Edit report at https://bugs.php.net/bug.php?id=64966&edit=1
ID: 64966 User updated by: bfra...@php.net Reported by: bfra...@php.net Summary: reflection_method_invokeArgs core dump Status: Open Type: Bug Package: Scripting Engine problem PHP Version: Irrelevant Block user comment: N Private report: N New Comment: Just to give another update, 5.4.13 works!!!! ------ 5.4.13 ------ % php -dopen_basedir= /usr/local/bin/phpunit --log-junit results.xml phpIntlTest02.php PHPUnit 3.7.21 by Sebastian Bergmann. . Time: 0 seconds, Memory: 2.50Mb OK (1 test, 116 assertions) ------ Where 5.4.14 fails: ------ 5.4.14 ------ & php -dopen_basedir= /usr/local/bin/phpunit --log-junit results.xml phpIntlTest02.php PHPUnit 3.7.21 by Sebastian Bergmann. F Time: 0 seconds, Memory: 3.50Mb There was 1 failure: 1) YPHPINTLTest::test_collator_sort Wrong type of arguments Failed asserting that two strings are equal. --- Expected +++ Actual @@ @@ -'collator_sort_internal: unable to parse input params: U_ILLEGAL_ARGUMENT_ERROR' +'U_USING_FALLBACK_WARNING' /home/bfrance/php-5.4.14/ext/intl/tests/phpIntlTest02.php:33 FAILURES! Tests: 1, Assertions: 2, Failures: 1. ------ So while 5.4 doesn't core dump, that patch from 63914 really changed the execution path to the point it breaks the test. Previous Comments: ------------------------------------------------------------------------ [2013-06-04 16:43:17] bfra...@php.net #0 _zval_ptr_dtor (zval_ptr=0x7ffff7ebfe70) at php-5.3.24/Zend/zend_execute_API.c:441 zv = 0x600000000 #1 0x00000000007038a6 in zend_do_fcall_common_helper_SPEC (execute_data=0x7ffff7ebfa98) at php-5.3.24/Zend/zend_vm_execute.h:418 opline = <value optimized out> should_change_scope = 3 '\003' #2 0x00000000006dc948 in execute (op_array=0xfb6510) at php-5.3.24/Zend/zend_vm_execute.h:107 ret = <value optimized out> execute_data = 0x7ffff7ebfa98 nested = 1 '\001' original_in_execution = 1 '\001' #3 0x00000000006ae1b0 in zend_call_function (fci=0x7fffffffaaa0, fci_cache=<value optimized out>) at php-5.3.24/Zend/zend_execute_API.c:969 i = <value optimized out> original_return_value = 0x7ffff7ebdc60 calling_symbol_table = 0x0 original_op_array = 0x10f1548 original_opline_ptr = 0x7ffff7ebed68 current_scope = 0x0 current_called_scope = 0xe67b90 calling_scope = 0x115e0a8 called_scope = <value optimized out> current_this = 0x115e0a8 execute_data = {opline = 0x0, function_state = {function = 0xfb6510, arguments = 0x7ffff7ebfa90}, fbc = 0x0, called_scope = 0x0, op_array = 0x0, object = 0x1191d08, Ts = 0x7ffff7ebee70, CVs = 0x7ffff7ebee00, symbol_table = 0x0, prev_execute_data = 0x7ffff7ebed68, old_error_reporting = 0x0, nested = 1 '\001', original_return_value = 0x0, current_scope = 0xfb84e0, current_called_scope = 0xfb60c8, current_this = 0x1191d08, current_object = 0x0, call_opline = 0xfe1e98} #4 0x0000000000583a8a in zim_reflection_method_invokeArgs (ht=<value optimized out>, return_value=0x115deb8, return_value_ptr=<value optimized out>, this_ptr=<value optimized out>, return_value_used=<value optimized out>) at php-5.3.24/ext/reflection/php_reflection.c:2753 retval_ptr = <value optimized out> params = 0x123a3a8 object = 0x1191d08 intern = 0x1166fe0 mptr = 0xfb6510 argc = 0 result = <value optimized out> fci = {size = 72, function_table = 0x0, function_name = 0x0, symbol_table = 0x0, retval_ptr_ptr = 0x7fffffffab38, param_count = 0, params = 0x123a3a8, object_ptr = 0x1191d08, no_separation = 1 '\001'} fcc = {initialized = 1 '\001', function_handler = 0xfb6510, calling_scope = 0xfb60c8, called_scope = 0xfb60c8, object_ptr = 0x1191d08} obj_ce = 0xfb60c8 param_array = 0x115de58 #5 0x0000000000703d37 in zend_do_fcall_common_helper_SPEC (execute_data=0x7ffff7ebed68) at php-5.3.24/Zend/zend_vm_execute.h:322 opline = <value optimized out> should_change_scope = 1 '\001' #6 0x00000000006dc948 in execute (op_array=0x10f1548) at php-5.3.24/Zend/zend_vm_execute.h:107 ret = <value optimized out> execute_data = 0x7ffff7ebed68 nested = 1 '\001' original_in_execution = 0 '\000' #7 0x00000000006b758a in zend_execute_scripts (type=8, retval=0x0, file_count=3) at php-5.3.24/Zend/zend.c:1259 files = {{gp_offset = 40, fp_offset = 0, overflow_arg_area = 0x7fffffffad50, reg_save_area = 0x7ffffffface0}} i = <value optimized out> file_handle = 0x7fffffffe160 orig_op_array = 0x0 orig_retval_ptr_ptr = 0x0 #8 0x0000000000666ace in php_execute_script (primary_file=0x7fffffffe160) at php-5.3.24/main/main.c:2316 realfile = "/usr/local/bin/phpunit\000\000\210\341\377\367\377\177", '\000' <repeats 42 times>"\340, \344\377\367\377\177\000\000p\276\377\377\377\177\000\000\000\000\000\000\000\000\000\000Xù\364\377\177\000\000\230\331\374\367\377\177\000\000\000\000\000\000\000\000\000\000\377\377\377\377", '\000' <repeats 12 times>, "\001\000\000\000\000\000\000\000p^\317", '\000' <repeats 13 times>"\213, \322\321\000\000\000\000\000\r", '\000' <repeats 15 times>, "ï\336\367\377\177\000\000\001", '\000' <repeats 23 times>, "Xù\364\377\177\000\000\210\343\271\364\377\177\000\000\270\356\317\000\000\000\000\000@\317\377\377\377\177\000\000p\374\317\000\000\000\000\000\r\000\000\000\000\000\000\000\225\026\337\367\377\177\000\000\002\000\000\000\000\000\000\000`\201\322\000\000\000\000\000\034\000\000\000\000\000\000\000\200\355\206\353\326O9\253\200g\362\364\377\177\000\000\000\000\000\000\000\000\000\000\200g\362\364\377\177"... __orig_bailout = 0x7fffffffdff0 __bailout = {{__jmpbuf = {15446400, 1175243881897479723, 140737488348848, 0, 140737488348136, 0, 1175243883034136107, -1175244725073261013}, __mask_was_saved = 0, __saved_mask = {__val = {229440404087961, 0, 140737299689793, 48, 13753520, 15725344, 7103285, 532575944752, 7, 140737488342704, 153, 7, 140737488342704, 0, 15725216, 0}}}} prepend_file_p = <value optimized out> append_file_p = 0x0 prepend_file = {type = ZEND_HANDLE_FILENAME, filename = 0x0, opened_path = 0x0, handle = {fd = 0, fp = 0x0, stream = {handle = 0x0, isatty = 0, mmap = {len = 0, pos = 0, map = 0x0, buf = 0x0, old_handle = 0x0, old_closer = 0}, reader = 0, fsizer = 0, closer = 0}}, free_filename = 0 '\000'} append_file = {type = ZEND_HANDLE_FILENAME, filename = 0x0, opened_path = 0x0, handle = {fd = 0, fp = 0x0, stream = {handle = 0x0, isatty = 0, mmap = {len = 0, pos = 0, map = 0x0, buf = 0x0, old_handle = 0x0, old_closer = 0}, reader = 0, fsizer = 0, closer = 0}}, free_filename = 0 '\000'} old_cwd = 0x7fffffffad60 "" use_heap = 0 '\000' retval = 0 #9 0x000000000073de34 in main (argc=6, argv=0x7fffffffe3d8) at php-5.3.24/sapi/cli/php_cli.c:1189 __orig_bailout = 0x0 __bailout = {{__jmpbuf = {124, -1175245194508153301, 13630576, 13, 13750923, 13, 1175243881899576875, -1175244831334248917}, __mask_was_saved = 0, __saved_mask = {__val = {140737351936935, 4294967455, 11341735, 45, 140737299199672, 0, 140737488347696, 140737299205192, 140737299224056, 1910330751, 140737351934614, 0, 140737488347456, 140733193388095, 140737488347456, 19}}}} exit_status = 0 c = <value optimized out> file_handle = {type = ZEND_HANDLE_MAPPED, filename = 0x7fffffffe6b0 "/usr/local/bin/phpunit", opened_path = 0x0, handle = {fd = 15570712, fp = 0xed9718, stream = {handle = 0xed9718, isatty = 0, mmap = {len = 2028, pos = 0, map = 0x7ffff7eb2000, buf = 0x7ffff7eb2015 <Address 0x7ffff7eb2015 out of bounds>, old_handle = 0xefee50, old_closer = 0x6cc460 <zend_stream_stdio_closer>}, reader = 0x6cca60 <zend_stream_stdio_reader>, fsizer = 0x6cc990 <zend_stream_stdio_fsizer>, closer = 0x6cc9e0 <zend_stream_mmap_closer>}}, free_filename = 0 '\000'} behavior = 1 reflection_what = 0x0 orig_optind = 1 orig_optarg = 0x0 arg_free = <value optimized out> arg_excp = <value optimized out> script_file = <value optimized out> translated_path = 0xebb180 "/usr/local/bin/phpunit" interactive = <value optimized out> module_started = 1 request_started = 1 lineno = 2 exec_direct = 0x0 exec_run = <value optimized out> exec_begin = 0x0 exec_end = 0x0 param_error = <value optimized out> hide_argv = 0 ini_entries_len = <value optimized out> ------------------------------------------------------------------------ [2013-06-04 15:26:38] larue...@php.net hmm, maybe you can paste the full backtrace out? gdb> bt full thanks ------------------------------------------------------------------------ [2013-06-04 04:32:50] bfra...@php.net I wish I could and I have been trying. If you move line: 35 $GLOBALS['oo-mode']=false; in the test case to line 9, then the core dumps goes away with 5.3.x. When I start trimming down the test case, the core dump goes away. That is the smallest test case I have been able to come up with that core dumps 5.3.x. For 5.4.x you can trim the test case down to just the first test (line 33) and it still has issues. Just add two close braces and a closing php tag on line 34 and nuke the rest of the file. The problem is collator_sort is never called, so the global intl_get_error_message() stuff is never setup. http://git.php.net/?p=php-src.git;a=blob;f=ext/intl/collator/collator_sort.c;h=0785111c964b476da2c1d169bad65f0ab1048fa9;hb=refs/heads/PHP-5.4#l289 Line 343 PHP_FUNCTION( collator_sort ) calls collator_sort_internal from line 289. Line 299 should fail and line 302 should setup the intl_get_error_message() stuff with U_ILLEGAL_ARGUMENT_ERROR. But collator_sort (zif_collator_sort) is never called. ------------------------------------------------------------------------ [2013-06-04 03:52:01] larue...@php.net could you refine this into one simple test script? ------------------------------------------------------------------------ [2013-06-03 19:41:48] bfra...@php.net Description: ------------ I don't think this is reflection related, as the issue started with this Exception patch: zend_do_fcall_common_helper_SPEC does not handle exceptions properly https://bugs.php.net/bug.php?id=63914 but have do not have a good way to describe this bug, so I used the backtrace info. 5.3.24+ : core dumps 5.4.15+ : doesn't execute the code right (same with 5.5.0RC2) Build and install either version of php with pear and intl support. You will need icu installed (pkg: icu, libicu, libicu-devel) for intl support. Install phpunit: pear config-set auto_discover 1 pear install pear.phpunit.de/PHPUnit cd php-5.x.x/ext/intl/tests setup env: % export TZ=US/Pacific % export LANG=en_US.UTF-8 % export LC_ALL= Copy test case: curl -O http://www.brianfrance.com/php/phpIntlTest02.txt mv phpIntlTest02.txt phpIntlTest02.php php -dopen_basedir= /usr/local/bin/phpunit --log-junit results.xml phoIntlTest02.php For 5.3.24+ you will get a core dump with the following backtrace: #0 _zval_ptr_dtor (zval_ptr=0x7ffff7ebfe70) at php-5.3.24/Zend/zend_execute_API.c:441 #1 0x00000000007038a6 in zend_do_fcall_common_helper_SPEC (execute_data=0x7ffff7ebfa98) at php-5.3.24/Zend/zend_vm_execute.h:418 #2 0x00000000006dc948 in execute (op_array=0xfb6508) at php-5.3.24/Zend/zend_vm_execute.h:107 #3 0x00000000006ae1b0 in zend_call_function (fci=0x7fffffffaab0, fci_cache=<value optimized out>) at php-5.3.24/Zend/zend_execute_API.c:969 #4 0x0000000000583a8a in zim_reflection_method_invokeArgs (ht=<value optimized out>, return_value=0x115dab0, return_value_ptr=<value optimized out>, this_ptr=<value optimized out>, return_value_used=<value optimized out>) at php-5.3.24/ext/reflection/php_reflection.c:2753 #5 0x0000000000703d37 in zend_do_fcall_common_helper_SPEC (execute_data=0x7ffff7ebed68) at php-5.3.24/Zend/zend_vm_execute.h:322 #6 0x00000000006dc948 in execute (op_array=0x10f0d48) at php-5.3.24/Zend/zend_vm_execute.h:107 #7 0x00000000006b758a in zend_execute_scripts (type=8, retval=0x0, file_count=3) at php-5.3.24/Zend/zend.c:1259 #8 0x0000000000666ace in php_execute_script (primary_file=0x7fffffffe170) at php-5.3.24/main/main.c:2316 #9 0x000000000073de34 in main (argc=6, argv=0x7fffffffe3e8) at php-5.3.24/sapi/cli/php_cli.c:1189 For 5.4.15+ you get a weird code execution happening. collator_sort is never called on line 17. You can test this by gdb'ing and setting a break point on zif_collator_sort, it will never hit. It is like something triggered the exception before collator_sort is called. This means that callator_sort didn't setup intl_get_error_message() error message about the bad param, so then the test fails on line 33. This test works with 5.3.23 with no core dump and works with 5.3.24 if you revert the bug #63914 patch. Test script: --------------- http://www.brianfrance.com/php/phpIntlTest02.txt ------------------------------------------------------------------------ -- Edit this bug report at https://bugs.php.net/bug.php?id=64966&edit=1