Segmentation fault @ zval_ptr_dtor(&arg_list);

[hnsl]

I get a segmentation fault at line

zval_ptr_dtor(&arg_list);

in function

PHP_FUSE_API int php_fuse_getdir(const char * path, fuse_dirh_t dh, fuse_dirfil_t df) 

From gdb:

Program received signal SIGSEGV, Segmentation fault.
0x00000000006839d7 in _zval_ptr_dtor ()
(gdb) backtrace
#0  0x00000000006839d7 in _zval_ptr_dtor ()
#1  0x000000000069f6c3 in zend_hash_destroy ()
#2  0x000000000069132f in _zval_dtor_func ()
#3  0x0000000000683a12 in _zval_ptr_dtor ()
#4  0x000000000069f6c3 in zend_hash_destroy ()
#5  0x000000000069132f in _zval_dtor_func ()
#6  0x0000000000683a12 in _zval_ptr_dtor ()
#7  0x00007f942a8438fa in php_fuse_getdir (path=<value optimized out>, dh=0x7fff30f029e0, df=0x7f942a60f3f0)

Could it be some obvious mistake? I'm not a PHP extension ninja so I can't look for obvious mistakes etc. Does this signify something special?

[hnsl]

The segfault is reproducible. If I comment out the

df(dh, r == HASH_KEY_IS_LONG ? buf : tmp_s_key, type, ino);

line there doesn't seem to be a segfault so I'm wondering if this is a problem with the buffer passed to fuse via df().

[hnsl]

This issue disappeared after I disabled the xdebug extension. Xdebug doesn't seem to be compatible with this extension which doesn't surprise me as this extension is very advanced and xdebug is very intrusive.

[hnsl]

The segmentation fault is back and I still have xdebug disabled. It's in the same function and reproducible/deterministic. What causes it is listing directories in certain ways. It would be nice if you could take a look at php_fuse_getdir() again and see if you find any obvious mistakes...

[hnsl]

Here's a more precise backtrace:

#0  gc_remove_zval_from_buffer (zv=0x334c020) at /build/buildd/php5-5.3.5/Zend/zend_gc.h:189
#1  0x0000000000683a04 in _zval_ptr_dtor (zval_ptr=0x33e2be8) at /build/buildd/php5-5.3.5/Zend/zend_execute_API.c:442
#2  0x000000000069f6c3 in zend_hash_destroy (ht=0x33e2b30) at /build/buildd/php5-5.3.5/Zend/zend_hash.c:729
#3  0x000000000069132f in _zval_dtor_func (zvalue=0x334bff0) at /build/buildd/php5-5.3.5/Zend/zend_variables.c:46
#4  0x0000000000683a12 in _zval_ptr_dtor (zval_ptr=0x33e2ca8) at /build/buildd/php5-5.3.5/Zend/zend_variables.h:35
#5  0x000000000069f6c3 in zend_hash_destroy (ht=0x33496a0) at /build/buildd/php5-5.3.5/Zend/zend_hash.c:729
#6  0x000000000069132f in _zval_dtor_func (zvalue=0x334b450) at /build/buildd/php5-5.3.5/Zend/zend_variables.c:46
#7  0x0000000000683a12 in _zval_ptr_dtor (zval_ptr=0x7fff01853588) at /build/buildd/php5-5.3.5/Zend/zend_variables.h:35
#8  0x00007f6ee90078fa in php_fuse_getdir (path=<value optimized out>, dh=0x7fff01853a00, df=0x7f6ee8dd33f0) at fujimoto-php-fuse/fuse.c:415

[hnsl]

I made 3 changes: removed "convert_to_array_ex(entry);" and the "zval_ptr_dtor(tmp_type);" and "zval_ptr_dtor(tmp_ino);".

I can no longer seem to reproduce the segfault although it's possible that it's a coincidence. What do you think might cause this?