PHP :: Bug #63984 :: Generators segfault

Bug #63984	Generators segfault
Submitted:	2013-01-14 11:20 UTC	Modified:	2013-01-14 23:53 UTC
From:	arpad@php.net	Assigned:	nikic (profile)
Status:	Duplicate	Package:	Reproducible crash
PHP Version:	5.5.0alpha2	OS:	Linux
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	arpad@php.net
New email:
PHP Version:		OS:

New Comment:

[2013-01-14 11:20 UTC] arpad@php.net

Description:
------------
Can't provide a reproduce script yet I'm afraid, but I have a tree of objects, some of which are generators. I think this segfault is happening when destroying the tree. The generators are likely to not have finished iterating at this point.

Program received signal SIGSEGV, Segmentation fault.
_zval_ptr_dtor (zval_ptr=0x7ffff8e08f38) at /home/arpad/w/php/php-src/Zend/zend_execute_API.c:428
428		i_zval_ptr_dtor(*zval_ptr ZEND_FILE_LINE_RELAY_CC);
(gdb) bt
#0  _zval_ptr_dtor (zval_ptr=0x7ffff8e08f38) at /home/arpad/w/php/php-src/Zend/zend_execute_API.c:428
#1  0x00007ffff417f674 in zend_generator_close (generator=0x7ffff8e084c8, finished_execution=<value optimised out>)
    at /home/arpad/w/php/php-src/Zend/zend_generators.c:132
#2  0x00007ffff417f7cb in zend_generator_free_storage (generator=0x7ffff8e084c8)
    at /home/arpad/w/php/php-src/Zend/zend_generators.c:180
#3  0x00007ffff4185823 in zend_objects_store_free_object_storage (objects=0x7ffff485bf20)
    at /home/arpad/w/php/php-src/Zend/zend_objects_API.c:92
#4  0x00007ffff414e983 in shutdown_executor () at /home/arpad/w/php/php-src/Zend/zend_execute_API.c:295
#5  0x00007ffff415d8f5 in zend_deactivate () at /home/arpad/w/php/php-src/Zend/zend.c:938
#6  0x00007ffff40fe3ec in php_request_shutdown (dummy=<value optimised out>) at /home/arpad/w/php/php-src/main/main.c:1799
#7  0x00007ffff420c2f7 in php_apache_request_dtor (r=0x7ffff8a087f0)
    at /home/arpad/w/php/php-src/sapi/apache2handler/sapi_apache2.c:507
#8  php_handler (r=0x7ffff8a087f0) at /home/arpad/w/php/php-src/sapi/apache2handler/sapi_apache2.c:679
#9  0x00007ffff7fd5478 in ap_run_handler (r=0x7ffff8a087f0) at /build/buildd/apache2-2.2.17/server/config.c:159
#10 0x00007ffff7fd58dc in ap_invoke_handler (r=0x7ffff8a087f0) at /build/buildd/apache2-2.2.17/server/config.c:377
#11 0x00007ffff7fe4cfc in ap_internal_redirect (new_uri=<value optimised out>, r=<value optimised out>)
    at /build/buildd/apache2-2.2.17/modules/http/http_request.c:549
#12 0x00007fffefdc612d in ?? () from /usr/lib/apache2/modules/mod_rewrite.so
#13 0x00007ffff7fd5478 in ap_run_handler (r=0x7ffff8830270) at /build/buildd/apache2-2.2.17/server/config.c:159
---Type <return> to continue, or q <return> to quit---
#14 0x00007ffff7fd58dc in ap_invoke_handler (r=0x7ffff8830270) at /build/buildd/apache2-2.2.17/server/config.c:377
#15 0x00007ffff7fe56c0 in ap_process_request (r=0x7ffff8830270) at /build/buildd/apache2-2.2.17/modules/http/http_request.c:282
#16 0x00007ffff7fe2698 in ap_process_http_connection (c=0x7ffff865bab0) at /build/buildd/apache2-2.2.17/modules/http/http_core.c:190
#17 0x00007ffff7fdc058 in ap_run_process_connection (c=0x7ffff865bab0) at /build/buildd/apache2-2.2.17/server/connection.c:43
#18 0x00007ffff7fea6c0 in child_main (child_num_arg=<value optimised out>)
    at /build/buildd/apache2-2.2.17/server/mpm/prefork/prefork.c:662
#19 0x00007ffff7fea986 in make_child (s=0x7ffff8214938, slot=0) at /build/buildd/apache2-2.2.17/server/mpm/prefork/prefork.c:707
#20 0x00007ffff7feb163 in ap_mpm_run (_pconf=<value optimised out>, plog=<value optimised out>, s=<value optimised out>)
    at /build/buildd/apache2-2.2.17/server/mpm/prefork/prefork.c:983
#21 0x00007ffff7fc03aa in main (argc=2, argv=0x7fffffffe5f8) at /build/buildd/apache2-2.2.17/server/main.c:741

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2013-01-14 11:43 UTC] arpad@php.net

Also the generators are all closures, the following is one of the simpler ones:

		$exp = new Ruler_Expression_Anonymous;
		$exp->provides = array('friend');

		$self = $this;
		$friends = $this->friends;

		$exp->func = function() use ($self, $friends) {
			foreach ($friends as $id => $name) {
				yield [
					'friend' => new Resource_User($id, $self),
				];
			}
		};

Bit more information from GDB (frame 1 in the above backtrace):

(gdb) p stack_frame
$1 = (void **) 0x7ffff8e08f38
(gdb) p *stack_frame
$2 = (void *) 0x0

[2013-01-14 15:13 UTC] laruence@php.net

-Assigned To: +Assigned To: nikic

[2013-01-14 15:21 UTC] nikic@php.net

Do you know whether this segfault happens in conjunction with a fatal error? It's probably the same as https://bugs.php.net/bug.php?id=63830.

[2013-01-14 15:28 UTC] arpad@php.net

I think it's when "exit" is called during the execution of the generator, wasn't getting any errors though. I'll put together a repro script later.

[2013-01-14 15:53 UTC] nikic@php.net

@arpad: If it happens when exit; is called then it's basically the same issue, just a different cause. I'll try to fix this issue sometime soon.

[2013-01-14 23:53 UTC] arpad@php.net

Yes indeed, cheers Nikita.

[2013-01-14 23:53 UTC] arpad@php.net

-Status: Assigned +Status: Duplicate

[2013-01-14 23:53 UTC] arpad@php.net

Duplicate of #63830

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Wed Feb 05 21:01:34 2025 UTC