From: rajivk at sparklit dot com
Operating system: Debian Linux
PHP version: 5.2.10
PHP Bug Type: Reproducible crash
Bug description: calling get_defined_constans with any paramenter results in
sigsev
Description:
------------
Calling get_defined_constants with a parameter causes a segfault. The
occurs in 5.2.10 and 5.3.0
Reproduce code:
---------------
=== case 1 causes crash ======
<?
var_dump(get_defined_constants(false));
?>
=============================================
=== case 2 also causes crash ======
<?
var_dump(get_defined_constants(false));
?>
=============================================
=== case 3 NO CRASH ======
<?
var_dump(get_defined_constants());
?>
=============================================
Expected result:
----------------
no crash
Actual result:
--------------
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb73b1910 (LWP 15496)]
0xb77a2b01 in kill () from /lib/libc.so.6
(gdb) bt
#0 0xb77a2b01 in kill () from /lib/libc.so.6
#1 0x0810ace9 in zend_mm_panic (message=0x84d1d40 "zend_mm_heap
corrupted") at /usr/src/2009july15/php-5.2.10/Zend/zend_alloc.c:94
#2 0x0810d45f in _zend_mm_alloc_int (heap=0x89f7b70, size=44,
__zend_filename=0x84d57d8
"/usr/src/2009july15/php-5.2.10/Zend/zend_hash.c", __zend_lineno=247,
__zend_orig_filename=0x0, __zend_orig_lineno=0) at
/usr/src/2009july15/php-5.2.10/Zend/zend_alloc.c:1895
#3 0x0810e6d6 in _emalloc (size=44, __zend_filename=0x84d57d8
"/usr/src/2009july15/php-5.2.10/Zend/zend_hash.c", __zend_lineno=247,
__zend_orig_filename=0x0,
__zend_orig_lineno=0) at
/usr/src/2009july15/php-5.2.10/Zend/zend_alloc.c:2300
#4 0x08135f7b in _zend_hash_add_or_update (ht=0x87cb62c, arKey=0x89d9fc0
"E_STRICT", nKeyLength=9, pData=0xbfcc367c, nDataSize=4, pDest=0x0,
flag=1,
__zend_filename=0x84d4f30
"/usr/src/2009july15/php-5.2.10/Zend/zend_hash.h", __zend_lineno=341) at
/usr/src/2009july15/php-5.2.10/Zend/zend_hash.c:247
#5 0x0812e86d in zend_symtable_update (ht=0x87cb62c, arKey=0x89d9fc0
"E_STRICT", nKeyLength=9, pData=0xbfcc367c, nDataSize=4, pDest=0x0)
at /usr/src/2009july15/php-5.2.10/Zend/zend_hash.h:341
#6 0x0812ecb4 in add_assoc_zval_ex (arg=0x87e5838, key=0x89d9fc0
"E_STRICT", key_len=9, value=0x87e4ccc) at
/usr/src/2009july15/php-5.2.10/Zend/zend_API.c:1056
#7 0x0813f211 in zif_get_defined_constants (ht=1, return_value=0x87e58e0,
return_value_ptr=0x0, this_ptr=0x0, return_value_used=1)
at /usr/src/2009july15/php-5.2.10/Zend/zend_builtin_functions.c:1674
#8 0x0814e496 in zend_do_fcall_common_helper_SPEC
(execute_data=0xbfcc3818) at
/usr/src/2009july15/php-5.2.10/Zend/zend_vm_execute.h:200
#9 0x08153ead in ZEND_DO_FCALL_SPEC_CONST_HANDLER
(execute_data=0xbfcc3818) at
/usr/src/2009july15/php-5.2.10/Zend/zend_vm_execute.h:1739
#10 0x0814dffa in execute (op_array=0x87c19b8) at
/usr/src/2009july15/php-5.2.10/Zend/zend_vm_execute.h:92
#11 0x0812b810 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
at /usr/src/2009july15/php-5.2.10/Zend/zend.c:1134
#12 0x080e4ad1 in php_execute_script (primary_file=0xbfcc5aec) at
/usr/src/2009july15/php-5.2.10/main/main.c:2025
#13 0x081a47c1 in apache_php_module_main (r=0x87822bc,
display_source_mode=0) at
/usr/src/2009july15/php-5.2.10/sapi/apache/sapi_apache.c:53
#14 0x080d8792 in send_php ()
#15 0x080d87dd in send_parsed_php ()
#16 0x08468875 in ap_invoke_handler ()
#17 0x0847fe6d in process_request_internal ()
#18 0x0847feca in ap_process_request ()
#19 0x084760c0 in child_main ()
#20 0x084763f4 in make_child ()
#21 0x084767e2 in perform_idle_server_maintenance ()
#22 0x08476eb7 in standalone_main ()
#23 0x08477562 in main ()
(gdb) frame 10
#10 0x0814dffa in execute (op_array=0x87c19b8) at
/usr/src/2009july15/php-5.2.10/Zend/zend_vm_execute.h:92
92 if (EX(opline)->handler(&execute_data TSRMLS_CC) >
0) {
(gdb) print (char
*)(executor_globals.function_state_ptr->function)->common.function_name
$1 = 0x84d5d1b "get_defined_constants"
(gdb) print (char *)executor_globals.active_op_array->function_name
$2 = 0x0
(gdb) print (char *)executor_globals.active_op_array->filename
$3 = 0x87c6284
"/home/rajivk/dev/webroot/forum/www/forum.sparklit.com/foobar.spark"
(gdb)
--
Edit bug report at http://bugs.php.net/?id=48951&edit=1
--
Try a CVS snapshot (PHP 5.2):
http://bugs.php.net/fix.php?id=48951&r=trysnapshot52
Try a CVS snapshot (PHP 5.3):
http://bugs.php.net/fix.php?id=48951&r=trysnapshot53
Try a CVS snapshot (PHP 6.0):
http://bugs.php.net/fix.php?id=48951&r=trysnapshot60
Fixed in CVS:
http://bugs.php.net/fix.php?id=48951&r=fixedcvs
Fixed in CVS and need be documented:
http://bugs.php.net/fix.php?id=48951&r=needdocs
Fixed in release:
http://bugs.php.net/fix.php?id=48951&r=alreadyfixed
Need backtrace:
http://bugs.php.net/fix.php?id=48951&r=needtrace
Need Reproduce Script:
http://bugs.php.net/fix.php?id=48951&r=needscript
Try newer version:
http://bugs.php.net/fix.php?id=48951&r=oldversion
Not developer issue:
http://bugs.php.net/fix.php?id=48951&r=support
Expected behavior:
http://bugs.php.net/fix.php?id=48951&r=notwrong
Not enough info:
http://bugs.php.net/fix.php?id=48951&r=notenoughinfo
Submitted twice:
http://bugs.php.net/fix.php?id=48951&r=submittedtwice
register_globals:
http://bugs.php.net/fix.php?id=48951&r=globals
PHP 4 support discontinued: http://bugs.php.net/fix.php?id=48951&r=php4
Daylight Savings: http://bugs.php.net/fix.php?id=48951&r=dst
IIS Stability:
http://bugs.php.net/fix.php?id=48951&r=isapi
Install GNU Sed:
http://bugs.php.net/fix.php?id=48951&r=gnused
Floating point limitations:
http://bugs.php.net/fix.php?id=48951&r=float
No Zend Extensions:
http://bugs.php.net/fix.php?id=48951&r=nozend
MySQL Configuration Error:
http://bugs.php.net/fix.php?id=48951&r=mysqlcfg
