Bug #64997 [Opn]: Segfault while using RecursiveIteratorIterator on 64-bits systems

laruence Sun, 09 Jun 2013 07:17:24 -0700

Edit report at https://bugs.php.net/bug.php?id=64997&edit=1


 ID:                 64997
 Updated by:         larue...@php.net
 Reported by:        cyrille dot faucheux+php at gmail dot com
 Summary:            Segfault while using RecursiveIteratorIterator on
                     64-bits systems
 Status:             Open
 Type:               Bug
 Package:            Reproducible crash
 Operating System:   Debian Jessie 64-bits
 PHP Version:        5.5Git-2013-06-08 (Git)
-Assigned To:        
+Assigned To:        laruence
 Block user comment: N
 Private report:     N

 New Comment:

Okey, thanks, I will commit it.


Previous Comments:
------------------------------------------------------------------------
[2013-06-09 12:12:37] cyrille dot faucheux+php at gmail dot com

I've just build branches 5.4 & 5.5 with this patch on my 64-bits Debian Jessie, 
no more segfault.

------------------------------------------------------------------------
[2013-06-09 10:46:11] larue...@php.net

could you verify the fix works?

I can not reproduce segfault, but do see some warnings in valgrind, so I think 
this fix should solve your problem..

thanks

------------------------------------------------------------------------
[2013-06-09 10:43:11] larue...@php.net

The following patch has been added/updated:

Patch Name: bug64997.patch
Revision:   1370774591
URL:        
https://bugs.php.net/patch-display.php?bug=64997&patch=bug64997.patch&revision=1370774591

------------------------------------------------------------------------
[2013-06-09 10:33:55] larue...@php.net

The following patch has been added/updated:

Patch Name: bug64977.patch
Revision:   1370774035
URL:        
https://bugs.php.net/patch-display.php?bug=64997&patch=bug64977.patch&revision=1370774035

------------------------------------------------------------------------
[2013-06-08 23:22:17] cyrille dot faucheux+php at gmail dot com

Description:
------------
I was playing with the Respect data validation library from [1], which makes 
use of Recursive*Iterator to retrieve validation errors.

On my 64-bits Debian Jessie, retrieving the errors with the getFullMessage() 
function causes a segfault. On a 32-bits one, everything works as expected. May 
be related to bug #48206.

This bug is reproducible with the versions 5.4.4-15 (packaged by Debian) and 
the 5.5Git from today (bccacb6).

How to reproduce:
- Clone from [1].
- Place the attached script at the root of the checkout.
- Run # php demo.php

[1]: https://github.com/Respect/Validation

Test script:
---------------
<?php // demo.php
// Place this script at the root of the Respect\Validation library

require_once 'tests/bootstrap.php';

use Respect\Validation\Validator as v;

$userValidator = v::key('name', v::string()->length(1,32))
    ->key('birthdate', v::date('Y-m-d')->minimumAge(18)->setName('age'));

try {
    $userValidator->assert(array('name' => 'bob', 'birthdate' => "1996-07-18"));
} catch (\InvalidArgumentException $e) {
    var_dump($e->getFullMessage());
}

Expected result:
----------------
Should display:

string(73) "\-These rules must pass for "Array"
  \-The age must be 18 years or more."

Actual result:
--------------
#0  0x00000000006f84d0 in gc_remove_from_buffer (root=0x5dfcbc 
<zim_spl_RecursiveIteratorIterator_valid+76>) at 
/root/Dev/php/v5.5/Zend/zend_gc.h:189
#1  gc_remove_zval_from_buffer (zv=zv@entry=0x7fffce7c89f0) at 
/root/Dev/php/v5.5/Zend/zend_gc.c:265
#2  0x00000000006c9948 in i_zval_ptr_dtor (zval_ptr=0x7fffce7c89f0) at 
/root/Dev/php/v5.5/Zend/zend_execute.h:80
#3  _zval_ptr_dtor (zval_ptr=<optimized out>) at 
/root/Dev/php/v5.5/Zend/zend_execute_API.c:426
#4  0x00000000006cb55d in zend_call_function (fci=fci@entry=0x7fffce7c8820, 
fci_cache=0x7ffd74ba0960, fci_cache@entry=0x7fffce7c87f0)
    at /root/Dev/php/v5.5/Zend/zend_execute_API.c:999
#5  0x00000000006f0bf5 in zend_call_method 
(object_pp=object_pp@entry=0x7fffce7c88d8, obj_ce=<optimized out>, 
obj_ce@entry=0x7ffd766757c8, 
    fn_proxy=fn_proxy@entry=0x7ffd76675930, 
function_name=function_name@entry=0xb7ff4f "__tostring", 
function_name_len=function_name_len@entry=10, 
    retval_ptr_ptr=retval_ptr_ptr@entry=0x7fffce7c88e8, 
param_count=param_count@entry=0, arg1=arg1@entry=0x0, arg2=arg2@entry=0x0)
    at /root/Dev/php/v5.5/Zend/zend_interfaces.c:97
#6  0x00000000006fcab4 in zend_std_cast_object_tostring 
(readobj=0x7fffce7c89f0, writeobj=0x7fffce7c8930, type=<optimized out>)
    at /root/Dev/php/v5.5/Zend/zend_object_handlers.c:1537
#7  0x00000000006d0810 in _convert_to_string (op=op@entry=0x7fffce7c89f0) at 
/root/Dev/php/v5.5/Zend/zend_operators.c:643
#8  0x00000000005e31c8 in spl_recursive_tree_iterator_get_entry 
(return_value=return_value@entry=0x7fffce7c89f0, object=0x7ffd74bb6c20, 
object=0x7ffd74bb6c20)
    at /root/Dev/php/v5.5/ext/spl/spl_iterators.c:1021
#9  0x00000000005e3326 in zim_spl_RecursiveTreeIterator_current (ht=0, 
return_value=0x7ffd74bb5dd0, return_value_ptr=<optimized out>, 
this_ptr=<optimized out>, 
    return_value_used=<optimized out>) at 
/root/Dev/php/v5.5/ext/spl/spl_iterators.c:1123
#10 0x00000000006cb868 in zend_call_function (fci=fci@entry=0x7fffce7c8c10, 
fci_cache=fci_cache@entry=0x7fffce7c8be0) at 
/root/Dev/php/v5.5/Zend/zend_execute_API.c:957
#11 0x00000000006f0bf5 in zend_call_method 
(object_pp=object_pp@entry=0x7fffce7c8cc8, obj_ce=<optimized out>, 
fn_proxy=0x2587488, 
    function_name=function_name@entry=0x7945d6 "current", 
function_name_len=function_name_len@entry=7, 
retval_ptr_ptr=retval_ptr_ptr@entry=0x7ffd74bb5aa8, 
    param_count=param_count@entry=0, arg1=arg1@entry=0x0, arg2=arg2@entry=0x0) 
at /root/Dev/php/v5.5/Zend/zend_interfaces.c:97
#12 0x00000000006f126e in zend_user_it_get_current_data (_iter=0x7ffd74bb5a88, 
data=0x7fffce7c8d00) at /root/Dev/php/v5.5/Zend/zend_interfaces.c:181
#13 0x0000000000725ebc in ZEND_FE_FETCH_SPEC_VAR_HANDLER 
(execute_data=0x7ffd7668b578) at /root/Dev/php/v5.5/Zend/zend_vm_execute.h:13640
#14 0x0000000000747de8 in execute_ex (execute_data=0x7ffd7668b578) at 
/root/Dev/php/v5.5/Zend/zend_vm_execute.h:356
#15 0x00000000006dae19 in zend_execute_scripts (type=type@entry=8, 
retval=retval@entry=0x0, file_count=file_count@entry=3) at 
/root/Dev/php/v5.5/Zend/zend.c:1316
#16 0x000000000067a5cb in php_execute_script 
(primary_file=primary_file@entry=0x7fffce7cb270) at 
/root/Dev/php/v5.5/main/main.c:2481
#17 0x000000000078b409 in do_cli (argc=2, argv=0x24aa3a0) at 
/root/Dev/php/v5.5/sapi/cli/php_cli.c:993
#18 0x000000000042890f in main (argc=2, argv=0x24aa3a0) at 
/root/Dev/php/v5.5/sapi/cli/php_cli.c:1377


------------------------------------------------------------------------



-- 
Edit this bug report at https://bugs.php.net/bug.php?id=64997&edit=1

Bug #64997 [Opn]: Segfault while using RecursiveIteratorIterator on 64-bits systems

Reply via email to