PHP7: Segmentation fault in s_clear_keys #224
Description
When using the PHP7 branch I get a reproducible segmentation fault when running a certain unit tests. Unfortunately I was not able to reproduce it in a smaller test script. This is the valgrind ouput:
==2432== Invalid free() / delete / delete[] / realloc()
==2432== at 0x4C2BDEC: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==2432== by 0x1E845104: s_clear_keys (php_memcached.c:1345)
==2432== by 0x1E84A20C: php_memc_get_impl (php_memcached.c:1409)
==2432== by 0x3CFA93: ??? (in /usr/bin/php7.0)
==2432== by 0x3920CA: execute_ex (in /usr/bin/php7.0)
==2432== by 0x347158: dtrace_execute_ex (in /usr/bin/php7.0)
==2432== by 0x3CF75F: ??? (in /usr/bin/php7.0)
==2432== by 0x3920CA: execute_ex (in /usr/bin/php7.0)
==2432== by 0x347158: dtrace_execute_ex (in /usr/bin/php7.0)
==2432== by 0x3CF75F: ??? (in /usr/bin/php7.0)
==2432== by 0x3920CA: execute_ex (in /usr/bin/php7.0)
==2432== by 0x347158: dtrace_execute_ex (in /usr/bin/php7.0)
==2432== Address 0x23b2f6b0 is 0 bytes inside a block of size 8 free'd
==2432== at 0x4C2BDEC: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==2432== by 0x1E84508D: s_hash_to_keys (php_memcached.c:1321)
==2432== by 0x1E84A1CA: s_key_to_keys (php_memcached.c:1334)
==2432== by 0x1E84A1CA: php_memc_get_impl (php_memcached.c:1407)
==2432== by 0x3CFA93: ??? (in /usr/bin/php7.0)
==2432== by 0x3920CA: execute_ex (in /usr/bin/php7.0)
==2432== by 0x347158: dtrace_execute_ex (in /usr/bin/php7.0)
==2432== by 0x3CF75F: ??? (in /usr/bin/php7.0)
==2432== by 0x3920CA: execute_ex (in /usr/bin/php7.0)
==2432== by 0x347158: dtrace_execute_ex (in /usr/bin/php7.0)
==2432== by 0x3CF75F: ??? (in /usr/bin/php7.0)
==2432== by 0x3920CA: execute_ex (in /usr/bin/php7.0)
==2432== by 0x347158: dtrace_execute_ex (in /usr/bin/php7.0)
==2432==
==2432== Invalid free() / delete / delete[] / realloc()
==2432== at 0x4C2BDEC: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==2432== by 0x1E84510D: s_clear_keys (php_memcached.c:1346)
==2432== by 0x1E84A20C: php_memc_get_impl (php_memcached.c:1409)
==2432== by 0x3CFA93: ??? (in /usr/bin/php7.0)
==2432== by 0x3920CA: execute_ex (in /usr/bin/php7.0)
==2432== by 0x347158: dtrace_execute_ex (in /usr/bin/php7.0)
==2432== by 0x3CF75F: ??? (in /usr/bin/php7.0)
==2432== by 0x3920CA: execute_ex (in /usr/bin/php7.0)
==2432== by 0x347158: dtrace_execute_ex (in /usr/bin/php7.0)
==2432== by 0x3CF75F: ??? (in /usr/bin/php7.0)
==2432== by 0x3920CA: execute_ex (in /usr/bin/php7.0)
==2432== by 0x347158: dtrace_execute_ex (in /usr/bin/php7.0)
==2432== Address 0x6c5d6c0 is 0 bytes inside a block of size 8 free'd
==2432== at 0x4C2BDEC: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==2432== by 0x1E84507B: s_hash_to_keys (php_memcached.c:1319)
==2432== by 0x1E84A1CA: s_key_to_keys (php_memcached.c:1334)
==2432== by 0x1E84A1CA: php_memc_get_impl (php_memcached.c:1407)
==2432== by 0x3CFA93: ??? (in /usr/bin/php7.0)
==2432== by 0x3920CA: execute_ex (in /usr/bin/php7.0)
==2432== by 0x347158: dtrace_execute_ex (in /usr/bin/php7.0)
==2432== by 0x3CF75F: ??? (in /usr/bin/php7.0)
==2432== by 0x3920CA: execute_ex (in /usr/bin/php7.0)
==2432== by 0x347158: dtrace_execute_ex (in /usr/bin/php7.0)
==2432== by 0x3CF75F: ??? (in /usr/bin/php7.0)
==2432== by 0x3920CA: execute_ex (in /usr/bin/php7.0)
==2432== by 0x347158: dtrace_execute_ex (in /usr/bin/php7.0)
==2432==
==2432== Invalid free() / delete / delete[] / realloc()
==2432== at 0x4C2BDEC: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==2432== by 0x1E84A20C: php_memc_get_impl (php_memcached.c:1409)
==2432== by 0x3CFA93: ??? (in /usr/bin/php7.0)
==2432== by 0x3920CA: execute_ex (in /usr/bin/php7.0)
==2432== by 0x347158: dtrace_execute_ex (in /usr/bin/php7.0)
==2432== by 0x3CF75F: ??? (in /usr/bin/php7.0)
==2432== by 0x3920CA: execute_ex (in /usr/bin/php7.0)
==2432== by 0x347158: dtrace_execute_ex (in /usr/bin/php7.0)
==2432== by 0x3CF75F: ??? (in /usr/bin/php7.0)
==2432== by 0x3920CA: execute_ex (in /usr/bin/php7.0)
==2432== by 0x347158: dtrace_execute_ex (in /usr/bin/php7.0)
==2432== by 0x3CF75F: ??? (in /usr/bin/php7.0)
==2432== Address 0x23746220 is 0 bytes inside a block of size 8 free'd
==2432== at 0x4C2BDEC: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==2432== by 0x1E845084: s_hash_to_keys (php_memcached.c:1320)
==2432== by 0x1E84A1CA: s_key_to_keys (php_memcached.c:1334)
==2432== by 0x1E84A1CA: php_memc_get_impl (php_memcached.c:1407)
==2432== by 0x3CFA93: ??? (in /usr/bin/php7.0)
==2432== by 0x3920CA: execute_ex (in /usr/bin/php7.0)
==2432== by 0x347158: dtrace_execute_ex (in /usr/bin/php7.0)
==2432== by 0x3CF75F: ??? (in /usr/bin/php7.0)
==2432== by 0x3920CA: execute_ex (in /usr/bin/php7.0)
==2432== by 0x347158: dtrace_execute_ex (in /usr/bin/php7.0)
==2432== by 0x3CF75F: ??? (in /usr/bin/php7.0)
==2432== by 0x3920CA: execute_ex (in /usr/bin/php7.0)
==2432== by 0x347158: dtrace_execute_ex (in /usr/bin/php7.0)
==2432==
. 1 / 1 (100%)
For more details see also this issue at bugs.php.net which pointed me to the memcached extension being the reason for the crash:
https://bugs.php.net/bug.php?id=71712