Bug #65367 [ReO]: Segmentation fault when mixing =& and =

laruence Mon, 05 Aug 2013 20:04:32 -0700

Edit report at https://bugs.php.net/bug.php?id=65367&edit=1


 ID:                 65367
 Updated by:         larue...@php.net
 Reported by:        mbecc...@php.net
 Summary:            Segmentation fault when mixing =& and =
 Status:             Re-Opened
 Type:               Bug
 Package:            Reproducible crash
 Operating System:   Any
 PHP Version:        5.5.1
 Assigned To:        laruence
 Block user comment: N
 Private report:     N

 New Comment:

did you built it frome a fresh work dir?


Previous Comments:
------------------------------------------------------------------------
[2013-08-05 14:50:51] mbecc...@php.net

I have upgraded PHP 5.4 to latest-git on a new machine. With the patch applied 
I now see many test runs consistently fail with a segafult. Reverting to 5.4.17 
fixes the segfault.

Backtrace is:

#0  0x00000000009beb33 in zend_std_object_get_class (object=0x7fffef535cd0) at 
/root/compile/php-src/Zend/zend_object_handlers.c:1500
        zobj = 0x7fff00000021
#1  0x000000000098dd98 in zend_get_class_entry (zobject=0x7fffef535cd0) at 
/root/compile/php-src/Zend/zend_API.c:238
No locals.
#2  0x0000000000a17121 in ZEND_INIT_METHOD_CALL_SPEC_CV_CONST_HANDLER 
(execute_data=0x7ffff7fa1ea0)
    at /root/compile/php-src/Zend/zend_vm_execute.h:29282
        opline = 0x7ffff0a34228
        function_name = 0x7ffff0a35058
        function_name_strval = 0x7ffff7f97d50 "setFileNameProtection"
        function_name_strlen = 21
#3  0x00000000009c6513 in execute (op_array=0x1446f00) at 
/root/compile/php-src/Zend/zend_vm_execute.h:410
        ret = 0
        execute_data = 0x7ffff7fa1ea0
        nested = 1 '\001'
        original_in_execution = 0 '\000'
#4  0x000000000098ca9f in zend_execute_scripts (type=8, retval=0x0, 
file_count=3) at /root/compile/php-src/Zend/zend.c:1315
        files = {{gp_offset = 40, fp_offset = 48, overflow_arg_area = 
0x7fffffffae40, reg_save_area = 0x7fffffffad80}}
        i = 1
        file_handle = 0x7fffffffd1e0
        orig_op_array = 0x0
        orig_retval_ptr_ptr = 0x0
        orig_interactive = 0
#5  0x0000000000902ff4 in php_execute_script (primary_file=0x7fffffffd1e0) at 
/root/compile/php-src/main/main.c:2497
        realfile = 
"/home/atlassian/bamboo/xml-data/build-dir/AP-RET-P53P/tests/run.php\000\000\000\000\000\021",
 '\000' <repeats 15 times>, 
"P\301\377\377\377\177\000\000\336U\225\000\000\000\000\000\234\066\336\367\377\177\000\000\000\020$\001\000\000\000\000\016\000\000\000\000\000\000\000\260\302\377\377\377\177\000\000-\000\000\000\000\000\000\000fII\"\000\000\000\000\240>\336\367\377\177\000\000\000\000\000\000\000\000\000\000&\000\000\000\000\000\000\000%%\211\000\000\000\000\000\030\255\231\365\377\177\000\000\214\236\231\365\377\177\000\000"...
        __orig_bailout = 0x7fffffffd2f0
        __bailout = {{__jmpbuf = {0, -263622604701000067, 4380576, 
140737488348720, 0, 0, -263622602725482883, 263621642691976829},
            __mask_was_saved = 0, __saved_mask = {__val = {0, 0, 
140737314399616, 140737488343184, 0, 140737488343200, 4380576, 140737488348720, 
0, 0,
                9431409, 140737488344000, 140737488349319, 19186208, 
287762808856, 21253568}}}}
        prepend_file_p = 0x0
        append_file_p = 0x0
        prepend_file = {type = ZEND_HANDLE_FILENAME, filename = 0x0, 
opened_path = 0x0, handle = {fd = 0, fp = 0x0, stream = {handle = 0x0,
              isatty = 0, mmap = {len = 0, pos = 0, map = 0x0, buf = 0x0, 
old_handle = 0x0, old_closer = 0x0}, reader = 0x0, fsizer = 0x0,
              closer = 0x0}}, free_filename = 0 '\000'}
        append_file = {type = ZEND_HANDLE_FILENAME, filename = 0x0, opened_path 
= 0x0, handle = {fd = 0, fp = 0x0, stream = {handle = 0x0, isatty = 0,
              mmap = {len = 0, pos = 0, map = 0x0, buf = 0x0, old_handle = 0x0, 
old_closer = 0x0}, reader = 0x0, fsizer = 0x0, closer = 0x0}},
          free_filename = 0 '\000'}
        old_cwd = 0x7fffffffae60 ""
        use_heap = 0 '\000'
        retval = 0

------------------------------------------------------------------------
[2013-08-02 16:24:26] larue...@php.net

fixed in http://git.php.net/?p=php-
src.git;a=commitdiff;h=ce9169e360701ea3b1ab2366171c24d4de5e78e3

------------------------------------------------------------------------
[2013-08-02 07:29:59] mbecc...@php.net

Yes, the patch fixes the issue as far as I can tell. Well done!

------------------------------------------------------------------------
[2013-08-02 02:00:15] larue...@php.net

could you please verify the fix I attached at #65372?
thanks

------------------------------------------------------------------------
[2013-08-02 01:11:26] larue...@php.net

Seems similar to #65372

------------------------------------------------------------------------


The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at

    https://bugs.php.net/bug.php?id=65367


-- 
Edit this bug report at https://bugs.php.net/bug.php?id=65367&edit=1

Bug #65367 [ReO]: Segmentation fault when mixing =& and =

Reply via email to