ID: 32171 User updated by: jr at terragate dot net -Summary: WebDAV stream wrapper crashes PHP Reported By: jr at terragate dot net -Status: Feedback +Status: Open Bug Type: SPL related Operating System: * PHP Version: 5.* Assigned To: helly New Comment:
Finally I was able to create a smaller test case for the segfault (with error_reporting = E_ALL): <?php class StreamWrapper { public function dir_opendir($path, $options) { return TRUE; } public function dir_readdir() { return FALSE; } } stream_wrapper_register('test', 'StreamWrapper'); $it = new DirectoryIterator('test://path/'); echo "Done\n"; ?> Trace: (gdb) r crash.php Starting program: /usr/local/bin/php crash.php warning: Unable to find dynamic linker breakpoint function. GDB will be unable to debug shared library initializers and track explicitly loaded dynamic code. [Thread debugging using libthread_db enabled] [New Thread 16384 (LWP 15212)] Done Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 16384 (LWP 15212)] 0x00000019 in ?? () Current language: auto; currently asm (gdb) bt #0 0x00000019 in ?? () #1 0x081abc73 in _php_stream_free (stream=0x82fdce4, close_options=3) at /root/compile/php5-STABLE-200503091530/main/streams/streams.c:351 #2 0x080b3fb8 in spl_ce_dir_object_free_storage (object=0x82f76c4) at /root/compile/php5-STABLE-200503091530/ext/spl/spl_directory.c:66 #3 0x081fa906 in zend_objects_store_del_ref (zobject=0x82fd4e4) at /root/compile/php5-STABLE-200503091530/Zend/zend_objects_API.c:159 #4 0x081deb76 in _zval_dtor (zvalue=0x82fd4e4, __zend_filename=0x82549e0 "/root/compile/php5-STABLE-200503091530/Zend/zend_execute_API.c", __zend_lineno=392) at /root/compile/php5-STABLE-200503091530/Zend/zend_variables.c:61 #5 0x081d36f8 in _zval_ptr_dtor (zval_ptr=0x82fdda0, __zend_filename=0x8255940 "/root/compile/php5-STABLE-200503091530/Zend/zend_variables.c", __zend_lineno=193) at /root/compile/php5-STABLE-200503091530/Zend/zend_execute_API.c:392 #6 0x081dee88 in _zval_ptr_dtor_wrapper (zval_ptr=0x82fdda0) at /root/compile/php5-STABLE-200503091530/Zend/zend_variables.c:193 #7 0x081e8f13 in zend_hash_apply_deleter (ht=0x82761d0, p=0x82fdd94) at /root/compile/php5-STABLE-200503091530/Zend/zend_hash.c:574 #8 0x081e9164 in zend_hash_graceful_reverse_destroy (ht=0x82761d0) at /root/compile/php5-STABLE-200503091530/Zend/zend_hash.c:640 #9 0x081d302f in shutdown_executor () at /root/compile/php5-STABLE-200503091530/Zend/zend_execute_API.c:208 #10 0x081e0264 in zend_deactivate () at /root/compile/php5-STABLE-200503091530/Zend/zend.c:817 #11 0x081996e1 in php_request_shutdown (dummy=0x0) at /root/compile/php5-STABLE-200503091530/main/main.c:1214 #12 0x082155d0 in main (argc=2, argv=0xbffff844) at /root/compile/php5-STABLE-200503091530/sapi/cli/php_cli.c:1046 The script will be fully executed but php segfaults on shutdown. The behavior in the complex test case (with the WebDAV stream wrapper) was the same: Using instaneof instead of is_a caused the script to be fully executed but with a segfault on shutdown. To answer your second question I modified the test case above: <?php class StreamWrapper { public function dir_opendir($path, $options) { is_a(null, 'AKnownOrUnknownClass'); return TRUE; } public function dir_readdir() { return FALSE; } } stream_wrapper_register('test', 'StreamWrapper'); $it = new DirectoryIterator('test://path/'); echo "Done\n"; ?> Running this script with error_reporting set to E_ALL (or even E_ALL & ~E_NOTICE & ~E_STRICT) will lead to the behaviour already mentioned (deprecation warning thrown as exception). Running the script with error_reporting = 0 will terminate the script with exit code 0377 and without outputting 'Done'. Using gdb I figured out that php_error_cb is still called with the deprecation warning and zend_throw_exception will abort the script. We have two issues here: 1. A wrong free causing a segfault on shutdown 2. PHP notices and warnings thrown as exception I dont't know what to do with the segfault (my knowledge about PHP's internals is too limited to debug this yet). IMHO the second problem could be solved in 2 ways: 1. Modifying php_error_cb's behavior (as my patch does) 2. Do not set error_mode to EH_THROW in spl_directory.c if a user space stream wrapper is used. Previous Comments: ------------------------------------------------------------------------ [2005-03-09 14:40:34] [EMAIL PROTECTED] Did i get that correct that all works frin when you use instanceof ? If so all is fine. Also what happens if you stick with is_a but set error mode to 0? ------------------------------------------------------------------------ [2005-03-07 11:25:40] jr at terragate dot net I tested the instanceof segfault against the 5.1 branch and it segfaults too. But I had to change a is_a in HTTP/Request.php to instanceof because the 'notice exception' was thrown there this time. I wasn't able to reproduce the segfault with a smaller test case by using HTTP/Request.php myself (PEAR's WebDAV Wrapper) nor using instanceof inside a small stream wrapper. Initially I tested the bug with 5.0.3 but tried a snap a few hours later. Sorry for not updating the version field. ------------------------------------------------------------------------ [2005-03-06 16:21:35] [EMAIL PROTECTED] Please don't open more reports about same issue. (and when you report bugs, put the LATEST version in the 'Version' field' so we don't have to waste time asking if you tested the latest version..) ------------------------------------------------------------------------ [2005-03-04 18:48:59] jr at terragate dot net I already tested the bug against yesterdays snapshot of 5.0.x. Using the 5.1.0 snap does not resolve the exception issue. I will test the instanceof segfault on monday against the 5.1 branch. Maybe I should create a seperate bug for it. voyager:~/Downloads/php5-200503041530/result/bin jr$ uname -a Darwin voyager.starbase12.sfn 7.8.0 Darwin Kernel Version 7.8.0: Wed Dec 22 14:26:17 PST 2004; root:xnu/ xnu-517.11.1.obj~1/RELEASE_PPC Power Macintosh powerpc voyager:~/Downloads/php5-200503041530/result/bin jr$ ./ php -v PHP 5.1.0-dev (cgi) (built: Mar 4 2005 18:33:26) (DEBUG) Copyright (c) 1997-2004 The PHP Group Zend Engine v2.1.0-dev, Copyright (c) 1998-2004 Zend Technologies voyager:~/Downloads/php5-200503041530/result/bin jr$ ./ php test.php Content-type: text/html X-Powered-By: PHP/5.1.0-dev <br /> <b>Fatal error</b>: Uncaught exception 'Exception' with message 'is_a(): Deprecated. Please use the instanceof operator' in /Volumes/Data/Users/jr/Downloads/php5 -200503041530/result/bin/test.php:6 Stack trace: #0 /Volumes/Data/Users/jr/Downloads/php5-200503041530/ result/bin/test.php(12): StreamWrapper- >dir_opendir(NULL, 'AKnownOrUnknown...') #1 /Volumes/Data/Users/jr/Downloads/php5-200503041530/ result/bin/test.php(12): DirectoryIterator- >__construct('test://path/', 4) #2 {main} thrown in <b>/Volumes/Data/Users/jr/Downloads/php5 -200503041530/result/bin/test.php</b> on line <b>6</ b><br /> /Volumes/Data/Users/jr/Downloads/php5-200503041530/ result/bin/test.php(6) : Fatal error - Uncaught exception 'Exception' with message 'is_a(): Deprecated. Please use the instanceof operator' in /Volumes/Data/ Users/jr/Downloads/php5-200503041530/result/bin/ test.php:6 Stack trace: #0 /Volumes/Data/Users/jr/Downloads/php5-200503041530/ result/bin/test.php(12): StreamWrapper- >dir_opendir(NULL, 'AKnownOrUnknown...') #1 /Volumes/Data/Users/jr/Downloads/php5-200503041530/ result/bin/test.php(12): DirectoryIterator- >__construct('test://path/', 4) #2 {main} thrown ------------------------------------------------------------------------ [2005-03-04 16:34:34] [EMAIL PROTECTED] Please try using this CVS snapshot: http://snaps.php.net/php5-latest.tar.gz For Windows: http://snaps.php.net/win32/php5-win32-latest.zip ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/32171 -- Edit this bug report at http://bugs.php.net/?id=32171&edit=1