From: nikic
Operating system:
PHP version: 5.5.2RC1
Package: Scripting Engine problem
Bug Type: Bug
Bug description:Segfault in closure_030.phpt
Description:
------------
closure_030.phpt segfaults on Travis.
Short repro script:
<?php
$b = function() { };
$a = 'b';
$$a();
$b->__invoke();
Valgrind output:
~/dev/php-dev$ USE_ZEND_ALLOC=0 valgrind sapi/cli/php t22.php
==2074== Memcheck, a memory error detector
==2074== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
==2074== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info
==2074== Command: sapi/cli/php t22.php
==2074==
==2074== Invalid read of size 1
==2074== at 0x8260376: zval_call_destructor (zend_execute_API.c:203)
==2074== by 0x8286B2D: zend_hash_reverse_apply (zend_hash.c:775)
==2074== by 0x8260452: shutdown_destructors (zend_execute_API.c:217)
==2074== by 0x8274BC3: zend_call_destructors (zend.c:923)
==2074== by 0x81D6742: php_request_shutdown (main.c:1745)
==2074== by 0x831EDD9: do_cli (php_cli.c:1177)
==2074== by 0x831F6EC: main (php_cli.c:1378)
==2074== Address 0x44828f4 is 12 bytes inside a block of size 20 free'd
==2074== at 0x402B06C: free (in
/usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==2074== by 0x823C602: _efree (zend_alloc.c:2437)
==2074== by 0x82AB651: i_zval_ptr_dtor (zend_execute.h:82)
==2074== by 0x82B1AC3: zend_do_fcall_common_helper_SPEC
(zend_vm_execute.h:630)
==2074== by 0x82B1CD3: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER
(zend_vm_execute.h:682)
==2074== by 0x82B097E: execute_ex (zend_vm_execute.h:356)
==2074== by 0x82B0A33: zend_execute (zend_vm_execute.h:381)
==2074== by 0x827636C: zend_execute_scripts (zend.c:1316)
==2074== by 0x81D85C6: php_execute_script (main.c:2484)
==2074== by 0x831E192: do_cli (php_cli.c:994)
==2074== by 0x831F6EC: main (php_cli.c:1378)
==2074==
==2074== Invalid read of size 4
==2074== at 0x825F4F3: zval_refcount_p (zend.h:397)
==2074== by 0x826038A: zval_call_destructor (zend_execute_API.c:203)
==2074== by 0x8286B2D: zend_hash_reverse_apply (zend_hash.c:775)
==2074== by 0x8260452: shutdown_destructors (zend_execute_API.c:217)
==2074== by 0x8274BC3: zend_call_destructors (zend.c:923)
==2074== by 0x81D6742: php_request_shutdown (main.c:1745)
==2074== by 0x831EDD9: do_cli (php_cli.c:1177)
==2074== by 0x831F6EC: main (php_cli.c:1378)
==2074== Address 0x44828f0 is 8 bytes inside a block of size 20 free'd
==2074== at 0x402B06C: free (in
/usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==2074== by 0x823C602: _efree (zend_alloc.c:2437)
==2074== by 0x82AB651: i_zval_ptr_dtor (zend_execute.h:82)
==2074== by 0x82B1AC3: zend_do_fcall_common_helper_SPEC
(zend_vm_execute.h:630)
==2074== by 0x82B1CD3: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER
(zend_vm_execute.h:682)
==2074== by 0x82B097E: execute_ex (zend_vm_execute.h:356)
==2074== by 0x82B0A33: zend_execute (zend_vm_execute.h:381)
==2074== by 0x827636C: zend_execute_scripts (zend.c:1316)
==2074== by 0x81D85C6: php_execute_script (main.c:2484)
==2074== by 0x831E192: do_cli (php_cli.c:994)
==2074== by 0x831F6EC: main (php_cli.c:1378)
==2074==
... and so on
--
Edit bug report at https://bugs.php.net/bug.php?id=65382&edit=1
--
Try a snapshot (PHP 5.4):
https://bugs.php.net/fix.php?id=65382&r=trysnapshot54
Try a snapshot (PHP 5.3):
https://bugs.php.net/fix.php?id=65382&r=trysnapshot53
Try a snapshot (trunk):
https://bugs.php.net/fix.php?id=65382&r=trysnapshottrunk
Fixed in SVN: https://bugs.php.net/fix.php?id=65382&r=fixed
Fixed in release: https://bugs.php.net/fix.php?id=65382&r=alreadyfixed
Need backtrace: https://bugs.php.net/fix.php?id=65382&r=needtrace
Need Reproduce Script: https://bugs.php.net/fix.php?id=65382&r=needscript
Try newer version: https://bugs.php.net/fix.php?id=65382&r=oldversion
Not developer issue: https://bugs.php.net/fix.php?id=65382&r=support
Expected behavior: https://bugs.php.net/fix.php?id=65382&r=notwrong
Not enough info:
https://bugs.php.net/fix.php?id=65382&r=notenoughinfo
Submitted twice:
https://bugs.php.net/fix.php?id=65382&r=submittedtwice
register_globals: https://bugs.php.net/fix.php?id=65382&r=globals
PHP 4 support discontinued: https://bugs.php.net/fix.php?id=65382&r=php4
Daylight Savings: https://bugs.php.net/fix.php?id=65382&r=dst
IIS Stability: https://bugs.php.net/fix.php?id=65382&r=isapi
Install GNU Sed: https://bugs.php.net/fix.php?id=65382&r=gnused
Floating point limitations: https://bugs.php.net/fix.php?id=65382&r=float
No Zend Extensions: https://bugs.php.net/fix.php?id=65382&r=nozend
MySQL Configuration Error: https://bugs.php.net/fix.php?id=65382&r=mysqlcfg
