#35323 [Opn]: debug_backtrace() crashes when assigned to global in error handler

sniper Tue, 22 Nov 2005 00:38:17 -0800

 ID:               35323
 Updated by:       [EMAIL PROTECTED]
 Reported By:      tcarter at noggin dot com dot au
 Status:           Open
 Bug Type:         Scripting Engine problem
 Operating System: Linux 2.4.31
 PHP Version:      4.4.2RC1
 New Comment:


Does not happen with PHP 5.1 CVS.



Previous Comments:
------------------------------------------------------------------------

[2005-11-22 08:33:53] tcarter at noggin dot com dot au

Description:
------------
Calls to debug_backtrace() cause PHP to crash when    
the result is assigned to a static or uninitialized global    
variable inside a custom error handler when an error is    
triggered from inside a (different) function.    
    
Crash occurs with:   
PHP 4.4.1   
PHP 4.4.2RC2 (Snapshot 200511220601) 
   
Does not occur with:   
PHP 4.3.10   
PHP 5.0.3   
   

Reproduce code:
---------------
function err_h() {
        global $backtrace;
        $backtrace = debug_backtrace();
}

set_error_handler("err_h");

function crash_me() { trigger_error('Crash!'); }

crash_me();


Expected result:
----------------
PHP shouldn't crash 

Actual result:
--------------
[EMAIL PROTECTED] php4-STABLE-200511220601]$ ./configure 
--disable-all --enable-debug 
... 
[EMAIL PROTECTED] php4-STABLE-200511220601]$ gdb sapi/cli/php 
... 
This GDB was configured as "i386-redhat-linux-gnu"... 
(gdb) set args -c ./php.ini-dist -f ~/crashme.php 
(gdb) run 
Starting 
program: /home/users/trav/build/php4-STABLE-200511220601/sapi/cli/php 
-c ./php.ini-dist -f ~/crashme.php 
[Tue Nov 22 18:23:15 2005]  Script:  
'/home/users/trav/crashme.php' 
--------------------------------------- 
/home/users/trav/build/php4-STABLE-200511220601/Zend/zend_opcode.c(152)
: 
Block 0x0816F7E8 status: 
Beginning:      Overrun (magic=0x08170A78, 
expected=0x7312F8DC) 
      End:      Unknown 
--------------------------------------- 
[Tue Nov 22 18:23:15 2005]  Script:  
'/home/users/trav/crashme.php' 
--------------------------------------- 
/home/users/trav/build/php4-STABLE-200511220601/Zend/zend_opcode.c(159)
: 
Block 0x0816A028 status: 
/home/users/trav/build/php4-STABLE-200511220601/Zend/zend_variables.c(44)
: 
Actual location (location was relayed) 
Beginning:      Overrun (magic=0x0816A060, 
expected=0x7312F8DC) 
      End:      Unknown 
--------------------------------------- 
[Tue Nov 22 18:23:15 2005]  Script:  
'/home/users/trav/crashme.php' 
--------------------------------------- 
/home/users/trav/build/php4-STABLE-200511220601/Zend/zend_opcode.c(159)
: 
Block 0x08169FE8 status: 
/home/users/trav/build/php4-STABLE-200511220601/Zend/zend_variables.c(44)
: 
Actual location (location was relayed) 
Beginning:      Overrun (magic=0x0816A020, 
expected=0x7312F8DC) 
      End:      Unknown 
--------------------------------------- 
[Tue Nov 22 18:23:15 2005]  Script:  
'/home/users/trav/crashme.php' 
--------------------------------------- 
/home/users/trav/build/php4-STABLE-200511220601/Zend/zend_opcode.c(159)
: 
Block 0x08170A40 status: 
/home/users/trav/build/php4-STABLE-200511220601/Zend/zend_variables.c(44)
: 
Actual location (location was relayed) 
Beginning:      Overrun (magic=0x0816FB68, 
expected=0x7312F8DC) 
      End:      Unknown 
--------------------------------------- 
[Tue Nov 22 18:23:15 2005]  Script:  
'/home/users/trav/crashme.php' 
--------------------------------------- 
/home/users/trav/build/php4-STABLE-200511220601/Zend/zend_opcode.c(159)
: 
Block 0x08170938 status: 
/home/users/trav/build/php4-STABLE-200511220601/Zend/zend_variables.c(44)
: 
Actual location (location was relayed) 
Beginning:      Overrun (magic=0x08170A38, 
expected=0x7312F8DC) 
      End:      Unknown 
--------------------------------------- 
[Tue Nov 22 18:23:15 2005]  Script:  
'/home/users/trav/crashme.php' 
--------------------------------------- 
/home/users/trav/build/php4-STABLE-200511220601/Zend/zend_opcode.c(169)
: 
Block 0x0816F820 status: 
Beginning:      Overrun (magic=0x401D662C, 
expected=0x7312F8DC) 
      End:      Unknown 
--------------------------------------- 
[Tue Nov 22 18:23:15 2005]  Script:  
'/home/users/trav/crashme.php' 
--------------------------------------- 
/home/users/trav/build/php4-STABLE-200511220601/Zend/zend_opcode.c(171)
: 
Block 0x0816F7B0 status: 
Beginning:      Overrun (magic=0x0816F7E0, 
expected=0x7312F8DC) 
      End:      Unknown 
--------------------------------------- 
[Tue Nov 22 18:23:15 2005]  Script:  
'/home/users/trav/crashme.php' 
--------------------------------------- 
/home/users/trav/build/php4-STABLE-200511220601/Zend/zend_opcode.c(152)
: 
Block 0x08170A80 status: 
Beginning:      Overrun (magic=0x0816FC20, 
expected=0x7312F8DC) 
      End:      Unknown 
--------------------------------------- 
[Tue Nov 22 18:23:15 2005]  Script:  
'/home/users/trav/crashme.php' 
--------------------------------------- 
/home/users/trav/build/php4-STABLE-200511220601/Zend/zend_opcode.c(159)
: 
Block 0x0816FC28 status: 
/home/users/trav/build/php4-STABLE-200511220601/Zend/zend_variables.c(44)
: 
Actual location (location was relayed) 
Beginning:      Overrun (magic=0x081701D0, 
expected=0x7312F8DC) 
      End:      Unknown 
--------------------------------------- 
[Tue Nov 22 18:23:15 2005]  Script:  
'/home/users/trav/crashme.php' 
--------------------------------------- 
/home/users/trav/build/php4-STABLE-200511220601/Zend/zend_opcode.c(159)
: 
Block 0x0816FBB0 status: 
/home/users/trav/build/php4-STABLE-200511220601/Zend/zend_variables.c(44)
: 
Actual location (location was relayed) 
Beginning:      Overrun (magic=0x08164618, 
expected=0x7312F8DC) 
      End:      Unknown 
--------------------------------------- 
 
Program received signal SIGSEGV, Segmentation fault. 
0x080e1dbc in _efree (ptr=0x8170adc, 
__zend_filename=0x81307c0 
"/home/users/trav/build/php4-STABLE-200511220601/Zend/zend_opcode.c", 
__zend_lineno=169, 
    __zend_orig_filename=0x0, __zend_orig_lineno=0) 
at
/home/users/trav/build/php4-STABLE-200511220601/Zend/zend_alloc.c:260 
260             REMOVE_POINTER_FROM_LIST(p); 
(gdb) bt 
#0  0x080e1dbc in _efree (ptr=0x8170adc, 
__zend_filename=0x81307c0 
"/home/users/trav/build/php4-STABLE-200511220601/Zend/zend_opcode.c", 
__zend_lineno=169, 
    __zend_orig_filename=0x0, __zend_orig_lineno=0) 
at
/home/users/trav/build/php4-STABLE-200511220601/Zend/zend_alloc.c:260 
#1  0x080ebabc in destroy_op_array (op_array=0x816fc60) 
at
/home/users/trav/build/php4-STABLE-200511220601/Zend/zend_opcode.c:169

#2  0x080eb8c0 in destroy_zend_function 
(function=0x816fc60) 
at
/home/users/trav/build/php4-STABLE-200511220601/Zend/zend_opcode.c:100

#3  0x080f7e25 in zend_hash_destroy (ht=0x8143220) 
at /home/users/trav/build/php4-STABLE-200511220601/Zend/zend_hash.c:556

#4  0x080f2396 in zend_shutdown () 
at /home/users/trav/build/php4-STABLE-200511220601/Zend/zend.c:573 
#5  0x080c0b7f in php_module_shutdown () 
at /home/users/trav/build/php4-STABLE-200511220601/main/main.c:1286 
#6  0x0810aef7 in main (argc=5, argv=0xbffff924) 
at
/home/users/trav/build/php4-STABLE-200511220601/sapi/cli/php_cli.c:887

#7  0x400b5a67 in __libc_start_main () 
from /lib/i686/libc.so.6 
 


------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=35323&edit=1

#35323 [Opn]: debug_backtrace() crashes when assigned to global in error handler

Reply via email to