Edit report at https://bugs.php.net/bug.php?id=64960&edit=1
ID: 64960
User updated by: arjen at react dot com
Reported by: arjen at react dot com
Summary: Segfault in gc_zval_possible_root
-Status: Feedback
+Status: Open
Type: Bug
Package: Scripting Engine problem
Operating System: Archlinux
PHP Version: 5.4.15
Block user comment: N
Private report: N
New Comment:
Centos 6.3 with Zend Server PHP (no Suhosin):
# php -v
PHP 5.3.14 (cli) (built: Jun 19 2012 03:47:42)
Archlinux (from repo, no Suhosin)
$ php -v
PHP 5.4.15 (cli) (built: May 12 2013 13:11:23)
Are you sure you're not testing with a debug build? The segfault does not
happen
in debug
builds.
Previous Comments:
------------------------------------------------------------------------
[2013-06-05 03:10:20] larue...@php.net
please disable Suhosin patch and try again.
------------------------------------------------------------------------
[2013-06-04 19:25:14] arjen at react dot com
Verified it's not an Archlinux issue:
~$ php -v
PHP 5.3.10-1ubuntu3.6 with Suhosin-Patch (cli) (built: Mar 11 2013 14:31:48)
~$ php segfault.php
PHP Notice: ob_end_flush(): failed to delete and flush buffer. No buffer to
delete or flush in /home/arjen/segfault.php on line 3
PHP Fatal error: Uncaught exception 'Exception' in /home/arjen/segfault.php:19
Stack trace:
#0 [internal function]: {closure}(8, 'ob_end_clean():...',
'/home/arjen/seg...',
9, Array)
#1 /home/arjen/segfault.php(9): ob_end_clean()
#2 [internal function]: ExceptionHandler->__invoke(Object(Exception))
#3 {main}
thrown in /home/arjen/segfault.php on line 19
Segmentation fault (core dumped)
------------------------------------------------------------------------
[2013-06-04 15:28:15] larue...@php.net
I can not reproduce the "segfault"
------------------------------------------------------------------------
[2013-06-03 11:48:55] arjen at react dot com
Description:
------------
Affects >= 5.3.0, including 5.4.16.
See http://3v4l.org/dTDPH#v536
Combination of custom exception handler and error handler, custom property with
a
debug_backtrace defined to an exception and calling ob_end_clean while
ob_end_flush was called.
Wasn't able to reduce this further.
Test script:
---------------
// this makes ob_end_clean raise an error
ob_end_flush();
class ExceptionHandler {
public function __invoke (Exception $e)
{
// this triggers the custom error handler
ob_end_clean();
}
}
// this must be a class, closure does not trigger segfault
set_exception_handler(new ExceptionHandler());
// exception must be throwed from error handler.
set_error_handler(function()
{
$e = new Exception;
$e->_trace = debug_backtrace();
throw $e;
});
// trigger error handler
$a['waa'];
Expected result:
----------------
No segfault.
Actual result:
--------------
#0 0x0000000000648779 in gc_zval_possible_root ()
#1 0x0000000000637168 in zend_hash_destroy ()
#2 0x0000000000628c0b in _zval_dtor_func ()
#3 0x000000000061abd9 in _zval_ptr_dtor ()
#4 0x0000000000637168 in zend_hash_destroy ()
#5 0x0000000000628c0b in _zval_dtor_func ()
#6 0x000000000061abd9 in _zval_ptr_dtor ()
#7 0x000000000064a437 in zend_object_std_dtor ()
#8 0x000000000064a469 in zend_objects_free_object_storage ()
#9 0x000000000064fe16 in zend_objects_store_free_object_storage ()
#10 0x000000000061b123 in ?? ()
#11 0x0000000000629bc2 in ?? ()
#12 0x00000000005cc04d in php_request_shutdown ()
#13 0x0000000000426004 in ?? ()
#14 0x00007f9a6fddba15 in __libc_start_main () from /usr/lib/libc.so.6
#15 0x0000000000426db9 in _start ()
------------------------------------------------------------------------
--
Edit this bug report at https://bugs.php.net/bug.php?id=64960&edit=1
