ID: 47880
Updated by: dmi...@php.net
Reported By: patric at zap dot lu
Status: Assigned
Bug Type: Scripting Engine problem
Operating System: Debian Lenny
PHP Version: 5.3.0RC1
Assigned To: dmitry
New Comment:
Thanks for test.
This is the smallest script which demonstrates the crash.
<?php
class bomb {
static function go($n) {
$backtrace = debug_backtrace(false);
$backtrace[1]['args'][1] = 'bomb';
}
}
call_user_func_array(array('bomb', 'go'), array(0));
?>
The bug is not related to GC, so may be the crash in GC shown by the
first backtrace is a side effect of this one, but it also may be some
different unrelated bug.
Previous Comments:
------------------------------------------------------------------------
[2009-04-04 10:12:38] patric at zap dot lu
Yes the last testcase created infinite recursion, nevertheless it
should not core dump but reach memory exhausted at the end?
I got a new testcase, I isolated the parts in the framework which
lead to the segfault.
Stripped it down to some weird chain of operations, which lead to
segfault.
This time no deep recursion, at a depth of 18 it begins to segfault.
The piece of code:
class bomb {
static function go($pDepth) {
if ($pDepth>0)
call_user_func_array(array('bomb', 'go'),array($pDepth-1));
$backtrace = debug_backtrace(false);
foreach ($backtrace as $k=>$e)
foreach ($e['args'] as $kk=>$arg)
if (is_array($arg))
$backtrace[$k]['args'][$kk]= 'Foobar';
}
}
bomb::go(18);
### GDB ###########################################
Program terminated with signal 11, Segmentation fault.
[New process 25022]
#0 _zend_mm_free_int (heap=0x9eb81b8, p=0x9fe2da0) at
/blade/install/daemon/php/Zend/zend_alloc.c:1979
1979 if (ZEND_MM_IS_FREE_BLOCK(next_block)) {
(gdb) bt
#0 _zend_mm_free_int (heap=0x9eb81b8, p=0x9fe2da0) at
/blade/install/daemon/php/Zend/zend_alloc.c:1979
#1 0x0832114d in _zval_ptr_dtor (zval_ptr=0x9feb5bc) at
/blade/install/daemon/php/Zend/zend_variables.h:35
#2 0x08337c1e in zend_hash_destroy (ht=0x9fdfc44) at
/blade/install/daemon/php/Zend/zend_hash.c:526
#3 0x0832be75 in _zval_dtor_func (zvalue=0x9fe27c4) at
/blade/install/daemon/php/Zend/zend_variables.c:43
#4 0x0832114d in _zval_ptr_dtor (zval_ptr=0x9fdae88) at
/blade/install/daemon/php/Zend/zend_variables.h:35
#5 0x08337c1e in zend_hash_destroy (ht=0x9febac4) at
/blade/install/daemon/php/Zend/zend_hash.c:526
#6 0x0832be75 in _zval_dtor_func (zvalue=0x9fe0eb8) at
/blade/install/daemon/php/Zend/zend_variables.c:43
#7 0x0832114d in _zval_ptr_dtor (zval_ptr=0x9feb590) at
/blade/install/daemon/php/Zend/zend_variables.h:35
#8 0x08337c1e in zend_hash_destroy (ht=0x9fdf82c) at
/blade/install/daemon/php/Zend/zend_hash.c:526
#9 0x0832be75 in _zval_dtor_func (zvalue=0x9fdf1c0) at
/blade/install/daemon/php/Zend/zend_variables.c:43
#10 0x0832114d in _zval_ptr_dtor (zval_ptr=0xa0111c0) at
/blade/install/daemon/php/Zend/zend_variables.h:35
#11 0x0834e816 in zend_leave_helper_SPEC (execute_data=0x1) at
/blade/install/daemon/php/Zend/zend_vm_execute.h:157
#12 0x08354b8e in execute (op_array=0x9fdd56c) at
/blade/install/daemon/php/Zend/zend_vm_execute.h:104
#13 0x08321ab7 in zend_call_function (fci=0xbfe4521c,
fci_cache=0xbfe45240)
at /blade/install/daemon/php/Zend/zend_execute_API.c:936
#14 0x08269947 in zif_call_user_func_array (ht=2,
return_value=0x9fdefd0, return_value_ptr=0x0, this_ptr=0x0,
return_value_used=0)
at /blade/install/daemon/php/ext/standard/basic_functions.c:4745
#15 0x08376a59 in zend_do_fcall_common_helper_SPEC
(execute_data=0xa010ee8) at
/blade/install/daemon/php/Zend/zend_vm_execute.h:313
#16 0x08354b8e in execute (op_array=0x9fdd56c) at
/blade/install/daemon/php/Zend/zend_vm_execute.h:104
#17 0x08321ab7 in zend_call_function (fci=0xbfe4542c,
fci_cache=0xbfe45450)
at /blade/install/daemon/php/Zend/zend_execute_API.c:936
#18 0x08269947 in zif_call_user_func_array (ht=2,
return_value=0x9fdedc4, return_value_ptr=0x0, this_ptr=0x0,
return_value_used=0)
at /blade/install/daemon/php/ext/standard/basic_functions.c:4745
#19 0x08376a59 in zend_do_fcall_common_helper_SPEC
(execute_data=0xa010c78) at
/blade/install/daemon/php/Zend/zend_vm_execute.h:313
#20 0x08354b8e in execute (op_array=0x9fdd56c) at
/blade/install/daemon/php/Zend/zend_vm_execute.h:104
#21 0x08321ab7 in zend_call_function (fci=0xbfe4563c,
fci_cache=0xbfe45660)
at /blade/install/daemon/php/Zend/zend_execute_API.c:936
#22 0x08269947 in zif_call_user_func_array (ht=2,
return_value=0x9fdebb8, return_value_ptr=0x0, this_ptr=0x0,
return_value_used=0)
at /blade/install/daemon/php/ext/standard/basic_functions.c:4745
#23 0x08376a59 in zend_do_fcall_common_helper_SPEC
(execute_data=0xa010a08) at
/blade/install/daemon/php/Zend/zend_vm_execute.h:313
#24 0x08354b8e in execute (op_array=0x9fdd56c) at
/blade/install/daemon/php/Zend/zend_vm_execute.h:104
#25 0x08321ab7 in zend_call_function (fci=0xbfe4584c,
fci_cache=0xbfe45870)
at /blade/install/daemon/php/Zend/zend_execute_API.c:936
#26 0x08269947 in zif_call_user_func_array (ht=2,
return_value=0x9fde9ac, return_value_ptr=0x0, this_ptr=0x0,
return_value_used=0)
at /blade/install/daemon/php/ext/standard/basic_functions.c:4745
#27 0x08376a59 in zend_do_fcall_common_helper_SPEC
(execute_data=0xa010798) at
/blade/install/daemon/php/Zend/zend_vm_execute.h:313
#28 0x08354b8e in execute (op_array=0x9fdd56c) at
/blade/install/daemon/php/Zend/zend_vm_execute.h:104
#29 0x08321ab7 in zend_call_function (fci=0xbfe45a5c,
fci_cache=0xbfe45a80)
at /blade/install/daemon/php/Zend/zend_execute_API.c:936
#30 0x08269947 in zif_call_user_func_array (ht=2,
return_value=0x9fde7a0, return_value_ptr=0x0, this_ptr=0x0,
return_value_used=0)
at /blade/install/daemon/php/ext/standard/basic_functions.c:4745
#31 0x08376a59 in zend_do_fcall_common_helper_SPEC
(execute_data=0xa010528) at
/blade/install/daemon/php/Zend/zend_vm_execute.h:313
#32 0x08354b8e in execute (op_array=0x9fdd56c) at
/blade/install/daemon/php/Zend/zend_vm_execute.h:104
#33 0x08321ab7 in zend_call_function (fci=0xbfe45c6c,
fci_cache=0xbfe45c90)
at /blade/install/daemon/php/Zend/zend_execute_API.c:936
#34 0x08269947 in zif_call_user_func_array (ht=2,
return_value=0x9fde594, return_value_ptr=0x0, this_ptr=0x0,
return_value_used=0)
at /blade/install/daemon/php/ext/standard/basic_functions.c:4745
#35 0x08376a59 in zend_do_fcall_common_helper_SPEC
(execute_data=0xa0102b8) at
/blade/install/daemon/php/Zend/zend_vm_execute.h:313
#36 0x08354b8e in execute (op_array=0x9fdd56c) at
/blade/install/daemon/php/Zend/zend_vm_execute.h:104
#37 0x08321ab7 in zend_call_function (fci=0xbfe45e7c,
fci_cache=0xbfe45ea0)
at /blade/install/daemon/php/Zend/zend_execute_API.c:936
#38 0x08269947 in zif_call_user_func_array (ht=2,
return_value=0x9fde388, return_value_ptr=0x0, this_ptr=0x0,
return_value_used=0)
at /blade/install/daemon/php/ext/standard/basic_functions.c:4745
#39 0x08376a59 in zend_do_fcall_common_helper_SPEC
(execute_data=0xa010048) at
/blade/install/daemon/php/Zend/zend_vm_execute.h:313
#40 0x08354b8e in execute (op_array=0x9fdd56c) at
/blade/install/daemon/php/Zend/zend_vm_execute.h:104
#41 0x08321ab7 in zend_call_function (fci=0xbfe4608c,
fci_cache=0xbfe460b0)
at /blade/install/daemon/php/Zend/zend_execute_API.c:936
#42 0x08269947 in zif_call_user_func_array (ht=2,
return_value=0x9fde17c, return_value_ptr=0x0, this_ptr=0x0,
return_value_used=0)
at /blade/install/daemon/php/ext/standard/basic_functions.c:4745
#43 0x08376a59 in zend_do_fcall_common_helper_SPEC
(execute_data=0xa00fdd8) at
/blade/install/daemon/php/Zend/zend_vm_execute.h:313
#44 0x08354b8e in execute (op_array=0x9fdd56c) at
/blade/install/daemon/php/Zend/zend_vm_execute.h:104
#45 0x08321ab7 in zend_call_function (fci=0xbfe4629c,
fci_cache=0xbfe462c0)
at /blade/install/daemon/php/Zend/zend_execute_API.c:936
#46 0x08269947 in zif_call_user_func_array (ht=2,
return_value=0x9fddf70, return_value_ptr=0x0, this_ptr=0x0,
return_value_used=0)
at /blade/install/daemon/php/ext/standard/basic_functions.c:4745
#47 0x08376a59 in zend_do_fcall_common_helper_SPEC
(execute_data=0xa00fb68) at
/blade/install/daemon/php/Zend/zend_vm_execute.h:313
#48 0x08354b8e in execute (op_array=0x9fdd56c) at
/blade/install/daemon/php/Zend/zend_vm_execute.h:104
#49 0x08321ab7 in zend_call_function (fci=0xbfe464ac,
fci_cache=0xbfe464d0)
at /blade/install/daemon/php/Zend/zend_execute_API.c:936
#50 0x08269947 in zif_call_user_func_array (ht=2,
return_value=0x9fddd64, return_value_ptr=0x0, this_ptr=0x0,
return_value_used=0)
at /blade/install/daemon/php/ext/standard/basic_functions.c:4745
#51 0x08376a59 in zend_do_fcall_common_helper_SPEC
(execute_data=0xa00f8f8) at
/blade/install/daemon/php/Zend/zend_vm_execute.h:313
#52 0x08354b8e in execute (op_array=0x9fdd56c) at
/blade/install/daemon/php/Zend/zend_vm_execute.h:104
#53 0x08321ab7 in zend_call_function (fci=0xbfe466bc,
fci_cache=0xbfe466e0)
at /blade/install/daemon/php/Zend/zend_execute_API.c:936
#54 0x08269947 in zif_call_user_func_array (ht=2,
return_value=0x9fddb58, return_value_ptr=0x0, this_ptr=0x0,
return_value_used=0)
at /blade/install/daemon/php/ext/standard/basic_functions.c:4745
#55 0x08376a59 in zend_do_fcall_common_helper_SPEC
(execute_data=0xa00f688) at
/blade/install/daemon/php/Zend/zend_vm_execute.h:313
#56 0x08354b8e in execute (op_array=0x9fdd56c) at
/blade/install/daemon/php/Zend/zend_vm_execute.h:104
#57 0x08321ab7 in zend_call_function (fci=0xbfe468cc,
fci_cache=0xbfe468f0)
at /blade/install/daemon/php/Zend/zend_execute_API.c:936
#58 0x08269947 in zif_call_user_func_array (ht=2,
return_value=0x9fdbd8c, return_value_ptr=0x0, this_ptr=0x0,
return_value_used=0)
at /blade/install/daemon/php/ext/standard/basic_functions.c:4745
#59 0x08376a59 in zend_do_fcall_common_helper_SPEC
(execute_data=0xa00f418) at
/blade/install/daemon/php/Zend/zend_vm_execute.h:313
#60 0x08354b8e in execute (op_array=0x9fdd56c) at
/blade/install/daemon/php/Zend/zend_vm_execute.h:104
#61 0x08321ab7 in zend_call_function (fci=0xbfe46adc,
fci_cache=0xbfe46b00)
at /blade/install/daemon/php/Zend/zend_execute_API.c:936
#62 0x08269947 in zif_call_user_func_array (ht=2,
return_value=0x9fdbb80, return_value_ptr=0x0, this_ptr=0x0,
return_value_used=0)
at /blade/install/daemon/php/ext/standard/basic_functions.c:4745
#63 0x08376a59 in zend_do_fcall_common_helper_SPEC
(execute_data=0xa00f1a8) at
/blade/install/daemon/php/Zend/zend_vm_execute.h:313
#64 0x08354b8e in execute (op_array=0x9fdd56c) at
/blade/install/daemon/php/Zend/zend_vm_execute.h:104
#65 0x08321ab7 in zend_call_function (fci=0xbfe46cec,
fci_cache=0xbfe46d10)
at /blade/install/daemon/php/Zend/zend_execute_API.c:936
#66 0x08269947 in zif_call_user_func_array (ht=2,
return_value=0x9fdb974, return_value_ptr=0x0, this_ptr=0x0,
return_value_used=0)
at /blade/install/daemon/php/ext/standard/basic_functions.c:4745
#67 0x08376a59 in zend_do_fcall_common_helper_SPEC
(execute_data=0xa00ef38) at
/blade/install/daemon/php/Zend/zend_vm_execute.h:313
#68 0x08354b8e in execute (op_array=0x9fdd56c) at
/blade/install/daemon/php/Zend/zend_vm_execute.h:104
#69 0x08321ab7 in zend_call_function (fci=0xbfe46efc,
fci_cache=0xbfe46f20)
at /blade/install/daemon/php/Zend/zend_execute_API.c:936
#70 0x08269947 in zif_call_user_func_array (ht=2,
return_value=0x9fdb768, return_value_ptr=0x0, this_ptr=0x0,
return_value_used=0)
at /blade/install/daemon/php/ext/standard/basic_functions.c:4745
#71 0x08376a59 in zend_do_fcall_common_helper_SPEC
(execute_data=0xa00ecc8) at
/blade/install/daemon/php/Zend/zend_vm_execute.h:313
#72 0x08354b8e in execute (op_array=0x9fdd56c) at
/blade/install/daemon/php/Zend/zend_vm_execute.h:104
#73 0x08321ab7 in zend_call_function (fci=0xbfe4710c,
fci_cache=0xbfe47130)
at /blade/install/daemon/php/Zend/zend_execute_API.c:936
#74 0x08269947 in zif_call_user_func_array (ht=2,
return_value=0x9fdb55c, return_value_ptr=0x0, this_ptr=0x0,
return_value_used=0)
at /blade/install/daemon/php/ext/standard/basic_functions.c:4745
#75 0x08376a59 in zend_do_fcall_common_helper_SPEC
(execute_data=0xa00ea58) at
/blade/install/daemon/php/Zend/zend_vm_execute.h:313
#76 0x08354b8e in execute (op_array=0x9fdd56c) at
/blade/install/daemon/php/Zend/zend_vm_execute.h:104
#77 0x08321ab7 in zend_call_function (fci=0xbfe4731c,
fci_cache=0xbfe47340)
at /blade/install/daemon/php/Zend/zend_execute_API.c:936
#78 0x08269947 in zif_call_user_func_array (ht=2,
return_value=0x9fdb350, return_value_ptr=0x0, this_ptr=0x0,
return_value_used=0)
---Type <return> to continue, or q <return> to quit---
at /blade/install/daemon/php/ext/standard/basic_functions.c:4745
#79 0x08376a59 in zend_do_fcall_common_helper_SPEC
(execute_data=0xa00e7e8) at
/blade/install/daemon/php/Zend/zend_vm_execute.h:313
#80 0x08354b8e in execute (op_array=0x9fdd56c) at
/blade/install/daemon/php/Zend/zend_vm_execute.h:104
#81 0x08321ab7 in zend_call_function (fci=0xbfe4752c,
fci_cache=0xbfe47550)
at /blade/install/daemon/php/Zend/zend_execute_API.c:936
#82 0x08269947 in zif_call_user_func_array (ht=2,
return_value=0x9fdb144, return_value_ptr=0x0, this_ptr=0x0,
return_value_used=0)
at /blade/install/daemon/php/ext/standard/basic_functions.c:4745
#83 0x08376a59 in zend_do_fcall_common_helper_SPEC
(execute_data=0xa00e578) at
/blade/install/daemon/php/Zend/zend_vm_execute.h:313
#84 0x08354b8e in execute (op_array=0x9fdd56c) at
/blade/install/daemon/php/Zend/zend_vm_execute.h:104
#85 0x08321ab7 in zend_call_function (fci=0xbfe4773c,
fci_cache=0xbfe47760)
at /blade/install/daemon/php/Zend/zend_execute_API.c:936
#86 0x08269947 in zif_call_user_func_array (ht=2,
return_value=0x9fdaf38, return_value_ptr=0x0, this_ptr=0x0,
return_value_used=0)
at /blade/install/daemon/php/ext/standard/basic_functions.c:4745
#87 0x08376a59 in zend_do_fcall_common_helper_SPEC
(execute_data=0xa00e308) at
/blade/install/daemon/php/Zend/zend_vm_execute.h:313
#88 0x08354b8e in execute (op_array=0x9fdd56c) at
/blade/install/daemon/php/Zend/zend_vm_execute.h:104
#89 0x08321ab7 in zend_call_function (fci=0xbfe4794c,
fci_cache=0xbfe47970)
at /blade/install/daemon/php/Zend/zend_execute_API.c:936
#90 0x08269947 in zif_call_user_func_array (ht=2,
return_value=0x9fdd418, return_value_ptr=0x0, this_ptr=0x0,
return_value_used=0)
at /blade/install/daemon/php/ext/standard/basic_functions.c:4745
#91 0x08376a59 in zend_do_fcall_common_helper_SPEC
(execute_data=0xa00e098) at
/blade/install/daemon/php/Zend/zend_vm_execute.h:313
#92 0x08354b8e in execute (op_array=0x9fdd56c) at
/blade/install/daemon/php/Zend/zend_vm_execute.h:104
#93 0x08321ab7 in zend_call_function (fci=0xbfe47b5c,
fci_cache=0xbfe47b80)
at /blade/install/daemon/php/Zend/zend_execute_API.c:936
#94 0x08269947 in zif_call_user_func_array (ht=2,
return_value=0x9fdd20c, return_value_ptr=0x0, this_ptr=0x0,
return_value_used=0)
at /blade/install/daemon/php/ext/standard/basic_functions.c:4745
#95 0x08376a59 in zend_do_fcall_common_helper_SPEC
(execute_data=0xa00de28) at
/blade/install/daemon/php/Zend/zend_vm_execute.h:313
#96 0x08354b8e in execute (op_array=0x9fdd56c) at
/blade/install/daemon/php/Zend/zend_vm_execute.h:104
#97 0x08321ab7 in zend_call_function (fci=0xbfe47d6c,
fci_cache=0xbfe47d90)
at /blade/install/daemon/php/Zend/zend_execute_API.c:936
#98 0x08269947 in zif_call_user_func_array (ht=2,
return_value=0x9fdd000, return_value_ptr=0x0, this_ptr=0x0,
return_value_used=0)
at /blade/install/daemon/php/ext/standard/basic_functions.c:4745
#99 0x08376a59 in zend_do_fcall_common_helper_SPEC
(execute_data=0xa00dbb8) at
/blade/install/daemon/php/Zend/zend_vm_execute.h:313
#100 0x08354b8e in execute (op_array=0x9fdd56c) at
/blade/install/daemon/php/Zend/zend_vm_execute.h:104
#101 0x0832c046 in zend_execute_scripts (type=8, retval=0x0,
file_count=3) at /blade/install/daemon/php/Zend/zend.c:1188
#102 0x082da047 in php_execute_script (primary_file=0xbfe4a208) at
/blade/install/daemon/php/main/main.c:2157
#103 0x083ad0d4 in main (argc=3, argv=0xbfe4a364) at
/blade/install/daemon/php/sapi/cli/php_cli.c:1159
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/47880
--
Edit this bug report at http://bugs.php.net/?id=47880&edit=1
