PHP :: Bug #42317 :: The JVM cores in at _zval_ptr

Bug #42317	The JVM cores in at _zval_ptr_dtor()
Submitted:	2007-08-16 12:02 UTC	Modified:	2007-08-31 01:00 UTC
From:	jfclere at gmail dot com	Assigned:
Status:	No Feedback	Package:	Reproducible crash
PHP Version:	5.2.3	OS:	RHEL 5 + JRockit
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	jfclere at gmail dot com
New email:
PHP Version:		OS:

New Comment:

[2007-08-16 12:02 UTC] jfclere at gmail dot com

Description:
------------
When accessing to a php page via our php servlet on IA64 with JRockit 1.5.x we get a core.

Reproduce code:
---------------
That is an embbedded php in a JVM. Any php code causes the problem.

Expected result:
----------------
A page to be displayed.

Actual result:
--------------
+++
Thread Stack Trace:
    at _zval_ptr_dtor(zend_execute_API.c:412)@0x4a520e80
    at zend_do_fcall_common_helper_SPEC(zend_execute.h:155)@0x4a59f1a0
    at execute(zend_vm_execute.h:92)@0x4a59e4d0
    at zend_do_fcall_common_helper_SPEC(zend_vm_execute.h:234)@0x4a59ec80
    at execute(zend_vm_execute.h:92)@0x4a59e4d0
    at zend_execute_scripts(zend.c:1135)@0x4a54d560
    at php_execute_script(main.c:1794)@0x4a4984a0
    at Java_org_jboss_web_php_Handler_php()@0x45372770
+++

The problem is fixed by adding in _zval_ptr_dtor:
+++
        if (*zval_ptr == NULL)
                return;
+++

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2007-08-16 14:29 UTC] jfclere at gmail dot com

If *zval_ptr is NULL the actual code in php-5.2.3/Zend/zend_execute_API.c will core on some platforms

This is fixed by applying the following patch:
+++
--- php-5.2.3/Zend/zend_execute_API.c   2007-08-16 08:12:59.927931000 -0400
+++ php-5.2.3/Zend/zend_execute_API.c   2007-08-16 10:12:26.919010000 -0400
@@ -406,6 +406,8 @@

 ZEND_API void _zval_ptr_dtor(zval **zval_ptr ZEND_FILE_LINE_DC)
 {
+        if (*zval_ptr == NULL)
+                return;
 #if DEBUG_ZEND>=2
        printf("Reducing refcount for %x (%x):  %d->%d\n", *zval_ptr, zval_ptr, (*zval_ptr)->refcount, (*zval_ptr)->refcount-1);
 #endif
+++

[2007-08-16 22:35 UTC] jani@php.net

I'm more interested on what platform and configuration you need this "fix" since it's not proper fix.

[2007-08-16 22:36 UTC] jani@php.net

Also, you should provide any patches against the latest sources:
http://snaps.php.net/php5.2-latest.tar.gz

Please try the snapshot first (without any patches!).

[2007-08-23 01:31 UTC] stas@php.net

PHP engine intentionally doesn't check pointers for nulls where they can't be nulls so that these checks won't mask a real bug. The real bug seems to be in the code that passed null pointer to zval_ptr_dtor, so that's where the fix should be.

[2007-08-31 01:00 UTC] php-bugs at lists dot php dot net

No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Mon Nov 25 16:01:31 2024 UTC