#27728 [Asn]: Segfault in combination of php_check_syntax() and exit.
ID: 27728 User updated by: mail at patrickwitte dot de Reported By: mail at patrickwitte dot de Status: Assigned Bug Type: Reproducible crash Operating System: * -PHP Version: 5.0.0RC1, 5.0.1 +PHP Version: 5.0.0RC1, 5.0.1, 5.0.2 Assigned To: ilia New Comment: Tested the patch on gentoo mod_php-5.0.2 ebuild. No more segfault with reproduce code. Thanks, mikael. Previous Comments: [2004-10-24 19:09:54] mikael dot suvi at trigger dot ee Version 5.0.2 This should do the trick... diff ext/standard/basic_functions.c.old ext/standard/basic_functions.c 2329a2330 zend_op_array *op_array; 2345c2346,2349 if (php_lint_script(file_handle TSRMLS_CC) != SUCCESS) { --- op_array = zend_compile_file(file_handle, ZEND_INCLUDE TSRMLS_CC); zend_destroy_file_handle(file_handle TSRMLS_CC); if (!op_array) { 2354a2359,2360 destroy_op_array(op_array TSRMLS_CC); efree(op_array); [2004-08-23 21:35:06] [EMAIL PROTECTED] I also stumbled upon this, today. Here is my reproduce code: if (!php_check_syntax(NULL)) { die(); } (segfaults) Seems this is not related to __FILE__ I concur that if exit (die) is not called, no segfault. S [2004-03-27 16:30:33] mail at patrickwitte dot de I made a few more test to get more systematic results: 1) Check of file(test.php) with parse error, no matter if 'php_check_syntax()' is followed by 'exit' or not, results in debug message: /home/patrick/php-5.0.0RC1/main/streams/streams.c(371) : Stream of type 'STDIO' 0x4047363c (path:test.php) was not closed 2) Check of correct or non-existant file: 2a) without following 'exit': result as expected 2b) with following 'exit': segfault After looking in streams.c it seems to be a memory leak. [2004-03-27 08:39:10] [EMAIL PROTECTED] Valgrind reports errors while parsing the parameter. Perhaps we free the __FILE__ stuff too early? Assigning to Ilia :) ==3720== Invalid read of size 4 ==3720==at 0x8293343: zend_parse_arg_impl (zend_API.c:301) ==3720==by 0x8293887: zend_parse_arg (zend_API.c:450) ==3720==by 0x8293BC1: zend_parse_va_args (zend_API.c:542) ==3720==by 0x8293C43: zend_parse_parameters (zend_API.c:569) ==3720==by 0x81BF10C: zif_php_check_syntax (basic_functions.c:2247) ==3720==by 0x82B89D4: zend_do_fcall_common_helper (zend_execute.c:2689) ==3720==by 0x82B90D0: zend_do_fcall_handler (zend_execute.c:2818) ==3720==by 0x82B53C6: execute (zend_execute.c:1381) ==3720== Address 0x4B20E38C is not stack'd, malloc'd or free'd ==3720== [2004-03-27 07:47:38] mail at patrickwitte dot de Description: This happens no matter if the checked file is syntactically ok or not or even doesn't exists. In all cases the result of php_check_syntax() is the expexted, but if exit (or die()) is called afterwards you get a segfault. Experienced with sapi-module and cli on linux and cli on win32. (win32-sapi not tested) Reproduce code: --- ?php echo php_check_syntax(__FILE__) ? Ok : failed; exit; ? Expected result: Ok Actual result: -- Ok segfault Backtrace: #0 _emalloc (size=Cannot access memory at address 0xc ) at /home/patrick/php-5.0.0RC1/Zend/zend_alloc.c:140 140 CALCULATE_REAL_SIZE_AND_CACHE_INDEX(size); -- Edit this bug report at http://bugs.php.net/?id=27728edit=1
#30344 [NEW]: Reflection::getModifierNames() returns too long strings
From: mail at patrickwitte dot de Operating system: Gentoo Linux PHP version: 5.0.2 PHP Bug Type: Zend Engine 2 problem Bug description: Reflection::getModifierNames() returns too long strings Description: see Summary Reproduce code: --- var_dump(Reflection::getModifierNames(1)); Expected result: array(1) { [0]= string(6) static } Actual result: -- array(1) { [0]= string(7) static } //with character #0 at this point ^ -- Edit bug report at http://bugs.php.net/?id=30344edit=1 -- Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=30344r=trysnapshot4 Try a CVS snapshot (php5.0): http://bugs.php.net/fix.php?id=30344r=trysnapshot50 Try a CVS snapshot (php5.1): http://bugs.php.net/fix.php?id=30344r=trysnapshot51 Fixed in CVS:http://bugs.php.net/fix.php?id=30344r=fixedcvs Fixed in release:http://bugs.php.net/fix.php?id=30344r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=30344r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=30344r=needscript Try newer version: http://bugs.php.net/fix.php?id=30344r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=30344r=support Expected behavior: http://bugs.php.net/fix.php?id=30344r=notwrong Not enough info: http://bugs.php.net/fix.php?id=30344r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=30344r=submittedtwice register_globals:http://bugs.php.net/fix.php?id=30344r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=30344r=php3 Daylight Savings:http://bugs.php.net/fix.php?id=30344r=dst IIS Stability: http://bugs.php.net/fix.php?id=30344r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=30344r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=30344r=float MySQL Configuration Error: http://bugs.php.net/fix.php?id=30344r=mysqlcfg
#27728 [NEW]: Segfault in combination of php_check_syntax() and exit.
From: mail at patrickwitte dot de Operating system: * PHP version: 5.0.0RC1 PHP Bug Type: Reproducible crash Bug description: Segfault in combination of php_check_syntax() and exit. Description: This happens no matter if the checked file is syntactically ok or not or even doesn't exists. In all cases the result of php_check_syntax() is the expexted, but if exit (or die()) is called afterwards you get a segfault. Experienced with sapi-module and cli on linux and cli on win32. (win32-sapi not tested) Reproduce code: --- ?php echo php_check_syntax(__FILE__) ? Ok : failed; exit; ? Expected result: Ok Actual result: -- Ok segfault Backtrace: #0 _emalloc (size=Cannot access memory at address 0xc ) at /home/patrick/php-5.0.0RC1/Zend/zend_alloc.c:140 140 CALCULATE_REAL_SIZE_AND_CACHE_INDEX(size); -- Edit bug report at http://bugs.php.net/?id=27728edit=1 -- Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=27728r=trysnapshot4 Try a CVS snapshot (php5): http://bugs.php.net/fix.php?id=27728r=trysnapshot5 Fixed in CVS: http://bugs.php.net/fix.php?id=27728r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=27728r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=27728r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=27728r=needscript Try newer version: http://bugs.php.net/fix.php?id=27728r=oldversion Not developer issue:http://bugs.php.net/fix.php?id=27728r=support Expected behavior: http://bugs.php.net/fix.php?id=27728r=notwrong Not enough info:http://bugs.php.net/fix.php?id=27728r=notenoughinfo Submitted twice:http://bugs.php.net/fix.php?id=27728r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=27728r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=27728r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=27728r=dst IIS Stability: http://bugs.php.net/fix.php?id=27728r=isapi Install GNU Sed:http://bugs.php.net/fix.php?id=27728r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=27728r=float
#27728 [Asn]: Segfault in combination of php_check_syntax() and exit.
ID: 27728 User updated by: mail at patrickwitte dot de Reported By: mail at patrickwitte dot de Status: Assigned Bug Type: Reproducible crash Operating System: * PHP Version: 5.0.0RC1 Assigned To: ilia New Comment: I made a few more test to get more systematic results: 1) Check of file(test.php) with parse error, no matter if 'php_check_syntax()' is followed by 'exit' or not, results in debug message: /home/patrick/php-5.0.0RC1/main/streams/streams.c(371) : Stream of type 'STDIO' 0x4047363c (path:test.php) was not closed 2) Check of correct or non-existant file: 2a) without following 'exit': result as expected 2b) with following 'exit': segfault After looking in streams.c it seems to be a memory leak. Previous Comments: [2004-03-27 08:39:10] [EMAIL PROTECTED] Valgrind reports errors while parsing the parameter. Perhaps we free the __FILE__ stuff too early? Assigning to Ilia :) ==3720== Invalid read of size 4 ==3720==at 0x8293343: zend_parse_arg_impl (zend_API.c:301) ==3720==by 0x8293887: zend_parse_arg (zend_API.c:450) ==3720==by 0x8293BC1: zend_parse_va_args (zend_API.c:542) ==3720==by 0x8293C43: zend_parse_parameters (zend_API.c:569) ==3720==by 0x81BF10C: zif_php_check_syntax (basic_functions.c:2247) ==3720==by 0x82B89D4: zend_do_fcall_common_helper (zend_execute.c:2689) ==3720==by 0x82B90D0: zend_do_fcall_handler (zend_execute.c:2818) ==3720==by 0x82B53C6: execute (zend_execute.c:1381) ==3720== Address 0x4B20E38C is not stack'd, malloc'd or free'd ==3720== [2004-03-27 07:47:38] mail at patrickwitte dot de Description: This happens no matter if the checked file is syntactically ok or not or even doesn't exists. In all cases the result of php_check_syntax() is the expexted, but if exit (or die()) is called afterwards you get a segfault. Experienced with sapi-module and cli on linux and cli on win32. (win32-sapi not tested) Reproduce code: --- ?php echo php_check_syntax(__FILE__) ? Ok : failed; exit; ? Expected result: Ok Actual result: -- Ok segfault Backtrace: #0 _emalloc (size=Cannot access memory at address 0xc ) at /home/patrick/php-5.0.0RC1/Zend/zend_alloc.c:140 140 CALCULATE_REAL_SIZE_AND_CACHE_INDEX(size); -- Edit this bug report at http://bugs.php.net/?id=27728edit=1