ID: 23505 Updated by: [EMAIL PROTECTED] Reported By: alan at akbkhome dot com -Status: Assigned +Status: Closed Bug Type: Scripting Engine problem Operating System: linux PHP Version: 4.3.2RC2 Assigned To: thies New Comment:
Nothing has happened so I guess no better fix was found. As there is no script provided that could show the other possible crash, closing. Previous Comments: ------------------------------------------------------------------------ [2003-05-16 01:21:28] [EMAIL PROTECTED] jani, your fix won't work if you call a function in an overloaded object from a funtion in an overloaded object;-) calling get_active_function_name() inside debug_backtrace doesn't seem right to me. i will try to find some time to investigate myself. ------------------------------------------------------------------------ [2003-05-15 13:40:38] [EMAIL PROTECTED] This bug has been fixed in CVS. In case this was a PHP problem, snapshots of the sources are packaged every three hours; this change will be in the next snapshot. You can grab the snapshot at http://snaps.php.net/. In case this was a documentation problem, the fix will show up soon at http://www.php.net/manual/. In case this was a PHP.net website problem, the change will show up on the PHP.net site and on the mirror sites in short time. Thank you for the report, and for helping us make PHP better. ------------------------------------------------------------------------ [2003-05-06 03:32:09] [EMAIL PROTECTED] Full backtrace, it simply shows that the function name is already freed when we try to strdup it. I couldn't find the cause though... #0 0x4072567b in strlen (str=0x5a5a5a5a <Address 0x5a5a5a5a out of bounds>) at ../sysdeps/i386/strlen.c:28 str = 0x5a5a5a5a <Address 0x5a5a5a5a out of bounds> cnt = -1 #1 0x08222aa1 in add_assoc_string_ex (arg=0x83b8c54, key=0x82a4e23 "function", key_len=9, str=0x5a5a5a5a <Address 0x5a5a5a5a out of bounds>, duplicate=1) at /dat/dev/php/php-4.3.0dev/Zend/zend_API.c:668 __s = 0x5a5a5a5a <Address 0x5a5a5a5a out of bounds> tmp = (zval *) 0x83c5b3c #2 0x0822c33c in zif_debug_backtrace (ht=0, return_value=0x83c560c, this_ptr=0x0, return_value_used=0) at /dat/dev/php/php-4.3.0dev/Zend/zend_builtin_functions.c:1239 ptr = (zend_execute_data *) 0xbfffd620 lineno = 10 function_name = 0x5a5a5a5a <Address 0x5a5a5a5a out of bounds> filename = 0x83c39dc "/tmp/test.php.txt" class_name = 0x83c49f4 "test" call_type = 0x82a4e2f "->" include_filename = 0x0 stack_frame = (zval *) 0x83b8c54 cur_arg_pos = (void **) 0x83b9744 args = (void **) 0x83b973c arg_stack_consistent = 1 frames_on_stack = 1 #3 0x082316ab in execute (op_array=0x83c5cf4) at /dat/dev/php/php-4.3.0dev/Zend/zend_execute.c:1606 original_return_value = (zval **) 0x83c4ee4 return_value_used = 0 execute_data = {opline = 0x83c4ecc, function_state = { function_symbol_table = 0x0, function = 0x8303a10, reserved = {0x83c55e8, 0xc4, 0x830150c, 0xbfffd178}}, fbc = 0x0, ce = 0x0, object = { ptr = 0x0}, Ts = 0xbfffcf80, original_in_execution = 1 '\001', op_array = 0x83c5cf4, prev_execute_data = 0xbfffd1f0} #4 0x08218175 in call_user_function_ex (function_table=0xbfffd2c8, object_pp=0xbfffd3ac, function_name=0xbfffd390, retval_ptr_ptr=0xbfffd3b8, param_count=3, params=0xbfffd360, no_separation=0, symbol_table=0x0) at /dat/dev/php/php-4.3.0dev/Zend/zend_execute_API.c:559 i = 3 original_return_value = (zval **) 0xbfffd694 calling_symbol_table = (HashTable *) 0x830124c original_function_state_ptr = (zend_function_state *) 0xbfffd624 original_op_array = (zend_op_array *) 0x83bf8cc original_opline_ptr = (zend_op **) 0xbfffd620 orig_free_op1 = 0 orig_free_op2 = 0 orig_unary_op = (int (*)()) 0 orig_binary_op = (int (*)()) 0 function_name_copy = {value = {lval = 138165884, dval = 1.2800237762503321e-313, str = {val = 0x83c3e7c "__call", len = 6}, ht = 0x83c3e7c, obj = {ce = 0x83c3e7c, properties = 0x6}}, type = 3 '\003', is_ref = 0 '\0', refcount = 1} execute_data = {opline = 0x0, function_state = { function_symbol_table = 0xbfffd330, function = 0x83c5cf4, reserved = { 0x8210159, 0x83c56ac, 0x0, 0x20}}, fbc = 0x0, ce = 0x0, object = { ptr = 0x83beda4}, Ts = 0x0, original_in_execution = 69 'E', op_array = 0x0, prev_execute_data = 0xbfffd620} #5 0x08130f16 in overload_call_method (ht=0, return_value=0x83c52f4, this_ptr=0x83beda4, return_value_used=1, property_reference=0xbfffd4a8) at /dat/dev/php/php-4.3.0dev/ext/overload/overload.c:566 handler_args = {0xbfffd37c, 0xbfffd35c, 0xbfffd33c} arg_array = (zval *) 0x83c57e4 result = {value = {lval = 137368844, dval = 5.3614447185633565e-269, str = {val = 0x830150c "", len = 138171136}, ht = 0x830150c, obj = { ce = 0x830150c, properties = 0x83c5300}}, type = 0 '\0', is_ref = 1 '\001', refcount = 4} result_ptr = (zval *) 0xbfffd340 temp_ce = {type = 2 '\002', name = 0x83c49f4 "test", name_length = 4, parent = 0x0, refcount = 0x83c4a94, constants_updated = 1 '\001', function_table = {nTableSize = 16, nTableMask = 15, nNumOfElements = 1, nNextFreeElement = 0, pInternalPointer = 0x83c5c94, pListHead = 0x83c5c94, pListTail = 0x83c5c94, arBuckets = 0x83c4acc, pDestructor = 0x8219b20 <destroy_zend_function>, persistent = 0 '\0', nApplyCount = 0 '\0', bApplyProtection = 1 '\001', inconsistent = 0}, default_properties = {nTableSize = 16, nTableMask = 15, nNumOfElements = 0, nNextFreeElement = 0, pInternalPointer = 0x0, pListHead = 0x0, pListTail = 0x0, arBuckets = 0x83c4b3c, pDestructor = 0x821ff0c <_zval_ptr_dtor_wrapper>, persistent = 0 '\0', nApplyCount = 0 '\0', bApplyProtection = 1 '\001', inconsistent = 0}, builtin_functions = 0x0, handle_function_call = 0, handle_property_get = 0, handle_property_set = 0} orig_ce = (zend_class_entry *) 0x83c4f80 i = 0 args = (zval ***) 0x83c55dc retval = (zval *) 0x0 call_result = -1073752624 use_call_handler = 1 '\001' object = (zval *) 0x83beda4 call_handler = {value = {lval = 136765616, dval = 1.279954593818955e-313, str = {val = 0x826e0b0 "__call", len = 6}, ht = 0x826e0b0, obj = {ce = 0x826e0b0, properties = 0x6}}, type = 3 '\003', is_ref = 0 '\0', refcount = 1} method_name = {value = {lval = 138171068, dval = 1.0678244532774356e-313, str = {val = 0x83c52bc "hello", len = 5}, ht = 0x83c52bc, obj = {ce = 0x83c52bc, properties = 0x5}}, type = 3 '\003', is_ref = 0 '\0', refcount = 2} method_name_ptr = (zval *) 0xbfffd380 method = (zend_overloaded_element *) 0x83c550c #6 0x0822ec1a in call_overloaded_function (T=0xbfffd49c, arg_count=0, return_value=0x83c52f4) at /dat/dev/php/php-4.3.0dev/Zend/zend_execute.c:968 ce = (zend_class_entry *) 0x83c4f80 #7 0x08231a9b in execute (op_array=0x83bf8cc) at /dat/dev/php/php-4.3.0dev/Zend/zend_execute.c:1672 original_return_value = (zval **) 0x83c3b54 return_value_used = 0 execute_data = {opline = 0x83c3d58, function_state = { function_symbol_table = 0x0, function = 0x83c5554, reserved = {0x821936e, 0x83bf954, 0x82a2d60, 0x61}}, fbc = 0x83c5554, ce = 0x0, object = { ptr = 0x83beda4}, Ts = 0xbfffd410, original_in_execution = 0 '\0', op_array = 0x83bf8cc, prev_execute_data = 0x0} ------------------------------------------------------------------------ [2003-05-06 03:30:53] [EMAIL PROTECTED] ok dericks busy - anyone else want to have a go :) ------------------------------------------------------------------------ [2003-05-06 03:29:37] [EMAIL PROTECTED] note this happens when you create a pear error inside the __call method. ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/23505 -- Edit this bug report at http://bugs.php.net/?id=23505&edit=1
