = 0
#17 0x00000000007a8c0d in main (argc=4, argv=0x7fffaf9127d8) at /home/cristian/php5/sapi/cli/php_cli.c:1108
        __orig_bailout = (jmp_buf *) 0x0
        __bailout = {{__jmpbuf = {13, -69681406510797281, 0, 140736138913744, 0, 0, -69681406510798001, -69789443643226079},
    __mask_was_saved = 0, __saved_mask = {__val = {0, 0, 0, 0, 0, 0, 0, 140736138913072, 0, 0, 0, 0, 3941092235, 47566681744960,
        47566681746784, 281474976710656}}}}
        exit_status = 0
        c = -1
        file_handle = {type = 2 '\002', filename = 0x7fffaf91329d ""/home/cristian/public_html/flyspray/compat.php"", opened_path = 0x0,
  handle = {fd = 12283136, fp = 0xbb6d00, stream = {handle = 0xbb6d00, reader = 0x733e88 <zend_stream_stdio_reader>,
      closer = 0x733eb8 <zend_stream_stdio_closer>, fteller = 0x733ee3 <zend_stream_stdio_fteller>, interactive = 0}}, free_filename = 0 '\0'}
        behavior = 1
        reflection_what = 0x0
        orig_optind = 1
        orig_optarg = 0x0
        arg_free = 0x7fffaf91329d ""/home/cristian/public_html/flyspray/compat.php""
        arg_excp = (char **) 0x7fffaf9127f0
        script_file = 0x7fffaf91329d ""/home/cristian/public_html/flyspray/compat.php""
        interactive = 0
        module_started = 1
---Type <return> to continue, or q <return> to quit---
        request_started = 1
        lineno = 1
        exec_direct = 0x0
        exec_run = 0x0
        exec_begin = 0x0
        exec_end = 0x0
        param_error = 0x0
        hide_argv = 0
        compiler_globals = (zend_compiler_globals *) 0x9f5030
        executor_globals = (zend_executor_globals *) 0x9f5030
        core_globals = (php_core_globals *) 0x9f5030
        sapi_globals = (sapi_globals_struct *) 0x9f51d0
        tsrm_ls = (void ***) 0x9f5030
        ini_entries_len = 143

}}}
 
Im using 1.2 SVN branch with php 5.2.1-dev but reproduced in released 5.2.0 too .

I'll try to isolate a short script later today."	defect	closed	major	1.2.2	cacher	1.2-dev	fixed						0		Irrelevant	Always