PHP :: Bug #63596 :: finally in generators segfaults since the new finally implementation

Bug #63596	finally in generators segfaults since the new finally implementation
Submitted:	2012-11-24 16:57 UTC	Modified:	-
From:	nikic@php.net	Assigned:
Status:	Closed	Package:	Scripting Engine problem
PHP Version:	master-Git-2012-11-24 (Git)	OS:
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	nikic@php.net
New email:
PHP Version:		OS:

New Comment:

[2012-11-24 16:57 UTC] nikic@php.net

Description:
------------
Since https://github.com/php/php-src/commit/eb4825b50b1f4d20b574d8f66acf26e35180e7e6 the test Zend/tests/generators/finally_ran_on_close.phpt segfaults.

Output:

before yield
finally run
Segmentation fault (core dumped)

Backtrace:

Program received signal SIGSEGV, Segmentation fault.
0x086c6e21 in execute_ex (execute_data=0xb7fb868c, tsrm_ls=0x8d4a070)
    at /home/nikic/dev/php-src/Zend/zend_vm_execute.h:435
435			if ((ret = OPLINE->handler(execute_data TSRMLS_CC)) > 0) {
(gdb) bt
#0  0x086c6e21 in execute_ex (execute_data=0xb7fb868c, tsrm_ls=0x8d4a070)
    at /home/nikic/dev/php-src/Zend/zend_vm_execute.h:435
#1  0x086b43d7 in zend_generator_resume (generator=0xb7fb7f20, 
    tsrm_ls=0x8d4a070) at /home/nikic/dev/php-src/Zend/zend_generators.c:535
#2  0x086b2bf6 in zend_generator_close (generator=0xb7fb7f20, 
    finished_execution=0 '\000', tsrm_ls=0x8d4a070)
    at /home/nikic/dev/php-src/Zend/zend_generators.c:64
#3  0x086b30b1 in zend_generator_free_storage (generator=0xb7fb7f20, 
    tsrm_ls=0x8d4a070) at /home/nikic/dev/php-src/Zend/zend_generators.c:195
#4  0x086bfb8e in zend_objects_store_del_ref_by_handle_ex (handle=1, 
    handlers=0x8d47700, tsrm_ls=0x8d4a070)
    at /home/nikic/dev/php-src/Zend/zend_objects_API.c:220
#5  0x086bf7fd in zend_objects_store_del_ref (zobject=0xb7fb6214, 
    tsrm_ls=0x8d4a070) at /home/nikic/dev/php-src/Zend/zend_objects_API.c:172
#6  0x08684659 in _zval_dtor_func (zvalue=0xb7fb6214, 
    __zend_filename=0x8c87e44 "/home/nikic/dev/php-src/Zend/zend_execute_API.c", __zend_lineno=439) at /home/nikic/dev/php-src/Zend/zend_variables.c:54
#7  0x08672b43 in _zval_dtor (__zend_lineno=<optimized out>, 
    __zend_filename=0x8c87e44 "/home/nikic/dev/php-src/Zend/zend_execute_API.c", zvalue=0xb7fb6214) at /home/nikic/dev/php-src/Zend/zend_variables.h:35
#8  _zval_ptr_dtor (zval_ptr=0xb7fb7bc0, 
    __zend_filename=0x8c89164 "/home/nikic/dev/php-src/Zend/zend_variables.c", 
    __zend_lineno=182) at /home/nikic/dev/php-src/Zend/zend_execute_API.c:439
#9  0x08684a5e in _zval_ptr_dtor_wrapper (zval_ptr=0xb7fb7bc0)
    at /home/nikic/dev/php-src/Zend/zend_variables.c:182
#10 0x08698ac5 in zend_hash_del_key_or_index (ht=0x8d4bb88, 
    arKey=0xb7fb7da4 "gen", nKeyLength=4, h=2090288735, flag=2)
    at /home/nikic/dev/php-src/Zend/zend_hash.c:531
#11 0x08677af9 in zend_delete_variable (ex=0x0, ht=0x8d4bb88, 
    name=0xb7fb7da4 "gen", name_len=4, hash_value=2090288735, 
    tsrm_ls=0x8d4a070) at /home/nikic/dev/php-src/Zend/zend_execute_API.c:1703
#12 0x087d8ec9 in ZEND_UNSET_VAR_SPEC_CV_UNUSED_HANDLER (
    execute_data=0xb7f9a07c, tsrm_ls=0x8d4a070)
    at /home/nikic/dev/php-src/Zend/zend_vm_execute.h:38546
#13 0x086c6e2d in execute_ex (execute_data=0xb7f9a07c, tsrm_ls=0x8d4a070)
    at /home/nikic/dev/php-src/Zend/zend_vm_execute.h:435
#14 0x086c6f18 in execute (op_array=0xb7fb6acc, tsrm_ls=0x8d4a070)
    at /home/nikic/dev/php-src/Zend/zend_vm_execute.h:460
#15 0x08688d5d in zend_execute_scripts (type=8, tsrm_ls=0x8d4a070, retval=0x0, 
    file_count=3) at /home/nikic/dev/php-src/Zend/zend.c:1309
#16 0x085ea548 in php_execute_script (primary_file=0xbfffe0d0, 
    tsrm_ls=0x8d4a070) at /home/nikic/dev/php-src/main/main.c:2468
#17 0x087e75b1 in do_cli (argc=2, argv=0xbffff374, tsrm_ls=0x8d4a070)
    at /home/nikic/dev/php-src/sapi/cli/php_cli.c:988
#18 0x087e8aec in main (argc=2, argv=0xbffff374)
    at /home/nikic/dev/php-src/sapi/cli/php_cli.c:1364


The relevant code in the generator storage free handler: http://lxr.php.net/xref/PHP_TRUNK/Zend/zend_generators.c#36.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2012-11-24 18:24 UTC] nikic@php.net

Automatic comment on behalf of nikic
Revision: http://git.php.net/?p=php-src.git;a=commit;h=60871e51ada0644f258c991d67adba22d38f8a7b
Log: Fix bug #63596: finally in generators segfaults

[2012-11-24 18:24 UTC] nikic@php.net

-Status: Open +Status: Closed

[2012-12-19 17:55 UTC] derick@php.net

Automatic comment on behalf of nikic
Revision: http://git.php.net/?p=php-src.git;a=commit;h=60871e51ada0644f258c991d67adba22d38f8a7b
Log: Fix bug #63596: finally in generators segfaults

[2013-11-17 09:32 UTC] laruence@php.net

Automatic comment on behalf of nikic
Revision: http://git.php.net/?p=php-src.git;a=commit;h=60871e51ada0644f258c991d67adba22d38f8a7b
Log: Fix bug #63596: finally in generators segfaults

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Sat May 03 17:01:27 2025 UTC