PHP :: Bug #32254 :: Nested try-catch blocks may cause segfault

Bug #32254	Nested try-catch blocks may cause segfault
Submitted:	2005-03-09 14:52 UTC	Modified:	2005-03-20 02:04 UTC
From:	shulmanb at il dot ibm dot com	Assigned:
Status:	Closed	Package:	Scripting Engine problem
PHP Version:	5CVS-2005-03-09 (dev)	OS:	Linux
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	shulmanb at il dot ibm dot com
New email:
PHP Version:		OS:

New Comment:

[2005-03-09 14:52 UTC] shulmanb at il dot ibm dot com

Description:
------------
When compiled with --enable-maintainer-zts, having nested try-catch blocks may cause segfaults in some cases.

In the following code fragment, commenting out the outer try-catch block solves the segfault.

This DOES NOT HAPPEN when compiled with debug symbols.

This may be related to bug #32252 (for instance, if the index to $list is positive, crash does not occur).

Reproduce code:
---------------
class a implements ArrayAccess {
    function offsetExists ($offset) { return false; }
    function offsetGet ($offset) { return null; }
    function offsetSet ($offset, $value) { throw new Exception ("Oops"); }
    function offsetUnset ($offset) { }
}
function test () {
    try {
        $list = new a();
        $caught = 0;
        try {
            $list[-1] = 123;
        } catch (Exception $e) {
            $caught = 1;
        }
        if (!$caught)
            return false;
        return true;
    }
    catch (Exception $e) {
        return false;
    }
}
print test();

Expected result:
----------------
The output should be "1"

Actual result:
--------------
Segmentation fault.

PHP was compiled without debug symbols. The stack trace provided by gdb was:

#0  0x08184ecd in zend_hash_destroy (ht=0x8c579c08)
    at /root/php-5.0.3/Zend/zend_hash.c:524

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2005-03-09 21:45 UTC] tony2001@php.net

Please try using this CVS snapshot:

  http://snaps.php.net/php5-STABLE-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5.0-win32-latest.zip

Works fine here.

[2005-03-10 08:01 UTC] shulmanb at il dot ibm dot com

Latest snapshot does not cause a segfault on Linux.

However, the probably related bug #32252 still happens on Windows with latest snapshot, so it's probable that memory corruption still occurs.

[2005-03-20 02:04 UTC] sniper@php.net

This bug is then fixed if not happening anymore.
btw. It's really not wise to compile PHP with --enable-maintainer-zts..

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Fri Jul 18 23:00:02 2025 UTC