Bug #63173 [Opn->Csd]: Crash when invoking invalid callback

Thu, 27 Sep 2012 09:49:21 -0700 

Edit report at https://bugs.php.net/bug.php?id=63173&edit=1

 ID:                 63173
 Updated by:         ni...@php.net
 Reported by:        bugs dot php dot net at majkl578 dot cz
 Summary:            Crash when invoking invalid callback
-Status:             Open
+Status:             Closed
 Type:               Bug
 Package:            Reproducible crash
 Operating System:   Linux & Windows
 PHP Version:        5.4.7
 Block user comment: N
 Private report:     N

 New Comment:

Automatic comment on behalf of nikic
Revision: 
http://git.php.net/?p=php-src.git;a=commit;h=592b232e834ed2698fa97ad4dd58e5ab21f257be
Log: Fix bug #63173: Crash when invoking invalid array callback


Previous Comments:
------------------------------------------------------------------------
[2012-09-27 16:11:53] bugs dot php dot net at majkl578 dot cz

Description:
------------
PHP crashes when the callback (defined as an array) is invalid.

Test script:
---------------
$foo = [
        1 => 0,
        2 => 0,
];

$foo();

Expected result:
----------------
PHP Fatal error

Actual result:
--------------
Segmentation fault; backtrace:

Program received signal SIGSEGV, Segmentation fault.
0x0000000000a53ddf in ZEND_INIT_FCALL_BY_NAME_SPEC_CV_HANDLER 
(execute_data=0x7ffff7f740e8) at 
/storage/build/php/5.4/php-5.4.7/Zend/zend_vm_execute.h:1922
1922                            if (Z_TYPE_PP(obj) != IS_STRING && 
Z_TYPE_PP(obj) != IS_OBJECT) {
(gdb) bt
#0  0x0000000000a53ddf in ZEND_INIT_FCALL_BY_NAME_SPEC_CV_HANDLER 
(execute_data=0x7ffff7f740e8) at 
/storage/build/php/5.4/php-5.4.7/Zend/zend_vm_execute.h:1922
#1  0x0000000000a4cb52 in execute (op_array=0x7ffff7fab698) at 
/storage/build/php/5.4/php-5.4.7/Zend/zend_vm_execute.h:410
#2  0x0000000000a1064a in zend_execute_scripts (type=8, retval=0x0, 
file_count=3) at /storage/build/php/5.4/php-5.4.7/Zend/zend.c:1286
#3  0x0000000000987c90 in php_execute_script (primary_file=0x7fffffffdfc0) at 
/storage/build/php/5.4/php-5.4.7/main/main.c:2473
#4  0x0000000000b569ea in do_cli (argc=2, argv=0x7fffffffe368) at 
/storage/build/php/5.4/php-5.4.7/sapi/cli/php_cli.c:988
#5  0x0000000000b579a5 in main (argc=2, argv=0x7fffffffe368) at 
/storage/build/php/5.4/php-5.4.7/sapi/cli/php_cli.c:1364


------------------------------------------------------------------------



-- 
Edit this bug report at https://bugs.php.net/bug.php?id=63173&edit=1

Reply via email to