Edit report at https://bugs.php.net/bug.php?id=65367&edit=1
ID: 65367 Updated by: mbecc...@php.net Reported by: mbecc...@php.net Summary: Segmentation fault when mixing =& and = Status: Closed Type: Bug Package: Reproducible crash Operating System: Any PHP Version: 5.5.1 Assigned To: laruence Block user comment: N Private report: N New Comment: Yes, this didn't make it into PHP 5.4.19 as it was branched off of 5.4.18. Hopefully 5.4.20 will contain the fix (like 5.5.2 does). Previous Comments: ------------------------------------------------------------------------ [2013-09-18 17:28:31] jbozza at mindsites dot com This bug has been listed as closed and fixed in git, but the problem still remains in 5.4.19. Looking at the diff for both files fixed, the 5.4.19 source code is still missing the changed lines. According to the changelogs, 5.5.2 received the fixes on August 15, 2013, but 5.4.18 (released the same day) did not receive the fixes. Can this be applied to 5.4.x? Comment at 2013-08-05 14:50 UTC, by mbecc...@php.net even mentions 5.4. ------------------------------------------------------------------------ [2013-08-06 07:45:27] larue...@php.net thanks for the ssh access, it is helpful. fixed in: http://git.php.net/?p=php- src.git;a=commit;h=a831499b4a1029118dc45375e62af42043110ade ------------------------------------------------------------------------ [2013-08-06 05:53:18] mbecc...@php.net Yes, I've used a fresh git clone. ------------------------------------------------------------------------ [2013-08-06 03:02:53] larue...@php.net did you built it frome a fresh work dir? ------------------------------------------------------------------------ [2013-08-05 14:50:51] mbecc...@php.net I have upgraded PHP 5.4 to latest-git on a new machine. With the patch applied I now see many test runs consistently fail with a segafult. Reverting to 5.4.17 fixes the segfault. Backtrace is: #0 0x00000000009beb33 in zend_std_object_get_class (object=0x7fffef535cd0) at /root/compile/php-src/Zend/zend_object_handlers.c:1500 zobj = 0x7fff00000021 #1 0x000000000098dd98 in zend_get_class_entry (zobject=0x7fffef535cd0) at /root/compile/php-src/Zend/zend_API.c:238 No locals. #2 0x0000000000a17121 in ZEND_INIT_METHOD_CALL_SPEC_CV_CONST_HANDLER (execute_data=0x7ffff7fa1ea0) at /root/compile/php-src/Zend/zend_vm_execute.h:29282 opline = 0x7ffff0a34228 function_name = 0x7ffff0a35058 function_name_strval = 0x7ffff7f97d50 "setFileNameProtection" function_name_strlen = 21 #3 0x00000000009c6513 in execute (op_array=0x1446f00) at /root/compile/php-src/Zend/zend_vm_execute.h:410 ret = 0 execute_data = 0x7ffff7fa1ea0 nested = 1 '\001' original_in_execution = 0 '\000' #4 0x000000000098ca9f in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /root/compile/php-src/Zend/zend.c:1315 files = {{gp_offset = 40, fp_offset = 48, overflow_arg_area = 0x7fffffffae40, reg_save_area = 0x7fffffffad80}} i = 1 file_handle = 0x7fffffffd1e0 orig_op_array = 0x0 orig_retval_ptr_ptr = 0x0 orig_interactive = 0 #5 0x0000000000902ff4 in php_execute_script (primary_file=0x7fffffffd1e0) at /root/compile/php-src/main/main.c:2497 realfile = "/home/atlassian/bamboo/xml-data/build-dir/AP-RET-P53P/tests/run.php\000\000\000\000\000\021", '\000' <repeats 15 times>, "P\301\377\377\377\177\000\000\336U\225\000\000\000\000\000\234\066\336\367\377\177\000\000\000\020$\001\000\000\000\000\016\000\000\000\000\000\000\000\260\302\377\377\377\177\000\000-\000\000\000\000\000\000\000fII\"\000\000\000\000\240>\336\367\377\177\000\000\000\000\000\000\000\000\000\000&\000\000\000\000\000\000\000%%\211\000\000\000\000\000\030\255\231\365\377\177\000\000\214\236\231\365\377\177\000\000"... __orig_bailout = 0x7fffffffd2f0 __bailout = {{__jmpbuf = {0, -263622604701000067, 4380576, 140737488348720, 0, 0, -263622602725482883, 263621642691976829}, __mask_was_saved = 0, __saved_mask = {__val = {0, 0, 140737314399616, 140737488343184, 0, 140737488343200, 4380576, 140737488348720, 0, 0, 9431409, 140737488344000, 140737488349319, 19186208, 287762808856, 21253568}}}} prepend_file_p = 0x0 append_file_p = 0x0 prepend_file = {type = ZEND_HANDLE_FILENAME, filename = 0x0, opened_path = 0x0, handle = {fd = 0, fp = 0x0, stream = {handle = 0x0, isatty = 0, mmap = {len = 0, pos = 0, map = 0x0, buf = 0x0, old_handle = 0x0, old_closer = 0x0}, reader = 0x0, fsizer = 0x0, closer = 0x0}}, free_filename = 0 '\000'} append_file = {type = ZEND_HANDLE_FILENAME, filename = 0x0, opened_path = 0x0, handle = {fd = 0, fp = 0x0, stream = {handle = 0x0, isatty = 0, mmap = {len = 0, pos = 0, map = 0x0, buf = 0x0, old_handle = 0x0, old_closer = 0x0}, reader = 0x0, fsizer = 0x0, closer = 0x0}}, free_filename = 0 '\000'} old_cwd = 0x7fffffffae60 "" use_heap = 0 '\000' retval = 0 ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at https://bugs.php.net/bug.php?id=65367 -- Edit this bug report at https://bugs.php.net/bug.php?id=65367&edit=1