php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #65372 Segfault in gc_zval_possible_root when return reference fails
Submitted: 2013-08-01 19:18 UTC Modified: 2013-08-02 16:23 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: sreed at ontraport dot com Assigned: laruence (profile)
Status: Closed Package: Reproducible crash
PHP Version: 5.4Git-2013-08-01 (Git) OS: Fedora
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: sreed at ontraport dot com
New email:
PHP Version: OS:

 

 [2013-08-01 19:18 UTC] sreed at ontraport dot com 
Description:
------------
PHP is segfaulting during shutdown in gc_zval_possible_root. This bug appears to 
have appeared in version 5.4: http://3v4l.org/qLqe3.


Test script:
---------------
https://gist.github.com/sreed-ontraport/6134324

Expected result:
----------------
Script executes and PHP exits cleanly

Actual result:
--------------
0x00000000006a0032 in gc_zval_possible_root (zv=0x7ffff7fc5108) at /tmp/php5.4-
201308011830/Zend/zend_gc.c:143
143			GC_ZOBJ_CHECK_POSSIBLE_ROOT(zv);

(gdb) bt
#0  0x00000000006a0032 in gc_zval_possible_root (zv=0x7ffff7fc5108) at 
/tmp/php5.4-201308011830/Zend/zend_gc.c:143
#1  0x00000000006a1c47 in zend_object_std_dtor (object=0x7ffff7fc8970) at 
/tmp/php5.4-201308011830/Zend/zend_objects.c:54
#2  0x00000000006a1c79 in zend_objects_free_object_storage 
(object=0x7ffff7fc8970) at /tmp/php5.4-201308011830/Zend/zend_objects.c:137
#3  0x00000000006a74c8 in zend_objects_store_free_object_storage 
(objects=0xd8a0a0 <executor_globals+960>) at /tmp/php5.4-
201308011830/Zend/zend_objects_API.c:92
#4  0x000000000067396b in shutdown_executor () at /tmp/php5.4-
201308011830/Zend/zend_execute_API.c:295
#5  0x0000000000681aa6 in zend_deactivate () at /tmp/php5.4-
201308011830/Zend/zend.c:938
#6  0x000000000062417d in php_request_shutdown (dummy=dummy@entry=0x0) at 
/tmp/php5.4-201308011830/main/main.c:1803
#7  0x0000000000726094 in do_cli (argc=2, argv=0x7fffffffe148) at /tmp/php5.4-
201308011830/sapi/cli/php_cli.c:1172
#8  0x00000000004255ca in main (argc=2, argv=0x7fffffffe148) at /tmp/php5.4-
201308011830/sapi/cli/php_cli.c:1365

Patches

bug65372.patch (last revision 2013-08-02 01:59 UTC by laruence@php.net)

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2013-08-02 01:08 UTC] laruence@php.net
-Status: Open +Status: Verified
 [2013-08-02 01:59 UTC] laruence@php.net 
The following patch has been added/updated:

Patch Name: bug65372.patch
Revision:   1375408763
URL:        https://bugs.php.net/patch-display.php?bug=65372&patch=bug65372.patch&revision=1375408763
 [2013-08-02 10:33 UTC] laruence@php.net
-Summary: Segfault in gc_zval_possible_root +Summary: Segfault in gc_zval_possible_root when return reference fails
 [2013-08-02 16:23 UTC] laruence@php.net
-Status: Verified +Status: Closed -Assigned To: +Assigned To: laruence
 [2013-08-02 16:23 UTC] laruence@php.net 
fixed in http://git.php.net/?p=php-
src.git;a=commitdiff;h=ce9169e360701ea3b1ab2366171c24d4de5e78e3
 [2013-08-06 07:39 UTC] laruence@php.net 
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=a831499b4a1029118dc45375e62af42043110ade
Log: Re-fix Bug #65372 (Segfault in gc_zval_possible_root when return reference fails)
 [2014-10-07 23:17 UTC] stas@php.net 
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=a831499b4a1029118dc45375e62af42043110ade
Log: Re-fix Bug #65372 (Segfault in gc_zval_possible_root when return reference fails)
 [2014-10-07 23:28 UTC] stas@php.net 
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=a831499b4a1029118dc45375e62af42043110ade
Log: Re-fix Bug #65372 (Segfault in gc_zval_possible_root when return reference fails)
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Nov 21 12:01:29 2024 UTC