#43426 [Opn]: crash on nested call_user_func calls

[EMAIL PROTECTED] Tue, 27 Nov 2007 05:55:02 -0800

 ID:               43426
 User updated by:  [EMAIL PROTECTED]
 Reported By:      [EMAIL PROTECTED]
 Status:           Open
 Bug Type:         Reproducible crash
 Operating System: Gentoo Linux 2.6.23
 PHP Version:      5.2.5
 New Comment:


Simple reproduce script:
<?php
$c = 1; // doesn't matter
call_user_func("foo2", $c, $c, $c, $c, $c, $c, $c, $c, $c, $c, $c, $c,
$c,
 $c, $c, $c, $c, $c, $c, $c, $c, $c, $c, $c, $c, $c, $c, $c, $c, $c,
$c,
 $c, $c, $c, $c, $c, $c, $c, $c, $c, $c, $c, $c, $c, $c, $c, $c, $c,
$c,
 $c, $c, $c, $c, $c, $c, $c, $c, $c, $c, $c, $c, $c, $c, $c, $c, $c,
$c,
 $c, $c, $c, $c, $c, $c, $c, $c, $c, $c, $c, $c, $c, $c, $c, $c, $c,
$c,
 $c, $c, $c, $c, $c, $c, $c, $c, $c, $c, $c, $c, $c, $c, $c, $c, $c,
$c,
 $c, $c, $c, $c, $c, $c, $c, $c, $c, $c, $c, $c, $c, $c, $c, $c, $c,
$c,
 $c, $c, $c, $c, $c, $c, $c, $c, $c, $c, $c, $c, $c, $c, $c, $c, $c,
$c,
 $c, $c, $c, $c, $c, $c, $c, $c, $c, $c, $c, $c, $c, $c, $c, $c, $c,
$c,
 $c, $c, $c, $c, $c, $c, $c, $c, $c, $c, $c, $c, $c, $c, $c, $c, $c,
$c,
 $c, $c, $c, $c, $c, $c, $c, $c, $c, $c, $c, $c, $c, $c, $c, $c, $c,
$c,
 $c, $c, $c, $c, $c, $c, $c, $c, $c, $c, $c, $c, $c, $c, $c, $c, $c,
$c,
 $c, $c, $c, $c, $c, $c, $c, $c, $c, $c, $c, $c, $c, $c, $c, $c, $c,
$c,
 $c, $c, $c, $c, $c, $c, $c, $c, $c, $c, $c, $c, $c, $c, $c, $c, $c,
$c,
 $c, $c, $c, $c, $c, $c, $c, $c, $c, $c, $c, $c);
function foo2($d) {}      
?>


backtrace:

Program received signal SIGSEGV, Segmentation fault.
0x00000000006e1491 in zend_call_function (fci=0x7fff00628800,
fci_cache=0x0) at
/home/cweiske/compilethings/php-5.2.5/Zend/zend_execute_API.c:911
911                             (*fci->params[i])->refcount++;
(gdb) bt
#0  0x00000000006e1491 in zend_call_function (fci=0x7fff00628800,
fci_cache=0x0) at
/home/cweiske/compilethings/php-5.2.5/Zend/zend_execute_API.c:911
#1  0x00000000006e0024 in call_user_function_ex
(function_table=0xacfb80, object_pp=0x0, function_name=0xc2a828,
retval_ptr_ptr=0x7fff006288a0,
    param_count=259, params=0xc2de60, no_separation=0,
symbol_table=0x0) at
/home/cweiske/compilethings/php-5.2.5/Zend/zend_execute_API.c:617
#2  0x00000000005fe639 in zif_call_user_func (ht=260,
return_value=0xc2a7b8, return_value_ptr=0x0, this_ptr=0x0,
return_value_used=0)
    at
/home/cweiske/compilethings/php-5.2.5/ext/standard/basic_functions.c:5083
#3  0x0000000000719216 in zend_do_fcall_common_helper_SPEC
(execute_data=0x7fff00628ab0) at
/home/cweiske/compilethings/php-5.2.5/Zend/zend_vm_execute.h:200
#4  0x000000000071f35f in ZEND_DO_FCALL_SPEC_CONST_HANDLER
(execute_data=0x7fff00628ab0)
    at
/home/cweiske/compilethings/php-5.2.5/Zend/zend_vm_execute.h:1681
#5  0x0000000000718cb9 in execute (op_array=0xc2b5f0) at
/home/cweiske/compilethings/php-5.2.5/Zend/zend_vm_execute.h:92
#6  0x00000000006f05bf in zend_execute_scripts (type=8, retval=0x0,
file_count=3) at /home/cweiske/compilethings/php-5.2.5/Zend/zend.c:1134
#7  0x00000000006978cd in php_execute_script
(primary_file=0x7fff0062b110) at
/home/cweiske/compilethings/php-5.2.5/main/main.c:2004
#8  0x00000000007731ab in main (argc=2, argv=0x7fff0062b348) at
/home/cweiske/compilethings/php-5.2.5/sapi/cli/php_cli.c:1140


Previous Comments:
------------------------------------------------------------------------

[2007-11-27 13:45:23] [EMAIL PROTECTED]

Description:
------------
I get a reproducible crash when running a file in the pear-core test
suite against a pear 1.7.0 installation.
The test is
pear-core/tests/PEAR_DependencyDB/test_assertDepsDB_fail.phpt

The problem seems to be some nested call_user_func.
PEAR_ErrorStack::push calls
$context = call_user_func($this->_contextCallback, $code, $params,
$backtrace);

which in return calls push() again, which calls the same
_contextCallback again. This time, php crashes.

The contextcallback is PEAR_ErrorStack::getFileLine() - it is reached
the first time, but not the second.

Reproduce code:
---------------
1. checkout pear-core from cvs
2. install pear, install xml_rpc
3. cd pear-core/tests
4. pear run-tests PEAR_DependencyDB/test_assertDepsDB_fail.phpt


Expected result:
----------------
no crash.

Actual result:
--------------
Program received signal SIGSEGV, Segmentation fault.
0x00000000006e1491 in zend_call_function (fci=0x7fff35552e90,
fci_cache=0x0) at
/home/cweiske/compilethings/php-5.2.5/Zend/zend_execute_API.c:911
911                             (*fci->params[i])->refcount++;
(gdb)
(gdb) bt
#0  0x00000000006e1491 in zend_call_function (fci=0x7fff35552e90,
fci_cache=0x0) at
/home/cweiske/compilethings/php-5.2.5/Zend/zend_execute_API.c:911
#1  0x00000000006e0024 in call_user_function_ex
(function_table=0xacfbc0, object_pp=0x0, function_name=0xf874b8,
retval_ptr_ptr=0x7fff35552f30,
    param_count=3, params=0xc2df00, no_separation=0, symbol_table=0x0)
at /home/cweiske/compilethings/php-5.2.5/Zend/zend_execute_API.c:617
#2  0x00000000005fe639 in zif_call_user_func (ht=4,
return_value=0x1862c08, return_value_ptr=0x0, this_ptr=0x0,
return_value_used=1)
    at
/home/cweiske/compilethings/php-5.2.5/ext/standard/basic_functions.c:5083
#3  0x0000000000719216 in zend_do_fcall_common_helper_SPEC
(execute_data=0x7fff35554030) at
/home/cweiske/compilethings/php-5.2.5/Zend/zend_vm_execute.h:200
#4  0x000000000071f35f in ZEND_DO_FCALL_SPEC_CONST_HANDLER
(execute_data=0x7fff35554030)
    at
/home/cweiske/compilethings/php-5.2.5/Zend/zend_vm_execute.h:1681
#5  0x0000000000718cb9 in execute (op_array=0xf99ba0) at
/home/cweiske/compilethings/php-5.2.5/Zend/zend_vm_execute.h:92
#6  0x00000000007193a5 in zend_do_fcall_common_helper_SPEC
(execute_data=0x7fff355543d0) at
/home/cweiske/compilethings/php-5.2.5/Zend/zend_vm_execute.h:234
#7  0x0000000000719f81 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER
(execute_data=0x7fff355543d0)
    at
/home/cweiske/compilethings/php-5.2.5/Zend/zend_vm_execute.h:322
#8  0x0000000000718cb9 in execute (op_array=0xf9c608) at
/home/cweiske/compilethings/php-5.2.5/Zend/zend_vm_execute.h:92
#9  0x00000000007193a5 in zend_do_fcall_common_helper_SPEC
(execute_data=0x7fff35554bc0) at
/home/cweiske/compilethings/php-5.2.5/Zend/zend_vm_execute.h:234
#10 0x0000000000719f81 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER
(execute_data=0x7fff35554bc0)
    at
/home/cweiske/compilethings/php-5.2.5/Zend/zend_vm_execute.h:322
#11 0x0000000000718cb9 in execute (op_array=0xfb9ad8) at
/home/cweiske/compilethings/php-5.2.5/Zend/zend_vm_execute.h:92
#12 0x00000000006e1888 in zend_call_function (fci=0x7fff35554f30,
fci_cache=0x0) at
/home/cweiske/compilethings/php-5.2.5/Zend/zend_execute_API.c:990
#13 0x00000000006e0024 in call_user_function_ex
(function_table=0xacfbc0, object_pp=0x0, function_name=0x1814fb0,
retval_ptr_ptr=0x7fff35554fd8,
    param_count=2, params=0x1859308, no_separation=0, symbol_table=0x0)
at /home/cweiske/compilethings/php-5.2.5/Zend/zend_execute_API.c:617
#14 0x00000000005ff092 in zif_call_user_func_array (ht=2,
return_value=0x1858d08, return_value_ptr=0x0, this_ptr=0x0,
return_value_used=1)
    at
/home/cweiske/compilethings/php-5.2.5/ext/standard/basic_functions.c:5153
#15 0x0000000000719216 in zend_do_fcall_common_helper_SPEC
(execute_data=0x7fff355560e0) at
/home/cweiske/compilethings/php-5.2.5/Zend/zend_vm_execute.h:200
---Type <return> to continue, or q <return> to quit---
#16 0x000000000071f35f in ZEND_DO_FCALL_SPEC_CONST_HANDLER
(execute_data=0x7fff355560e0)
    at
/home/cweiske/compilethings/php-5.2.5/Zend/zend_vm_execute.h:1681
#17 0x0000000000718cb9 in execute (op_array=0xf99ba0) at
/home/cweiske/compilethings/php-5.2.5/Zend/zend_vm_execute.h:92
#18 0x00000000007193a5 in zend_do_fcall_common_helper_SPEC
(execute_data=0x7fff35556480) at
/home/cweiske/compilethings/php-5.2.5/Zend/zend_vm_execute.h:234
#19 0x0000000000719f81 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER
(execute_data=0x7fff35556480)
    at
/home/cweiske/compilethings/php-5.2.5/Zend/zend_vm_execute.h:322
#20 0x0000000000718cb9 in execute (op_array=0xf9c608) at
/home/cweiske/compilethings/php-5.2.5/Zend/zend_vm_execute.h:92
#21 0x00000000007193a5 in zend_do_fcall_common_helper_SPEC
(execute_data=0x7fff35556750) at
/home/cweiske/compilethings/php-5.2.5/Zend/zend_vm_execute.h:234
#22 0x0000000000719f81 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER
(execute_data=0x7fff35556750)
    at
/home/cweiske/compilethings/php-5.2.5/Zend/zend_vm_execute.h:322
#23 0x0000000000718cb9 in execute (op_array=0xcbaf00) at
/home/cweiske/compilethings/php-5.2.5/Zend/zend_vm_execute.h:92
#24 0x00000000006e1888 in zend_call_function (fci=0x7fff35556ac0,
fci_cache=0x0) at
/home/cweiske/compilethings/php-5.2.5/Zend/zend_execute_API.c:990
#25 0x00000000006e0024 in call_user_function_ex
(function_table=0xacfbc0, object_pp=0x0, function_name=0xd00150,
retval_ptr_ptr=0x7fff35556b60,
    param_count=1, params=0x17fef50, no_separation=0, symbol_table=0x0)
at /home/cweiske/compilethings/php-5.2.5/Zend/zend_execute_API.c:617
#26 0x00000000005fe639 in zif_call_user_func (ht=2,
return_value=0x18134d8, return_value_ptr=0x0, this_ptr=0x0,
return_value_used=0)
    at
/home/cweiske/compilethings/php-5.2.5/ext/standard/basic_functions.c:5083
#27 0x0000000000719216 in zend_do_fcall_common_helper_SPEC
(execute_data=0x7fff35557980) at
/home/cweiske/compilethings/php-5.2.5/Zend/zend_vm_execute.h:200
#28 0x000000000071f35f in ZEND_DO_FCALL_SPEC_CONST_HANDLER
(execute_data=0x7fff35557980)
    at
/home/cweiske/compilethings/php-5.2.5/Zend/zend_vm_execute.h:1681
#29 0x0000000000718cb9 in execute (op_array=0xcf5f28) at
/home/cweiske/compilethings/php-5.2.5/Zend/zend_vm_execute.h:92
#30 0x00000000007193a5 in zend_do_fcall_common_helper_SPEC
(execute_data=0x7fff35558670) at
/home/cweiske/compilethings/php-5.2.5/Zend/zend_vm_execute.h:234
#31 0x0000000000719f81 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER
(execute_data=0x7fff35558670)
    at
/home/cweiske/compilethings/php-5.2.5/Zend/zend_vm_execute.h:322
---Type <return> to continue, or q <return> to quit---
#32 0x0000000000718cb9 in execute (op_array=0xcd8dd0) at
/home/cweiske/compilethings/php-5.2.5/Zend/zend_vm_execute.h:92
#33 0x00000000007193a5 in zend_do_fcall_common_helper_SPEC
(execute_data=0x7fff35558c60) at
/home/cweiske/compilethings/php-5.2.5/Zend/zend_vm_execute.h:234
#34 0x0000000000719f81 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER
(execute_data=0x7fff35558c60)
    at
/home/cweiske/compilethings/php-5.2.5/Zend/zend_vm_execute.h:322
#35 0x0000000000718cb9 in execute (op_array=0xc7dcd8) at
/home/cweiske/compilethings/php-5.2.5/Zend/zend_vm_execute.h:92
#36 0x00000000007193a5 in zend_do_fcall_common_helper_SPEC
(execute_data=0x7fff3555b9c0) at
/home/cweiske/compilethings/php-5.2.5/Zend/zend_vm_execute.h:234
#37 0x0000000000719f81 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER
(execute_data=0x7fff3555b9c0)
    at
/home/cweiske/compilethings/php-5.2.5/Zend/zend_vm_execute.h:322
#38 0x0000000000718cb9 in execute (op_array=0xc2b740) at
/home/cweiske/compilethings/php-5.2.5/Zend/zend_vm_execute.h:92
#39 0x00000000006f05bf in zend_execute_scripts (type=8, retval=0x0,
file_count=3) at /home/cweiske/compilethings/php-5.2.5/Zend/zend.c:1134
#40 0x00000000006978cd in php_execute_script
(primary_file=0x7fff3555e020) at
/home/cweiske/compilethings/php-5.2.5/main/main.c:2004
#41 0x00000000007731ab in main (argc=2, argv=0x7fff3555e258) at
/home/cweiske/compilethings/php-5.2.5/sapi/cli/php_cli.c:1140


------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=43426&edit=1

#43426 [Opn]: crash on nested call_user_func calls

Reply via email to