PHP :: Bug #30128 :: segmentation fault in the child class catch

Bug #30128

segmentation fault in the child class catch

Submitted:

2004-09-17 10:09 UTC

Modified:

2004-12-06 01:00 UTC

Votes:	1
Avg. Score:	5.0 ± 0.0
Reproduced:	1 of 1 (100.0%)
Same Version:	1 (100.0%)
Same OS:	1 (100.0%)

From:

dankab at infinito dot it

Assigned:

Status:

No Feedback

Package:

Scripting Engine problem

PHP Version:

5.0.1

OS:

linux

Private report:

CVE-ID:

None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	dankab at infinito dot it
New email:
PHP Version:		OS:

New Comment:

[2004-09-17 10:09 UTC] dankab at infinito dot it

Description:
------------
[sorry for my english]

the code below cause a segmentation fault in apache 2
i try to use a parent variable in the catch statement of the second child
if i use the same variable in the first child it's seems to work

Reproduce code:
---------------
class A {	
	public $myVar = "";
	function __construct() {
		try	{
			$this->test();
		}	
		catch(Exception $e)	{
			throw $e;
		}
	}
	
	public function test() {
		$this->myVar = "something<br>";
		if(0!=1) throw new Exception("ERROR",100);
	}
}

class B extends A { 
	function __construct() {
		try	{
			parent::__construct();
		}
		catch(Exception $e)	{
			throw $e;	
		}	
	}	
}

class C extends B { 
	function __construct() {
		try	{
			parent::__construct();
		}
		catch(Exception $e)	{
			echo $this->myVar;
			throw $e;	
		}	
	}	
}

try {
	$c = new C();
}
catch(Exception $e) {
	echo $e->getMessage();
}

Expected result:
----------------
printing of:
something
ERROR

Actual result:
--------------
segmentation fault in apache 2

[notice] child pid 12938 exit signal Segmentation fault (11)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2004-10-13 22:52 UTC] jorton@php.net

Not Apache-specific.  Here's the backtrace into Zend from the cli:

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 182931956288 (LWP 3400)]
zend_std_read_property (object=0x8db218, member=0x8e5680, type=9213224)
    at /local/jorton/php/HEAD64/Zend/zend_object_handlers.c:222
222             use_get = (zobj->ce->__get && !zobj->in_get);
(gdb) where
#0  zend_std_read_property (object=0x8db218, member=0x8e5680, type=9213224)
    at /local/jorton/php/HEAD64/Zend/zend_object_handlers.c:222
#1  0x00000000005cae4e in execute (op_array=0x7fbfff56d8) at zend_vm_handlers.h:1469
#2  0x00000000005d49ea in execute (op_array=0x7ac168) at zend_vm_handlers.h:2242
#3  0x0000000000589db4 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at /local/jorton/php/HEAD64/Zend/zend.c:1053
#4  0x000000000055762f in php_execute_script (primary_file=0x7fbfffb630)
    at /local/jorton/php/HEAD64/main/main.c:1635
#5  0x00000000005f104d in main (argc=3, argv=0x7fbfffb798)
    at /local/jorton/php/HEAD64/sapi/cli/php_cli.c:943
(gdb) backtrace full
#0  zend_std_read_property (object=0x8db218, member=0x8e5680, type=9213224)
    at /local/jorton/php/HEAD64/Zend/zend_object_handlers.c:222
        zobj = (zend_object *) 0xffffffff
        tmp_member = {value = {lval = 1, dval = 4.9406564584124654e-324, str = {
      val = 0x1 <Address 0x1 out of bounds>, len = 2}, ht = 0x1, obj = {handle = 1,
      handlers = 0x2}}, refcount = 0, type = 0 '\0', is_ref = 0 '\0'}
        retval = (zval **) 0x58f2b7
        rv = (zval *) 0x0
        property_info = (zend_property_info *) 0xffffffff
        silent = 0
        use_get = 0 '\0'
#1  0x00000000005cae4e in execute (op_array=0x7fbfff56d8) at zend_vm_handlers.h:1469
        tmp = {value = {lval = 548682035520, dval = 2.7108494424067858e-312, str = {
      val = 0x7fbfff7140 "\030&#65533;\n\226*", len = 5723912}, ht = 0x7fbfff7140, obj = {
      handle = 3221188928, handlers = 0x575708}}, refcount = 8044200, type = 0 '\0',
  is_ref = 0 '\0'}
        execute_data = {opline = 0x8e5630, function_state = {function_symbol_table = 0x8c7758,
    function = 0x8e3da8, reserved = {0x2a962e6758, 0x8e3ed0, 0x2a962e66c0, 0x58}}, fbc = 0x0,
  fbc_constructor = 0x8e0430, op_array = 0x8e3da8, object = 0x0, Ts = 0x7fbfff5660,
  CVs = 0x7fbfff5650, original_in_execution = 1 '\001', calling_scope = 0x0,
  symbol_table = 0x8c7688, prev_execute_data = 0x7fbfff8ff0}
        binary_op = (int (*)(zval *, zval *, zval *)) 0
        incdec_op = 0
        prop_dim = 9328176
        type = 0
#2  0x00000000005d49ea in execute (op_array=0x7ac168) at zend_vm_handlers.h:2242
        calling_symbol_table = (HashTable *) 0x7ac168
        execute_data = {opline = 0x8e0430, function_state = {function_symbol_table = 0x8c7688,
    function = 0x8e3da8, reserved = {0x56f660, 0x0, 0x2a962e66c0, 0x58}}, fbc = 0x8e3da8,
  fbc_constructor = 0x8e3da8, op_array = 0x8dbd48, object = 0x8db218, Ts = 0x7fbfff7300,
  CVs = 0x7fbfff72f0, original_in_execution = 0 '\0', calling_scope = 0x8e3788,
  symbol_table = 0x7ac168, prev_execute_data = 0x0}
        binary_op = (int (*)(zval *, zval *, zval *)) 0
        incdec_op = 0
        prop_dim = 9307184
        type = 0
#3  0x0000000000589db4 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at /local/jorton/php/HEAD64/Zend/zend.c:1053
        files = {{gp_offset = 40, fp_offset = 48, overflow_arg_area = 0x7fbfff9280,
    reg_save_area = 0x7fbfff9190}}
        i = 1
        file_handle = (zend_file_handle *) 0x7fbfffb630
        orig_op_array = (zend_op_array *) 0x0
        local_retval = (zval *) 0x0
#4  0x000000000055762f in php_execute_script (primary_file=0x7fbfffb630)
    at /local/jorton/php/HEAD64/main/main.c:1635
        orig_bailout = {{__jmpbuf = {7993760, 0, 4469120, 0, 0, 0, 548682052688, 6228305},
    __mask_was_saved = 0, __saved_mask = {__val = {0 <repeats 16 times>}}}}
        orig_bailout_set = 1 '\001'
        prepend_file_p = (zend_file_handle *) 0x0
        append_file_p = (zend_file_handle *) 0x0
        prepend_file = {type = 0 '\0', filename = 0x0, opened_path = 0x0, handle = {fd = 0,
    fp = 0x0, stream = {handle = 0x0, reader = 0, closer = 0, interactive = 0}},
  free_filename = 0 '\0'}
        append_file = {type = 0 '\0', filename = 0x0, opened_path = 0x0, handle = {fd = 0,
    fp = 0x0, stream = {handle = 0x0, reader = 0, closer = 0, interactive = 0}},
  free_filename = 0 '\0'}
        old_cwd = 0x7fbfff9288 ""
        old_primary_file_path = 0x7fbfffeaa4 "../bug30128.php"
        retval = 0
#5  0x00000000005f104d in main (argc=3, argv=0x7fbfffb798)
    at /local/jorton/php/HEAD64/sapi/cli/php_cli.c:943
        orig_bailout = {{__jmpbuf = {0, 0, 0, 0, 0, 0, 0, 0}, __mask_was_saved = 0,
    __saved_mask = {__val = {0 <repeats 16 times>}}}}
        exit_status = 0
        c = -1
        file_handle = {type = 5 '\005', filename = 0x7fbfffa2c0 "/local/jorton/php/bug30128.php",
  opened_path = 0x0, handle = {fd = 9205152, fp = 0x8c75a0, stream = {handle = 0x8c75a0,
      reader = 0x596c80 <zend_stream_stdio_reader>, closer = 0x596ca0 <zend_stream_stdio_closer>,
      interactive = 0}}, free_filename = 0 '\0'}
        behavior = 1
        orig_optind = 1
        orig_optarg = 0x0
        arg_free = 0x7fbfffeaa4 "../bug30128.php"
        arg_excp = (char **) 0x8c9528
        script_file = 0x7fbfffeaa4 "../bug30128.php"
        global_vars = {head = 0x0, tail = 0x0, count = 0, size = 8, dtor = 0, persistent = 0 '\0',
  traverse_ptr = 0x411ea0}
        interactive = 0
        module_started = 1
        lineno = 1
        exec_direct = 0x0
        exec_run = 0x0
        exec_begin = 0x0
        exec_end = 0x0
        param_error = 0x0
        hide_argv = 0

[2004-11-28 15:24 UTC] tony2001@php.net

Please try using this CVS snapshot:

  http://snaps.php.net/php5-STABLE-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5.0-win32-latest.zip

Seems to be fixed, please try CVS snapshot.

[2004-12-06 01:00 UTC] php-bugs at lists dot php dot net

No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Sun May 11 13:01:28 2025 UTC