PHP :: Bug #30128 :: segmentation fault in the child class catch

Bug #30128

segmentation fault in the child class catch

Submitted:

2004-09-17 10:09 UTC

Modified:

2004-12-06 01:00 UTC

Votes:	1
Avg. Score:	5.0 ± 0.0
Reproduced:	1 of 1 (100.0%)
Same Version:	1 (100.0%)
Same OS:	1 (100.0%)

From:

dankab at infinito dot it

Assigned:

Status:

No Feedback

Package:

Scripting Engine problem

PHP Version:

5.0.1

OS:

linux

Private report:

CVE-ID:

None

View Add Comment Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

Quick Fix:	(description)
	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	dankab at infinito dot it
New email:
PHP Version:		OS:

New/Additional Comment:

[2004-09-17 10:09 UTC] dankab at infinito dot it

Description:
------------
[sorry for my english]

the code below cause a segmentation fault in apache 2
i try to use a parent variable in the catch statement of the second child
if i use the same variable in the first child it's seems to work

Reproduce code:
---------------
class A {	
	public $myVar = "";
	function __construct() {
		try	{
			$this->test();
		}	
		catch(Exception $e)	{
			throw $e;
		}
	}
	
	public function test() {
		$this->myVar = "something<br>";
		if(0!=1) throw new Exception("ERROR",100);
	}
}

class B extends A { 
	function __construct() {
		try	{
			parent::__construct();
		}
		catch(Exception $e)	{
			throw $e;	
		}	
	}	
}

class C extends B { 
	function __construct() {
		try	{
			parent::__construct();
		}
		catch(Exception $e)	{
			echo $this->myVar;
			throw $e;	
		}	
	}	
}

try {
	$c = new C();
}
catch(Exception $e) {
	echo $e->getMessage();
}

Expected result:
----------------
printing of:
something
ERROR

Actual result:
--------------
segmentation fault in apache 2

[notice] child pid 12938 exit signal Segmentation fault (11)

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2004-10-13 22:52 UTC] jorton@php.net

Not Apache-specific.  Here's the backtrace into Zend from the cli:

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 182931956288 (LWP 3400)]
zend_std_read_property (object=0x8db218, member=0x8e5680, type=9213224)
    at /local/jorton/php/HEAD64/Zend/zend_object_handlers.c:222
222             use_get = (zobj->ce->__get && !zobj->in_get);
(gdb) where
#0  zend_std_read_property (object=0x8db218, member=0x8e5680, type=9213224)
    at /local/jorton/php/HEAD64/Zend/zend_object_handlers.c:222
#1  0x00000000005cae4e in execute (op_array=0x7fbfff56d8) at zend_vm_handlers.h:1469
#2  0x00000000005d49ea in execute (op_array=0x7ac168) at zend_vm_handlers.h:2242
#3  0x0000000000589db4 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at /local/jorton/php/HEAD64/Zend/zend.c:1053
#4  0x000000000055762f in php_execute_script (primary_file=0x7fbfffb630)
    at /local/jorton/php/HEAD64/main/main.c:1635
#5  0x00000000005f104d in main (argc=3, argv=0x7fbfffb798)
    at /local/jorton/php/HEAD64/sapi/cli/php_cli.c:943
(gdb) backtrace full
#0  zend_std_read_property (object=0x8db218, member=0x8e5680, type=9213224)
    at /local/jorton/php/HEAD64/Zend/zend_object_handlers.c:222
        zobj = (zend_object *) 0xffffffff
        tmp_member = {value = {lval = 1, dval = 4.9406564584124654e-324, str = {
      val = 0x1 <Address 0x1 out of bounds>, len = 2}, ht = 0x1, obj = {handle = 1,
      handlers = 0x2}}, refcount = 0, type = 0 '\0', is_ref = 0 '\0'}
        retval = (zval **) 0x58f2b7
        rv = (zval *) 0x0
        property_info = (zend_property_info *) 0xffffffff
        silent = 0
        use_get = 0 '\0'
#1  0x00000000005cae4e in execute (op_array=0x7fbfff56d8) at zend_vm_handlers.h:1469
        tmp = {value = {lval = 548682035520, dval = 2.7108494424067858e-312, str = {
      val = 0x7fbfff7140 "\030&#65533;\n\226*", len = 5723912}, ht = 0x7fbfff7140, obj = {
      handle = 3221188928, handlers = 0x575708}}, refcount = 8044200, type = 0 '\0',
  is_ref = 0 '\0'}
        execute_data = {opline = 0x8e5630, function_state = {function_symbol_table = 0x8c7758,
    function = 0x8e3da8, reserved = {0x2a962e6758, 0x8e3ed0, 0x2a962e66c0, 0x58}}, fbc = 0x0,
  fbc_constructor = 0x8e0430, op_array = 0x8e3da8, object = 0x0, Ts = 0x7fbfff5660,
  CVs = 0x7fbfff5650, original_in_execution = 1 '\001', calling_scope = 0x0,
  symbol_table = 0x8c7688, prev_execute_data = 0x7fbfff8ff0}
        binary_op = (int (*)(zval *, zval *, zval *)) 0
        incdec_op = 0
        prop_dim = 9328176
        type = 0
#2  0x00000000005d49ea in execute (op_array=0x7ac168) at zend_vm_handlers.h:2242
        calling_symbol_table = (HashTable *) 0x7ac168
        execute_data = {opline = 0x8e0430, function_state = {function_symbol_table = 0x8c7688,
    function = 0x8e3da8, reserved = {0x56f660, 0x0, 0x2a962e66c0, 0x58}}, fbc = 0x8e3da8,
  fbc_constructor = 0x8e3da8, op_array = 0x8dbd48, object = 0x8db218, Ts = 0x7fbfff7300,
  CVs = 0x7fbfff72f0, original_in_execution = 0 '\0', calling_scope = 0x8e3788,
  symbol_table = 0x7ac168, prev_execute_data = 0x0}
        binary_op = (int (*)(zval *, zval *, zval *)) 0
        incdec_op = 0
        prop_dim = 9307184
        type = 0
#3  0x0000000000589db4 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at /local/jorton/php/HEAD64/Zend/zend.c:1053
        files = {{gp_offset = 40, fp_offset = 48, overflow_arg_area = 0x7fbfff9280,
    reg_save_area = 0x7fbfff9190}}
        i = 1
        file_handle = (zend_file_handle *) 0x7fbfffb630
        orig_op_array = (zend_op_array *) 0x0
        local_retval = (zval *) 0x0
#4  0x000000000055762f in php_execute_script (primary_file=0x7fbfffb630)
    at /local/jorton/php/HEAD64/main/main.c:1635
        orig_bailout = {{__jmpbuf = {7993760, 0, 4469120, 0, 0, 0, 548682052688, 6228305},
    __mask_was_saved = 0, __saved_mask = {__val = {0 <repeats 16 times>}}}}
        orig_bailout_set = 1 '\001'
        prepend_file_p = (zend_file_handle *) 0x0
        append_file_p = (zend_file_handle *) 0x0
        prepend_file = {type = 0 '\0', filename = 0x0, opened_path = 0x0, handle = {fd = 0,
    fp = 0x0, stream = {handle = 0x0, reader = 0, closer = 0, interactive = 0}},
  free_filename = 0 '\0'}
        append_file = {type = 0 '\0', filename = 0x0, opened_path = 0x0, handle = {fd = 0,
    fp = 0x0, stream = {handle = 0x0, reader = 0, closer = 0, interactive = 0}},
  free_filename = 0 '\0'}
        old_cwd = 0x7fbfff9288 ""
        old_primary_file_path = 0x7fbfffeaa4 "../bug30128.php"
        retval = 0
#5  0x00000000005f104d in main (argc=3, argv=0x7fbfffb798)
    at /local/jorton/php/HEAD64/sapi/cli/php_cli.c:943
        orig_bailout = {{__jmpbuf = {0, 0, 0, 0, 0, 0, 0, 0}, __mask_was_saved = 0,
    __saved_mask = {__val = {0 <repeats 16 times>}}}}
        exit_status = 0
        c = -1
        file_handle = {type = 5 '\005', filename = 0x7fbfffa2c0 "/local/jorton/php/bug30128.php",
  opened_path = 0x0, handle = {fd = 9205152, fp = 0x8c75a0, stream = {handle = 0x8c75a0,
      reader = 0x596c80 <zend_stream_stdio_reader>, closer = 0x596ca0 <zend_stream_stdio_closer>,
      interactive = 0}}, free_filename = 0 '\0'}
        behavior = 1
        orig_optind = 1
        orig_optarg = 0x0
        arg_free = 0x7fbfffeaa4 "../bug30128.php"
        arg_excp = (char **) 0x8c9528
        script_file = 0x7fbfffeaa4 "../bug30128.php"
        global_vars = {head = 0x0, tail = 0x0, count = 0, size = 8, dtor = 0, persistent = 0 '\0',
  traverse_ptr = 0x411ea0}
        interactive = 0
        module_started = 1
        lineno = 1
        exec_direct = 0x0
        exec_run = 0x0
        exec_begin = 0x0
        exec_end = 0x0
        param_error = 0x0
        hide_argv = 0

[2004-11-28 15:24 UTC] tony2001@php.net

Please try using this CVS snapshot:

  http://snaps.php.net/php5-STABLE-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5.0-win32-latest.zip

Seems to be fixed, please try CVS snapshot.

[2004-12-06 01:00 UTC] php-bugs at lists dot php dot net

No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sun May 05 04:01:32 2024 UTC