From: arjen at react dot com Operating system: Archlinux PHP version: 5.4.15 Package: Scripting Engine problem Bug Type: Bug Bug description:Segfault in gc_zval_possible_root
Description: ------------ Affects >= 5.3.0, including 5.4.16. See http://3v4l.org/dTDPH#v536 Combination of custom exception handler and error handler, custom property with a debug_backtrace defined to an exception and calling ob_end_clean while ob_end_flush was called. Wasn't able to reduce this further. Test script: --------------- // this makes ob_end_clean raise an error ob_end_flush(); class ExceptionHandler { public function __invoke (Exception $e) { // this triggers the custom error handler ob_end_clean(); } } // this must be a class, closure does not trigger segfault set_exception_handler(new ExceptionHandler()); // exception must be throwed from error handler. set_error_handler(function() { $e = new Exception; $e->_trace = debug_backtrace(); throw $e; }); // trigger error handler $a['waa']; Expected result: ---------------- No segfault. Actual result: -------------- #0 0x0000000000648779 in gc_zval_possible_root () #1 0x0000000000637168 in zend_hash_destroy () #2 0x0000000000628c0b in _zval_dtor_func () #3 0x000000000061abd9 in _zval_ptr_dtor () #4 0x0000000000637168 in zend_hash_destroy () #5 0x0000000000628c0b in _zval_dtor_func () #6 0x000000000061abd9 in _zval_ptr_dtor () #7 0x000000000064a437 in zend_object_std_dtor () #8 0x000000000064a469 in zend_objects_free_object_storage () #9 0x000000000064fe16 in zend_objects_store_free_object_storage () #10 0x000000000061b123 in ?? () #11 0x0000000000629bc2 in ?? () #12 0x00000000005cc04d in php_request_shutdown () #13 0x0000000000426004 in ?? () #14 0x00007f9a6fddba15 in __libc_start_main () from /usr/lib/libc.so.6 #15 0x0000000000426db9 in _start () -- Edit bug report at https://bugs.php.net/bug.php?id=64960&edit=1 -- Try a snapshot (PHP 5.4): https://bugs.php.net/fix.php?id=64960&r=trysnapshot54 Try a snapshot (PHP 5.3): https://bugs.php.net/fix.php?id=64960&r=trysnapshot53 Try a snapshot (trunk): https://bugs.php.net/fix.php?id=64960&r=trysnapshottrunk Fixed in SVN: https://bugs.php.net/fix.php?id=64960&r=fixed Fixed in release: https://bugs.php.net/fix.php?id=64960&r=alreadyfixed Need backtrace: https://bugs.php.net/fix.php?id=64960&r=needtrace Need Reproduce Script: https://bugs.php.net/fix.php?id=64960&r=needscript Try newer version: https://bugs.php.net/fix.php?id=64960&r=oldversion Not developer issue: https://bugs.php.net/fix.php?id=64960&r=support Expected behavior: https://bugs.php.net/fix.php?id=64960&r=notwrong Not enough info: https://bugs.php.net/fix.php?id=64960&r=notenoughinfo Submitted twice: https://bugs.php.net/fix.php?id=64960&r=submittedtwice register_globals: https://bugs.php.net/fix.php?id=64960&r=globals PHP 4 support discontinued: https://bugs.php.net/fix.php?id=64960&r=php4 Daylight Savings: https://bugs.php.net/fix.php?id=64960&r=dst IIS Stability: https://bugs.php.net/fix.php?id=64960&r=isapi Install GNU Sed: https://bugs.php.net/fix.php?id=64960&r=gnused Floating point limitations: https://bugs.php.net/fix.php?id=64960&r=float No Zend Extensions: https://bugs.php.net/fix.php?id=64960&r=nozend MySQL Configuration Error: https://bugs.php.net/fix.php?id=64960&r=mysqlcfg