php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #45434 circular reference causes segfault in gc_collect_cycles()
Submitted: 2008-07-04 20:14 UTC Modified: 2008-07-08 08:16 UTC
From: php at benjaminschulz dot com Assigned: dmitry (profile)
Status: Closed Package: Reproducible crash
PHP Version: 5.3CVS-2008-07-04 (CVS) OS: linux, osx
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: php at benjaminschulz dot com
New email:
PHP Version: OS:

 

 [2008-07-04 20:14 UTC] php at benjaminschulz dot com 
Description:
------------
A circular reference causes gc_collect_cycles() to segfault. I know there is another bug that looks similar (#36482) but i think this is a far better (because simpler) test case.

Reproduce code:
---------------
<?php
class foo {
    public $foo;

    public function __destruct() {
        throw new Exception("foobar");
    }
}

$f1 = new foo;
$f2 = new foo;
$f1->foo = $f2;
$f2->foo = $f1;
unset($f1, $f2);
// triggers a segfault
gc_collect_cycles();


Actual result:
--------------
$ php test.php 
Segmentation fault

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2008-07-04 20:25 UTC] php at benjaminschulz dot com 
Oops, i missed one important point: the segfault occurs if an exception is thrown ;) Sorry, it's too late for me today.
 [2008-07-04 20:59 UTC] johannes@php.net 
(gdb) bt
#0  0x082d6232 in zend_objects_destroy_object (object=0x89f0bc0, handle=2)
    at /home/johannes/src/php/PHP_5_3/Zend/zend_objects.c:111
#1  0x082d5146 in gc_collect_cycles ()
    at /home/johannes/src/php/PHP_5_3/Zend/zend_gc.c:561
#2  0x082c9223 in zif_gc_collect_cycles (ht=0, return_value=0x89ef718, 
    return_value_ptr=0x0, this_ptr=0x0, return_value_used=0)
    at /home/johannes/src/php/PHP_5_3/Zend/zend_builtin_functions.c:184
#3  0x082f2361 in zend_do_fcall_common_helper_SPEC (execute_data=0x8a1fd20)
    at /home/johannes/src/php/PHP_5_3/Zend/zend_vm_execute.h:313
#4  0x082e039e in execute (op_array=0x89ede88)
    at /home/johannes/src/php/PHP_5_3/Zend/zend_vm_execute.h:104
#5  0x082ba286 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at /home/johannes/src/php/PHP_5_3/Zend/zend.c:1198
#6  0x08269487 in php_execute_script (primary_file=0xbff2c988)
    at /home/johannes/src/php/PHP_5_3/main/main.c:2082
#7  0x0832dcc4 in main (argc=1, argv=0xbff2cae4)
    at /home/johannes/src/php/PHP_5_3/sapi/cli/php_cli.c:1139
 [2008-07-08 08:16 UTC] dmitry@php.net 
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Sun Jul 06 15:01:35 2025 UTC