php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #70970 Segfault when combining error handler with output buffering
Submitted: 2015-11-25 13:30 UTC Modified: 2015-11-25 16:08 UTC
From: sebastian@php.net Assigned: laruence (profile)
Status: Closed Package: Output Control
PHP Version: 7.0Git-2015-11-25 (Git) OS: Linux
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: sebastian@php.net
New email:
PHP Version: OS:

 

 [2015-11-25 13:30 UTC] sebastian@php.net 
Description:
------------
While researching the changes made to output buffering in PHP 7 for a book I am working on with Arne Blankerts and Stefan Priebsch, Arne discovered the segfault shown below.

Of course, the code shown does not make any sense. Yet it should not lead to a segfault in PHP.

Test script:
---------------
<?php
function exception_error_handler($severity, $message, $file, $line)
{
    throw new ErrorException($message, 0, $severity, $file, $line);
}

set_error_handler('exception_error_handler');

function obHandler($buffer, $phase = null)
{
    try {
        ob_start();
    } catch (\Throwable $e) {
        return (string) $e;
    }

    return $buffer;
}

ob_start('obHandler');

print 'test';


Actual result:
--------------
#0  0x0000000000985e06 in zend_fcall_info_args_clear (fci=0x7372656c, free_mem=1) at /usr/local/src/php/src/Zend/zend_API.c:3427
#1  0x0000000000986368 in zend_fcall_info_argv (fci=0x7372656c, argc=0, argv=0x7fffffffbcc0) at /usr/local/src/php/src/Zend/zend_API.c:3534
#2  0x000000000098653d in zend_fcall_info_argn (fci=0x7372656c, argc=0) at /usr/local/src/php/src/Zend/zend_API.c:3556
#3  0x0000000000903731 in php_output_handler_op (handler=0x7fffee46a2a0, context=0x7fffffffbe30)
    at /usr/local/src/php/src/main/output.c:977
#4  0x0000000000903ef7 in php_output_stack_pop (flags=1) at /usr/local/src/php/src/main/output.c:1221
#5  0x0000000000901fd9 in php_output_end_all () at /usr/local/src/php/src/main/output.c:341
#6  0x00000000008e9682 in php_request_shutdown (dummy=0x0) at /usr/local/src/php/src/main/main.c:1777
#7  0x0000000000a37286 in do_cli (argc=2, argv=0x1357390) at /usr/local/src/php/src/sapi/cli/php_cli.c:1142
#8  0x0000000000a3796e in main (argc=2, argv=0x1357390) at /usr/local/src/php/src/sapi/cli/php_cli.c:1345

Patches

bug70970.patch (last revision 2015-11-25 16:09 UTC by laruence@php.net)

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-11-25 16:01 UTC] laruence@php.net 
Automatic comment on behalf of laruence@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=4a7e83f54aeb6d5464da6cc2b201ce47a23a88d9
Log: Fixed bug #70970 (Segfault when combining error handler with output buffering)
 [2015-11-25 16:01 UTC] laruence@php.net
-Status: Open +Status: Closed
 [2015-11-25 16:08 UTC] laruence@php.net
-Assigned To: +Assigned To: laruence
 [2015-11-25 16:08 UTC] laruence@php.net 
instead of the patch I attached, I prefer to make this thing simple and safe, that is restore the catchable error to fatal error.

we may fix this in master but not sure whether it's worthy to do so.
 [2015-11-25 16:09 UTC] laruence@php.net 
The following patch has been added/updated:

Patch Name: bug70970.patch
Revision:   1448467753
URL:        https://bugs.php.net/patch-display.php?bug=70970&patch=bug70970.patch&revision=1448467753
 [2016-07-20 11:35 UTC] davey@php.net 
Automatic comment on behalf of laruence@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=4a7e83f54aeb6d5464da6cc2b201ce47a23a88d9
Log: Fixed bug #70970 (Segfault when combining error handler with output buffering)
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Mon Oct 27 05:00:01 2025 UTC