php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #32254 Nested try-catch blocks may cause segfault
Submitted: 2005-03-09 14:52 UTC Modified: 2005-03-20 02:04 UTC
From: shulmanb at il dot ibm dot com Assigned:
Status: Closed Package: Scripting Engine problem
PHP Version: 5CVS-2005-03-09 (dev) OS: Linux
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: shulmanb at il dot ibm dot com
New email:
PHP Version: OS:

 

 [2005-03-09 14:52 UTC] shulmanb at il dot ibm dot com 
Description:
------------
When compiled with --enable-maintainer-zts, having nested try-catch blocks may cause segfaults in some cases.

In the following code fragment, commenting out the outer try-catch block solves the segfault.

This DOES NOT HAPPEN when compiled with debug symbols.

This may be related to bug #32252 (for instance, if the index to $list is positive, crash does not occur).

Reproduce code:
---------------
class a implements ArrayAccess {
    function offsetExists ($offset) { return false; }
    function offsetGet ($offset) { return null; }
    function offsetSet ($offset, $value) { throw new Exception ("Oops"); }
    function offsetUnset ($offset) { }
}
function test () {
    try {
        $list = new a();
        $caught = 0;
        try {
            $list[-1] = 123;
        } catch (Exception $e) {
            $caught = 1;
        }
        if (!$caught)
            return false;
        return true;
    }
    catch (Exception $e) {
        return false;
    }
}
print test();

Expected result:
----------------
The output should be "1"

Actual result:
--------------
Segmentation fault.

PHP was compiled without debug symbols. The stack trace provided by gdb was:

#0  0x08184ecd in zend_hash_destroy (ht=0x8c579c08)
    at /root/php-5.0.3/Zend/zend_hash.c:524

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-03-09 21:45 UTC] tony2001@php.net 
Please try using this CVS snapshot:

  http://snaps.php.net/php5-STABLE-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5.0-win32-latest.zip

Works fine here.
 [2005-03-10 08:01 UTC] shulmanb at il dot ibm dot com 
Latest snapshot does not cause a segfault on Linux.

However, the probably related bug #32252 still happens on Windows with latest snapshot, so it's probable that memory corruption still occurs.
 [2005-03-20 02:04 UTC] sniper@php.net 
This bug is then fixed if not happening anymore.
btw. It's really not wise to compile PHP with --enable-maintainer-zts..
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Fri Jul 18 23:00:02 2025 UTC