Segmentation fault / PHP 5.3.6 / Igbinary-1.1.1
286 views
Skip to first unread message
Aleksey Korzun
May 3, 2011, 4:56:04 PM5/3/11
to igbinary development list
Spotted a hard crash issue that seems to be linked to igbinary/
spl_array below are back traces, I will also open a bug within PHP's
list for Spl_Array.c.
Seems to be related to multi-object nesting and only starts to
segfault when Memcached::SERIALIZER_IGBINARY is set .vs
Memcached::SERIALIZER_PHP for Memcached.
PECL-Memcached 1.x:
#0 0x00000008025fa414 in var_push_dtor (var_hashx=0x0,
rval=0x808147778) at /usr/ports/lang/php5/work/php-5.3.6/ext/standard/
var_unserializer.c:60
60 /usr/ports/lang/php5/work/php-5.3.6/ext/standard/
var_unserializer.c: No such file or directory.
in /usr/ports/lang/php5/work/php-5.3.6/ext/standard/
var_unserializer.c
[New Thread 8016041c0 (LWP 101684)]
(gdb) bt full
#0 0x00000008025fa414 in var_push_dtor (var_hashx=0x0,
rval=0x808147778) at /usr/ports/lang/php5/work/php-5.3.6/ext/standard/
var_unserializer.c:60
var_hash = (var_entries *) 0x8080e4528
prev = (var_entries *) 0x80283bc58
#1 0x00000008025fd41d in process_nested_data (rval=0x7fffffffc010,
p=0x7fffffffc428, max=0x80814d87d "", var_hash=0x0, ht=0x8080e4528,
elements=3)
at /usr/ports/lang/php5/work/php-5.3.6/ext/standard/
var_unserializer.c:292
key = (zval *) 0x8080e5198
data = (zval *) 0x8080e4f08
old_data = (zval **) 0x808147778
#2 0x00000008025fcfe7 in object_common2 (rval=0x7fffffffc010,
p=0x7fffffffc428, max=0x80814d87d "", var_hash=0x0, elements=4) at /
usr/ports/lang/php5/work/php-5.3.6/ext/standard/var_unserializer.c:363
retval_ptr = (zval *) 0x0
fname = {value = {lval = 0, dval = 0, str = {val = 0x0, len =
135583869}, ht = 0x0, obj = {handle = 0, handlers = 0x814d87d}},
refcount__gc = 0, type = 0 '\0', is_ref__gc = 0 '\0'}
#3 0x00000008025fb5b0 in php_var_unserialize (rval=0x7fffffffc010,
p=0x7fffffffc428, max=0x80814d87d "", var_hash=0x0) at /usr/ports/lang/
php5/work/php-5.3.6/ext/standard/var_unserializer.c:647
len3 = 12
user_func = (zval *) 0x8026bbbaa
arg_func_name = (zval *) 0x808148d28
pce = (zend_class_entry **) 0x8017ec7d8
custom_object = 0
len = 12
len2 = 12
maxlen = 7716
elements = 4
class_name = 0x808147370 'Z' <repeats 13 times>, "=ÚS¸S¸ÚS¸S¸®
\211 °\b"
ce = (zend_class_entry *) 0x808149290
incomplete_class = 0
retval_ptr = (zval *) 0x808148658
args = {0x80342d300}
yych = 34 '"'
cursor = (const unsigned char *) 0x80814ba65 "\":4:{s:
7:\"_obj_id\";s:7:\"1950554\";s:10:\""
limit = (const unsigned char *) 0x80814ba53 "O:12:\"models\
\Video\":4:{s:7:\"_obj_id\";s:7:\"1950554\";s:10:\""
marker = (const unsigned char *) 0x80814ba54 ":12:\"models\
\Video\":4:{s:7:\"_obj_id\";s:7:\"1950554\";s:10:\""
start = (const unsigned char *) 0x80814ba53 "O:12:\"models\
\Video\":4:{s:7:\"_obj_id\";s:7:\"1950554\";s:10:\""
rval_ref = (zval **) 0x78
yybm = '\0' <repeats 48 times>,
"\200\200\200\200\200\200\200\200\200\200", '\0' <repeats 197 times>
#4 0x00000008025fd2b6 in process_nested_data (rval=0x7fffffffc230,
p=0x7fffffffc428, max=0x80814d87d "", var_hash=0x0, ht=0x808148020,
elements=3)
at /usr/ports/lang/php5/work/php-5.3.6/ext/standard/
var_unserializer.c:275
key = (zval *) 0x8080e5778
data = (zval *) 0x8080e5600
old_data = (zval **) 0x80283bc58
#5 0x00000008025fb927 in php_var_unserialize (rval=0x7fffffffc230,
p=0x7fffffffc428, max=0x80814d87d "", var_hash=0x0) at /usr/ports/lang/
php5/work/php-5.3.6/ext/standard/var_unserializer.c:713
elements = 4
yych = 123 '{'
cursor = (const unsigned char *) 0x80814ba49 "s:3:\"obj\";O:
12:\"models\\Video\":4:{s:7:\"_obj_id\";s:7:\"1950554\";s:10:\""
limit = (const unsigned char *) 0x80814ba44 "a:4:{s:3:\"obj
\";O:12:\"models\\Video\":4:{s:7:\"_obj_id\";s:7:\"1950554\";s:10:\""
marker = (const unsigned char *) 0x80814ba45 ":4:{s:3:\"obj
\";O:12:\"models\\Video\":4:{s:7:\"_obj_id\";s:7:\"1950554\";s:10:\""
start = (const unsigned char *) 0x80814ba44 "a:4:{s:3:\"obj
\";O:12:\"models\\Video\":4:{s:7:\"_obj_id\";s:7:\"1950554\";s:10:\""
rval_ref = (zval **) 0x78
yybm = '\0' <repeats 48 times>,
"\200\200\200\200\200\200\200\200\200\200", '\0' <repeats 197 times>
#6 0x00000008025fd2b6 in process_nested_data (rval=0x808148a18,
p=0x7fffffffc428, max=0x80814d87d "", var_hash=0x0, ht=0x8080e47c0,
elements=19)
at /usr/ports/lang/php5/work/php-5.3.6/ext/standard/
var_unserializer.c:275
key = (zval *) 0x8080e5a68
data = (zval *) 0x8080e58f0
old_data = (zval **) 0x80283bc58
#7 0x00000008025fb927 in php_var_unserialize (rval=0x808148a18,
p=0x7fffffffc428, max=0x80814d87d "", var_hash=0x0) at /usr/ports/lang/
php5/work/php-5.3.6/ext/standard/var_unserializer.c:713
elements = 20
yych = 123 '{'
cursor = (const unsigned char *) 0x80814ba40 "i:0;a:4:{s:
3:\"obj\";O:12:\"models\\Video\":4:{s:7:\"_obj_id\";s:7:\"1950554\";s:
10:\""
limit = (const unsigned char *) 0x80814ba3a "a:20:{i:0;a:4:{s:
3:\"obj\";O:12:\"models\\Video\":4:{s:7:\"_obj_id\";s:7:\"1950554\";s:
10:\""
marker = (const unsigned char *) 0x80814ba3b ":20:{i:0;a:4:{s:
3:\"obj\";O:12:\"models\\Video\":4:{s:7:\"_obj_id\";s:7:\"1950554\";s:
10:\""
start = (const unsigned char *) 0x80814ba3a "a:20:{i:0;a:4:{s:
3:\"obj\";O:12:\"models\\Video\":4:{s:7:\"_obj_id\";s:7:\"1950554\";s:
10:\""
rval_ref = (zval **) 0x78
yybm = '\0' <repeats 48 times>,
"\200\200\200\200\200\200\200\200\200\200", '\0' <repeats 197 times>
#8 0x000000080255cda3 in spl_array_unserialize_helper
(intern=0x808148a00, buf=0x80814ba34 "x:i:0;a:20:{i:0;a:4:{s:3:\"obj
\";O:12:\"models\\Video\":4:{s:7:\"_obj_id\";s:7:\"1950554\";s:
10:\"",
buf_len=7753, var_hash_p=0x0) at /usr/ports/lang/php5/work/
php-5.3.6/ext/spl/spl_array.c:1763
p = (const unsigned char *) 0x80814ba86 "s:10:\""
s = (const unsigned char *) 0x80814ba34 "x:i:0;a:20:{i:0;a:4:
{s:3:\"obj\";O:12:\"models\\Video\":4:{s:7:\"_obj_id\";s:
7:\"1950554\";s:10:\""
pmembers = (zval *) 0x72a05595278
pflags = (zval *) 0x8080e5a68
---Type <return> to continue, or q <return> to quit---
flags = 0
#9 0x000000080255d1e4 in spl_array_unserialize
(object=0x7fffffffc718, ce=0x8017d0538, buf=0x80814ba34 "x:i:0;a:20:{i:
0;a:4:{s:3:\"obj\";O:12:\"models\\Video\":4:{s:7:\"_obj_id\";s:
7:\"1950554\";s:10:\"",
buf_len=7753, data=0x0) at /usr/ports/lang/php5/work/php-5.3.6/ext/
spl/spl_array.c:1852
intern = (spl_array_object *) 0x808148a00
#10 0x0000000805592d58 in igbinary_unserialize_object_ser
(igsd=0x7fffffffc800, t=igbinary_type_object_ser16, z=0x7fffffffc718,
ce=0x8017d0538)
at /usr/ports/converters/igbinary/work/igbinary-1.1.1/igbinary.c:
1757
n = 7753
#11 0x0000000805592a07 in igbinary_unserialize_object
(igsd=0x7fffffffc800, t=igbinary_type_object_ser16, z=0x7fffffffc718)
at /usr/ports/converters/igbinary/work/igbinary-1.1.1/igbinary.c:1884
ce = (zend_class_entry *) 0x8017d0538
pce = (zend_class_entry **) 0x8017541a8
h = (zval *) 0x0
f = {value = {lval = 34449478264, dval =
1.7020303727397145e-313, str = {val = 0x805595278 "/usr/ports/
converters/igbinary/work/igbinary-1.1.1/igbinary.c", len = 32}, ht =
0x805595278, obj = {
handle = 89739896, handlers = 0x20}}, refcount__gc = 54711040,
type = 8 '\b', is_ref__gc = 0 '\0'}
name = 0x80814ba13 "jument\\library\\Meta_Collection
\036\036Ix:i:0;a:20:{i:0;a:4:{s:3:\"obj\";O:12:\"models\\Video\":4:{s:
7:\"_obj_id\";s:7:\"1950554\";s:10:\""
name_len = 30
r = 1
incomplete_class = false
user_func = (zval *) 0x26f5ec3
retval_ptr = (zval *) 0x8080e6b68
args = {0x80285a5b8}
arg_func_name = (zval *) 0x8026bbbaa
#12 0x0000000805591e7a in igbinary_unserialize_zval
(igsd=0x7fffffffc800, z=0x7fffffffc718) at /usr/ports/converters/
igbinary/work/igbinary-1.1.1/igbinary.c:1999
t = igbinary_type_object8
tmp_long = 140737488340624
tmp_double = 1.7042748805580649e-313
tmp_chararray = 0x7fffffffc690 "PÇÿÿÿ\177"
tmp_size_t = 72057628532835544
#13 0x00000008055933c7 in igbinary_unserialize_array
(igsd=0x7fffffffc800, t=igbinary_type_array8, z=0x7fffffffc8b8,
object=0) at /usr/ports/converters/igbinary/work/igbinary-1.1.1/
igbinary.c:1687
n = 2
i = 1
v = (zval *) 0x8080e6b68
key = 0x80814ba10 "v\027\036jument\\library\\Meta_Collection
\036\036Ix:i:0;a:20:{i:0;a:4:{s:3:\"obj\";O:12:\"models\\Video\":4:{s:
7:\"_obj_id\";s:7:\"1950554\";s:10:\""
key_len = 1
key_index = 0
key_type = igbinary_type_string8
h = (HashTable *) 0x8080e2db8
#14 0x0000000805591ea3 in igbinary_unserialize_zval
(igsd=0x7fffffffc800, z=0x7fffffffc8b8) at /usr/ports/converters/
igbinary/work/igbinary-1.1.1/igbinary.c:2006
t = igbinary_type_array8
tmp_long = 140737488340944
tmp_double = 6.9533558071267118e-310
tmp_chararray = 0x805595278 "/usr/ports/converters/igbinary/
work/igbinary-1.1.1/igbinary.c"
tmp_size_t = 5450313498637
#15 0x000000080558f705 in igbinary_unserialize (buf=0x80814ba00 "",
buf_len=7805, z=0x7fffffffc8b8) at /usr/ports/converters/igbinary/work/
igbinary-1.1.1/igbinary.c:363
igsd = {buffer = 0x80814ba00 "", buffer_size = 7805,
buffer_offset = 52, strings = 0x808147f88, strings_count = 3,
strings_capacity = 4, references = 0x8080e6700, references_count = 2,
references_capacity = 4, error = 0, string0_buf = {c = 0x808147610
"t", len = 1, a = 78}}
#16 0x00000008058ddd20 in php_memc_zval_from_payload
(value=0x8080e84d8, payload=0x80814ba00 "", payload_len=7805,
flags=21) at /usr/ports/databases/pecl-memcached/work/memcached-1.0.2/
php_memcached.c:2180
dummy_payload = ""
#17 0x00000008058d82f6 in php_memc_get_impl (ht=1,
return_value=0x8080e84d8, return_value_ptr=0x0, this_ptr=0x8080b06a0,
return_value_used=1, by_key=0 '\0')
at /usr/ports/databases/pecl-memcached/work/memcached-1.0.2/
php_memcached.c:479
dummy_length = 0
dummy_flags = 8
rc = 0
dummy_status = MEMCACHED_END
return_value_set = false
key = 0x808146fc8
"ch9schedulesitemsf08cb61fb86f3da178ff6e11396fe434"
key_len = 49
server_key = 0x0
server_key_len = 0
payload = 0x80166b400 "x\234½YËjÜ0\024u²ì.Pè.\fZ\026\002ÖË\036k
\226]u\021Z(t\223\001£Ø¢q°Çaì\tMÃ|Xwý´êá$í¢\nÒ¥\202YØzXçèêqÎ\235,ËNß
\236\236\235Ìo.\177]ý<;¹\177w~{\030ÔnÞöÝõ^î\037¶\227j\226õ
\207±ïU3wãîüüãwÑ\211|#\005ÉÅ£{bâq\022T ñú\026m>\tL\004\032ÆVõÓökת\021¹
\006¥@µnQw-ÚØ7\\ñ\234sfÞp.Pö>«ïe\177P\023ÒßÔ\037?êrêÊ»©îGÙ*ÝõZ
\017ùWÅ4"...
payload_len = 816
flags = 21
cas = 0
cas_token = (zval *) 0x0
fci = {size = 0, function_table = 0x0, function_name = 0x0,
symbol_table = 0x0, retval_ptr_ptr = 0x0, param_count = 0, params =
0x0, object_ptr = 0x0, no_separation = 0 '\0'}
fcc = {initialized = 0 '\0', function_handler = 0x0,
calling_scope = 0x0, called_scope = 0x0, object_ptr = 0x0}
result = {item_flags = 42323192, item_expiration =
140737488341680, key_length = 34401910565, item_cas = 0, root =
0x100000001, value = {end = 0x8026baf25 "\205Àu8\203}\234", string =
0x0,
---Type <return> to continue, or q <return> to quit---
current_size = 8291963487718998017, root = 0x802858ff0, options =
{is_allocated = false, is_initialized = false}},
item_key = "h~\205\002\b\000\000\000°¹
\003\000\001\000\000\000\b{\024\b\b\000\000\000\000ÓB\003\b
\000\000\000¸z\024\b\b\000\000\000\021", '\0' <repeats 11 times>,
"\001\000\000\000\030\223\237uÛÐw\003Ø-{\001\b\000\000\000¹wí
\005\212\003\000\000¸¥\205\002\b\000\000\000à.{\001\b\000\000\000ÀÊÿÿÿ
\177\000\000x\204o\002\b\000\000\000(Ëÿÿ\000\000\000\0000Ëÿÿÿ
\177\000\000\f_«A!`¹\230.{\001\037\000\000\000 ³í\005\b\000\000\000à.
{\001\b\000\000\000Ø-{\001\004\000\000\000Èa{\001\b\000\000\000PËÿÿÿ
\177\000\000%G\227|\001\000\000\000¸¥\205\002\004\000\000\000T"...,
options = {is_allocated = false, is_initialized = true}}
status = MEMCACHED_SUCCESS
object = (zval *) 0x8080b06a0
i_obj = (php_memc_t *) 0x801744b40
#18 0x00000008058d7beb in zim_Memcached_get (ht=1,
return_value=0x8080e84d8, return_value_ptr=0x0, this_ptr=0x8080b06a0,
return_value_used=1)
at /usr/ports/databases/pecl-memcached/work/memcached-1.0.2/
php_memcached.c:320
No locals.
#19 0x000000080271ab7c in zend_do_fcall_common_helper_SPEC
(execute_data=0x808008c60) at zend_vm_execute.h:316
opline = (zend_op *) 0x805ed6cb8
should_change_scope = 1 '\001'
#20 0x000000080271bb25 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER
(execute_data=0x808008c60) at zend_vm_execute.h:421
No locals.
#21 0x0000000802719b4a in execute (op_array=0x8017b3ce0) at
zend_vm_execute.h:107
ret = 0
execute_data = (zend_execute_data *) 0x808008c60
nested = 1 '\001'
original_in_execution = 0 '\0'
#22 0x00000008026e65bd in zend_execute_scripts (type=8, retval=0x0,
file_count=3) at /usr/ports/lang/php5/work/php-5.3.6/Zend/zend.c:1194
files = {{gp_offset = 40, fp_offset = 48, overflow_arg_area =
0x7fffffffcf10, reg_save_area = 0x7fffffffce50}}
i = 1
file_handle = (zend_file_handle *) 0x7fffffffe520
orig_op_array = (zend_op_array *) 0x0
orig_retval_ptr_ptr = (zval **) 0x0
#23 0x0000000802666872 in php_execute_script
(primary_file=0x7fffffffe520) at /usr/ports/lang/php5/work/php-5.3.6/
main/main.c:2268
realfile = "\000\000\000\000ÿ\177\000\000\200ªZ\000\b
\000\000\000Pâÿÿÿ\177\000\000\001", '\0' <repeats 23 times>, "3æ
\225\000\000\000\000\000¯¬V\000\b\000\000\000hâÿÿÿ\177\000\000Õ¤i\005\b
\000\000\000\000æZ\000\b\000\000\000À«Z\000\b\000\000\000 âÿÿÿ
\177\000\000\000\000\000\000\000\000\000\000\001", '\0' <repeats 15
times>, "3æ\225\000\000\000\000\000F®V\000\b\000\000\000Pâÿÿÿ
\177\000\000\000rY\000\b\000\000\000\000pY\000\b\000\000\000\000rY
\000\b\000\000\000\000tY\000\b\000\000\000\000vY\000\b
\000\000\000\000xY\000\b\000\000\000\000zY\000\b\000\000\000\000|Y
\000\b\000\000\000\000~"...
__orig_bailout = (sigjmp_buf *) 0x7fffffffe5a0
__bailout = {{_sjb = {34400003509, 3778, 140737488342792,
140737488348416, 140737488350088, 140737488350056, 0, 0,
140737488290431, 34365695488, 140737488348112, 34359738368}}}
prepend_file_p = (zend_file_handle *) 0x0
append_file_p = (zend_file_handle *) 0x0
prepend_file = {type = ZEND_HANDLE_FILENAME, filename = 0x0,
opened_path = 0x0, handle = {fd = 0, fp = 0x0, stream = {handle = 0x0,
isatty = 0, mmap = {len = 0, pos = 0, map = 0x0, buf = 0x0,
old_handle = 0x0, old_closer = 0}, reader = 0, fsizer = 0,
closer = 0}}, free_filename = 0 '\0'}
append_file = {type = ZEND_HANDLE_FILENAME, filename = 0x0,
opened_path = 0x0, handle = {fd = 0, fp = 0x0, stream = {handle = 0x0,
isatty = 0, mmap = {len = 0, pos = 0, map = 0x0, buf = 0x0,
old_handle = 0x0, old_closer = 0}, reader = 0, fsizer = 0,
closer = 0}}, free_filename = 0 '\0'}
old_cwd = 0x7fffffffcf30 "/"
use_heap = 0 '\0'
retval = 0
#24 0x00000008027da005 in php_handler (r=0x8017a3c58) at /usr/ports/
lang/php5/work/php-5.3.6/sapi/apache2handler/sapi_apache2.c:669
zfd = {type = ZEND_HANDLE_FILENAME, filename = 0x8017a52
PECL-Memcached 2.x
Loaded symbols for /libexec/ld-elf.so.1
#0 0x00000008025fa414 in var_push_dtor (var_hashx=0x0,
rval=0x808147718) at /usr/ports/lang/php5/work/php-5.3.6/ext/standard/
var_unserializer.c:60
60 var_entries *var_hash = var_hashx->first_dtor, *prev =
NULL;
[New Thread 8016041c0 (LWP 101156)]
(gdb) but full
Undefined command: "but". Try "help".
(gdb) bt full
#0 0x00000008025fa414 in var_push_dtor (var_hashx=0x0,
rval=0x808147718) at /usr/ports/lang/php5/work/php-5.3.6/ext/standard/
var_unserializer.c:60
var_hash = (var_entries *) 0x8080e45b0
prev = (var_entries *) 0x80283bc58
#1 0x00000008025fd41d in process_nested_data (rval=0x7fffffffbfe0,
p=0x7fffffffc3f8, max=0x80814b305 "", var_hash=0x0, ht=0x8080e45b0,
elements=3)
at /usr/ports/lang/php5/work/php-5.3.6/ext/standard/
var_unserializer.c:292
key = (zval *) 0x8080e5220
data = (zval *) 0x8080e4f90
old_data = (zval **) 0x808147718
#2 0x00000008025fcfe7 in object_common2 (rval=0x7fffffffbfe0,
p=0x7fffffffc3f8, max=0x80814b305 "", var_hash=0x0, elements=4) at /
usr/ports/lang/php5/work/php-5.3.6/ext/standard/var_unserializer.c:363
retval_ptr = (zval *) 0x0
fname = {value = {lval = 0, dval = 0, str = {val = 0x0, len =
135574277}, ht = 0x0, obj = {handle = 0, handlers = 0x814b305}},
refcount__gc = 0, type = 0 '\0', is_ref__gc = 0 '\0'}
#3 0x00000008025fb5b0 in php_var_unserialize (rval=0x7fffffffbfe0,
p=0x7fffffffc3f8, max=0x80814b305 "", var_hash=0x0) at /usr/ports/lang/
php5/work/php-5.3.6/ext/standard/var_unserializer.c:647
len3 = 12
user_func = (zval *) 0x8026bbbaa
arg_func_name = (zval *) 0x808148d08
pce = (zend_class_entry **) 0x8017fd358
custom_object = 0
len = 12
len2 = 12
maxlen = 7716
elements = 4
class_name = 0x808147310 'Z' <repeats 13 times>, "\005\217þÑþÑ
\217þÑþÑ_\006´{\b"
ce = (zend_class_entry *) 0x80814b360
incomplete_class = 0
retval_ptr = (zval *) 0x808148638
args = {0x80342d300}
yych = 34 '"'
cursor = (const unsigned char *) 0x8081494ed "\":4:{s:
7:\"_obj_id\";s:7:\"1950554\";s:10:\""
limit = (const unsigned char *) 0x8081494db "O:12:\"models\
\Video\":4:{s:7:\"_obj_id\";s:7:\"1950554\";s:10:\""
marker = (const unsigned char *) 0x8081494dc ":12:\"models\
\Video\":4:{s:7:\"_obj_id\";s:7:\"1950554\";s:10:\""
start = (const unsigned char *) 0x8081494db "O:12:\"models\
\Video\":4:{s:7:\"_obj_id\";s:7:\"1950554\";s:10:\""
rval_ref = (zval **) 0x78
yybm = '\0' <repeats 48 times>,
"\200\200\200\200\200\200\200\200\200\200", '\0' <repeats 197 times>
#4 0x00000008025fd2b6 in process_nested_data (rval=0x7fffffffc200,
p=0x7fffffffc3f8, max=0x80814b305 "", var_hash=0x0, ht=0x808148000,
elements=3)
at /usr/ports/lang/php5/work/php-5.3.6/ext/standard/
var_unserializer.c:275
key = (zval *) 0x8080e5800
data = (zval *) 0x8080e5688
old_data = (zval **) 0x80283bc58
#5 0x00000008025fb927 in php_var_unserialize (rval=0x7fffffffc200,
p=0x7fffffffc3f8, max=0x80814b305 "", var_hash=0x0) at /usr/ports/lang/
php5/work/php-5.3.6/ext/standard/var_unserializer.c:713
elements = 4
yych = 123 '{'
cursor = (const unsigned char *) 0x8081494d1 "s:3:\"obj\";O:
12:\"models\\Video\":4:{s:7:\"_obj_id\";s:7:\"1950554\";s:10:\""
limit = (const unsigned char *) 0x8081494cc "a:4:{s:3:\"obj
\";O:12:\"models\\Video\":4:{s:7:\"_obj_id\";s:7:\"1950554\";s:10:\""
marker = (const unsigned char *) 0x8081494cd ":4:{s:3:\"obj
\";O:12:\"models\\Video\":4:{s:7:\"_obj_id\";s:7:\"1950554\";s:10:\""
start = (const unsigned char *) 0x8081494cc "a:4:{s:3:\"obj
\";O:12:\"models\\Video\":4:{s:7:\"_obj_id\";s:7:\"1950554\";s:10:\""
rval_ref = (zval **) 0x78
yybm = '\0' <repeats 48 times>,
"\200\200\200\200\200\200\200\200\200\200", '\0' <repeats 197 times>
#6 0x00000008025fd2b6 in process_nested_data (rval=0x8081489f8,
p=0x7fffffffc3f8, max=0x80814b305 "", var_hash=0x0, ht=0x8080e4848,
elements=19)
at /usr/ports/lang/php5/work/php-5.3.6/ext/standard/
var_unserializer.c:275
key = (zval *) 0x8080e5af0
data = (zval *) 0x8080e5978
old_data = (zval **) 0x80283bc58
#7 0x00000008025fb927 in php_var_unserialize (rval=0x8081489f8,
p=0x7fffffffc3f8, max=0x80814b305 "", var_hash=0x0) at /usr/ports/lang/
php5/work/php-5.3.6/ext/standard/var_unserializer.c:713
elements = 20
yych = 123 '{'
cursor = (const unsigned char *) 0x8081494c8 "i:0;a:4:{s:
3:\"obj\";O:12:\"models\\Video\":4:{s:7:\"_obj_id\";s:7:\"1950554\";s:
10:\""
limit = (const unsigned char *) 0x8081494c2 "a:20:{i:0;a:4:{s:
3:\"obj\";O:12:\"models\\Video\":4:{s:7:\"_obj_id\";s:7:\"1950554\";s:
10:\""
marker = (const unsigned char *) 0x8081494c3 ":20:{i:0;a:4:{s:
3:\"obj\";O:12:\"models\\Video\":4:{s:7:\"_obj_id\";s:7:\"1950554\";s:
10:\""
start = (const unsigned char *) 0x8081494c2 "a:20:{i:0;a:4:{s:
3:\"obj\";O:12:\"models\\Video\":4:{s:7:\"_obj_id\";s:7:\"1950554\";s:
10:\""
rval_ref = (zval **) 0x78
yybm = '\0' <repeats 48 times>,
"\200\200\200\200\200\200\200\200\200\200", '\0' <repeats 197 times>
#8 0x000000080255cda3 in spl_array_unserialize_helper
(intern=0x8081489e0, buf=0x8081494bc "x:i:0;a:20:{i:0;a:4:{s:3:\"obj
\";O:12:\"models\\Video\":4:{s:7:\"_obj_id\";s:7:\"1950554\";s:
10:\"",
buf_len=7753, var_hash_p=0x0) at /usr/ports/lang/php5/work/
php-5.3.6/ext/spl/spl_array.c:1763
p = (const unsigned char *) 0x80814950e "s:10:\""
s = (const unsigned char *) 0x8081494bc "x:i:0;a:20:{i:0;a:4:
{s:3:\"obj\";O:12:\"models\\Video\":4:{s:7:\"_obj_id\";s:
7:\"1950554\";s:10:\""
pmembers = (zval *) 0x72a05595278
pflags = (zval *) 0x8080e5af0
---Type <return> to continue, or q <return> to quit---[B
flags = 0
#9 0x000000080255d1e4 in spl_array_unserialize
(object=0x7fffffffc6e8, ce=0x8017d2538, buf=0x8081494bc "x:i:0;a:20:{i:
0;a:4:{s:3:\"obj\";O:12:\"models\\Video\":4:{s:7:\"_obj_id\";s:
7:\"1950554\";s:10:\"",
buf_len=7753, data=0x0) at /usr/ports/lang/php5/work/php-5.3.6/ext/
spl/spl_array.c:1852
intern = (spl_array_object *) 0x8081489e0
#10 0x0000000805592d58 in igbinary_unserialize_object_ser
(igsd=0x7fffffffc7d0, t=igbinary_type_object_ser16, z=0x7fffffffc6e8,
ce=0x8017d2538)
at /usr/ports/converters/igbinary/work/igbinary-1.1.1/igbinary.c:
1757
n = 7753
#11 0x0000000805592a07 in igbinary_unserialize_object
(igsd=0x7fffffffc7d0, t=igbinary_type_object_ser16, z=0x7fffffffc6e8)
at /usr/ports/converters/igbinary/work/igbinary-1.1.1/igbinary.c:1884
ce = (zend_class_entry *) 0x8017d2538
pce = (zend_class_entry **) 0x8017547c8
h = (zval *) 0x0
f = {value = {lval = 34449478264, dval =
1.7020303727397145e-313, str = {val = 0x805595278 "/usr/ports/
converters/igbinary/work/igbinary-1.1.1/igbinary.c", len = 32}, ht =
0x805595278, obj = {
handle = 89739896, handlers = 0x20}}, refcount__gc = 54711040,
type = 8 '\b', is_ref__gc = 0 '\0'}
name = 0x80814949b "jument\\library\\Meta_Collection
\036\036Ix:i:0;a:20:{i:0;a:4:{s:3:\"obj\";O:12:\"models\\Video\":4:{s:
7:\"_obj_id\";s:7:\"1950554\";s:10:\""
name_len = 30
r = 135558576
incomplete_class = false
user_func = (zval *) 0x26f5ec3
retval_ptr = (zval *) 0x8080e6bf0
args = {0x80285a5b8}
arg_func_name = (zval *) 0x8026bbbaa
#12 0x0000000805591e7a in igbinary_unserialize_zval
(igsd=0x7fffffffc7d0, z=0x7fffffffc6e8) at /usr/ports/converters/
igbinary/work/igbinary-1.1.1/igbinary.c:1999
t = igbinary_type_object8
tmp_long = 140737488340576
tmp_double = 1.7042748872773577e-313
tmp_chararray = 0x7fffffffc660 " Çÿÿÿ\177"
tmp_size_t = 72057628532835680
#13 0x00000008055933c7 in igbinary_unserialize_array
(igsd=0x7fffffffc7d0, t=igbinary_type_array8, z=0x7fffffffc898,
object=0) at /usr/ports/converters/igbinary/work/igbinary-1.1.1/
igbinary.c:1687
n = 2
i = 1
v = (zval *) 0x8080e6bf0
key = 0x808149498 "v\027\036jument\\library\\Meta_Collection
\036\036Ix:i:0;a:20:{i:0;a:4:{s:3:\"obj\";O:12:\"models\\Video\":4:{s:
7:\"_obj_id\";s:7:\"1950554\";s:10:\""
key_len = 1
key_index = 0
key_type = igbinary_type_string8
h = (HashTable *) 0x8080e2db8
#14 0x0000000805591ea3 in igbinary_unserialize_zval
(igsd=0x7fffffffc7d0, z=0x7fffffffc898) at /usr/ports/converters/
igbinary/work/igbinary-1.1.1/igbinary.c:2006
t = igbinary_type_array8
tmp_long = 140737488340896
tmp_double = 6.9533558071243403e-310
tmp_chararray = 0x805595278 "/usr/ports/converters/igbinary/
work/igbinary-1.1.1/igbinary.c"
tmp_size_t = 5450313498624
#15 0x000000080558f705 in igbinary_unserialize (buf=0x808149488 "",
buf_len=7805, z=0x7fffffffc898) at /usr/ports/converters/igbinary/work/
igbinary-1.1.1/igbinary.c:363
igsd = {buffer = 0x808149488 "", buffer_size = 7805,
buffer_offset = 52, strings = 0x808147f68, strings_count = 3,
strings_capacity = 4, references = 0x8080e6788, references_count = 2,
references_capacity = 4, error = 0, string0_buf = {c = 0x8081475b0
"t", len = 1, a = 78}}
#16 0x00000008058e03f8 in php_memc_zval_from_payload
(value=0x8080e8560, payload=0x808149488 "", payload_len=7805,
flags=85, serializer=SERIALIZER_IGBINARY) at /root/php-memcached/
php_memcached.c:2719
payload_emalloc = 1 '\001'
buffer = 0x808149488 ""
#17 0x00000008058d9381 in php_memc_get_impl (ht=1,
return_value=0x8080e8560, return_value_ptr=0x0, this_ptr=0x8080b06a0,
return_value_used=1, by_key=0 '\0') at /root/php-memcached/
php_memcached.c:625
rc = 0
return_value_set = 0 '\0'
key = 0x808147018
"ch9schedulesitemsf08cb61fb86f3da178ff6e11396fe434"
key_len = 49
server_key = 0x0
server_key_len = 0
payload = 0x801684f00 "}\036"
payload_len = 1120
flags = 85
cas = 0
keys = {0x808147018
"ch9schedulesitemsf08cb61fb86f3da178ff6e11396fe434"}
key_lens = {49}
cas_token = (zval *) 0x0
fci = {size = 0, function_table = 0x0, function_name = 0x0,
symbol_table = 0x0, retval_ptr_ptr = 0x0, param_count = 0, params =
0x0, object_ptr = 0x0, no_separation = 0 '\0'}
fcc = {initialized = 0 '\0', function_handler = 0x0,
calling_scope = 0x0, called_scope = 0x0, object_ptr = 0x0}
result = {item_flags = 42166744, item_expiration =
34493992032, key_length = 140737488342016, item_cas = 34399369438,
root = 0x285ccf8, value = {end = 0x7fffffffcac0 "ØM{\001\004",
string = 0x802837f25 "", current_size = 0, root = 0x100000001,
options = {is_allocated = true, is_initialized = false}},
item_key = "\000\000\000\000\000\000\000\000\001\000\000\000Üø\022sð
\217\205\002\b\000\000\000P\214\000\b»\001\000\000h~\205\002\b
\000\000\000x\f\000\000\001\000\000\000Ø\223\024\b\b\000\000\000\000ÓB
\003\---Type <return> to continue, or q <return> to quit---
b\000\000\000\210\223\024\b\b\000\000\000\v", '\0' <repeats 11 times>,
"\001\000\000\000\030\223\237uÛÐw\003ØM{\001\b\000\000\000\221\r
\030\006\212\003\000\000¸¥\205\002\b\000\000\000àN{\001\b
\000\000\000ÐÊÿÿÿ\177\000\000x\204o\002\b\000\000\0008Ëÿÿ
\000\000\000\000@Ëÿÿÿ\177\000\000\f_«A!`¹\230N{\001\037\000\000\000xI
\030\006\b\000\000\000àN{\001\b
\000\000\000ØM{\001\004\000\000\000È"..., options = {
is_allocated = false, is_initialized = true}}
status = MEMCACHED_SUCCESS
object = (zval *) 0x8080b06a0
i_obj = (php_memc_t *) 0x8080e3540
m_obj = (struct memc_obj *) 0x80175e2e0
#18 0x00000008058d8c0b in zim_Memcached_get (ht=1,
return_value=0x8080e8560, return_value_ptr=0x0, this_ptr=0x8080b06a0,
return_value_used=1) at /root/php-memcached/php_memcached.c:465
No locals.
spl_array below are back traces, I will also open a bug within PHP's
list for Spl_Array.c.
Seems to be related to multi-object nesting and only starts to
segfault when Memcached::SERIALIZER_IGBINARY is set .vs
Memcached::SERIALIZER_PHP for Memcached.
PECL-Memcached 1.x:
#0 0x00000008025fa414 in var_push_dtor (var_hashx=0x0,
rval=0x808147778) at /usr/ports/lang/php5/work/php-5.3.6/ext/standard/
var_unserializer.c:60
60 /usr/ports/lang/php5/work/php-5.3.6/ext/standard/
var_unserializer.c: No such file or directory.
in /usr/ports/lang/php5/work/php-5.3.6/ext/standard/
var_unserializer.c
[New Thread 8016041c0 (LWP 101684)]
(gdb) bt full
#0 0x00000008025fa414 in var_push_dtor (var_hashx=0x0,
rval=0x808147778) at /usr/ports/lang/php5/work/php-5.3.6/ext/standard/
var_unserializer.c:60
var_hash = (var_entries *) 0x8080e4528
prev = (var_entries *) 0x80283bc58
#1 0x00000008025fd41d in process_nested_data (rval=0x7fffffffc010,
p=0x7fffffffc428, max=0x80814d87d "", var_hash=0x0, ht=0x8080e4528,
elements=3)
at /usr/ports/lang/php5/work/php-5.3.6/ext/standard/
var_unserializer.c:292
key = (zval *) 0x8080e5198
data = (zval *) 0x8080e4f08
old_data = (zval **) 0x808147778
#2 0x00000008025fcfe7 in object_common2 (rval=0x7fffffffc010,
p=0x7fffffffc428, max=0x80814d87d "", var_hash=0x0, elements=4) at /
usr/ports/lang/php5/work/php-5.3.6/ext/standard/var_unserializer.c:363
retval_ptr = (zval *) 0x0
fname = {value = {lval = 0, dval = 0, str = {val = 0x0, len =
135583869}, ht = 0x0, obj = {handle = 0, handlers = 0x814d87d}},
refcount__gc = 0, type = 0 '\0', is_ref__gc = 0 '\0'}
#3 0x00000008025fb5b0 in php_var_unserialize (rval=0x7fffffffc010,
p=0x7fffffffc428, max=0x80814d87d "", var_hash=0x0) at /usr/ports/lang/
php5/work/php-5.3.6/ext/standard/var_unserializer.c:647
len3 = 12
user_func = (zval *) 0x8026bbbaa
arg_func_name = (zval *) 0x808148d28
pce = (zend_class_entry **) 0x8017ec7d8
custom_object = 0
len = 12
len2 = 12
maxlen = 7716
elements = 4
class_name = 0x808147370 'Z' <repeats 13 times>, "=ÚS¸S¸ÚS¸S¸®
\211 °\b"
ce = (zend_class_entry *) 0x808149290
incomplete_class = 0
retval_ptr = (zval *) 0x808148658
args = {0x80342d300}
yych = 34 '"'
cursor = (const unsigned char *) 0x80814ba65 "\":4:{s:
7:\"_obj_id\";s:7:\"1950554\";s:10:\""
limit = (const unsigned char *) 0x80814ba53 "O:12:\"models\
\Video\":4:{s:7:\"_obj_id\";s:7:\"1950554\";s:10:\""
marker = (const unsigned char *) 0x80814ba54 ":12:\"models\
\Video\":4:{s:7:\"_obj_id\";s:7:\"1950554\";s:10:\""
start = (const unsigned char *) 0x80814ba53 "O:12:\"models\
\Video\":4:{s:7:\"_obj_id\";s:7:\"1950554\";s:10:\""
rval_ref = (zval **) 0x78
yybm = '\0' <repeats 48 times>,
"\200\200\200\200\200\200\200\200\200\200", '\0' <repeats 197 times>
#4 0x00000008025fd2b6 in process_nested_data (rval=0x7fffffffc230,
p=0x7fffffffc428, max=0x80814d87d "", var_hash=0x0, ht=0x808148020,
elements=3)
at /usr/ports/lang/php5/work/php-5.3.6/ext/standard/
var_unserializer.c:275
key = (zval *) 0x8080e5778
data = (zval *) 0x8080e5600
old_data = (zval **) 0x80283bc58
#5 0x00000008025fb927 in php_var_unserialize (rval=0x7fffffffc230,
p=0x7fffffffc428, max=0x80814d87d "", var_hash=0x0) at /usr/ports/lang/
php5/work/php-5.3.6/ext/standard/var_unserializer.c:713
elements = 4
yych = 123 '{'
cursor = (const unsigned char *) 0x80814ba49 "s:3:\"obj\";O:
12:\"models\\Video\":4:{s:7:\"_obj_id\";s:7:\"1950554\";s:10:\""
limit = (const unsigned char *) 0x80814ba44 "a:4:{s:3:\"obj
\";O:12:\"models\\Video\":4:{s:7:\"_obj_id\";s:7:\"1950554\";s:10:\""
marker = (const unsigned char *) 0x80814ba45 ":4:{s:3:\"obj
\";O:12:\"models\\Video\":4:{s:7:\"_obj_id\";s:7:\"1950554\";s:10:\""
start = (const unsigned char *) 0x80814ba44 "a:4:{s:3:\"obj
\";O:12:\"models\\Video\":4:{s:7:\"_obj_id\";s:7:\"1950554\";s:10:\""
rval_ref = (zval **) 0x78
yybm = '\0' <repeats 48 times>,
"\200\200\200\200\200\200\200\200\200\200", '\0' <repeats 197 times>
#6 0x00000008025fd2b6 in process_nested_data (rval=0x808148a18,
p=0x7fffffffc428, max=0x80814d87d "", var_hash=0x0, ht=0x8080e47c0,
elements=19)
at /usr/ports/lang/php5/work/php-5.3.6/ext/standard/
var_unserializer.c:275
key = (zval *) 0x8080e5a68
data = (zval *) 0x8080e58f0
old_data = (zval **) 0x80283bc58
#7 0x00000008025fb927 in php_var_unserialize (rval=0x808148a18,
p=0x7fffffffc428, max=0x80814d87d "", var_hash=0x0) at /usr/ports/lang/
php5/work/php-5.3.6/ext/standard/var_unserializer.c:713
elements = 20
yych = 123 '{'
cursor = (const unsigned char *) 0x80814ba40 "i:0;a:4:{s:
3:\"obj\";O:12:\"models\\Video\":4:{s:7:\"_obj_id\";s:7:\"1950554\";s:
10:\""
limit = (const unsigned char *) 0x80814ba3a "a:20:{i:0;a:4:{s:
3:\"obj\";O:12:\"models\\Video\":4:{s:7:\"_obj_id\";s:7:\"1950554\";s:
10:\""
marker = (const unsigned char *) 0x80814ba3b ":20:{i:0;a:4:{s:
3:\"obj\";O:12:\"models\\Video\":4:{s:7:\"_obj_id\";s:7:\"1950554\";s:
10:\""
start = (const unsigned char *) 0x80814ba3a "a:20:{i:0;a:4:{s:
3:\"obj\";O:12:\"models\\Video\":4:{s:7:\"_obj_id\";s:7:\"1950554\";s:
10:\""
rval_ref = (zval **) 0x78
yybm = '\0' <repeats 48 times>,
"\200\200\200\200\200\200\200\200\200\200", '\0' <repeats 197 times>
#8 0x000000080255cda3 in spl_array_unserialize_helper
(intern=0x808148a00, buf=0x80814ba34 "x:i:0;a:20:{i:0;a:4:{s:3:\"obj
\";O:12:\"models\\Video\":4:{s:7:\"_obj_id\";s:7:\"1950554\";s:
10:\"",
buf_len=7753, var_hash_p=0x0) at /usr/ports/lang/php5/work/
php-5.3.6/ext/spl/spl_array.c:1763
p = (const unsigned char *) 0x80814ba86 "s:10:\""
s = (const unsigned char *) 0x80814ba34 "x:i:0;a:20:{i:0;a:4:
{s:3:\"obj\";O:12:\"models\\Video\":4:{s:7:\"_obj_id\";s:
7:\"1950554\";s:10:\""
pmembers = (zval *) 0x72a05595278
pflags = (zval *) 0x8080e5a68
---Type <return> to continue, or q <return> to quit---
flags = 0
#9 0x000000080255d1e4 in spl_array_unserialize
(object=0x7fffffffc718, ce=0x8017d0538, buf=0x80814ba34 "x:i:0;a:20:{i:
0;a:4:{s:3:\"obj\";O:12:\"models\\Video\":4:{s:7:\"_obj_id\";s:
7:\"1950554\";s:10:\"",
buf_len=7753, data=0x0) at /usr/ports/lang/php5/work/php-5.3.6/ext/
spl/spl_array.c:1852
intern = (spl_array_object *) 0x808148a00
#10 0x0000000805592d58 in igbinary_unserialize_object_ser
(igsd=0x7fffffffc800, t=igbinary_type_object_ser16, z=0x7fffffffc718,
ce=0x8017d0538)
at /usr/ports/converters/igbinary/work/igbinary-1.1.1/igbinary.c:
1757
n = 7753
#11 0x0000000805592a07 in igbinary_unserialize_object
(igsd=0x7fffffffc800, t=igbinary_type_object_ser16, z=0x7fffffffc718)
at /usr/ports/converters/igbinary/work/igbinary-1.1.1/igbinary.c:1884
ce = (zend_class_entry *) 0x8017d0538
pce = (zend_class_entry **) 0x8017541a8
h = (zval *) 0x0
f = {value = {lval = 34449478264, dval =
1.7020303727397145e-313, str = {val = 0x805595278 "/usr/ports/
converters/igbinary/work/igbinary-1.1.1/igbinary.c", len = 32}, ht =
0x805595278, obj = {
handle = 89739896, handlers = 0x20}}, refcount__gc = 54711040,
type = 8 '\b', is_ref__gc = 0 '\0'}
name = 0x80814ba13 "jument\\library\\Meta_Collection
\036\036Ix:i:0;a:20:{i:0;a:4:{s:3:\"obj\";O:12:\"models\\Video\":4:{s:
7:\"_obj_id\";s:7:\"1950554\";s:10:\""
name_len = 30
r = 1
incomplete_class = false
user_func = (zval *) 0x26f5ec3
retval_ptr = (zval *) 0x8080e6b68
args = {0x80285a5b8}
arg_func_name = (zval *) 0x8026bbbaa
#12 0x0000000805591e7a in igbinary_unserialize_zval
(igsd=0x7fffffffc800, z=0x7fffffffc718) at /usr/ports/converters/
igbinary/work/igbinary-1.1.1/igbinary.c:1999
t = igbinary_type_object8
tmp_long = 140737488340624
tmp_double = 1.7042748805580649e-313
tmp_chararray = 0x7fffffffc690 "PÇÿÿÿ\177"
tmp_size_t = 72057628532835544
#13 0x00000008055933c7 in igbinary_unserialize_array
(igsd=0x7fffffffc800, t=igbinary_type_array8, z=0x7fffffffc8b8,
object=0) at /usr/ports/converters/igbinary/work/igbinary-1.1.1/
igbinary.c:1687
n = 2
i = 1
v = (zval *) 0x8080e6b68
key = 0x80814ba10 "v\027\036jument\\library\\Meta_Collection
\036\036Ix:i:0;a:20:{i:0;a:4:{s:3:\"obj\";O:12:\"models\\Video\":4:{s:
7:\"_obj_id\";s:7:\"1950554\";s:10:\""
key_len = 1
key_index = 0
key_type = igbinary_type_string8
h = (HashTable *) 0x8080e2db8
#14 0x0000000805591ea3 in igbinary_unserialize_zval
(igsd=0x7fffffffc800, z=0x7fffffffc8b8) at /usr/ports/converters/
igbinary/work/igbinary-1.1.1/igbinary.c:2006
t = igbinary_type_array8
tmp_long = 140737488340944
tmp_double = 6.9533558071267118e-310
tmp_chararray = 0x805595278 "/usr/ports/converters/igbinary/
work/igbinary-1.1.1/igbinary.c"
tmp_size_t = 5450313498637
#15 0x000000080558f705 in igbinary_unserialize (buf=0x80814ba00 "",
buf_len=7805, z=0x7fffffffc8b8) at /usr/ports/converters/igbinary/work/
igbinary-1.1.1/igbinary.c:363
igsd = {buffer = 0x80814ba00 "", buffer_size = 7805,
buffer_offset = 52, strings = 0x808147f88, strings_count = 3,
strings_capacity = 4, references = 0x8080e6700, references_count = 2,
references_capacity = 4, error = 0, string0_buf = {c = 0x808147610
"t", len = 1, a = 78}}
#16 0x00000008058ddd20 in php_memc_zval_from_payload
(value=0x8080e84d8, payload=0x80814ba00 "", payload_len=7805,
flags=21) at /usr/ports/databases/pecl-memcached/work/memcached-1.0.2/
php_memcached.c:2180
dummy_payload = ""
#17 0x00000008058d82f6 in php_memc_get_impl (ht=1,
return_value=0x8080e84d8, return_value_ptr=0x0, this_ptr=0x8080b06a0,
return_value_used=1, by_key=0 '\0')
at /usr/ports/databases/pecl-memcached/work/memcached-1.0.2/
php_memcached.c:479
dummy_length = 0
dummy_flags = 8
rc = 0
dummy_status = MEMCACHED_END
return_value_set = false
key = 0x808146fc8
"ch9schedulesitemsf08cb61fb86f3da178ff6e11396fe434"
key_len = 49
server_key = 0x0
server_key_len = 0
payload = 0x80166b400 "x\234½YËjÜ0\024u²ì.Pè.\fZ\026\002ÖË\036k
\226]u\021Z(t\223\001£Ø¢q°Çaì\tMÃ|Xwý´êá$í¢\nÒ¥\202YØzXçèêqÎ\235,ËNß
\236\236\235Ìo.\177]ý<;¹\177w~{\030ÔnÞöÝõ^î\037¶\227j\226õ
\207±ïU3wãîüüãwÑ\211|#\005ÉÅ£{bâq\022T ñú\026m>\tL\004\032ÆVõÓökת\021¹
\006¥@µnQw-ÚØ7\\ñ\234sfÞp.Pö>«ïe\177P\023ÒßÔ\037?êrêÊ»©îGÙ*ÝõZ
\017ùWÅ4"...
payload_len = 816
flags = 21
cas = 0
cas_token = (zval *) 0x0
fci = {size = 0, function_table = 0x0, function_name = 0x0,
symbol_table = 0x0, retval_ptr_ptr = 0x0, param_count = 0, params =
0x0, object_ptr = 0x0, no_separation = 0 '\0'}
fcc = {initialized = 0 '\0', function_handler = 0x0,
calling_scope = 0x0, called_scope = 0x0, object_ptr = 0x0}
result = {item_flags = 42323192, item_expiration =
140737488341680, key_length = 34401910565, item_cas = 0, root =
0x100000001, value = {end = 0x8026baf25 "\205Àu8\203}\234", string =
0x0,
---Type <return> to continue, or q <return> to quit---
current_size = 8291963487718998017, root = 0x802858ff0, options =
{is_allocated = false, is_initialized = false}},
item_key = "h~\205\002\b\000\000\000°¹
\003\000\001\000\000\000\b{\024\b\b\000\000\000\000ÓB\003\b
\000\000\000¸z\024\b\b\000\000\000\021", '\0' <repeats 11 times>,
"\001\000\000\000\030\223\237uÛÐw\003Ø-{\001\b\000\000\000¹wí
\005\212\003\000\000¸¥\205\002\b\000\000\000à.{\001\b\000\000\000ÀÊÿÿÿ
\177\000\000x\204o\002\b\000\000\000(Ëÿÿ\000\000\000\0000Ëÿÿÿ
\177\000\000\f_«A!`¹\230.{\001\037\000\000\000 ³í\005\b\000\000\000à.
{\001\b\000\000\000Ø-{\001\004\000\000\000Èa{\001\b\000\000\000PËÿÿÿ
\177\000\000%G\227|\001\000\000\000¸¥\205\002\004\000\000\000T"...,
options = {is_allocated = false, is_initialized = true}}
status = MEMCACHED_SUCCESS
object = (zval *) 0x8080b06a0
i_obj = (php_memc_t *) 0x801744b40
#18 0x00000008058d7beb in zim_Memcached_get (ht=1,
return_value=0x8080e84d8, return_value_ptr=0x0, this_ptr=0x8080b06a0,
return_value_used=1)
at /usr/ports/databases/pecl-memcached/work/memcached-1.0.2/
php_memcached.c:320
No locals.
#19 0x000000080271ab7c in zend_do_fcall_common_helper_SPEC
(execute_data=0x808008c60) at zend_vm_execute.h:316
opline = (zend_op *) 0x805ed6cb8
should_change_scope = 1 '\001'
#20 0x000000080271bb25 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER
(execute_data=0x808008c60) at zend_vm_execute.h:421
No locals.
#21 0x0000000802719b4a in execute (op_array=0x8017b3ce0) at
zend_vm_execute.h:107
ret = 0
execute_data = (zend_execute_data *) 0x808008c60
nested = 1 '\001'
original_in_execution = 0 '\0'
#22 0x00000008026e65bd in zend_execute_scripts (type=8, retval=0x0,
file_count=3) at /usr/ports/lang/php5/work/php-5.3.6/Zend/zend.c:1194
files = {{gp_offset = 40, fp_offset = 48, overflow_arg_area =
0x7fffffffcf10, reg_save_area = 0x7fffffffce50}}
i = 1
file_handle = (zend_file_handle *) 0x7fffffffe520
orig_op_array = (zend_op_array *) 0x0
orig_retval_ptr_ptr = (zval **) 0x0
#23 0x0000000802666872 in php_execute_script
(primary_file=0x7fffffffe520) at /usr/ports/lang/php5/work/php-5.3.6/
main/main.c:2268
realfile = "\000\000\000\000ÿ\177\000\000\200ªZ\000\b
\000\000\000Pâÿÿÿ\177\000\000\001", '\0' <repeats 23 times>, "3æ
\225\000\000\000\000\000¯¬V\000\b\000\000\000hâÿÿÿ\177\000\000Õ¤i\005\b
\000\000\000\000æZ\000\b\000\000\000À«Z\000\b\000\000\000 âÿÿÿ
\177\000\000\000\000\000\000\000\000\000\000\001", '\0' <repeats 15
times>, "3æ\225\000\000\000\000\000F®V\000\b\000\000\000Pâÿÿÿ
\177\000\000\000rY\000\b\000\000\000\000pY\000\b\000\000\000\000rY
\000\b\000\000\000\000tY\000\b\000\000\000\000vY\000\b
\000\000\000\000xY\000\b\000\000\000\000zY\000\b\000\000\000\000|Y
\000\b\000\000\000\000~"...
__orig_bailout = (sigjmp_buf *) 0x7fffffffe5a0
__bailout = {{_sjb = {34400003509, 3778, 140737488342792,
140737488348416, 140737488350088, 140737488350056, 0, 0,
140737488290431, 34365695488, 140737488348112, 34359738368}}}
prepend_file_p = (zend_file_handle *) 0x0
append_file_p = (zend_file_handle *) 0x0
prepend_file = {type = ZEND_HANDLE_FILENAME, filename = 0x0,
opened_path = 0x0, handle = {fd = 0, fp = 0x0, stream = {handle = 0x0,
isatty = 0, mmap = {len = 0, pos = 0, map = 0x0, buf = 0x0,
old_handle = 0x0, old_closer = 0}, reader = 0, fsizer = 0,
closer = 0}}, free_filename = 0 '\0'}
append_file = {type = ZEND_HANDLE_FILENAME, filename = 0x0,
opened_path = 0x0, handle = {fd = 0, fp = 0x0, stream = {handle = 0x0,
isatty = 0, mmap = {len = 0, pos = 0, map = 0x0, buf = 0x0,
old_handle = 0x0, old_closer = 0}, reader = 0, fsizer = 0,
closer = 0}}, free_filename = 0 '\0'}
old_cwd = 0x7fffffffcf30 "/"
use_heap = 0 '\0'
retval = 0
#24 0x00000008027da005 in php_handler (r=0x8017a3c58) at /usr/ports/
lang/php5/work/php-5.3.6/sapi/apache2handler/sapi_apache2.c:669
zfd = {type = ZEND_HANDLE_FILENAME, filename = 0x8017a52
PECL-Memcached 2.x
Loaded symbols for /libexec/ld-elf.so.1
#0 0x00000008025fa414 in var_push_dtor (var_hashx=0x0,
rval=0x808147718) at /usr/ports/lang/php5/work/php-5.3.6/ext/standard/
var_unserializer.c:60
60 var_entries *var_hash = var_hashx->first_dtor, *prev =
NULL;
[New Thread 8016041c0 (LWP 101156)]
(gdb) but full
Undefined command: "but". Try "help".
(gdb) bt full
#0 0x00000008025fa414 in var_push_dtor (var_hashx=0x0,
rval=0x808147718) at /usr/ports/lang/php5/work/php-5.3.6/ext/standard/
var_unserializer.c:60
var_hash = (var_entries *) 0x8080e45b0
prev = (var_entries *) 0x80283bc58
#1 0x00000008025fd41d in process_nested_data (rval=0x7fffffffbfe0,
p=0x7fffffffc3f8, max=0x80814b305 "", var_hash=0x0, ht=0x8080e45b0,
elements=3)
at /usr/ports/lang/php5/work/php-5.3.6/ext/standard/
var_unserializer.c:292
key = (zval *) 0x8080e5220
data = (zval *) 0x8080e4f90
old_data = (zval **) 0x808147718
#2 0x00000008025fcfe7 in object_common2 (rval=0x7fffffffbfe0,
p=0x7fffffffc3f8, max=0x80814b305 "", var_hash=0x0, elements=4) at /
usr/ports/lang/php5/work/php-5.3.6/ext/standard/var_unserializer.c:363
retval_ptr = (zval *) 0x0
fname = {value = {lval = 0, dval = 0, str = {val = 0x0, len =
135574277}, ht = 0x0, obj = {handle = 0, handlers = 0x814b305}},
refcount__gc = 0, type = 0 '\0', is_ref__gc = 0 '\0'}
#3 0x00000008025fb5b0 in php_var_unserialize (rval=0x7fffffffbfe0,
p=0x7fffffffc3f8, max=0x80814b305 "", var_hash=0x0) at /usr/ports/lang/
php5/work/php-5.3.6/ext/standard/var_unserializer.c:647
len3 = 12
user_func = (zval *) 0x8026bbbaa
arg_func_name = (zval *) 0x808148d08
pce = (zend_class_entry **) 0x8017fd358
custom_object = 0
len = 12
len2 = 12
maxlen = 7716
elements = 4
class_name = 0x808147310 'Z' <repeats 13 times>, "\005\217þÑþÑ
\217þÑþÑ_\006´{\b"
ce = (zend_class_entry *) 0x80814b360
incomplete_class = 0
retval_ptr = (zval *) 0x808148638
args = {0x80342d300}
yych = 34 '"'
cursor = (const unsigned char *) 0x8081494ed "\":4:{s:
7:\"_obj_id\";s:7:\"1950554\";s:10:\""
limit = (const unsigned char *) 0x8081494db "O:12:\"models\
\Video\":4:{s:7:\"_obj_id\";s:7:\"1950554\";s:10:\""
marker = (const unsigned char *) 0x8081494dc ":12:\"models\
\Video\":4:{s:7:\"_obj_id\";s:7:\"1950554\";s:10:\""
start = (const unsigned char *) 0x8081494db "O:12:\"models\
\Video\":4:{s:7:\"_obj_id\";s:7:\"1950554\";s:10:\""
rval_ref = (zval **) 0x78
yybm = '\0' <repeats 48 times>,
"\200\200\200\200\200\200\200\200\200\200", '\0' <repeats 197 times>
#4 0x00000008025fd2b6 in process_nested_data (rval=0x7fffffffc200,
p=0x7fffffffc3f8, max=0x80814b305 "", var_hash=0x0, ht=0x808148000,
elements=3)
at /usr/ports/lang/php5/work/php-5.3.6/ext/standard/
var_unserializer.c:275
key = (zval *) 0x8080e5800
data = (zval *) 0x8080e5688
old_data = (zval **) 0x80283bc58
#5 0x00000008025fb927 in php_var_unserialize (rval=0x7fffffffc200,
p=0x7fffffffc3f8, max=0x80814b305 "", var_hash=0x0) at /usr/ports/lang/
php5/work/php-5.3.6/ext/standard/var_unserializer.c:713
elements = 4
yych = 123 '{'
cursor = (const unsigned char *) 0x8081494d1 "s:3:\"obj\";O:
12:\"models\\Video\":4:{s:7:\"_obj_id\";s:7:\"1950554\";s:10:\""
limit = (const unsigned char *) 0x8081494cc "a:4:{s:3:\"obj
\";O:12:\"models\\Video\":4:{s:7:\"_obj_id\";s:7:\"1950554\";s:10:\""
marker = (const unsigned char *) 0x8081494cd ":4:{s:3:\"obj
\";O:12:\"models\\Video\":4:{s:7:\"_obj_id\";s:7:\"1950554\";s:10:\""
start = (const unsigned char *) 0x8081494cc "a:4:{s:3:\"obj
\";O:12:\"models\\Video\":4:{s:7:\"_obj_id\";s:7:\"1950554\";s:10:\""
rval_ref = (zval **) 0x78
yybm = '\0' <repeats 48 times>,
"\200\200\200\200\200\200\200\200\200\200", '\0' <repeats 197 times>
#6 0x00000008025fd2b6 in process_nested_data (rval=0x8081489f8,
p=0x7fffffffc3f8, max=0x80814b305 "", var_hash=0x0, ht=0x8080e4848,
elements=19)
at /usr/ports/lang/php5/work/php-5.3.6/ext/standard/
var_unserializer.c:275
key = (zval *) 0x8080e5af0
data = (zval *) 0x8080e5978
old_data = (zval **) 0x80283bc58
#7 0x00000008025fb927 in php_var_unserialize (rval=0x8081489f8,
p=0x7fffffffc3f8, max=0x80814b305 "", var_hash=0x0) at /usr/ports/lang/
php5/work/php-5.3.6/ext/standard/var_unserializer.c:713
elements = 20
yych = 123 '{'
cursor = (const unsigned char *) 0x8081494c8 "i:0;a:4:{s:
3:\"obj\";O:12:\"models\\Video\":4:{s:7:\"_obj_id\";s:7:\"1950554\";s:
10:\""
limit = (const unsigned char *) 0x8081494c2 "a:20:{i:0;a:4:{s:
3:\"obj\";O:12:\"models\\Video\":4:{s:7:\"_obj_id\";s:7:\"1950554\";s:
10:\""
marker = (const unsigned char *) 0x8081494c3 ":20:{i:0;a:4:{s:
3:\"obj\";O:12:\"models\\Video\":4:{s:7:\"_obj_id\";s:7:\"1950554\";s:
10:\""
start = (const unsigned char *) 0x8081494c2 "a:20:{i:0;a:4:{s:
3:\"obj\";O:12:\"models\\Video\":4:{s:7:\"_obj_id\";s:7:\"1950554\";s:
10:\""
rval_ref = (zval **) 0x78
yybm = '\0' <repeats 48 times>,
"\200\200\200\200\200\200\200\200\200\200", '\0' <repeats 197 times>
#8 0x000000080255cda3 in spl_array_unserialize_helper
(intern=0x8081489e0, buf=0x8081494bc "x:i:0;a:20:{i:0;a:4:{s:3:\"obj
\";O:12:\"models\\Video\":4:{s:7:\"_obj_id\";s:7:\"1950554\";s:
10:\"",
buf_len=7753, var_hash_p=0x0) at /usr/ports/lang/php5/work/
php-5.3.6/ext/spl/spl_array.c:1763
p = (const unsigned char *) 0x80814950e "s:10:\""
s = (const unsigned char *) 0x8081494bc "x:i:0;a:20:{i:0;a:4:
{s:3:\"obj\";O:12:\"models\\Video\":4:{s:7:\"_obj_id\";s:
7:\"1950554\";s:10:\""
pmembers = (zval *) 0x72a05595278
pflags = (zval *) 0x8080e5af0
---Type <return> to continue, or q <return> to quit---[B
flags = 0
#9 0x000000080255d1e4 in spl_array_unserialize
(object=0x7fffffffc6e8, ce=0x8017d2538, buf=0x8081494bc "x:i:0;a:20:{i:
0;a:4:{s:3:\"obj\";O:12:\"models\\Video\":4:{s:7:\"_obj_id\";s:
7:\"1950554\";s:10:\"",
buf_len=7753, data=0x0) at /usr/ports/lang/php5/work/php-5.3.6/ext/
spl/spl_array.c:1852
intern = (spl_array_object *) 0x8081489e0
#10 0x0000000805592d58 in igbinary_unserialize_object_ser
(igsd=0x7fffffffc7d0, t=igbinary_type_object_ser16, z=0x7fffffffc6e8,
ce=0x8017d2538)
at /usr/ports/converters/igbinary/work/igbinary-1.1.1/igbinary.c:
1757
n = 7753
#11 0x0000000805592a07 in igbinary_unserialize_object
(igsd=0x7fffffffc7d0, t=igbinary_type_object_ser16, z=0x7fffffffc6e8)
at /usr/ports/converters/igbinary/work/igbinary-1.1.1/igbinary.c:1884
ce = (zend_class_entry *) 0x8017d2538
pce = (zend_class_entry **) 0x8017547c8
h = (zval *) 0x0
f = {value = {lval = 34449478264, dval =
1.7020303727397145e-313, str = {val = 0x805595278 "/usr/ports/
converters/igbinary/work/igbinary-1.1.1/igbinary.c", len = 32}, ht =
0x805595278, obj = {
handle = 89739896, handlers = 0x20}}, refcount__gc = 54711040,
type = 8 '\b', is_ref__gc = 0 '\0'}
name = 0x80814949b "jument\\library\\Meta_Collection
\036\036Ix:i:0;a:20:{i:0;a:4:{s:3:\"obj\";O:12:\"models\\Video\":4:{s:
7:\"_obj_id\";s:7:\"1950554\";s:10:\""
name_len = 30
r = 135558576
incomplete_class = false
user_func = (zval *) 0x26f5ec3
retval_ptr = (zval *) 0x8080e6bf0
args = {0x80285a5b8}
arg_func_name = (zval *) 0x8026bbbaa
#12 0x0000000805591e7a in igbinary_unserialize_zval
(igsd=0x7fffffffc7d0, z=0x7fffffffc6e8) at /usr/ports/converters/
igbinary/work/igbinary-1.1.1/igbinary.c:1999
t = igbinary_type_object8
tmp_long = 140737488340576
tmp_double = 1.7042748872773577e-313
tmp_chararray = 0x7fffffffc660 " Çÿÿÿ\177"
tmp_size_t = 72057628532835680
#13 0x00000008055933c7 in igbinary_unserialize_array
(igsd=0x7fffffffc7d0, t=igbinary_type_array8, z=0x7fffffffc898,
object=0) at /usr/ports/converters/igbinary/work/igbinary-1.1.1/
igbinary.c:1687
n = 2
i = 1
v = (zval *) 0x8080e6bf0
key = 0x808149498 "v\027\036jument\\library\\Meta_Collection
\036\036Ix:i:0;a:20:{i:0;a:4:{s:3:\"obj\";O:12:\"models\\Video\":4:{s:
7:\"_obj_id\";s:7:\"1950554\";s:10:\""
key_len = 1
key_index = 0
key_type = igbinary_type_string8
h = (HashTable *) 0x8080e2db8
#14 0x0000000805591ea3 in igbinary_unserialize_zval
(igsd=0x7fffffffc7d0, z=0x7fffffffc898) at /usr/ports/converters/
igbinary/work/igbinary-1.1.1/igbinary.c:2006
t = igbinary_type_array8
tmp_long = 140737488340896
tmp_double = 6.9533558071243403e-310
tmp_chararray = 0x805595278 "/usr/ports/converters/igbinary/
work/igbinary-1.1.1/igbinary.c"
tmp_size_t = 5450313498624
#15 0x000000080558f705 in igbinary_unserialize (buf=0x808149488 "",
buf_len=7805, z=0x7fffffffc898) at /usr/ports/converters/igbinary/work/
igbinary-1.1.1/igbinary.c:363
igsd = {buffer = 0x808149488 "", buffer_size = 7805,
buffer_offset = 52, strings = 0x808147f68, strings_count = 3,
strings_capacity = 4, references = 0x8080e6788, references_count = 2,
references_capacity = 4, error = 0, string0_buf = {c = 0x8081475b0
"t", len = 1, a = 78}}
#16 0x00000008058e03f8 in php_memc_zval_from_payload
(value=0x8080e8560, payload=0x808149488 "", payload_len=7805,
flags=85, serializer=SERIALIZER_IGBINARY) at /root/php-memcached/
php_memcached.c:2719
payload_emalloc = 1 '\001'
buffer = 0x808149488 ""
#17 0x00000008058d9381 in php_memc_get_impl (ht=1,
return_value=0x8080e8560, return_value_ptr=0x0, this_ptr=0x8080b06a0,
return_value_used=1, by_key=0 '\0') at /root/php-memcached/
php_memcached.c:625
rc = 0
return_value_set = 0 '\0'
key = 0x808147018
"ch9schedulesitemsf08cb61fb86f3da178ff6e11396fe434"
key_len = 49
server_key = 0x0
server_key_len = 0
payload = 0x801684f00 "}\036"
payload_len = 1120
flags = 85
cas = 0
keys = {0x808147018
"ch9schedulesitemsf08cb61fb86f3da178ff6e11396fe434"}
key_lens = {49}
cas_token = (zval *) 0x0
fci = {size = 0, function_table = 0x0, function_name = 0x0,
symbol_table = 0x0, retval_ptr_ptr = 0x0, param_count = 0, params =
0x0, object_ptr = 0x0, no_separation = 0 '\0'}
fcc = {initialized = 0 '\0', function_handler = 0x0,
calling_scope = 0x0, called_scope = 0x0, object_ptr = 0x0}
result = {item_flags = 42166744, item_expiration =
34493992032, key_length = 140737488342016, item_cas = 34399369438,
root = 0x285ccf8, value = {end = 0x7fffffffcac0 "ØM{\001\004",
string = 0x802837f25 "", current_size = 0, root = 0x100000001,
options = {is_allocated = true, is_initialized = false}},
item_key = "\000\000\000\000\000\000\000\000\001\000\000\000Üø\022sð
\217\205\002\b\000\000\000P\214\000\b»\001\000\000h~\205\002\b
\000\000\000x\f\000\000\001\000\000\000Ø\223\024\b\b\000\000\000\000ÓB
\003\---Type <return> to continue, or q <return> to quit---
b\000\000\000\210\223\024\b\b\000\000\000\v", '\0' <repeats 11 times>,
"\001\000\000\000\030\223\237uÛÐw\003ØM{\001\b\000\000\000\221\r
\030\006\212\003\000\000¸¥\205\002\b\000\000\000àN{\001\b
\000\000\000ÐÊÿÿÿ\177\000\000x\204o\002\b\000\000\0008Ëÿÿ
\000\000\000\000@Ëÿÿÿ\177\000\000\f_«A!`¹\230N{\001\037\000\000\000xI
\030\006\b\000\000\000àN{\001\b
\000\000\000ØM{\001\004\000\000\000È"..., options = {
is_allocated = false, is_initialized = true}}
status = MEMCACHED_SUCCESS
object = (zval *) 0x8080b06a0
i_obj = (php_memc_t *) 0x8080e3540
m_obj = (struct memc_obj *) 0x80175e2e0
#18 0x00000008058d8c0b in zim_Memcached_get (ht=1,
return_value=0x8080e8560, return_value_ptr=0x0, this_ptr=0x8080b06a0,
return_value_used=1) at /root/php-memcached/php_memcached.c:465
No locals.
Teddy Grenman
May 4, 2011, 1:03:23 AM5/4/11
to igbi...@googlegroups.com
On 5/3/11 11:56 PM, Aleksey Korzun wrote:
> Spotted a hard crash issue that seems to be linked to igbinary/
> spl_array below are back traces, I will also open a bug within PHP's
> list for Spl_Array.c.
>
> Seems to be related to multi-object nesting and only starts to
> segfault when Memcached::SERIALIZER_IGBINARY is set .vs
> Memcached::SERIALIZER_PHP for Memcached.
> Spotted a hard crash issue that seems to be linked to igbinary/
> spl_array below are back traces, I will also open a bug within PHP's
> list for Spl_Array.c.
>
> Seems to be related to multi-object nesting and only starts to
> segfault when Memcached::SERIALIZER_IGBINARY is set .vs
> Memcached::SERIALIZER_PHP for Memcached.
Good morning :)
Very possible. Could you provide us with some test or sample code in order to reproduce? I assume you're running at 64bit.
--
Teddy Grenman
Aapelinkatu 10 G 50 / FI-02230 Espoo
+358 50 3866 270
Very possible. Could you provide us with some test or sample code in order to reproduce? I assume you're running at 64bit.
--
Teddy Grenman
Aapelinkatu 10 G 50 / FI-02230 Espoo
+358 50 3866 270
Aleksey Korzun
May 4, 2011, 12:49:07 PM5/4/11
to igbinary development list
Proof of concept:
/**
* Proof of concept, segmentation fault (spl_array.c/igbinary.c)
* when using nested objects.
*
* PHP 5.3.6, PECL-Memcached 1.x, Igbinary 1.x
*
* @author Aleksey Korzun
*/
/**
* You must have pecl-memcached + igbinary
*/
DEFINE('MEMCACHE_SERVER', '192.168.2.85');
DEFINE('MEMCACHE_PORT', 11211);
class Storage
{
public $storage;
public function __construct() {
$this->storage = new Object;
}
}
class Object
{
}
class Collection extends \ArrayObject
{
CONST LIMIT = 1000;
public function populate() {
$limit = 0;
while($limit append(new Storage);
++$limit;
}
}
}
$memcached = new Memcached;
$memcached->setOption(
$memcached::OPT_SERIALIZER, $memcached::SERIALIZER_IGBINARY);
$memcached->addServer(MEMCACHE_SERVER, MEMCACHE_PORT);
$collection = new Collection;
$collection->populate();
if($memcached->set('foobar', $collection, 10)) {
if($memcached->get('foobar')) {
print "Passed";
/**
* Proof of concept, segmentation fault (spl_array.c/igbinary.c)
* when using nested objects.
*
* PHP 5.3.6, PECL-Memcached 1.x, Igbinary 1.x
*
* @author Aleksey Korzun
*/
/**
* You must have pecl-memcached + igbinary
*/
DEFINE('MEMCACHE_SERVER', '192.168.2.85');
DEFINE('MEMCACHE_PORT', 11211);
class Storage
{
public $storage;
public function __construct() {
$this->storage = new Object;
}
}
class Object
{
}
class Collection extends \ArrayObject
{
CONST LIMIT = 1000;
public function populate() {
$limit = 0;
while($limit append(new Storage);
++$limit;
}
}
}
$memcached = new Memcached;
$memcached->setOption(
$memcached::OPT_SERIALIZER, $memcached::SERIALIZER_IGBINARY);
$memcached->addServer(MEMCACHE_SERVER, MEMCACHE_PORT);
$collection = new Collection;
$collection->populate();
if($memcached->set('foobar', $collection, 10)) {
if($memcached->get('foobar')) {
print "Passed";
Aleksey Korzun
May 4, 2011, 12:55:50 PM5/4/11
to igbinary development list
Core dump from proof of concept example:
#0 0x000000000053b2b4 in var_push_dtor (var_hashx=0x0,
rval=0x80163b9f0)
rval=0x80163b9f0)
at /usr/ports/lang/php5/work/php-5.3.6/ext/standard/
var_unserializer.c:60
var_hash = (var_entries *) 0x80163c560
prev = (var_entries *) 0x77bc58
#1 0x000000000053e2bd in process_nested_data (rval=0x7fffffffc690,
p=0x7fffffffc888, max=0x80481553b "", var_hash=0x0,
ht=0x80163c560, elements=0) at /usr/ports/lang/php5/work/php-5.3.6/
ext/standard/var_unserializer.c:292
key = (zval *) 0x80163c600
data = (zval *) 0x80163c678
old_data = (zval **) 0x80163b9f0
#2 0x000000000053de87 in object_common2 (rval=0x7fffffffc690,
p=0x7fffffffc888, max=0x80481553b "", var_hash=0x0, elements=1)
handlers = 0x481553b}}, refcount__gc = 0, type = 0 '\0',
is_ref__gc = 0 '\0'}
#3 0x000000000053c450 in php_var_unserialize (rval=0x7fffffffc690,
p=0x7fffffffc888, max=0x80481553b "", var_hash=0x0)
at /usr/ports/lang/php5/work/php-5.3.6/ext/standard/
var_unserializer.c:647
len3 = 7
user_func = (zval *) 0x5fd1a4
arg_func_name = (zval *) 0x98
pce = (zend_class_entry **) 0x80487e7f8
custom_object = 0
len = 7
len2 = 7
maxlen = 531
elements = 1
class_name = 0x80163ba80 "storage"
ce = (zend_class_entry *) 0x801631cd8
incomplete_class = 0
retval_ptr = (zval *) 0x7fffffffc5e0
args = {0x10}
6:\"Object\":0:{}}i:1;O:7:\"Storage\":1:{s:7:\"storage\";O:6:\"Object
\":0:{}}i:2;O:7:\"Storage\":1:{s:7:\"storage\";O:6:\"Object\":0:{}}i:
3;O:7:\"Storage\":1:{s:7:\"storage\";O:6:\"Object\":0:{}}i:4;"...
limit = (
const unsigned char *) 0x804815323 "O:7:\"Storage\":1:{s:
7:\"storage\";O:6:\"Object\":0:{}}i:1;O:7:\"Storage\":1:{s:7:\"storage
\";O:6:\"Object\":0:{}}i:2;O:7:\"Storage\":1:{s:7:\"storage\";O:
6:\"Object\":0:{}}i:3;O:7:\"Storage\":1:{s:7:\"storage\";O:
6:\"Objec"...
marker = (
const unsigned char *) 0x804815324 ":7:\"Storage\":1:{s:7:\"storage
\";O:6:\"Object\":0:{}}i:1;O:7:\"Storage\":1:{s:7:\"storage\";O:
6:\"Object\":0:{}}i:2;O:7:\"Storage\":1:{s:7:\"storage\";O:6:\"Object
\":0:{}}i:3;O:7:\"Storage\":1:{s:7:\"storage\";O:6:\"Object"...
start = (
const unsigned char *) 0x804815323 "O:7:\"Storage\":1:{s:
7:\"storage\";O:6:\"Object\":0:{}}i:1;O:7:\"Storage\":1:{s:7:\"storage
\";O:6:\"Object\":0:{}}i:2;O:7:\"Storage\":1:{s:7:\"storage\";O:
6:\"Object\":0:{}}i:3;O:7:\"Storage\":1:{s:7:\"storage\";O:
6:\"Objec"...
p=0x7fffffffc888, max=0x80481553b "", var_hash=0x0,
ht=0x80163c1f0, elements=9) at /usr/ports/lang/php5/work/php-5.3.6/
ext/standard/var_unserializer.c:275
key = (zval *) 0x80163c328
data = (zval *) 0x80163c478
old_data = (zval **) 0x77bc58
#5 0x000000000053c7c7 in php_var_unserialize (rval=0x80163bef0,
p=0x7fffffffc888, max=0x80481553b "", var_hash=0x0)
at /usr/ports/lang/php5/work/php-5.3.6/ext/standard/
var_unserializer.c:713
elements = 10
7:\"storage\";O:6:\"Object\":0:{}}i:1;O:7:\"Storage\":1:{s:7:\"storage
\";O:6:\"Object\":0:{}}i:2;O:7:\"Storage\":1:{s:7:\"storage\";O:
6:\"Object\":0:{}}i:3;O:7:\"Storage\":1:{s:7:\"storage\";O:6:\"O"...
limit = (
const unsigned char *) 0x804815319 "a:10:{i:0;O:7:\"Storage\":1:{s:
7:\"storage\";O:6:\"Object\":0:{}}i:1;O:7:\"Storage\":1:{s:7:\"storage
\";O:6:\"Object\":0:{}}i:2;O:7:\"Storage\":1:{s:7:\"storage\";O:
6:\"Object\":0:{}}i:3;O:7:\"Storage\":1:{s:7:\"storage\";"...
marker = (
const unsigned char *) 0x80481531a ":10:{i:0;O:7:\"Storage\":1:{s:
7:\"storage\";O:6:\"Object\":0:{}}i:1;O:7:\"Storage\":1:{s:7:\"storage
\";O:6:\"Object\":0:{}}i:2;O:7:\"Storage\":1:{s:7:\"storage\";O:
6:\"Object\":0:{}}i:3;O:7:\"Storage\":1:{s:7:\"storage\";O"...
start = (
7:\"storage\";O:6:\"Object\":0:{}}i:1;O:7:\"Storage\":1:{s:7:\"storage
\";O:6:\"Object\":0:{}}i:2;O:7:\"Storage\":1:{s:7:\"storage\";O:
6:\"Object\":0:{}}i:3;O:7:\"Storage\":1:{s:7:\"storage\";"...
(intern=0x80163bed8,
buf=0x804815313 "x:i:0;a:10:{i:0;O:7:\"Storage\":1:{s:7:\"storage
\";O:6:\"Object\":0:{}}i:1;O:7:\"Storage\":1:{s:7:\"storage\";O:
6:\"Object\":0:{}}i:2;O:7:\"Storage\":1:{s:7:\"storage\";O:6:\"Object
\":0:{}}i:3;O:7:\"Storage\":1:{s:7:\"sto"..., buf_len=552,
7:\"storage\";O:6:\"Object\":0:{}}i:2;O:7:\"Storage\":1:{s:7:\"storage
\";O:6:\"Object\":0:{}}i:3;O:7:\"Storage\":1:{s:7:\"storage\";O:
6:\"Object\":0:{}}i:4;O:7:\"Storage\":1:{s:7:\"storage\";O:6:\""...
s = (
const unsigned char *) 0x804815313 "x:i:0;a:10:{i:0;O:7:\"Storage
\":1:{s:7:\"storage\";O:6:\"Object\":0:{}}i:1;O:7:\"Storage\":1:{s:
7:\"storage\";O:6:\"Object\":0:{}}i:2;O:7:\"Storage\":1:{s:7:\"storage
\";O:6:\"Object\":0:{}}i:3;O:7:\"Storage\":1:{s:7:\"sto"...
pmembers = (zval *) 0x72a008dc400
pflags = (zval *) 0x80163c328
flags = 0
#7 0x000000000049e084 in spl_array_unserialize
(object=0x7fffffffcbe8, ce=0x801632fc8,
buf=0x804815313 "x:i:0;a:10:{i:0;O:7:\"Storage\":1:{s:7:\"storage
\";O:6:\"Object\":0:{}}i:1;O:7:\"Storage\":1:{s:7:\"storage\";O:
6:\"Object\":0:{}}i:2;O:7:\"Storage\":1:{s:7:\"storage\";O:6:\"Object
\":0:{}}i:3;O:7:\"Storage\":1:{s:7:\"sto"..., buf_len=552,
#8 0x0000000803ef1d58 in igbinary_unserialize_object_ser
(igsd=0x7fffffffcb20, t=igbinary_type_object_ser16, z=0x7fffffffcbe8,
ce=0x801632fc8) at /usr/ports/converters/igbinary/work/
igbinary-1.1.1/igbinary.c:1757
n = 552
#9 0x0000000803ef1a07 in igbinary_unserialize_object
(igsd=0x7fffffffcb20, t=igbinary_type_object_ser16, z=0x7fffffffcbe8)
at /usr/ports/converters/igbinary/work/igbinary-1.1.1/igbinary.c:
1884
ce = (zend_class_entry *) 0x801632fc8
pce = (zend_class_entry **) 0x804880a78
6.9533558071555652e-310, str = {val = 0x7fffffffca48 "(»c\001\b",
len = -13776}, ht = 0x7fffffffca48, obj = {handle = 4294953544,
handlers = 0x7fffffffca30}}, refcount__gc = 4294953648,
7:\"Storage\":1:{s:7:\"storage\";O:6:\"Object\":0:{}}i:1;O:7:\"Storage
\":1:{s:7:\"storage\";O:6:\"Object\":0:{}}i:2;O:7:\"Storage\":1:{s:
7:\"storage\";O:6:\"Object\":0:{}}i:3;O:7:\"Storage"...
name_len = 10
r = 45
incomplete_class = false
user_func = (zval *) 0x98
retval_ptr = (zval *) 0x80163ba90
args = {0x80160a300}
arg_func_name = (zval *) 0x40
#10 0x0000000803ef0e7a in igbinary_unserialize_zval
(igsd=0x7fffffffcb20, z=0x7fffffffcbe8)
at /usr/ports/converters/igbinary/work/igbinary-1.1.1/igbinary.c:
1999
t = igbinary_type_object8
tmp_long = 140737488341744
tmp_double = 6.9533558071662371e-310
tmp_chararray = 0x803ef4278 "/usr/ports/converters/igbinary/
work/igbinary-1.1.1/igbinary.c"
tmp_size_t = 5450313498624
#11 0x0000000803eee705 in igbinary_unserialize (buf=0x804815300 "",
buf_len=571, z=0x7fffffffcbe8)
at /usr/ports/converters/igbinary/work/igbinary-1.1.1/igbinary.c:
363
igsd = {buffer = 0x804815300 "", buffer_size = 571,
buffer_offset = 19, strings = 0x80163bae0, strings_count = 1,
strings_capacity = 4, references = 0x80163b6f8, references_count =
1, references_capacity = 4, error = 0, string0_buf = {
c = 0x0, len = 0, a = 0}}
#12 0x000000080423f3f8 in php_memc_zval_from_payload
(value=0x801631630, payload=0x804815300 "", payload_len=571, flags=5,
buffer = 0x0
#13 0x0000000804238381 in php_memc_get_impl (ht=1,
return_value=0x801631630, return_value_ptr=0x0, this_ptr=0x80162e600,
key_len = 6
payload_len = 571
cas = 0
keys = {0x80163b810 "foobar"}
key_lens = {6}
key_length = 140737488342384, item_cas = 6268759,
root = 0x80163ba90, value = {end = 0x80160a300 "\001", string =
0x1a520 <Address 0x1a520 out of bounds>, current_size = 16,
root = 0x80160aa18, options = {is_allocated = true, is_initialized
= false}},
item_key = "Ⱥc\001\b\000\000\000\001\000\000\000Üø\022sð\217y
\000\000\000\000\000\000\020#\004»\001\000\000h~y
\000\000\000\000\000\220Õ_\000\001\000\000\000\020¸c\001\b
\000\000\000\000£`\001\b\000\000\000À·c\001\b", '\0' <repeats 15
times>, "\001\000\000\000Ž_\000\000\000\000\000p½c\001\b
\000\000\000\001\000\000\000Üø\022sh~y\000\000\000\000\000°¿c\001>
\001\000\000ÐÐy\000\000\000\000\000`\205\210\004\001\000\000\0000\026c
\001\b\000\000\000Ž_\000\000\000\000\000à\025c\001\b
\000\000\000\001\000\000\000Üø\022sh~y\000\000\000\000\000JÊ_
\000\000\000\000\000\220Ðy\000\000\000\000\000`\000\000\000\000"...,
status = MEMCACHED_SUCCESS
object = (zval *) 0x80162e600
i_obj = (php_memc_t *) 0x801634410
m_obj = (struct memc_obj *) 0x801638070
#14 0x0000000804237c0b in zim_Memcached_get (ht=1,
return_value=0x801631630, return_value_ptr=0x0, this_ptr=0x80162e600,
(execute_data=0x804888080) at zend_vm_execute.h:316
opline = (zend_op *) 0x801630ce0
should_change_scope = 1 '\001'
#16 0x000000000065c9c5 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER
(execute_data=0x804888080) at zend_vm_execute.h:421
No locals.
#17 0x000000000065a9ea in execute (op_array=0x801634540) at
i = 1
file_handle = (zend_file_handle *) 0x7fffffffea20
(primary_file=0x7fffffffea20) at /usr/ports/lang/php5/work/php-5.3.6/
main/main.c:2268
realfile = "/www/ch9/test.php\000\000\000\002\000\000\000pïb
\001\b\000\000\000pïb\001\b
\000\000\000\002\000\000\000\001\000\000\000`ðb\001\b\000\000\000\200Û
\215\000\003\000\000\000@ãÿÿÿ\177\000\000\177®c\000\000\000\000\000pïb
\001\b\000\000\000\020\000\000\000\002\000\000\000pïb\001\b", '\0'
<repeats 11 times>, "8\230x\000\000\000\000\000ð
\000\000\000\003\000\000\000ðãÿÿÿ\177\000\000d\032\\
\000\000\000\000\000 ª`\001\000\000\000\000\026", '\0' <repeats 15
times>, "\230x\002\000\000\000\000\000pïb\001\b\000\000\000pïb\001\b
\000\000\000p\233w\000\000\000\000\000 ïb\001d\001"...
__orig_bailout = (sigjmp_buf *) 0x7fffffffe980
__bailout = {{_sjb = {5928021, 2, 140737488343656,
140737488349280, 140737488350208, 140737488350184, 0, 0, 34382807679,
6365355, 140737488349008, 0}}}
ports/lang/php5/work/php-5.3.6/sapi/cli/php_cli.c:1193
__orig_bailout = (sigjmp_buf *) 0x0
__bailout = {{_sjb = {7449865, 2, 140737488349288,
140737488350096, 140737488350208, 140737488350184, 0, 0, 34368979839,
34369030656, 34369031168, 34359738368}}}
exit_status = 0
c = -1
file_handle = {type = ZEND_HANDLE_MAPPED, filename =
0x7fffffffee2c "test.php", opened_path = 0x0, handle = {
fd = 23262976, fp = 0x80162f700, stream = {handle = 0x80162f700,
isatty = 0, mmap = {len = 1060, pos = 0, map = 0x8008f4000,
buf = 0x8008f4000 <Address 0x8008f4000 out of bounds>,
old_handle = 0x801505c20,
old_closer = 0x643b30 <zend_stream_stdio_closer>}, reader =
0x643b00 <zend_stream_stdio_reader>,
<zend_stream_mmap_closer>}}, free_filename = 0 '\0'}
behavior = 1
reflection_what = 0x0
orig_optind = 1
orig_optarg = 0x0
arg_free = 0x7fffffffee2c "test.php"
arg_excp = (char **) 0x7fffffffebf0
script_file = 0x7fffffffee2c "test.php"
interactive = 0
module_started = 1
request_started = 1
lineno = 1
exec_direct = 0x0
exec_run = 0x0
exec_begin = 0x0
exec_end = 0x0
param_error = 0x0
hide_argv = 0
ini_entries_len = 110
#0 0x000000000053b2b4 in var_push_dtor (var_hashx=0x0,
rval=0x80163b9f0)
at /usr/ports/lang/php5/work/php-5.3.6/ext/standard/
var_unserializer.c:60
60 var_entries *var_hash = var_hashx->first_dtor, *prev =
NULL;
#0 0x000000000053b2b4 in var_push_dtor (var_hashx=0x0,
var_unserializer.c:60
60 var_entries *var_hash = var_hashx->first_dtor, *prev =
NULL;
rval=0x80163b9f0)
at /usr/ports/lang/php5/work/php-5.3.6/ext/standard/
var_unserializer.c:60
var_hash = (var_entries *) 0x80163c560
prev = (var_entries *) 0x77bc58
#1 0x000000000053e2bd in process_nested_data (rval=0x7fffffffc690,
p=0x7fffffffc888, max=0x80481553b "", var_hash=0x0,
ht=0x80163c560, elements=0) at /usr/ports/lang/php5/work/php-5.3.6/
ext/standard/var_unserializer.c:292
key = (zval *) 0x80163c600
data = (zval *) 0x80163c678
old_data = (zval **) 0x80163b9f0
#2 0x000000000053de87 in object_common2 (rval=0x7fffffffc690,
p=0x7fffffffc888, max=0x80481553b "", var_hash=0x0, elements=1)
at /usr/ports/lang/php5/work/php-5.3.6/ext/standard/
var_unserializer.c:363
retval_ptr = (zval *) 0x0
fname = {value = {lval = 0, dval = 0, str = {val = 0x0, len =
75584827}, ht = 0x0, obj = {handle = 0,
var_unserializer.c:363
retval_ptr = (zval *) 0x0
fname = {value = {lval = 0, dval = 0, str = {val = 0x0, len =
handlers = 0x481553b}}, refcount__gc = 0, type = 0 '\0',
is_ref__gc = 0 '\0'}
#3 0x000000000053c450 in php_var_unserialize (rval=0x7fffffffc690,
p=0x7fffffffc888, max=0x80481553b "", var_hash=0x0)
at /usr/ports/lang/php5/work/php-5.3.6/ext/standard/
var_unserializer.c:647
len3 = 7
user_func = (zval *) 0x5fd1a4
arg_func_name = (zval *) 0x98
pce = (zend_class_entry **) 0x80487e7f8
custom_object = 0
len = 7
len2 = 7
maxlen = 531
elements = 1
class_name = 0x80163ba80 "storage"
ce = (zend_class_entry *) 0x801631cd8
incomplete_class = 0
retval_ptr = (zval *) 0x7fffffffc5e0
args = {0x10}
yych = 34 '"'
cursor = (
const unsigned char *) 0x80481532f "\":1:{s:7:\"storage\";O:
cursor = (
6:\"Object\":0:{}}i:1;O:7:\"Storage\":1:{s:7:\"storage\";O:6:\"Object
\":0:{}}i:2;O:7:\"Storage\":1:{s:7:\"storage\";O:6:\"Object\":0:{}}i:
3;O:7:\"Storage\":1:{s:7:\"storage\";O:6:\"Object\":0:{}}i:4;"...
limit = (
const unsigned char *) 0x804815323 "O:7:\"Storage\":1:{s:
7:\"storage\";O:6:\"Object\":0:{}}i:1;O:7:\"Storage\":1:{s:7:\"storage
\";O:6:\"Object\":0:{}}i:2;O:7:\"Storage\":1:{s:7:\"storage\";O:
6:\"Object\":0:{}}i:3;O:7:\"Storage\":1:{s:7:\"storage\";O:
6:\"Objec"...
marker = (
const unsigned char *) 0x804815324 ":7:\"Storage\":1:{s:7:\"storage
\";O:6:\"Object\":0:{}}i:1;O:7:\"Storage\":1:{s:7:\"storage\";O:
6:\"Object\":0:{}}i:2;O:7:\"Storage\":1:{s:7:\"storage\";O:6:\"Object
\":0:{}}i:3;O:7:\"Storage\":1:{s:7:\"storage\";O:6:\"Object"...
start = (
const unsigned char *) 0x804815323 "O:7:\"Storage\":1:{s:
7:\"storage\";O:6:\"Object\":0:{}}i:1;O:7:\"Storage\":1:{s:7:\"storage
\";O:6:\"Object\":0:{}}i:2;O:7:\"Storage\":1:{s:7:\"storage\";O:
6:\"Object\":0:{}}i:3;O:7:\"Storage\":1:{s:7:\"storage\";O:
6:\"Objec"...
rval_ref = (zval **) 0x78
yybm = '\0' <repeats 48 times>,
"\200\200\200\200\200\200\200\200\200\200", '\0' <repeats 197 times>
#4 0x000000000053e156 in process_nested_data (rval=0x80163bef0,
yybm = '\0' <repeats 48 times>,
"\200\200\200\200\200\200\200\200\200\200", '\0' <repeats 197 times>
p=0x7fffffffc888, max=0x80481553b "", var_hash=0x0,
ht=0x80163c1f0, elements=9) at /usr/ports/lang/php5/work/php-5.3.6/
ext/standard/var_unserializer.c:275
key = (zval *) 0x80163c328
data = (zval *) 0x80163c478
old_data = (zval **) 0x77bc58
#5 0x000000000053c7c7 in php_var_unserialize (rval=0x80163bef0,
p=0x7fffffffc888, max=0x80481553b "", var_hash=0x0)
at /usr/ports/lang/php5/work/php-5.3.6/ext/standard/
var_unserializer.c:713
elements = 10
yych = 123 '{'
cursor = (
const unsigned char *) 0x80481531f "i:0;O:7:\"Storage\":1:{s:
cursor = (
7:\"storage\";O:6:\"Object\":0:{}}i:1;O:7:\"Storage\":1:{s:7:\"storage
\";O:6:\"Object\":0:{}}i:2;O:7:\"Storage\":1:{s:7:\"storage\";O:
6:\"Object\":0:{}}i:3;O:7:\"Storage\":1:{s:7:\"storage\";O:6:\"O"...
limit = (
const unsigned char *) 0x804815319 "a:10:{i:0;O:7:\"Storage\":1:{s:
7:\"storage\";O:6:\"Object\":0:{}}i:1;O:7:\"Storage\":1:{s:7:\"storage
\";O:6:\"Object\":0:{}}i:2;O:7:\"Storage\":1:{s:7:\"storage\";O:
6:\"Object\":0:{}}i:3;O:7:\"Storage\":1:{s:7:\"storage\";"...
marker = (
const unsigned char *) 0x80481531a ":10:{i:0;O:7:\"Storage\":1:{s:
7:\"storage\";O:6:\"Object\":0:{}}i:1;O:7:\"Storage\":1:{s:7:\"storage
\";O:6:\"Object\":0:{}}i:2;O:7:\"Storage\":1:{s:7:\"storage\";O:
6:\"Object\":0:{}}i:3;O:7:\"Storage\":1:{s:7:\"storage\";O"...
start = (
---Type <return> to continue, or q <return> to quit---
const unsigned char *) 0x804815319 "a:10:{i:0;O:7:\"Storage\":1:{s:
7:\"storage\";O:6:\"Object\":0:{}}i:1;O:7:\"Storage\":1:{s:7:\"storage
\";O:6:\"Object\":0:{}}i:2;O:7:\"Storage\":1:{s:7:\"storage\";O:
6:\"Object\":0:{}}i:3;O:7:\"Storage\":1:{s:7:\"storage\";"...
rval_ref = (zval **) 0x78
yybm = '\0' <repeats 48 times>,
"\200\200\200\200\200\200\200\200\200\200", '\0' <repeats 197 times>
#6 0x000000000049dc43 in spl_array_unserialize_helper
yybm = '\0' <repeats 48 times>,
"\200\200\200\200\200\200\200\200\200\200", '\0' <repeats 197 times>
(intern=0x80163bed8,
buf=0x804815313 "x:i:0;a:10:{i:0;O:7:\"Storage\":1:{s:7:\"storage
\";O:6:\"Object\":0:{}}i:1;O:7:\"Storage\":1:{s:7:\"storage\";O:
6:\"Object\":0:{}}i:2;O:7:\"Storage\":1:{s:7:\"storage\";O:6:\"Object
\":0:{}}i:3;O:7:\"Storage\":1:{s:7:\"sto"..., buf_len=552,
var_hash_p=0x0) at /usr/ports/lang/php5/work/php-5.3.6/ext/spl/
spl_array.c:1763
p = (
const unsigned char *) 0x804815353 "}i:1;O:7:\"Storage\":1:{s:
spl_array.c:1763
p = (
7:\"storage\";O:6:\"Object\":0:{}}i:2;O:7:\"Storage\":1:{s:7:\"storage
\";O:6:\"Object\":0:{}}i:3;O:7:\"Storage\":1:{s:7:\"storage\";O:
6:\"Object\":0:{}}i:4;O:7:\"Storage\":1:{s:7:\"storage\";O:6:\""...
s = (
const unsigned char *) 0x804815313 "x:i:0;a:10:{i:0;O:7:\"Storage
\":1:{s:7:\"storage\";O:6:\"Object\":0:{}}i:1;O:7:\"Storage\":1:{s:
7:\"storage\";O:6:\"Object\":0:{}}i:2;O:7:\"Storage\":1:{s:7:\"storage
\";O:6:\"Object\":0:{}}i:3;O:7:\"Storage\":1:{s:7:\"sto"...
pmembers = (zval *) 0x72a008dc400
pflags = (zval *) 0x80163c328
flags = 0
#7 0x000000000049e084 in spl_array_unserialize
(object=0x7fffffffcbe8, ce=0x801632fc8,
buf=0x804815313 "x:i:0;a:10:{i:0;O:7:\"Storage\":1:{s:7:\"storage
\";O:6:\"Object\":0:{}}i:1;O:7:\"Storage\":1:{s:7:\"storage\";O:
6:\"Object\":0:{}}i:2;O:7:\"Storage\":1:{s:7:\"storage\";O:6:\"Object
\":0:{}}i:3;O:7:\"Storage\":1:{s:7:\"sto"..., buf_len=552,
data=0x0) at /usr/ports/lang/php5/work/php-5.3.6/ext/spl/
spl_array.c:1852
intern = (spl_array_object *) 0x80163bed8
spl_array.c:1852
#8 0x0000000803ef1d58 in igbinary_unserialize_object_ser
(igsd=0x7fffffffcb20, t=igbinary_type_object_ser16, z=0x7fffffffcbe8,
ce=0x801632fc8) at /usr/ports/converters/igbinary/work/
igbinary-1.1.1/igbinary.c:1757
n = 552
#9 0x0000000803ef1a07 in igbinary_unserialize_object
(igsd=0x7fffffffcb20, t=igbinary_type_object_ser16, z=0x7fffffffcbe8)
at /usr/ports/converters/igbinary/work/igbinary-1.1.1/igbinary.c:
1884
ce = (zend_class_entry *) 0x801632fc8
pce = (zend_class_entry **) 0x804880a78
h = (zval *) 0x0
f = {value = {lval = 140737488341576, dval =
6.9533558071555652e-310, str = {val = 0x7fffffffca48 "(»c\001\b",
len = -13776}, ht = 0x7fffffffca48, obj = {handle = 4294953544,
handlers = 0x7fffffffca30}}, refcount__gc = 4294953648,
type = 0 '\0', is_ref__gc = 0 '\0'}
name = 0x804815306 "Collection\036\002(x:i:0;a:10:{i:0;O:
7:\"Storage\":1:{s:7:\"storage\";O:6:\"Object\":0:{}}i:1;O:7:\"Storage
\":1:{s:7:\"storage\";O:6:\"Object\":0:{}}i:2;O:7:\"Storage\":1:{s:
7:\"storage\";O:6:\"Object\":0:{}}i:3;O:7:\"Storage"...
name_len = 10
r = 45
incomplete_class = false
user_func = (zval *) 0x98
retval_ptr = (zval *) 0x80163ba90
args = {0x80160a300}
arg_func_name = (zval *) 0x40
#10 0x0000000803ef0e7a in igbinary_unserialize_zval
(igsd=0x7fffffffcb20, z=0x7fffffffcbe8)
at /usr/ports/converters/igbinary/work/igbinary-1.1.1/igbinary.c:
1999
t = igbinary_type_object8
tmp_long = 140737488341744
tmp_double = 6.9533558071662371e-310
tmp_chararray = 0x803ef4278 "/usr/ports/converters/igbinary/
work/igbinary-1.1.1/igbinary.c"
tmp_size_t = 5450313498624
#11 0x0000000803eee705 in igbinary_unserialize (buf=0x804815300 "",
buf_len=571, z=0x7fffffffcbe8)
at /usr/ports/converters/igbinary/work/igbinary-1.1.1/igbinary.c:
363
igsd = {buffer = 0x804815300 "", buffer_size = 571,
buffer_offset = 19, strings = 0x80163bae0, strings_count = 1,
strings_capacity = 4, references = 0x80163b6f8, references_count =
1, references_capacity = 4, error = 0, string0_buf = {
c = 0x0, len = 0, a = 0}}
#12 0x000000080423f3f8 in php_memc_zval_from_payload
(value=0x801631630, payload=0x804815300 "", payload_len=571, flags=5,
serializer=SERIALIZER_IGBINARY) at /root/php-memcached/
php_memcached.c:2719
payload_emalloc = 0 '\0'
php_memcached.c:2719
buffer = 0x0
#13 0x0000000804238381 in php_memc_get_impl (ht=1,
return_value=0x801631630, return_value_ptr=0x0, this_ptr=0x80162e600,
return_value_used=1, by_key=0 '\0') at /root/php-memcached/
php_memcached.c:625
rc = 0
return_value_set = 0 '\0'
key = 0x80163b810 "foobar"
php_memcached.c:625
rc = 0
return_value_set = 0 '\0'
key_len = 6
server_key = 0x0
server_key_len = 0
payload = 0x804815300 ""
server_key_len = 0
payload_len = 571
---Type <return> to continue, or q <return> to quit---
flags = 5
cas = 0
keys = {0x80163b810 "foobar"}
key_lens = {6}
cas_token = (zval *) 0x0
fci = {size = 0, function_table = 0x0, function_name = 0x0,
symbol_table = 0x0, retval_ptr_ptr = 0x0, param_count = 0,
params = 0x0, object_ptr = 0x0, no_separation = 0 '\0'}
fcc = {initialized = 0 '\0', function_handler = 0x0,
calling_scope = 0x0, called_scope = 0x0, object_ptr = 0x0}
result = {item_flags = 4294954352, item_expiration = 16,
fci = {size = 0, function_table = 0x0, function_name = 0x0,
symbol_table = 0x0, retval_ptr_ptr = 0x0, param_count = 0,
params = 0x0, object_ptr = 0x0, no_separation = 0 '\0'}
fcc = {initialized = 0 '\0', function_handler = 0x0,
calling_scope = 0x0, called_scope = 0x0, object_ptr = 0x0}
key_length = 140737488342384, item_cas = 6268759,
root = 0x80163ba90, value = {end = 0x80160a300 "\001", string =
0x1a520 <Address 0x1a520 out of bounds>, current_size = 16,
root = 0x80160aa18, options = {is_allocated = true, is_initialized
= false}},
item_key = "Ⱥc\001\b\000\000\000\001\000\000\000Üø\022sð\217y
\000\000\000\000\000\000\020#\004»\001\000\000h~y
\000\000\000\000\000\220Õ_\000\001\000\000\000\020¸c\001\b
\000\000\000\000£`\001\b\000\000\000À·c\001\b", '\0' <repeats 15
times>, "\001\000\000\000Ž_\000\000\000\000\000p½c\001\b
\000\000\000\001\000\000\000Üø\022sh~y\000\000\000\000\000°¿c\001>
\001\000\000ÐÐy\000\000\000\000\000`\205\210\004\001\000\000\0000\026c
\001\b\000\000\000Ž_\000\000\000\000\000à\025c\001\b
\000\000\000\001\000\000\000Üø\022sh~y\000\000\000\000\000JÊ_
\000\000\000\000\000\220Ðy\000\000\000\000\000`\000\000\000\000"...,
options = {is_allocated = false,
is_initialized = false}}
status = MEMCACHED_SUCCESS
object = (zval *) 0x80162e600
i_obj = (php_memc_t *) 0x801634410
m_obj = (struct memc_obj *) 0x801638070
#14 0x0000000804237c0b in zim_Memcached_get (ht=1,
return_value=0x801631630, return_value_ptr=0x0, this_ptr=0x80162e600,
return_value_used=1) at /root/php-memcached/php_memcached.c:465
No locals.
#15 0x000000000065ba1c in zend_do_fcall_common_helper_SPEC
No locals.
(execute_data=0x804888080) at zend_vm_execute.h:316
opline = (zend_op *) 0x801630ce0
should_change_scope = 1 '\001'
#16 0x000000000065c9c5 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER
(execute_data=0x804888080) at zend_vm_execute.h:421
No locals.
#17 0x000000000065a9ea in execute (op_array=0x801634540) at
zend_vm_execute.h:107
ret = 0
execute_data = (zend_execute_data *) 0x804888080
ret = 0
nested = 1 '\001'
original_in_execution = 0 '\0'
#18 0x000000000062745d in zend_execute_scripts (type=8, retval=0x0,
original_in_execution = 0 '\0'
file_count=3)
at /usr/ports/lang/php5/work/php-5.3.6/Zend/zend.c:1194
files = {{gp_offset = 40, fp_offset = 48, overflow_arg_area =
0x7fffffffd270, reg_save_area = 0x7fffffffd1b0}}
at /usr/ports/lang/php5/work/php-5.3.6/Zend/zend.c:1194
files = {{gp_offset = 40, fp_offset = 48, overflow_arg_area =
i = 1
file_handle = (zend_file_handle *) 0x7fffffffea20
orig_op_array = (zend_op_array *) 0x0
orig_retval_ptr_ptr = (zval **) 0x0
#19 0x00000000005a7712 in php_execute_script
orig_retval_ptr_ptr = (zval **) 0x0
(primary_file=0x7fffffffea20) at /usr/ports/lang/php5/work/php-5.3.6/
main/main.c:2268
realfile = "/www/ch9/test.php\000\000\000\002\000\000\000pïb
\001\b\000\000\000pïb\001\b
\000\000\000\002\000\000\000\001\000\000\000`ðb\001\b\000\000\000\200Û
\215\000\003\000\000\000@ãÿÿÿ\177\000\000\177®c\000\000\000\000\000pïb
\001\b\000\000\000\020\000\000\000\002\000\000\000pïb\001\b", '\0'
<repeats 11 times>, "8\230x\000\000\000\000\000ð
\000\000\000\003\000\000\000ðãÿÿÿ\177\000\000d\032\\
\000\000\000\000\000 ª`\001\000\000\000\000\026", '\0' <repeats 15
times>, "\230x\002\000\000\000\000\000pïb\001\b\000\000\000pïb\001\b
\000\000\000p\233w\000\000\000\000\000 ïb\001d\001"...
__orig_bailout = (sigjmp_buf *) 0x7fffffffe980
__bailout = {{_sjb = {5928021, 2, 140737488343656,
140737488349280, 140737488350208, 140737488350184, 0, 0, 34382807679,
6365355, 140737488349008, 0}}}
prepend_file_p = (zend_file_handle *) 0x0
append_file_p = (zend_file_handle *) 0x0
prepend_file = {type = ZEND_HANDLE_FILENAME, filename = 0x0,
opened_path = 0x0, handle = {fd = 0, fp = 0x0, stream = {
handle = 0x0, isatty = 0, mmap = {len = 0, pos = 0, map = 0x0,
buf = 0x0, old_handle = 0x0, old_closer = 0}, reader = 0,
fsizer = 0, closer = 0}}, free_filename = 0 '\0'}
append_file = {type = ZEND_HANDLE_FILENAME, filename = 0x0,
opened_path = 0x0, handle = {fd = 0, fp = 0x0, stream = {
handle = 0x0, isatty = 0, mmap = {len = 0, pos = 0, map = 0x0,
buf = 0x0, old_handle = 0x0, old_closer = 0}, reader = 0,
fsizer = 0, closer = 0}}, free_filename = 0 '\0'}
old_cwd = 0x7fffffffd290 ""
append_file_p = (zend_file_handle *) 0x0
prepend_file = {type = ZEND_HANDLE_FILENAME, filename = 0x0,
opened_path = 0x0, handle = {fd = 0, fp = 0x0, stream = {
handle = 0x0, isatty = 0, mmap = {len = 0, pos = 0, map = 0x0,
buf = 0x0, old_handle = 0x0, old_closer = 0}, reader = 0,
fsizer = 0, closer = 0}}, free_filename = 0 '\0'}
append_file = {type = ZEND_HANDLE_FILENAME, filename = 0x0,
opened_path = 0x0, handle = {fd = 0, fp = 0x0, stream = {
handle = 0x0, isatty = 0, mmap = {len = 0, pos = 0, map = 0x0,
buf = 0x0, old_handle = 0x0, old_closer = 0}, reader = 0,
fsizer = 0, closer = 0}}, free_filename = 0 '\0'}
use_heap = 0 '\0'
retval = 0
#20 0x000000000071b74a in main (argc=2, argv=0x7fffffffebe8) at /usr/
retval = 0
ports/lang/php5/work/php-5.3.6/sapi/cli/php_cli.c:1193
__orig_bailout = (sigjmp_buf *) 0x0
__bailout = {{_sjb = {7449865, 2, 140737488349288,
140737488350096, 140737488350208, 140737488350184, 0, 0, 34368979839,
34369030656, 34369031168, 34359738368}}}
exit_status = 0
c = -1
file_handle = {type = ZEND_HANDLE_MAPPED, filename =
0x7fffffffee2c "test.php", opened_path = 0x0, handle = {
fd = 23262976, fp = 0x80162f700, stream = {handle = 0x80162f700,
isatty = 0, mmap = {len = 1060, pos = 0, map = 0x8008f4000,
buf = 0x8008f4000 <Address 0x8008f4000 out of bounds>,
old_handle = 0x801505c20,
old_closer = 0x643b30 <zend_stream_stdio_closer>}, reader =
0x643b00 <zend_stream_stdio_reader>,
---Type <return> to continue, or q <return> to quit---
fsizer = 0x643b70 <zend_stream_stdio_fsizer>, closer = 0x643cd0
<zend_stream_mmap_closer>}}, free_filename = 0 '\0'}
behavior = 1
reflection_what = 0x0
orig_optind = 1
orig_optarg = 0x0
arg_free = 0x7fffffffee2c "test.php"
arg_excp = (char **) 0x7fffffffebf0
script_file = 0x7fffffffee2c "test.php"
interactive = 0
module_started = 1
request_started = 1
lineno = 1
exec_direct = 0x0
exec_run = 0x0
exec_begin = 0x0
exec_end = 0x0
param_error = 0x0
hide_argv = 0
ini_entries_len = 110
Pierre Joye
May 4, 2011, 3:01:44 PM5/4/11
to igbi...@googlegroups.com
Hi,
I would report first to pecl's memcached, unless you have an example running igbinary alone. It could be faster for them to identify the issue.
Cheers,
Aleksey Korzun
May 4, 2011, 3:26:00 PM5/4/11
to igbinary development list
From what I can see within memcached all it does is pass off data to
igbinary if igbinary is set as a primary serializer.
On May 4, 3:01 pm, Pierre Joye <pierre....@gmail.com> wrote:
> Hi,
>
> I would report first to pecl's memcached, unless you have an example running
> igbinary alone. It could be faster for them to identify the issue.
>
> Cheers,
>
> ...
>
> read more »
igbinary if igbinary is set as a primary serializer.
On May 4, 3:01 pm, Pierre Joye <pierre....@gmail.com> wrote:
> Hi,
>
> I would report first to pecl's memcached, unless you have an example running
> igbinary alone. It could be faster for them to identify the issue.
>
> Cheers,
>
>
> read more »
Teddy
May 5, 2011, 12:27:41 AM5/5/11
to igbinary development list
Indeed this is not related to memcached. A simpler test case below:
----8<----8<----8<----8<----8<----8<----8<----
class Storage {
public $storage = "a string";
}
$collection = new ArrayObject;
$collection->append(new Storage);
var_dump($collection);
$ser = igbinary_serialize($collection);
igbinary_unserialize($ser);
----8<----8<----8<----8<----8<----8<----8<----
----8<----8<----8<----8<----8<----8<----8<----
class Storage {
public $storage = "a string";
}
$collection = new ArrayObject;
$collection->append(new Storage);
var_dump($collection);
$ser = igbinary_serialize($collection);
igbinary_unserialize($ser);
----8<----8<----8<----8<----8<----8<----8<----
Teddy
May 5, 2011, 3:44:52 AM5/5/11
to igbinary development list
There, fixed in github igbinary/master.
I'm not sure this actually is an issue with igbinary, could be related
to http://svn.php.net/viewvc?view=revision&revision=265477 .
Have a nice day! :)
I'm not sure this actually is an issue with igbinary, could be related
to http://svn.php.net/viewvc?view=revision&revision=265477 .
Have a nice day! :)
Message has been deleted
Aleksey Korzun
May 6, 2011, 11:52:34 AM5/6/11
to igbinary development list
Sorry I misread, in orignal reply. The fix you commited to -dev build
is tested and works on my end.
Many thanks.
If anybody else is having this problem here is a simple switch to dev
build (FreeBSD)
cd /usr/ports/converters/igbinary
git clone https://github.com/igbinary/igbinary.git
cd igbinary/
phpize && ./configure CFLAGS="-O2 -g" --enable-igbinary
make && make install
hash -r
(update extensions.ini)
verify that you are running -dev build:"
php -i |grep -i "igbinary version"
is tested and works on my end.
Many thanks.
If anybody else is having this problem here is a simple switch to dev
build (FreeBSD)
cd /usr/ports/converters/igbinary
git clone https://github.com/igbinary/igbinary.git
cd igbinary/
phpize && ./configure CFLAGS="-O2 -g" --enable-igbinary
make && make install
hash -r
(update extensions.ini)
verify that you are running -dev build:"
php -i |grep -i "igbinary version"
Reply all
Reply to author
Forward
0 new messages