php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #67037 crash when assigning a function result after finally()
Submitted: 2014-04-07 12:26 UTC Modified: 2014-04-10 14:08 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: tony2001@php.net Assigned: dmitry (profile)
Status: Duplicate Package: Reproducible crash
PHP Version: 5.5Git-2014-04-07 (Git) OS: *
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: tony2001@php.net
New email:
PHP Version: OS:

 

 [2014-04-07 12:26 UTC] tony2001@php.net 
Description:
------------
PHP crashes on this short script.
It seems to be caused by finally(), since I'm unable to reproduce the crash if I remove it.

Test script:
---------------
<?php
function process()
{
    try {
        throw new Exception("1");
    }
    finally {
        try {
            throw new Exception("2");
        } catch (Exception $Error) {
        }
    }
}
$res = process();
?>

Expected result:
----------------
No crash =)

Actual result:
--------------
Program received signal SIGSEGV, Segmentation fault.
0x00000000006af247 in zval_delref_p (pz=0x0) at /local/git/php-src/Zend/zend.h:409
409             return --pz->refcount__gc;
(gdb) bt
#0  0x00000000006af247 in zval_delref_p (pz=0x0) at /local/git/php-src/Zend/zend.h:409
#1  0x00000000006b0ba8 in zend_pzval_unlock_func (z=0x0, should_free=0x7fffffffa3b0, unref=1) at /local/git/php-src/Zend/zend_execute.c:72
#2  0x00000000006b0cb7 in _get_zval_ptr_var (var=4294967264, execute_data=0x7ffff7f8c128, should_free=0x7fffffffa3b0)
    at /local/git/php-src/Zend/zend_execute.c:186
#3  0x0000000000714fdf in ZEND_ASSIGN_SPEC_CV_VAR_HANDLER (execute_data=0x7ffff7f8c128) at /local/git/php-src/Zend/zend_vm_execute.h:36930
#4  0x00000000006b532b in execute_ex (execute_data=0x7ffff7f8c128) at /local/git/php-src/Zend/zend_vm_execute.h:363
#5  0x00000000006b539c in zend_execute (op_array=0x7ffff7fc9320) at /local/git/php-src/Zend/zend_vm_execute.h:388
#6  0x0000000000679ca6 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /local/git/php-src/Zend/zend.c:1316
#7  0x00000000005f43ea in php_execute_script (primary_file=0x7fffffffd960) at /local/git/php-src/main/main.c:2506
#8  0x0000000000720af5 in do_cli (argc=2, argv=0xbe0b10) at /local/git/php-src/sapi/cli/php_cli.c:994
#9  0x0000000000721ac3 in main (argc=2, argv=0xbe0b10) at /local/git/php-src/sapi/cli/php_cli.c:1378

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2014-04-07 16:53 UTC] dmitry@php.net
-Status: Open +Status: Assigned -Assigned To: +Assigned To: dmitry
 [2014-04-10 14:08 UTC] tony2001@php.net
-Status: Assigned +Status: Duplicate
 [2014-04-10 14:08 UTC] tony2001@php.net 
Ok, this seems to be a duplicate of bug #65784, which is already fixed in 5.6, but cannot be fixed in 5.5 due to ABI incompatible changes.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Nov 21 18:01:29 2024 UTC