ID: 25922 Updated by: [EMAIL PROTECTED] Reported By: jeroen at derks dot it -Status: Feedback +Status: Verified -Bug Type: Reproducible crash +Bug Type: Scripting Engine problem Operating System: Linux 2.4.20 Debian 3.0 -PHP Version: 4.3.3 +PHP Version: 4CVS-20031021 New Comment:
With PHP 4.3.4RC3-dev: [Tue Oct 21 13:11:19 2003] Script: 't.php' --------------------------------------- zend_opcode.c(152) : Block 0x08508470 status: Beginning: Overrun (magic=0x084E8D58, expected=0x7312F8DC) End: Unknown --------------------------------------- [Tue Oct 21 13:11:19 2003] Script: 't.php' --------------------------------------- zend_opcode.c(159) : Block 0x08509568 status: zend_variables.c(44) : Actual location (location was relayed) Beginning: Overrun (magic=0x084E8D58, expected=0x7312F8DC) End: Unknown --------------------------------------- [Tue Oct 21 13:11:19 2003] Script: 't.php' --------------------------------------- zend_opcode.c(159) : Block 0x085095A0 status: zend_variables.c(44) : Actual location (location was relayed) Beginning: Overrun (magic=0x085095D0, expected=0x7312F8DC) End: Unknown --------------------------------------- [Tue Oct 21 13:11:19 2003] Script: 't.php' --------------------------------------- zend_opcode.c(165) : Block 0x085095D8 status: zend_variables.c(44) : Actual location (location was relayed) Beginning: Overrun (magic=0x08509608, expected=0x7312F8DC) End: Unknown --------------------------------------- [Tue Oct 21 13:11:19 2003] Script: 't.php' --------------------------------------- zend_opcode.c(159) : Block 0x08509610 status: zend_variables.c(44) : Actual location (location was relayed) Beginning: Overrun (magic=0x08509640, expected=0x7312F8DC) End: Unknown --------------------------------------- [Tue Oct 21 13:11:19 2003] Script: 't.php' --------------------------------------- zend_opcode.c(165) : Block 0x08509648 status: zend_variables.c(44) : Actual location (location was relayed) Beginning: Overrun (magic=0x08509678, expected=0x7312F8DC) End: Unknown ...and so on. GDB backtrace: Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 16384 (LWP 14715)] 0x08259de8 in _efree (ptr=0x85096b4, __zend_filename=0x8361d00 "zend_opcode.c", __zend_lineno=169, __zend_orig_filename=0x0, __zend_orig_lineno=0) at zend_alloc.c:259 259 REMOVE_POINTER_FROM_LIST(p); (gdb) bt #0 0x08259de8 in _efree (ptr=0x85096b4, __zend_filename=0x8361d00 "zend_opcode.c", __zend_lineno=169, __zend_orig_filename=0x0, __zend_orig_lineno=0) at zend_alloc.c:259 #1 0x08265895 in destroy_op_array (op_array=0x8508af8) at zend_opcode.c:169 #2 0x0826566b in destroy_zend_function (function=0x8508af8) at zend_opcode.c:100 #3 0x08272fa7 in zend_hash_destroy (ht=0x8415848) at zend_hash.c:553 #4 0x0826cb30 in zend_shutdown () at zend.c:559 #5 0x082358bf in php_module_shutdown () at main.c:1284 #6 0x08290fb0 in main (argc=2, argv=0xbffffc84) at php_cli.c:876 Note: Works fine with PHP 5. Previous Comments: ------------------------------------------------------------------------ [2003-10-20 14:11:56] [EMAIL PROTECTED] Please try using this CVS snapshot: http://snaps.php.net/php5-latest.tar.gz For Windows: http://snaps.php.net/win32/php5-win32-latest.zip ------------------------------------------------------------------------ [2003-10-20 07:54:21] jeroen at derks dot it Description: ------------ Modifying 5th parameter of error handler will make PHP crash when leaving the error handler. NB: This seems to happen only when the error was generated in a function (possibly also in a member function). Please see the code. NB2: When changing function test()'s parameter name into $args, PHP exitted normally. Reproduce code: --------------- function my_error_handler( $error, $errmsg = '', $errfile = '', $errline = 0, $errcontext = '' ) { $errcontext = ''; } set_error_handler( 'my_error_handler' ); function test( $headers = '' ) { echo "Undefined index here: '{$data['HTTP_HEADER']}'\n"; } test(); Expected result: ---------------- Undefined index here: '' Actual result: -------------- Undefined index here: '' Segmentation fault ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=25922&edit=1