php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #64997 Segfault while using RecursiveIteratorIterator on 64-bits systems
Submitted: 2013-06-08 23:22 UTC Modified: 2013-06-09 14:17 UTC
From: cyrille dot faucheux+php at gmail dot com Assigned: laruence (profile)
Status: Closed Package: Reproducible crash
PHP Version: 5.5Git-2013-06-08 (Git) OS: Debian Jessie 64-bits
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: cyrille dot faucheux+php at gmail dot com
New email:
PHP Version: OS:

 

 [2013-06-08 23:22 UTC] cyrille dot faucheux+php at gmail dot com 
Description:
------------
I was playing with the Respect data validation library from [1], which makes use of Recursive*Iterator to retrieve validation errors.

On my 64-bits Debian Jessie, retrieving the errors with the getFullMessage() function causes a segfault. On a 32-bits one, everything works as expected. May be related to bug #48206.

This bug is reproducible with the versions 5.4.4-15 (packaged by Debian) and the 5.5Git from today (bccacb6).

How to reproduce:
- Clone from [1].
- Place the attached script at the root of the checkout.
- Run # php demo.php

[1]: https://github.com/Respect/Validation

Test script:
---------------
<?php // demo.php
// Place this script at the root of the Respect\Validation library

require_once 'tests/bootstrap.php';

use Respect\Validation\Validator as v;

$userValidator = v::key('name', v::string()->length(1,32))
    ->key('birthdate', v::date('Y-m-d')->minimumAge(18)->setName('age'));

try {
    $userValidator->assert(array('name' => 'bob', 'birthdate' => "1996-07-18"));
} catch (\InvalidArgumentException $e) {
    var_dump($e->getFullMessage());
}

Expected result:
----------------
Should display:

string(73) "\-These rules must pass for "Array"
  \-The age must be 18 years or more."

Actual result:
--------------
#0  0x00000000006f84d0 in gc_remove_from_buffer (root=0x5dfcbc <zim_spl_RecursiveIteratorIterator_valid+76>) at /root/Dev/php/v5.5/Zend/zend_gc.h:189
#1  gc_remove_zval_from_buffer (zv=zv@entry=0x7fffce7c89f0) at /root/Dev/php/v5.5/Zend/zend_gc.c:265
#2  0x00000000006c9948 in i_zval_ptr_dtor (zval_ptr=0x7fffce7c89f0) at /root/Dev/php/v5.5/Zend/zend_execute.h:80
#3  _zval_ptr_dtor (zval_ptr=<optimized out>) at /root/Dev/php/v5.5/Zend/zend_execute_API.c:426
#4  0x00000000006cb55d in zend_call_function (fci=fci@entry=0x7fffce7c8820, fci_cache=0x7ffd74ba0960, fci_cache@entry=0x7fffce7c87f0)
    at /root/Dev/php/v5.5/Zend/zend_execute_API.c:999
#5  0x00000000006f0bf5 in zend_call_method (object_pp=object_pp@entry=0x7fffce7c88d8, obj_ce=<optimized out>, obj_ce@entry=0x7ffd766757c8, 
    fn_proxy=fn_proxy@entry=0x7ffd76675930, function_name=function_name@entry=0xb7ff4f "__tostring", function_name_len=function_name_len@entry=10, 
    retval_ptr_ptr=retval_ptr_ptr@entry=0x7fffce7c88e8, param_count=param_count@entry=0, arg1=arg1@entry=0x0, arg2=arg2@entry=0x0)
    at /root/Dev/php/v5.5/Zend/zend_interfaces.c:97
#6  0x00000000006fcab4 in zend_std_cast_object_tostring (readobj=0x7fffce7c89f0, writeobj=0x7fffce7c8930, type=<optimized out>)
    at /root/Dev/php/v5.5/Zend/zend_object_handlers.c:1537
#7  0x00000000006d0810 in _convert_to_string (op=op@entry=0x7fffce7c89f0) at /root/Dev/php/v5.5/Zend/zend_operators.c:643
#8  0x00000000005e31c8 in spl_recursive_tree_iterator_get_entry (return_value=return_value@entry=0x7fffce7c89f0, object=0x7ffd74bb6c20, object=0x7ffd74bb6c20)
    at /root/Dev/php/v5.5/ext/spl/spl_iterators.c:1021
#9  0x00000000005e3326 in zim_spl_RecursiveTreeIterator_current (ht=0, return_value=0x7ffd74bb5dd0, return_value_ptr=<optimized out>, this_ptr=<optimized out>, 
    return_value_used=<optimized out>) at /root/Dev/php/v5.5/ext/spl/spl_iterators.c:1123
#10 0x00000000006cb868 in zend_call_function (fci=fci@entry=0x7fffce7c8c10, fci_cache=fci_cache@entry=0x7fffce7c8be0) at /root/Dev/php/v5.5/Zend/zend_execute_API.c:957
#11 0x00000000006f0bf5 in zend_call_method (object_pp=object_pp@entry=0x7fffce7c8cc8, obj_ce=<optimized out>, fn_proxy=0x2587488, 
    function_name=function_name@entry=0x7945d6 "current", function_name_len=function_name_len@entry=7, retval_ptr_ptr=retval_ptr_ptr@entry=0x7ffd74bb5aa8, 
    param_count=param_count@entry=0, arg1=arg1@entry=0x0, arg2=arg2@entry=0x0) at /root/Dev/php/v5.5/Zend/zend_interfaces.c:97
#12 0x00000000006f126e in zend_user_it_get_current_data (_iter=0x7ffd74bb5a88, data=0x7fffce7c8d00) at /root/Dev/php/v5.5/Zend/zend_interfaces.c:181
#13 0x0000000000725ebc in ZEND_FE_FETCH_SPEC_VAR_HANDLER (execute_data=0x7ffd7668b578) at /root/Dev/php/v5.5/Zend/zend_vm_execute.h:13640
#14 0x0000000000747de8 in execute_ex (execute_data=0x7ffd7668b578) at /root/Dev/php/v5.5/Zend/zend_vm_execute.h:356
#15 0x00000000006dae19 in zend_execute_scripts (type=type@entry=8, retval=retval@entry=0x0, file_count=file_count@entry=3) at /root/Dev/php/v5.5/Zend/zend.c:1316
#16 0x000000000067a5cb in php_execute_script (primary_file=primary_file@entry=0x7fffce7cb270) at /root/Dev/php/v5.5/main/main.c:2481
#17 0x000000000078b409 in do_cli (argc=2, argv=0x24aa3a0) at /root/Dev/php/v5.5/sapi/cli/php_cli.c:993
#18 0x000000000042890f in main (argc=2, argv=0x24aa3a0) at /root/Dev/php/v5.5/sapi/cli/php_cli.c:1377

Patches

bug64997.patch (last revision 2013-06-09 10:43 UTC by laruence@php.net)
bug64977.patch (last revision 2013-06-09 10:33 UTC by laruence@php.net)

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2013-06-09 10:33 UTC] laruence@php.net 
The following patch has been added/updated:

Patch Name: bug64977.patch
Revision:   1370774035
URL:        https://bugs.php.net/patch-display.php?bug=64997&patch=bug64977.patch&revision=1370774035
 [2013-06-09 10:43 UTC] laruence@php.net 
The following patch has been added/updated:

Patch Name: bug64997.patch
Revision:   1370774591
URL:        https://bugs.php.net/patch-display.php?bug=64997&patch=bug64997.patch&revision=1370774591
 [2013-06-09 10:46 UTC] laruence@php.net
-Status: Open +Status: Feedback
 [2013-06-09 10:46 UTC] laruence@php.net 
could you verify the fix works?

I can not reproduce segfault, but do see some warnings in valgrind, so I think 
this fix should solve your problem..

thanks
 [2013-06-09 12:12 UTC] cyrille dot faucheux+php at gmail dot com
-Status: Feedback +Status: Open
 [2013-06-09 12:12 UTC] cyrille dot faucheux+php at gmail dot com 
I've just build branches 5.4 & 5.5 with this patch on my 64-bits Debian Jessie, no more segfault.
 [2013-06-09 14:17 UTC] laruence@php.net
-Assigned To: +Assigned To: laruence
 [2013-06-09 14:17 UTC] laruence@php.net 
Okey, thanks, I will commit it.
 [2013-06-09 14:26 UTC] laruence@php.net 
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=75c57122e36897c81c33dae81c436f7bad65e35c
Log: Fixed bug #64997 (Segfault while using RecursiveIteratorIterator on 64-bits systems)
 [2013-06-09 14:26 UTC] laruence@php.net
-Status: Assigned +Status: Closed
 [2014-10-07 23:18 UTC] stas@php.net 
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=75c57122e36897c81c33dae81c436f7bad65e35c
Log: Fixed bug #64997 (Segfault while using RecursiveIteratorIterator on 64-bits systems)
 [2014-10-07 23:30 UTC] stas@php.net 
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=75c57122e36897c81c33dae81c436f7bad65e35c
Log: Fixed bug #64997 (Segfault while using RecursiveIteratorIterator on 64-bits systems)
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Wed Jan 22 01:01:32 2025 UTC