[BUG] [CRASH] Spurious crashes in CollectionsTest.php #851

ghost · 2013-07-16T05:47:28Z

This happens mostly for PHP 5.3 and happens both for 1.1.0 and 1.2.0:

Starting test 'CollectionsTest::testCollections'.

zend_mm_heap corrupted

The command "$(phpenv which php) ./unit-tests/ci/phpunit.php --debug -c unit-tests/phpunit.xml" exited with 1.

When run under valgrind:

USE_ZEND_ALLOC=0 valgrind $(phpenv which php) unit-tests/manual-unit.php CollectionsTest.php CollectionsTest

The following output is given:

==13425== Invalid read of size 4
==13425==    at 0xAABA74: _zval_ptr_dtor (zend.h:385)
==13425==    by 0x10E3DF67: zend_vm_stack_clear_multiple (zend_execute.h:318)
==13425==    by 0x10E40220: phalcon_alt_call_method (fcall.c:507)
==13425==    by 0x10E40759: phalcon_alt_call_user_method (fcall.c:947)
==13425==    by 0x10E1CC8C: phalcon_call_method_params_internal (fcall.c:409)
==13425==    by 0x10E1CED3: phalcon_call_method_params (fcall.c:458)
==13425==    by 0x10E1D065: phalcon_call_method_two_params (fcall.c:489)
==13425==    by 0x10F2B8C4: zim_Phalcon_Mvc_Collection_save (collection.c:1413)
==13425==    by 0xB0069E: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:322)
==13425==    by 0xB01111: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:428)
==13425==    by 0xAFF5AF: execute (zend_vm_execute.h:107)
==13425==    by 0xAC232C: zend_execute_scripts (zend.c:1259)
==13425==  Address 0x175d4900 is 16 bytes inside a block of size 32 free'd
==13425==    at 0x4C2BA6C: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==13425==    by 0xA8F610: _efree (zend_alloc.c:2358)
==13425==    by 0xAABB34: _zval_ptr_dtor (zend_execute_API.c:448)
==13425==    by 0xCCBD1F3: zim_MongoCollection_save (collection.c:1333)
==13425==    by 0x10E3FFC9: phalcon_alt_call_method (fcall.c:477)
==13425==    by 0x10E40759: phalcon_alt_call_user_method (fcall.c:947)
==13425==    by 0x10E1CC8C: phalcon_call_method_params_internal (fcall.c:409)
==13425==    by 0x10E1CED3: phalcon_call_method_params (fcall.c:458)
==13425==    by 0x10E1D065: phalcon_call_method_two_params (fcall.c:489)
==13425==    by 0x10F2B8C4: zim_Phalcon_Mvc_Collection_save (collection.c:1413)
==13425==    by 0xB0069E: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:322)
==13425==    by 0xB01111: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:428)
==13425== 
==13425== Invalid write of size 4
==13425==    at 0xAABA7E: _zval_ptr_dtor (zend.h:385)
==13425==    by 0x10E3DF67: zend_vm_stack_clear_multiple (zend_execute.h:318)
==13425==    by 0x10E40220: phalcon_alt_call_method (fcall.c:507)
==13425==    by 0x10E40759: phalcon_alt_call_user_method (fcall.c:947)
==13425==    by 0x10E1CC8C: phalcon_call_method_params_internal (fcall.c:409)
==13425==    by 0x10E1CED3: phalcon_call_method_params (fcall.c:458)
==13425==    by 0x10E1D065: phalcon_call_method_two_params (fcall.c:489)
==13425==    by 0x10F2B8C4: zim_Phalcon_Mvc_Collection_save (collection.c:1413)
==13425==    by 0xB0069E: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:322)
==13425==    by 0xB01111: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:428)
==13425==    by 0xAFF5AF: execute (zend_vm_execute.h:107)
==13425==    by 0xAC232C: zend_execute_scripts (zend.c:1259)
==13425==  Address 0x175d4900 is 16 bytes inside a block of size 32 free'd
==13425==    at 0x4C2BA6C: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==13425==    by 0xA8F610: _efree (zend_alloc.c:2358)
==13425==    by 0xAABB34: _zval_ptr_dtor (zend_execute_API.c:448)
==13425==    by 0xCCBD1F3: zim_MongoCollection_save (collection.c:1333)
==13425==    by 0x10E3FFC9: phalcon_alt_call_method (fcall.c:477)
==13425==    by 0x10E40759: phalcon_alt_call_user_method (fcall.c:947)
==13425==    by 0x10E1CC8C: phalcon_call_method_params_internal (fcall.c:409)
==13425==    by 0x10E1CED3: phalcon_call_method_params (fcall.c:458)
==13425==    by 0x10E1D065: phalcon_call_method_two_params (fcall.c:489)
==13425==    by 0x10F2B8C4: zim_Phalcon_Mvc_Collection_save (collection.c:1413)
==13425==    by 0xB0069E: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:322)
==13425==    by 0xB01111: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:428)
==13425== 
==13425== Invalid read of size 4
==13425==    at 0xAABA8D: _zval_ptr_dtor (zend.h:373)
==13425==    by 0x10E3DF67: zend_vm_stack_clear_multiple (zend_execute.h:318)
==13425==    by 0x10E40220: phalcon_alt_call_method (fcall.c:507)
==13425==    by 0x10E40759: phalcon_alt_call_user_method (fcall.c:947)
==13425==    by 0x10E1CC8C: phalcon_call_method_params_internal (fcall.c:409)
==13425==    by 0x10E1CED3: phalcon_call_method_params (fcall.c:458)
==13425==    by 0x10E1D065: phalcon_call_method_two_params (fcall.c:489)
==13425==    by 0x10F2B8C4: zim_Phalcon_Mvc_Collection_save (collection.c:1413)
==13425==    by 0xB0069E: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:322)
==13425==    by 0xB01111: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:428)
==13425==    by 0xAFF5AF: execute (zend_vm_execute.h:107)
==13425==    by 0xAC232C: zend_execute_scripts (zend.c:1259)
==13425==  Address 0x175d4900 is 16 bytes inside a block of size 32 free'd
==13425==    at 0x4C2BA6C: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==13425==    by 0xA8F610: _efree (zend_alloc.c:2358)
==13425==    by 0xAABB34: _zval_ptr_dtor (zend_execute_API.c:448)
==13425==    by 0xCCBD1F3: zim_MongoCollection_save (collection.c:1333)
==13425==    by 0x10E3FFC9: phalcon_alt_call_method (fcall.c:477)
==13425==    by 0x10E40759: phalcon_alt_call_user_method (fcall.c:947)
==13425==    by 0x10E1CC8C: phalcon_call_method_params_internal (fcall.c:409)
==13425==    by 0x10E1CED3: phalcon_call_method_params (fcall.c:458)
==13425==    by 0x10E1D065: phalcon_call_method_two_params (fcall.c:489)
==13425==    by 0x10F2B8C4: zim_Phalcon_Mvc_Collection_save (collection.c:1413)
==13425==    by 0xB0069E: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:322)
==13425==    by 0xB01111: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:428)
==13425== 
==13425== Invalid read of size 4
==13425==    at 0xAABB56: _zval_ptr_dtor (zend.h:373)
==13425==    by 0x10E3DF67: zend_vm_stack_clear_multiple (zend_execute.h:318)
==13425==    by 0x10E40220: phalcon_alt_call_method (fcall.c:507)
==13425==    by 0x10E40759: phalcon_alt_call_user_method (fcall.c:947)
==13425==    by 0x10E1CC8C: phalcon_call_method_params_internal (fcall.c:409)
==13425==    by 0x10E1CED3: phalcon_call_method_params (fcall.c:458)
==13425==    by 0x10E1D065: phalcon_call_method_two_params (fcall.c:489)
==13425==    by 0x10F2B8C4: zim_Phalcon_Mvc_Collection_save (collection.c:1413)
==13425==    by 0xB0069E: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:322)
==13425==    by 0xB01111: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:428)
==13425==    by 0xAFF5AF: execute (zend_vm_execute.h:107)
==13425==    by 0xAC232C: zend_execute_scripts (zend.c:1259)
==13425==  Address 0x175d4900 is 16 bytes inside a block of size 32 free'd
==13425==    at 0x4C2BA6C: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==13425==    by 0xA8F610: _efree (zend_alloc.c:2358)
==13425==    by 0xAABB34: _zval_ptr_dtor (zend_execute_API.c:448)
==13425==    by 0xCCBD1F3: zim_MongoCollection_save (collection.c:1333)
==13425==    by 0x10E3FFC9: phalcon_alt_call_method (fcall.c:477)
==13425==    by 0x10E40759: phalcon_alt_call_user_method (fcall.c:947)
==13425==    by 0x10E1CC8C: phalcon_call_method_params_internal (fcall.c:409)
==13425==    by 0x10E1CED3: phalcon_call_method_params (fcall.c:458)
==13425==    by 0x10E1D065: phalcon_call_method_two_params (fcall.c:489)
==13425==    by 0x10F2B8C4: zim_Phalcon_Mvc_Collection_save (collection.c:1413)
==13425==    by 0xB0069E: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:322)
==13425==    by 0xB01111: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:428)
==13425== 
==13425== Invalid read of size 1
==13425==    at 0xAABB82: _zval_ptr_dtor (zend_gc.h:182)
==13425==    by 0x10E3DF67: zend_vm_stack_clear_multiple (zend_execute.h:318)
==13425==    by 0x10E40220: phalcon_alt_call_method (fcall.c:507)
==13425==    by 0x10E40759: phalcon_alt_call_user_method (fcall.c:947)
==13425==    by 0x10E1CC8C: phalcon_call_method_params_internal (fcall.c:409)
==13425==    by 0x10E1CED3: phalcon_call_method_params (fcall.c:458)
==13425==    by 0x10E1D065: phalcon_call_method_two_params (fcall.c:489)
==13425==    by 0x10F2B8C4: zim_Phalcon_Mvc_Collection_save (collection.c:1413)
==13425==    by 0xB0069E: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:322)
==13425==    by 0xB01111: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:428)
==13425==    by 0xAFF5AF: execute (zend_vm_execute.h:107)
==13425==    by 0xAC232C: zend_execute_scripts (zend.c:1259)
==13425==  Address 0x175d4904 is 20 bytes inside a block of size 32 free'd
==13425==    at 0x4C2BA6C: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==13425==    by 0xA8F610: _efree (zend_alloc.c:2358)
==13425==    by 0xAABB34: _zval_ptr_dtor (zend_execute_API.c:448)
==13425==    by 0xCCBD1F3: zim_MongoCollection_save (collection.c:1333)
==13425==    by 0x10E3FFC9: phalcon_alt_call_method (fcall.c:477)
==13425==    by 0x10E40759: phalcon_alt_call_user_method (fcall.c:947)
==13425==    by 0x10E1CC8C: phalcon_call_method_params_internal (fcall.c:409)
==13425==    by 0x10E1CED3: phalcon_call_method_params (fcall.c:458)
==13425==    by 0x10E1D065: phalcon_call_method_two_params (fcall.c:489)
==13425==    by 0x10F2B8C4: zim_Phalcon_Mvc_Collection_save (collection.c:1413)
==13425==    by 0xB0069E: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:322)
==13425==    by 0xB01111: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:428)
==13425== 
==13425== Invalid read of size 1
==13425==    at 0xAABB8E: _zval_ptr_dtor (zend_gc.h:182)
==13425==    by 0x10E3DF67: zend_vm_stack_clear_multiple (zend_execute.h:318)
==13425==    by 0x10E40220: phalcon_alt_call_method (fcall.c:507)
==13425==    by 0x10E40759: phalcon_alt_call_user_method (fcall.c:947)
==13425==    by 0x10E1CC8C: phalcon_call_method_params_internal (fcall.c:409)
==13425==    by 0x10E1CED3: phalcon_call_method_params (fcall.c:458)
==13425==    by 0x10E1D065: phalcon_call_method_two_params (fcall.c:489)
==13425==    by 0x10F2B8C4: zim_Phalcon_Mvc_Collection_save (collection.c:1413)
==13425==    by 0xB0069E: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:322)
==13425==    by 0xB01111: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:428)
==13425==    by 0xAFF5AF: execute (zend_vm_execute.h:107)
==13425==    by 0xAC232C: zend_execute_scripts (zend.c:1259)
==13425==  Address 0x175d4904 is 20 bytes inside a block of size 32 free'd
==13425==    at 0x4C2BA6C: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==13425==    by 0xA8F610: _efree (zend_alloc.c:2358)
==13425==    by 0xAABB34: _zval_ptr_dtor (zend_execute_API.c:448)
==13425==    by 0xCCBD1F3: zim_MongoCollection_save (collection.c:1333)
==13425==    by 0x10E3FFC9: phalcon_alt_call_method (fcall.c:477)
==13425==    by 0x10E40759: phalcon_alt_call_user_method (fcall.c:947)
==13425==    by 0x10E1CC8C: phalcon_call_method_params_internal (fcall.c:409)
==13425==    by 0x10E1CED3: phalcon_call_method_params (fcall.c:458)
==13425==    by 0x10E1D065: phalcon_call_method_two_params (fcall.c:489)
==13425==    by 0x10F2B8C4: zim_Phalcon_Mvc_Collection_save (collection.c:1413)
==13425==    by 0xB0069E: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:322)
==13425==    by 0xB01111: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:428)
==13425==

The text was updated successfully, but these errors were encountered:

ghost · 2013-07-16T06:25:41Z

Looks like this is a bug in the Mongo PHP extension:

PHP_METHOD(MongoCollection, save)
{
    zval *a, *options = 0;
    zval **id;

    if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "z|a/", &a, &options) == FAILURE) {
        return;
    }
    MUST_BE_ARRAY_OR_OBJECT(1, a);

    if (!options) {
        MAKE_STD_ZVAL(options);
        array_init(options);
    }

    if (zend_hash_find(HASH_P(a), "_id", 4, (void**)&id) == SUCCESS) {
        /* ... */
        MONGO_METHOD3(MongoCollection, update, return_value, getThis(), criteria, a, options);

        zval_ptr_dtor(&criteria);
        zval_ptr_dtor(&options);
        return;
    }
/* ... */
}

That is, they separate options ('a/' thing) and then do zval_ptr_dtor(&options); however, this only works if no options were passed to the function (and thus zval_ptr_dtor() will compensate for MAKE_STD_ZVAL()); otherwise they will spoil the value that was passed to them and zend_vm_stack_clear_multiple() will attempt to read the freed memory.

ghost · 2013-07-16T07:21:52Z

The suggested workaround is to use the slow call path for PHP 5.3, like this:

#if PHP_VERSION_ID < 50400
    {
        zval *params[2] = { data, options };
        zval func;
        INIT_ZVAL(func);
        ZVAL_STRING(&func, "save", 0);
        call_user_function(EG(function_table), &collection, &func, status, 2, params TSRMLS_CC);
    }
#else
    phalcon_call_method_p2(status, collection, "save", data, options);
#endif

This does not solve the issue with invalid memory reads BUT eliminates invalid writes and PHP does not crash anymore.

ghost · 2013-07-16T07:24:05Z

==24453== Invalid read of size 4
==24453==    at 0xAABA74: _zval_ptr_dtor (zend.h:385)
==24453==    by 0xAA9D60: zend_vm_stack_clear_multiple (zend_execute.h:318)
==24453==    by 0xAAE9F4: zend_call_function (zend_execute_API.c:1027)
==24453==    by 0xAAD05D: call_user_function_ex (zend_execute_API.c:758)
==24453==    by 0xAACEB5: call_user_function (zend_execute_API.c:731)
==24453==    by 0x10FE94B0: zim_Phalcon_Mvc_Collection_save (collection.c:1419)
==24453==    by 0xB0069E: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:322)
==24453==    by 0xB01111: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:428)
==24453==    by 0xAFF5AF: execute (zend_vm_execute.h:107)
==24453==    by 0xAC232C: zend_execute_scripts (zend.c:1259)
==24453==    by 0xA1AF97: php_execute_script (main.c:2316)
==24453==    by 0xBCE138: main (php_cli.c:1189)
==24453==  Address 0x1779ef70 is 16 bytes inside a block of size 32 free'd
==24453==    at 0x4C2BA6C: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==24453==    by 0xA8F610: _efree (zend_alloc.c:2358)
==24453==    by 0xAABB34: _zval_ptr_dtor (zend_execute_API.c:448)
==24453==    by 0xCCBD1F3: zim_MongoCollection_save (collection.c:1333)
==24453==    by 0xAAE78E: zend_call_function (zend_execute_API.c:991)
==24453==    by 0xAAD05D: call_user_function_ex (zend_execute_API.c:758)
==24453==    by 0xAACEB5: call_user_function (zend_execute_API.c:731)
==24453==    by 0x10FE94B0: zim_Phalcon_Mvc_Collection_save (collection.c:1419)
==24453==    by 0xB0069E: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:322)
==24453==    by 0xB01111: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:428)
==24453==    by 0xAFF5AF: execute (zend_vm_execute.h:107)
==24453==    by 0xAC232C: zend_execute_scripts (zend.c:1259)
==24453== 
==24453== Invalid write of size 4
==24453==    at 0xAABA7E: _zval_ptr_dtor (zend.h:385)
==24453==    by 0xAA9D60: zend_vm_stack_clear_multiple (zend_execute.h:318)
==24453==    by 0xAAE9F4: zend_call_function (zend_execute_API.c:1027)
==24453==    by 0xAAD05D: call_user_function_ex (zend_execute_API.c:758)
==24453==    by 0xAACEB5: call_user_function (zend_execute_API.c:731)
==24453==    by 0x10FE94B0: zim_Phalcon_Mvc_Collection_save (collection.c:1419)
==24453==    by 0xB0069E: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:322)
==24453==    by 0xB01111: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:428)
==24453==    by 0xAFF5AF: execute (zend_vm_execute.h:107)
==24453==    by 0xAC232C: zend_execute_scripts (zend.c:1259)
==24453==    by 0xA1AF97: php_execute_script (main.c:2316)
==24453==    by 0xBCE138: main (php_cli.c:1189)
==24453==  Address 0x1779ef70 is 16 bytes inside a block of size 32 free'd
==24453==    at 0x4C2BA6C: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==24453==    by 0xA8F610: _efree (zend_alloc.c:2358)
==24453==    by 0xAABB34: _zval_ptr_dtor (zend_execute_API.c:448)
==24453==    by 0xCCBD1F3: zim_MongoCollection_save (collection.c:1333)
==24453==    by 0xAAE78E: zend_call_function (zend_execute_API.c:991)
==24453==    by 0xAAD05D: call_user_function_ex (zend_execute_API.c:758)
==24453==    by 0xAACEB5: call_user_function (zend_execute_API.c:731)
==24453==    by 0x10FE94B0: zim_Phalcon_Mvc_Collection_save (collection.c:1419)
==24453==    by 0xB0069E: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:322)
==24453==    by 0xB01111: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:428)
==24453==    by 0xAFF5AF: execute (zend_vm_execute.h:107)
==24453==    by 0xAC232C: zend_execute_scripts (zend.c:1259)
==24453== 
==24453== Invalid read of size 4
==24453==    at 0xAABA8D: _zval_ptr_dtor (zend.h:373)
==24453==    by 0xAA9D60: zend_vm_stack_clear_multiple (zend_execute.h:318)
==24453==    by 0xAAE9F4: zend_call_function (zend_execute_API.c:1027)
==24453==    by 0xAAD05D: call_user_function_ex (zend_execute_API.c:758)
==24453==    by 0xAACEB5: call_user_function (zend_execute_API.c:731)
==24453==    by 0x10FE94B0: zim_Phalcon_Mvc_Collection_save (collection.c:1419)
==24453==    by 0xB0069E: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:322)
==24453==    by 0xB01111: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:428)
==24453==    by 0xAFF5AF: execute (zend_vm_execute.h:107)
==24453==    by 0xAC232C: zend_execute_scripts (zend.c:1259)
==24453==    by 0xA1AF97: php_execute_script (main.c:2316)
==24453==    by 0xBCE138: main (php_cli.c:1189)
==24453==  Address 0x1779ef70 is 16 bytes inside a block of size 32 free'd
==24453==    at 0x4C2BA6C: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==24453==    by 0xA8F610: _efree (zend_alloc.c:2358)
==24453==    by 0xAABB34: _zval_ptr_dtor (zend_execute_API.c:448)
==24453==    by 0xCCBD1F3: zim_MongoCollection_save (collection.c:1333)
==24453==    by 0xAAE78E: zend_call_function (zend_execute_API.c:991)
==24453==    by 0xAAD05D: call_user_function_ex (zend_execute_API.c:758)
==24453==    by 0xAACEB5: call_user_function (zend_execute_API.c:731)
==24453==    by 0x10FE94B0: zim_Phalcon_Mvc_Collection_save (collection.c:1419)
==24453==    by 0xB0069E: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:322)
==24453==    by 0xB01111: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:428)
==24453==    by 0xAFF5AF: execute (zend_vm_execute.h:107)
==24453==    by 0xAC232C: zend_execute_scripts (zend.c:1259)
==24453== 
==24453== Invalid read of size 4
==24453==    at 0xAABB56: _zval_ptr_dtor (zend.h:373)
==24453==    by 0xAA9D60: zend_vm_stack_clear_multiple (zend_execute.h:318)
==24453==    by 0xAAE9F4: zend_call_function (zend_execute_API.c:1027)
==24453==    by 0xAAD05D: call_user_function_ex (zend_execute_API.c:758)
==24453==    by 0xAACEB5: call_user_function (zend_execute_API.c:731)
==24453==    by 0x10FE94B0: zim_Phalcon_Mvc_Collection_save (collection.c:1419)
==24453==    by 0xB0069E: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:322)
==24453==    by 0xB01111: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:428)
==24453==    by 0xAFF5AF: execute (zend_vm_execute.h:107)
==24453==    by 0xAC232C: zend_execute_scripts (zend.c:1259)
==24453==    by 0xA1AF97: php_execute_script (main.c:2316)
==24453==    by 0xBCE138: main (php_cli.c:1189)
==24453==  Address 0x1779ef70 is 16 bytes inside a block of size 32 free'd
==24453==    at 0x4C2BA6C: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==24453==    by 0xA8F610: _efree (zend_alloc.c:2358)
==24453==    by 0xAABB34: _zval_ptr_dtor (zend_execute_API.c:448)
==24453==    by 0xCCBD1F3: zim_MongoCollection_save (collection.c:1333)
==24453==    by 0xAAE78E: zend_call_function (zend_execute_API.c:991)
==24453==    by 0xAAD05D: call_user_function_ex (zend_execute_API.c:758)
==24453==    by 0xAACEB5: call_user_function (zend_execute_API.c:731)
==24453==    by 0x10FE94B0: zim_Phalcon_Mvc_Collection_save (collection.c:1419)
==24453==    by 0xB0069E: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:322)
==24453==    by 0xB01111: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:428)
==24453==    by 0xAFF5AF: execute (zend_vm_execute.h:107)
==24453==    by 0xAC232C: zend_execute_scripts (zend.c:1259)
==24453== 
==24453== Invalid read of size 1
==24453==    at 0xAABB82: _zval_ptr_dtor (zend_gc.h:182)
==24453==    by 0xAA9D60: zend_vm_stack_clear_multiple (zend_execute.h:318)
==24453==    by 0xAAE9F4: zend_call_function (zend_execute_API.c:1027)
==24453==    by 0xAAD05D: call_user_function_ex (zend_execute_API.c:758)
==24453==    by 0xAACEB5: call_user_function (zend_execute_API.c:731)
==24453==    by 0x10FE94B0: zim_Phalcon_Mvc_Collection_save (collection.c:1419)
==24453==    by 0xB0069E: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:322)
==24453==    by 0xB01111: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:428)
==24453==    by 0xAFF5AF: execute (zend_vm_execute.h:107)
==24453==    by 0xAC232C: zend_execute_scripts (zend.c:1259)
==24453==    by 0xA1AF97: php_execute_script (main.c:2316)
==24453==    by 0xBCE138: main (php_cli.c:1189)
==24453==  Address 0x1779ef74 is 20 bytes inside a block of size 32 free'd
==24453==    at 0x4C2BA6C: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==24453==    by 0xA8F610: _efree (zend_alloc.c:2358)
==24453==    by 0xAABB34: _zval_ptr_dtor (zend_execute_API.c:448)
==24453==    by 0xCCBD1F3: zim_MongoCollection_save (collection.c:1333)
==24453==    by 0xAAE78E: zend_call_function (zend_execute_API.c:991)
==24453==    by 0xAAD05D: call_user_function_ex (zend_execute_API.c:758)
==24453==    by 0xAACEB5: call_user_function (zend_execute_API.c:731)
==24453==    by 0x10FE94B0: zim_Phalcon_Mvc_Collection_save (collection.c:1419)
==24453==    by 0xB0069E: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:322)
==24453==    by 0xB01111: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:428)
==24453==    by 0xAFF5AF: execute (zend_vm_execute.h:107)
==24453==    by 0xAC232C: zend_execute_scripts (zend.c:1259)
==24453== 
==24453== Invalid read of size 1
==24453==    at 0xAABB8E: _zval_ptr_dtor (zend_gc.h:182)
==24453==    by 0xAA9D60: zend_vm_stack_clear_multiple (zend_execute.h:318)
==24453==    by 0xAAE9F4: zend_call_function (zend_execute_API.c:1027)
==24453==    by 0xAAD05D: call_user_function_ex (zend_execute_API.c:758)
==24453==    by 0xAACEB5: call_user_function (zend_execute_API.c:731)
==24453==    by 0x10FE94B0: zim_Phalcon_Mvc_Collection_save (collection.c:1419)
==24453==    by 0xB0069E: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:322)
==24453==    by 0xB01111: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:428)
==24453==    by 0xAFF5AF: execute (zend_vm_execute.h:107)
==24453==    by 0xAC232C: zend_execute_scripts (zend.c:1259)
==24453==    by 0xA1AF97: php_execute_script (main.c:2316)
==24453==    by 0xBCE138: main (php_cli.c:1189)
==24453==  Address 0x1779ef74 is 20 bytes inside a block of size 32 free'd
==24453==    at 0x4C2BA6C: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==24453==    by 0xA8F610: _efree (zend_alloc.c:2358)
==24453==    by 0xAABB34: _zval_ptr_dtor (zend_execute_API.c:448)
==24453==    by 0xCCBD1F3: zim_MongoCollection_save (collection.c:1333)
==24453==    by 0xAAE78E: zend_call_function (zend_execute_API.c:991)
==24453==    by 0xAAD05D: call_user_function_ex (zend_execute_API.c:758)
==24453==    by 0xAACEB5: call_user_function (zend_execute_API.c:731)
==24453==    by 0x10FE94B0: zim_Phalcon_Mvc_Collection_save (collection.c:1419)
==24453==    by 0xB0069E: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:322)
==24453==    by 0xB01111: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:428)
==24453==    by 0xAFF5AF: execute (zend_vm_execute.h:107)
==24453==    by 0xAC232C: zend_execute_scripts (zend.c:1259)
==24453==

phalcon · 2013-07-16T14:47:31Z

Fixed by @sjinks

ghost mentioned this issue Jul 16, 2013

Best effort fix for Mongo's bugs #852

Merged

phalcon closed this as completed Jul 16, 2013

ghost mentioned this issue Oct 20, 2013

Fix bug: xcache only save the first key #1406

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[BUG] [CRASH] Spurious crashes in CollectionsTest.php #851

[BUG] [CRASH] Spurious crashes in CollectionsTest.php #851

ghost commented Jul 16, 2013

ghost commented Jul 16, 2013

ghost commented Jul 16, 2013

ghost commented Jul 16, 2013

phalcon commented Jul 16, 2013

[BUG] [CRASH] Spurious crashes in CollectionsTest.php #851

[BUG] [CRASH] Spurious crashes in CollectionsTest.php #851

Comments

ghost commented Jul 16, 2013

ghost commented Jul 16, 2013

ghost commented Jul 16, 2013

ghost commented Jul 16, 2013

phalcon commented Jul 16, 2013