PHP :: Bug #46112 :: Segfault when throwing exception during class construction (PHP_5

Bug #46112	Segfault when throwing exception during class construction (PHP_5_2 only)
Submitted:	2008-09-18 10:04 UTC	Modified:	2009-05-09 01:00 UTC
From:	erikg at codepoet dot no	Assigned:	fb-req-jani (profile)
Status:	No Feedback	Package:	Scripting Engine problem
PHP Version:	5.2CVS-2008-10-07	OS:	Linux (64bit only)
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	erikg at codepoet dot no
New email:
PHP Version:		OS:

New Comment:

[2008-09-18 10:04 UTC] erikg at codepoet dot no

Description:
------------
Apache segfaults when throwing an exception in a function whose return value is used to construct a class within another class' constructor.

That sentence made my head hurt, just read the code :) I haven't been able to remove any code while still reproducing the crash.

Reproduce code:
---------------
function error($item) {
	throw new Exception("error");
}

class Foo {
	function __construct() {
		new Bar(error($item));
	}
}

class Bar {
	function __construct($param) {
	}
}

new Foo();

Expected result:
----------------
Foo object to be instantiated

Actual result:
--------------
Apache segfaults

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2008-09-18 10:07 UTC] erikg at codepoet dot no

Oops, the $item variables weren't supposed to be there. Doesn't matter though, the segfault still triggers.

[2008-09-18 14:26 UTC] scottmac@php.net

Please try using this CVS snapshot:

  http://snaps.php.net/php5.2-latest.tar.gz
 
For Windows (zip):
 
  http://snaps.php.net/win32/php5.2-win32-latest.zip

For Windows (installer):

  http://snaps.php.net/win32/php5.2-win32-installer-latest.msi

I can't reproduce this.

PHP Fatal error:  Uncaught exception 'Exception' with message 'error' in /tmp/test.php:3
Stack trace:
#0 /tmp/test.php(8): error()
#1 /tmp/test.php(17): Foo->__construct()
#2 {main}
  thrown in /tmp/test.php on line 3

[2008-09-19 11:57 UTC] erikg at codepoet dot no

CVS works when compiled on my laptop (32-bit Intel Core2), but still segfaults when compiled on a development server (64-bit AMD Opteron running in 32-bit mode).

Here is a backtrace (unfortunately only have debugging-symbols in apache and php, but it should be sufficient):

#0  0xb766c676 in zend_do_fcall_common_helper_SPEC ()
   from /usr/lib/apache/libphp5.so
#1  0xb7658758 in execute () from /usr/lib/apache/libphp5.so
#2  0xb762f886 in zend_execute_scripts () from /usr/lib/apache/libphp5.so
#3  0xb75e519a in php_execute_script () from /usr/lib/apache/libphp5.so
#4  0xb76a9f31 in php_handler () from /usr/lib/apache/libphp5.so
#5  0x08084fa8 in ap_run_handler ()
#6  0x080884f1 in ap_invoke_handler ()
#7  0x080c1056 in ap_process_request ()
#8  0x080bdab8 in ?? ()
#9  0x08410a88 in ?? ()
#10 0x00000004 in ?? ()
#11 0x08410a88 in ?? ()
#12 0x00000014 in ?? ()
#13 0x00000001 in ?? ()
#14 0x081eba60 in ?? ()
#15 0xbfbc4be8 in ?? ()
#16 0x0808ce98 in ap_run_process_connection ()

[2008-10-07 17:44 UTC] erikg at codepoet dot no

The crash doesn't occur when I compile PHP with debug symbols - no idea why.

[2008-10-07 17:56 UTC] felipe@php.net

Please try using this CVS snapshot:

  http://snaps.php.net/php5.2-latest.tar.gz
 
For Windows (zip):
 
  http://snaps.php.net/win32/php5.2-win32-latest.zip

For Windows (installer):

  http://snaps.php.net/win32/php5.2-win32-installer-latest.msi

[2008-10-07 19:11 UTC] erikg at codepoet dot no

I can still reproduce the crash with the latest 5.2 snapshot. However, it seems to work fine using the 5.3 snapshot.

[2008-10-31 15:57 UTC] jani@php.net

Can you try running via valgrind using latest snapshot:

# USE_ZEND_ALLOC=0 valgrind --leak-check=full sapi/cli/php test.php

[2008-11-08 01:00 UTC] php-bugs at lists dot php dot net

No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".

[2009-05-01 21:28 UTC] felipe@php.net

Please try using this CVS snapshot:

  http://snaps.php.net/php5.2-latest.tar.gz
 
For Windows:

  http://windows.php.net/snapshots/

[2009-05-09 01:00 UTC] php-bugs at lists dot php dot net

No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Fri Oct 24 20:00:01 2025 UTC