#45813 [NEW]: Segfault in error handling

[EMAIL PROTECTED] Wed, 13 Aug 2008 15:19:28 -0700

From:             [EMAIL PROTECTED]
Operating system: Linux
PHP version:      6CVS-2008-08-13 (CVS)
PHP Bug Type:     Reproducible crash
Bug description:  Segfault in error handling


Description:
------------
When error reporting is set to E_ALL, calling ob_start() in an error
handler function causes a segfault when triggered by imap_open(). 

I don't know if this is an imap only issue, it didn't crash with a couple
other functions I tested.

PHP6 snapshot compiled with --with-imap --with-imap-ssl

Reproduce code:
---------------
<?php
/* segfault on HEAD and memleak on 5_3 */
error_reporting(E_ALL);
set_error_handler('segfault');

function segfault() {
    ob_start();
}
 
imap_open($a,$b,$c);
?>


Actual result:
--------------
Segmentation fault

Backtrace:
----------
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb6bd76d0 (LWP 32715)]
php_output_handler_create_internal (name=0x0, output_handler=0x8279240
<php_output_handler_default_func>, chunk_size=0, flags=112) at
/mnt/hd/gsoc/php6/Zend/zend.h:414
414             return ++pz->refcount__gc;
(gdb) bt
#0  php_output_handler_create_internal (name=0x0, output_handler=0x8279240
<php_output_handler_default_func>, chunk_size=0, flags=112) at
/mnt/hd/gsoc/php6/Zend/zend.h:414
#1  0x0827a2e8 in php_output_start_user (output_handler=0x0, chunk_size=0,
flags=112) at /mnt/hd/gsoc/php6/main/output.c:492
#2  0x0827a379 in zif_ob_start (ht=0, return_value=0x88000e4,
return_value_ptr=0x8835638, this_ptr=0x0, return_value_used=0) at
/mnt/hd/gsoc/php6/main/output.c:1346
#3  0x082edbb7 in zend_do_fcall_common_helper_SPEC
(execute_data=0x88355e8) at /mnt/hd/gsoc/php6/Zend/zend_vm_execute.h:323
#4  0x082ed088 in execute (op_array=0x8833570) at
/mnt/hd/gsoc/php6/Zend/zend_vm_execute.h:104
#5  0x082b400d in zend_call_function (fci=0xbf9a6044,
fci_cache=0xbf9a5fcc) at /mnt/hd/gsoc/php6/Zend/zend_execute_API.c:933
#6  0x082b4dc8 in call_user_function_ex (function_table=0x86ac4c0,
object_pp=0x0, function_name=0x87fff80, retval_ptr_ptr=0xbf9a60c0,
param_count=5, params=0x88000c8, 
    no_separation=1, symbol_table=0x0) at
/mnt/hd/gsoc/php6/Zend/zend_execute_API.c:729
#7  0x082c4d88 in zend_error (type=8, format=0x8604722 "%s") at
/mnt/hd/gsoc/php6/Zend/zend.c:1632
#8  0x08268d33 in php_verror (docref=0x0, params=0x83b9100 "", type=8,
format=0x85b8978 "%s (errflg=%ld)", args=0xbf9a618c "hH\203\b\002") at
/mnt/hd/gsoc/php6/main/main.c:818
#9  0x08269233 in php_error_docref0 (docref=0x0, type=8, format=0x85b8978
"%s (errflg=%ld)") at /mnt/hd/gsoc/php6/main/main.c:839
#10 0x080f8c08 in zm_deactivate_imap (type=1, module_number=20) at
/mnt/hd/gsoc/php6/ext/imap/php_imap.c:1117
#11 0x082c5ae2 in module_registry_cleanup (module=0x8708728) at
/mnt/hd/gsoc/php6/Zend/zend_API.c:2487
#12 0x082d1936 in zend_hash_apply (ht=0x86abf40, apply_func=0x82c5ac0
<module_registry_cleanup>) at /mnt/hd/gsoc/php6/Zend/zend_hash.c:920
#13 0x082c3318 in zend_deactivate_modules () at
/mnt/hd/gsoc/php6/Zend/zend.c:1394
#14 0x08267ba6 in php_request_shutdown (dummy=0x0) at
/mnt/hd/gsoc/php6/main/main.c:1600
#15 0x08359aa4 in main (argc=2, argv=0xbf9a6674) at
/mnt/hd/gsoc/php6/sapi/cli/php_cli.c:1329


-- 
Edit bug report at http://bugs.php.net/?id=45813&edit=1
-- 
Try a CVS snapshot (PHP 5.2): 
http://bugs.php.net/fix.php?id=45813&r=trysnapshot52
Try a CVS snapshot (PHP 5.3): 
http://bugs.php.net/fix.php?id=45813&r=trysnapshot53
Try a CVS snapshot (PHP 6.0): 
http://bugs.php.net/fix.php?id=45813&r=trysnapshot60
Fixed in CVS:                 http://bugs.php.net/fix.php?id=45813&r=fixedcvs
Fixed in release:             
http://bugs.php.net/fix.php?id=45813&r=alreadyfixed
Need backtrace:               http://bugs.php.net/fix.php?id=45813&r=needtrace
Need Reproduce Script:        http://bugs.php.net/fix.php?id=45813&r=needscript
Try newer version:            http://bugs.php.net/fix.php?id=45813&r=oldversion
Not developer issue:          http://bugs.php.net/fix.php?id=45813&r=support
Expected behavior:            http://bugs.php.net/fix.php?id=45813&r=notwrong
Not enough info:              
http://bugs.php.net/fix.php?id=45813&r=notenoughinfo
Submitted twice:              
http://bugs.php.net/fix.php?id=45813&r=submittedtwice
register_globals:             http://bugs.php.net/fix.php?id=45813&r=globals
PHP 4 support discontinued:   http://bugs.php.net/fix.php?id=45813&r=php4
Daylight Savings:             http://bugs.php.net/fix.php?id=45813&r=dst
IIS Stability:                http://bugs.php.net/fix.php?id=45813&r=isapi
Install GNU Sed:              http://bugs.php.net/fix.php?id=45813&r=gnused
Floating point limitations:   http://bugs.php.net/fix.php?id=45813&r=float
No Zend Extensions:           http://bugs.php.net/fix.php?id=45813&r=nozend
MySQL Configuration Error:    http://bugs.php.net/fix.php?id=45813&r=mysqlcfg

#45813 [NEW]: Segfault in error handling

Reply via email to