#33802 [Opn->Asn]: throw Exception in error handler causes crash

[tony2001]

 ID:               33802
 Updated by:       [EMAIL PROTECTED]
 Reported By:      isitoya at wakhok dot ac dot jp
-Status:           Open
+Status:           Assigned
 Bug Type:         Reproducible crash
 Operating System: Suse9.2
 PHP Version:      5.1.0b3
-Assigned To:      
+Assigned To:      dmitry
 New Comment:

Dmitry, I can see some valgrind errors appearing only with
--disable-zend-memory-manager:

==7780== Invalid read of size 4
==7780==    at 0x823AF65: _zend_is_inconsistent (zend_hash.c:53)
==7780==    by 0x823C0F4: zend_hash_destroy (zend_hash.c:510)
==7780==    by 0x82285B5: shutdown_executor (zend_execute_API.c:268)
==7780==    by 0x8234722: zend_deactivate (zend.c:823)
==7780==    by 0x81F416F: php_request_shutdown (main.c:1331)
==7780==    by 0x829DB17: main (php_cli.c:1142)
==7780==  Address 0x1BD72CC0 is 40 bytes inside a block of size 44
free'd
==7780==    at 0x1B9057CD: free (in
/usr/lib/valgrind/vgpreload_memcheck.so)
==7780==    by 0x82331EE: _zval_dtor_func (zend_variables.c:44)
==7780==    by 0x822B0D0: _zval_dtor (zend_variables.h:35)
==7780==    by 0x8228947: _zval_ptr_dtor (zend_execute_API.c:386)
==7780==    by 0x8233450: _zval_ptr_dtor_wrapper
(zend_variables.c:175)
==7780==    by 0x823C13B: zend_hash_destroy (zend_hash.c:519)



Previous Comments:
------------------------------------------------------------------------

[2005-07-21 14:25:50] isitoya at wakhok dot ac dot jp

sorry I mistaked.

no try catch section code will produce Segmentation fault.
so its bottom one.

set_error_handler('errorHandler', E_USER_ERROR);
test();
restore_error_handler();

upper one just dump glibc error.
and when I use 5.0.4 or lesser no segmentation fault reported. Its
started from 5.1.0beta2 or later.

------------------------------------------------------------------------

[2005-07-21 14:00:42] isitoya at wakhok dot ac dot jp

Thank you for reply.
I tried latest snapshot php5-200507211030.
but same error occured.
upper one produces the SIGSEGV. this one
set_error_handler('errorHandler', E_USER_ERROR);
try{
    test();
}catch(Exception $e){
}
restore_error_handler();

Is this caused by my glibc version?
rpm -qa | grep glibc
glibc-32bit-9.2-200412151444
glibc-devel-32bit-9.2-200412202043
glibc-2.3.3-118
glibc-locale-2.3.3-118
glibc-locale-32bit-9.2-200412202043
glibc-devel-2.3.3-118
glibc-i18ndata-2.3.3-118

------------------------------------------------------------------------

[2005-07-21 13:25:13] [EMAIL PROTECTED]

Please try using this CVS snapshot:

  http://snaps.php.net/php5-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5-win32-latest.zip

So which of the two examples produces the SIGSEGV ?
Also, please try latest snapshot, as I can't reproduce it with both
pieces of code you've provided.

------------------------------------------------------------------------

[2005-07-21 13:14:45] isitoya at wakhok dot ac dot jp

Description:
------------
When I using Phing, My testcase with PEAR-SOAP and rdfapi-php had
stopped with segmentation fault.

And I Found that throwing exception in error_handler causes Seg fault.



Reproduce code:
---------------
<?php
set_error_handler('errorHandler', E_USER_ERROR);
try{
    test();
}catch(Exception $e){
}
restore_error_handler();

function test(){
    trigger_error("error", E_USER_ERROR);
}

function errorHandler($errno, $errstr, $errfile, $errline) {
    throw new Exception();
}
?>
-----
no try and catch
<?php
set_error_handler('errorHandler', E_USER_ERROR);
test();
restore_error_handler();

function test(){
    trigger_error("error", E_USER_ERROR);
}

function errorHandler($errno, $errstr, $errfile, $errline) {
    throw new Exception();
}
?>


Expected result:
----------------
nothing

Actual result:
--------------
*** glibc detected *** double free or corruption: 0x0000000000af7970
***
*** glibc detected *** double free or corruption: 0x0000000000af7a10
***
*** glibc detected *** double free or corruption: 0x0000000000af07b0
***
------
no try and catch

Fatal error: Uncaught exception 'Exception' in
/usr/home/kent/tests/trigger_errorTest.php:11
Stack trace:
#0 [internal function]: errorHandler(256, 'error',
'/usr/home/kent/...', 7, Array)
#1 /usr/home/kent/tests/trigger_errorTest.php(7):
trigger_error('error', 256)
#2 /usr/home/kent/tests/trigger_errorTest.php(3): test()
#3 {main}
  thrown in /usr/home/kent/tests/trigger_errorTest.php on line 11
*** glibc detected *** double free or corruption: 0x0000000000af7870
***
*** glibc detected *** double free or corruption: 0x0000000000af7910
***
Segmentation fault



------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=33802&edit=1