[PHP-BUG] Bug #62525 [NEW]: sigabrt while converting floating point to string

[perryjp at gmail dot com]

From:             perryjp at gmail dot com
Operating system: Ubuntu 10.04.3 LTS
PHP version:      master-Git-2012-07-10 (Git)
Package:          Reproducible crash
Bug Type:         Bug
Bug description:sigabrt while converting floating point to string

Description:
------------
I traced the root of my problem to compilation issues but I while debugging
my issues I traced a sigabrt to a bug in snprintf.c freeing a static
string.

php_conv_fp(snprintf.c:396) tries to free the static strings "NAN" or "INF"
returned from __cvt(snprintf.c:97)

Actual result:
--------------
#0  0x0f8fc0d0 in raise () from /lib/tls/libc.so.6
#1  0x0f8fd924 in abort () from /lib/tls/libc.so.6
#2  0x0f93f658 in __libc_message () from /lib/tls/libc.so.6
#3  0x0f945f70 in malloc_printerr () from /lib/tls/libc.so.6
#4  0x0f947330 in _int_free () from /lib/tls/libc.so.6
#5  0x0f9478c0 in free () from /lib/tls/libc.so.6
#6  0x102bb960 in php_conv_fp (format=70 'F', num=2.0824708938098908, 
    add_dp=NO, precision=8, dec_point=46 '.', is_negative=0xbfb8d040, 
    buf=0xbfb8ce3d "NAN", len=0xbfb8ce38)
    at /php/main/snprintf.c:399
#7  0x102bffdc in xbuf_format_converter (xbuf=0xbfb8d138, fmt=0x104463b7
"F", 
    ap=0xbfb8d16c)
    at /php/main/spprintf.c:588
#8  0x102c0d14 in vspprintf (pbuf=0xbfb8d29c, max_len=0, 
    format=0x104463a8 "%.15s%ld%ld%0.8F", ap=0xbfb8d16c)
    at /php/main/spprintf.c:769
#9  0x102c0df0 in spprintf (pbuf=0xbfb8d29c, max_len=0, 
    format=0x104463a8 "%.15s%ld%ld%0.8F")
    at /php/main/spprintf.c:788
#10 0x1017a59c in php_session_create_id (mod_data=0x104b3f08, newlen=0x0)
    at /php/ext/session/session.c:736
#11 0x1017aa2c in php_session_initialize ()
    at /php/ext/session/session.c:830
#12 0x1017d530 in php_session_start ()
    at /php/ext/session/session.c:1325
#13 0x1017fe48 in zif_session_start (ht=0, return_value=0x105695c0, 
    return_value_ptr=0x0, this_ptr=0x0, return_value_used=0)
    at /php/ext/session/session.c:1815
#14 0x103539d4 in zend_do_fcall_common_helper_SPEC
(execute_data=0xbfb8dff8)
    at /php/Zend/zend_vm_execute.h:200
#15 0x1035b428 in ZEND_DO_FCALL_SPEC_CONST_HANDLER
(execute_data=0xbfb8dff8)
    at /php/Zend/zend_vm_execute.h:1679
#16 0x1035334c in execute (op_array=0x10596f88)
    at /php/Zend/zend_vm_execute.h:92
#17 0x10353ba4 in zend_do_fcall_common_helper_SPEC
(execute_data=0xbfb8e148)
    at /php/Zend/zend_vm_execute.h:234
#18 0x1035b428 in ZEND_DO_FCALL_SPEC_CONST_HANDLER
(execute_data=0xbfb8e148)
    at /php/Zend/zend_vm_execute.h:1679
#19 0x1035334c in execute (op_array=0x10560418)
    at /php/Zend/zend_vm_execute.h:92
#20 0x10365278 in ZEND_INCLUDE_OR_EVAL_SPEC_TMP_HANDLER (
    execute_data=0xbfb8f2e8)
    at /php/Zend/zend_vm_execute.h:4612
#21 0x1035334c in execute (op_array=0x1055d000)
    at /php/Zend/zend_vm_execute.h:92
#22 0x10322798 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at /php/Zend/zend.c:1134
#23 0x102ba7c0 in php_execute_script (primary_file=0xbfb9175c)
    at /php/main/main.c:2005
#24 0x103cb7dc in main (argc=3, argv=0xbfb93d24)
    at /php/sapi/cgi/cgi_main.c:1919


-- 
Edit bug report at https://bugs.php.net/bug.php?id=62525&edit=1
-- 
Try a snapshot (PHP 5.4):            
https://bugs.php.net/fix.php?id=62525&r=trysnapshot54
Try a snapshot (PHP 5.3):            
https://bugs.php.net/fix.php?id=62525&r=trysnapshot53
Try a snapshot (trunk):              
https://bugs.php.net/fix.php?id=62525&r=trysnapshottrunk
Fixed in SVN:                        
https://bugs.php.net/fix.php?id=62525&r=fixed
Fixed in SVN and need be documented: 
https://bugs.php.net/fix.php?id=62525&r=needdocs
Fixed in release:                    
https://bugs.php.net/fix.php?id=62525&r=alreadyfixed
Need backtrace:                      
https://bugs.php.net/fix.php?id=62525&r=needtrace
Need Reproduce Script:               
https://bugs.php.net/fix.php?id=62525&r=needscript
Try newer version:                   
https://bugs.php.net/fix.php?id=62525&r=oldversion
Not developer issue:                 
https://bugs.php.net/fix.php?id=62525&r=support
Expected behavior:                   
https://bugs.php.net/fix.php?id=62525&r=notwrong
Not enough info:                     
https://bugs.php.net/fix.php?id=62525&r=notenoughinfo
Submitted twice:                     
https://bugs.php.net/fix.php?id=62525&r=submittedtwice
register_globals:                    
https://bugs.php.net/fix.php?id=62525&r=globals
PHP 4 support discontinued:          
https://bugs.php.net/fix.php?id=62525&r=php4
Daylight Savings:                    https://bugs.php.net/fix.php?id=62525&r=dst
IIS Stability:                       
https://bugs.php.net/fix.php?id=62525&r=isapi
Install GNU Sed:                     
https://bugs.php.net/fix.php?id=62525&r=gnused
Floating point limitations:          
https://bugs.php.net/fix.php?id=62525&r=float
No Zend Extensions:                  
https://bugs.php.net/fix.php?id=62525&r=nozend
MySQL Configuration Error:           
https://bugs.php.net/fix.php?id=62525&r=mysqlcfg