[PHP-BUG] Bug #54604 [NEW]: Segfault in ZEND_SWITCH_FREE_SPEC_VAR_HANDLER

Mon, 25 Apr 2011 19:23:25 -0700 

From:             
Operating system: Debian Linux
PHP version:      5.3.6
Package:          Reproducible crash
Bug Type:         Bug
Bug description:Segfault in ZEND_SWITCH_FREE_SPEC_VAR_HANDLER

Description:
------------
I’m not able to safely create a reduced test case. The crash is occurring
from inside a custom error handler when it calls Smarty::display on a
Smarty 2.6.26 template. Reproduced using both dotdeb 5.3.6-6~dotdeb.1 and
debian unstable 5.3.6-8.

Expected result:
----------------
No crash.

Actual result:
--------------
Program received signal SIGSEGV, Segmentation fault.

ZEND_SWITCH_FREE_SPEC_VAR_HANDLER (execute_data=0x7fb3ed373a30) at
/tmp/buildd/php5-5.3.6/Zend/zend.h:385

385     /tmp/buildd/php5-5.3.6/Zend/zend.h: No such file or directory.

        in /tmp/buildd/php5-5.3.6/Zend/zend.h

(gdb) t a a bt



Thread 1 (Thread 0x7fb3f7bfd720 (LWP 9215)):

#0  ZEND_SWITCH_FREE_SPEC_VAR_HANDLER (execute_data=0x7fb3ed373a30) at
/tmp/buildd/php5-5.3.6/Zend/zend.h:385

#1  0x00000000006abb34 in execute (op_array=0x2832d68) at
/tmp/buildd/php5-5.3.6/Zend/zend_vm_execute.h:107

#2  0x000000000067862f in zend_call_function (fci=0x7fffa5018100,
fci_cache=0x7fb3ed36b1f8) at
/tmp/buildd/php5-5.3.6/Zend/zend_execute_API.c:964

#3  0x0000000000678a60 in call_user_function_ex
(function_table=0x7fb3ed373af0, object_pp=0x0, function_name=0x0,
retval_ptr_ptr=0x0, param_count=0, params=0x101010101010101,
no_separation=6838809, symbol_table=0x1)

    at /tmp/buildd/php5-5.3.6/Zend/zend_execute_API.c:754

#4  0x0000000000685a19 in zend_error (type=8192, format=0xaaff40 "Assigning
the return value of new by reference is deprecated") at
/tmp/buildd/php5-5.3.6/Zend/zend.c:1173

#5  0x0000000000655ae7 in zendparse () at
/tmp/buildd/php5-5.3.6/Zend/zend_language_parser.c:4247

#6  0x0000000000657b62 in compile_file (file_handle=<incomplete type>,
type=0) at Zend/zend_language_scanner.l:364

#7  0x0000000000511d11 in phar_compile_file (file_handle=<incomplete type>,
type=0) at /tmp/buildd/php5-5.3.6/ext/phar/phar.c:3393

#8  0x0000000000657d22 in compile_filename (type=2, filename=0x282bfd8) at
Zend/zend_language_scanner.l:407

#9  0x00000000006cc4e8 in ZEND_INCLUDE_OR_EVAL_SPEC_CONST_HANDLER
(execute_data=0x7fb3ed36b1f8) at
/tmp/buildd/php5-5.3.6/Zend/zend_vm_execute.h:1925

#10 0x00000000006abb34 in execute (op_array=0x27ff180) at
/tmp/buildd/php5-5.3.6/Zend/zend_vm_execute.h:107

#11 0x0000000000686796 in zend_execute_scripts (type=0,
retval=0x7fffa501a590, file_count=3) at
/tmp/buildd/php5-5.3.6/Zend/zend.c:1266

#12 0x0000000000632063 in php_execute_script (primary_file=0x29e0f60) at
/tmp/buildd/php5-5.3.6/main/main.c:2296

#13 0x0000000000724306 in main (argc=41836840, argv=0xda8300) at
/tmp/buildd/php5-5.3.6/sapi/fpm/fpm/fpm_main.c:1917



-- 
Edit bug report at http://bugs.php.net/bug.php?id=54604&edit=1
-- 
Try a snapshot (PHP 5.2):            
http://bugs.php.net/fix.php?id=54604&r=trysnapshot52
Try a snapshot (PHP 5.3):            
http://bugs.php.net/fix.php?id=54604&r=trysnapshot53
Try a snapshot (trunk):              
http://bugs.php.net/fix.php?id=54604&r=trysnapshottrunk
Fixed in SVN:                        
http://bugs.php.net/fix.php?id=54604&r=fixed
Fixed in SVN and need be documented: 
http://bugs.php.net/fix.php?id=54604&r=needdocs
Fixed in release:                    
http://bugs.php.net/fix.php?id=54604&r=alreadyfixed
Need backtrace:                      
http://bugs.php.net/fix.php?id=54604&r=needtrace
Need Reproduce Script:               
http://bugs.php.net/fix.php?id=54604&r=needscript
Try newer version:                   
http://bugs.php.net/fix.php?id=54604&r=oldversion
Not developer issue:                 
http://bugs.php.net/fix.php?id=54604&r=support
Expected behavior:                   
http://bugs.php.net/fix.php?id=54604&r=notwrong
Not enough info:                     
http://bugs.php.net/fix.php?id=54604&r=notenoughinfo
Submitted twice:                     
http://bugs.php.net/fix.php?id=54604&r=submittedtwice
register_globals:                    
http://bugs.php.net/fix.php?id=54604&r=globals
PHP 4 support discontinued:          http://bugs.php.net/fix.php?id=54604&r=php4
Daylight Savings:                    http://bugs.php.net/fix.php?id=54604&r=dst
IIS Stability:                       
http://bugs.php.net/fix.php?id=54604&r=isapi
Install GNU Sed:                     
http://bugs.php.net/fix.php?id=54604&r=gnused
Floating point limitations:          
http://bugs.php.net/fix.php?id=54604&r=float
No Zend Extensions:                  
http://bugs.php.net/fix.php?id=54604&r=nozend
MySQL Configuration Error:           
http://bugs.php.net/fix.php?id=54604&r=mysqlcfg

Reply via email to