php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #35017 PHP crashes Apache
Submitted: 2005-10-29 10:56 UTC Modified: 2005-10-31 20:40 UTC
Votes:4
Avg. Score:4.5 ± 0.9
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: assen dot todorov at onvista dot de Assigned: dmitry (profile)
Status: Closed Package: Scripting Engine problem
PHP Version: 5CVS-2005-10-29 (cvs) OS: Linux
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: assen dot todorov at onvista dot de
New email:
PHP Version: OS:

 

 [2005-10-29 10:56 UTC] assen dot todorov at onvista dot de 
Description:
------------
The code below was tested on WindowsXP + PHP(5.0.5) + Apache(1.3.33) AND Linux + PHP(5.0.5) + Apache(Apache/2.0.53).In both cases this code leads to crash in Apache.The message is "Segmentation fault ......."

Reproduce code:
---------------
set_error_handler('errorHandler');
$crashApache = new crashApache;
try {
	$a = array('test'); $result = array();
	foreach($a as $b) {
		$result[] = $b; $nullValue = null;
		foreach($nullValue as $c) {
			$result[] = $c;
		}
	}
	$crashApache->start($result);
}
catch(Exception $e) { echo 'This Exception should be catched'; }
class crashApache {
	public $someVar = array();
	public function start(&$crashParam) {
		$this->someVar = $crashParam;
	}
}
function errorHandler($errno, $errstr, $errfile, $errline, $vars) {
	throw new Exception('Some Exception');
}

Expected result:
----------------
I expect to see the the message "This Exception should be catched"

Actual result:
--------------
Apache crashes with "segmentation fault" message.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-10-29 11:07 UTC] assen dot todorov at onvista dot de 
On the seccond "foreach" the error handler is called and an exception is thrown.In spite of this the line "$crashApache->start($result);" is executed and the exception is newer catched
 [2005-10-29 12:57 UTC] derick@php.net 
With PHP 5.1.0RC4-dev I get:

Fatal error: Invalid opcode 137/16/8. in - on line 18

And on PHP 5.0.6-dev I get:
Segmentation fault

And the following backtrace:
#0  0x00000000 in ?? ()
#1  0x08320690 in execute (op_array=0x860e42c)
    at /dat/dev/php/php-5.0dev/Zend/zend_execute.c:1438
#2  0x08323ef0 in zend_do_fcall_common_helper (execute_data=0xbfffd4a0,
    opline=0x860bca4, op_array=0x8606cbc)
    at /dat/dev/php/php-5.0dev/Zend/zend_execute.c:2790
#3  0x0832439d in zend_do_fcall_by_name_handler (execute_data=0xbfffd4a0,
    opline=0x860bca4, op_array=0x8606cbc)
    at /dat/dev/php/php-5.0dev/Zend/zend_execute.c:2877
#4  0x08320690 in execute (op_array=0x8606cbc)
    at /dat/dev/php/php-5.0dev/Zend/zend_execute.c:1438
#5  0x082f7726 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at /dat/dev/php/php-5.0dev/Zend/zend.c:1064
#6  0x082af0d5 in php_execute_script (primary_file=0xbffff8e0)
    at /dat/dev/php/php-5.0dev/main/main.c:1643
#7  0x0832dbc0 in main (argc=1, argv=0xbffff9a4)
    at /dat/dev/php/php-5.0dev/sapi/cli/php_cli.c:946

Some more info:
(gdb) frame 1
#1  0x08320690 in execute (op_array=0x860e42c)
    at /dat/dev/php/php-5.0dev/Zend/zend_execute.c:1438
warning: Source file is more recent than executable.

1438                    if (EX(opline)->handler(&execute_data, EX(opline), op_array TSRMLS_CC)) {
(gdb) print executor_globals.current_execute_data.opline
$1 = (struct _zend_op *) 0x860d1cc
(gdb) print executor_globals.current_execute_data.opline.handler
$2 = 0
 [2005-10-31 20:40 UTC] dmitry@php.net 
Fixed in CVS HEAD and PHP 5.1.

The reason if memory leaks in the given test after fix - is bug #34065
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Thu Jan 30 16:01:30 2025 UTC