php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #28213 debug_print_backtrace() crash PHP when including a file that doesn't exist
Submitted: 2004-04-29 05:38 UTC Modified: 2004-06-18 19:37 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:0 (0.0%)
From: magnus@php.net Assigned: Andi (profile)
Status: Closed Package: Scripting Engine problem
PHP Version: 5CVS-2004-04-29 (dev) OS: Linux
Private report: No CVE-ID: None
View Developer Edit
 [2004-04-29 05:38 UTC] magnus@php.net 
Description:
------------
debug_print_backtrace() will crash PHP when called from inside a static function used as custom error handler function.

Reproduce code:
---------------
<?php
class FooBar { static function error() { debug_print_backtrace(); } }
set_error_handler(array('FooBar', 'error'));
include('foobar.php');
?>

Actual result:
--------------
magnus:crash > php crash.php
#0  FooBar::error() called at [/home/magnus/Projects/base/tests/crash/crash.php:6]
#1  FooBarSegmentation fault

(gdb) bt
#0  0x40d4cb53 in strlen () from /lib/libc.so.6
#1  0x0839a0a9 in zif_debug_print_backtrace (ht=0, return_value=0x40e24720, this_ptr=0x0, return_value_used=0)
    at /mnt/data1/Apps/CVS/PHP/php5/Zend/zend_builtin_functions.c:1549
#2  0x083b53a8 in zend_do_fcall_common_helper (execute_data=0xbfffc9d0, opline=0x40e25584, op_array=0x40e2691c)
    at /mnt/data1/Apps/CVS/PHP/php5/Zend/zend_execute.c:2699
#3  0x083b5bbb in zend_do_fcall_handler (execute_data=0xbfffc9d0, opline=0x40e25584, op_array=0x40e2691c)
    at /mnt/data1/Apps/CVS/PHP/php5/Zend/zend_execute.c:2828


#1  0x0839a0a9 in zif_debug_print_backtrace (ht=0, return_value=0x40e24720, this_ptr=0x0, return_value_used=0)
    at /mnt/data1/Apps/CVS/PHP/php5/Zend/zend_builtin_functions.c:1549
        ptr = (zend_execute_data *) 0xbfffd060
        lineno = 4
        function_name = 0x848cf97 "include"
        filename = 0x40e23c08 "/home/magnus/Projects/base/tests/crash/crash.php"
        class_name = 0x40e25070 "FooBar"
        call_type = 0x0
        include_filename = 0x40e23c08 "/home/magnus/Projects/base/tests/crash/crash.php"
        arg_array = (zval *) 0x40e2481c
        cur_arg_pos = (void **) 0x40e13c90
        args = (void **) 0x40e13c74
        arg_stack_consistent = 1
        frames_on_stack = 1
        indent = 1
#2  0x083b53a8 in zend_do_fcall_common_helper (execute_data=0xbfffc9d0, opline=0x40e25584, op_array=0x40e2691c)
    at /mnt/data1/Apps/CVS/PHP/php5/Zend/zend_execute.c:2699
        original_return_value = (zval **) 0x3f7
        current_scope = (zend_class_entry *) 0x853e4d8
        current_this = (zval *) 0x0
        return_value_used = 0
        should_change_scope = 0 '\0'
#3  0x083b5bbb in zend_do_fcall_handler (execute_data=0xbfffc9d0, opline=0x40e25584, op_array=0x40e2691c)
    at /mnt/data1/Apps/CVS/PHP/php5/Zend/zend_execute.c:2828
        fname = (zval *) 0x40e255a0

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-05-09 17:08 UTC] wf at bitplan dot com 
Spurious crashes happen also if used like this:
function internal_error($msg) {
	global $testmode_errordisplay;
	if (isset($testmode_errordisplay)) {
		display_error($msg,"ERROR");
		if ($testmode_errordisplay=="stacktrace")
			printStackTrace();
	}	
	user_error($msg);
}
 [2004-06-18 19:37 UTC] gschlossnagle@php.net 
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

class_name and call_type were re-used in a loop when 
they should have been cleared on every iteration.  Test 
runs correctly now.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Wed Nov 13 17:01:30 2024 UTC