|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
[2016-10-11 09:26 UTC] sjon at hortensius dot net
Description:
------------
We started testing a large codebase in 7.1.0RC3 and found a segfault, reduced to the testcase below. It does NOT segfault in a debug-build.
Test script:
---------------
<?php
class AAAAAAAAAAAAAA
{
public function __get($name)
{
throw new React_UnknownEntryException;
}
}
function g($class) {
eval('class ' . $class . ' extends React_Exception {}');
return true;
}
class React_Exception extends Exception
{
public function __toString()
{
try
{
$registry = new AAAAAAAAAAAAAA;
return $registry->Translate->getTranslation('waa');
}
catch (Throwable $e)
{
// ignore
}
}
}
class NoClone {
public function __clone() {
throw new React_CloneException;
}
}
class UUUUUUUUUUUUUUUUUU
{
public function __get($name)
{
return new NoClone;
}
}
class Test
{
public function testClone()
{
$u = new UUUUUUUUUUUUUUUUUU;
$b = clone $u->x;
}
}
spl_autoload_unregister('spl_autoload');
spl_autoload_register('g');
$t = new Test;
$t->testClone();
Expected result:
----------------
Warning: React_CloneException::__toString() must return a string in Unknown on line 0
Fatal error: Uncaught
thrown in test.php on line 35
Actual result:
--------------
Program received signal SIGSEGV, Segmentation fault.
0x0000000000657540 in _emalloc ()
(gdb) bt
#0 0x0000000000657540 in _emalloc ()
#1 0x0000000000672344 in zend_string_tolower ()
#2 0x0000000000659f59 in ?? ()
#3 0x00000000006668e4 in ?? ()
#4 0x0000000000667078 in ?? ()
#5 0x000000000066967a in ?? ()
#6 0x00000000006696cf in ?? ()
#7 0x0000000000641b82 in ?? ()
#8 0x0000000000643698 in compile_string ()
#9 0x00000000006dc77e in ?? ()
#10 0x0000000000715ed3 in ?? ()
#11 0x00000000006c230b in execute_ex ()
#12 0x000000000066cb41 in zend_call_function ()
#13 0x0000000000697fab in zend_call_method ()
#14 0x0000000000559bfc in ?? ()
#15 0x000000000066c9f7 in zend_call_function ()
#16 0x000000000066cf85 in zend_lookup_class_ex ()
#17 0x000000000066d898 in zend_fetch_class_by_name ()
#18 0x0000000000716c97 in ?? ()
#19 0x00000000006c230b in execute_ex ()
#20 0x000000000066cb41 in zend_call_function ()
#21 0x0000000000697fab in zend_call_method ()
#22 0x00000000006b2d9a in ?? ()
#23 0x00000000006b48b2 in ?? ()
#24 0x00000000006f300c in ?? ()
#25 0x00000000006c230b in execute_ex ()
#26 0x000000000066cb41 in zend_call_function ()
#27 0x0000000000697fab in zend_call_method ()
#28 0x00000000004318a0 in zend_exception_error ()
#29 0x000000000067b40c in zend_execute_scripts ()
#30 0x000000000061bbab in php_execute_script ()
#31 0x000000000071daac in ?? ()
#32 0x0000000000433a2f in ?? ()
#33 0x00007ffff6219291 in __libc_start_main () from /usr/lib/libc.so.6
#34 0x0000000000433b6a in _start ()
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
|
|||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Sat Oct 25 09:00:02 2025 UTC |
Valgrind output: HEAP SUMMARY: in use at exit: 75,050 bytes in 30 blocks total heap usage: 18,462 allocs, 18,432 frees, 2,864,926 bytes allocated 328 (152 direct, 176 indirect) bytes in 1 blocks are definitely lost in loss record 26 of 30 at 0x4C29BBE: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) by 0x8BDB48: __zend_malloc (zend_alloc.c:2822) by 0x8BCDC3: _emalloc (zend_alloc.c:2402) by 0x939FCB: zend_objects_new (zend_objects.c:171) by 0x91B52E: zend_default_exception_new_ex (zend_exceptions.c:208) by 0x91B7DF: zend_default_exception_new (zend_exceptions.c:242) by 0x8F7BBB: _object_and_properties_init (zend_API.c:1302) by 0x8F7C10: _object_init_ex (zend_API.c:1310) by 0x957880: ZEND_NEW_SPEC_CONST_HANDLER (zend_vm_execute.h:3188) by 0x950891: execute_ex (zend_vm_execute.h:429) by 0x8DA784: zend_call_function (zend_execute_API.c:826) by 0x918F75: zend_call_method (zend_interfaces.c:102) by 0x93A4DE: zend_objects_clone_members (zend_objects.c:240) by 0x93A53D: zend_objects_clone_obj (zend_objects.c:255) by 0x9BEA5E: ZEND_CLONE_SPEC_TMPVAR_HANDLER (zend_vm_execute.h:51504) by 0x950891: execute_ex (zend_vm_execute.h:429) by 0x9509A2: zend_execute (zend_vm_execute.h:474) by 0x8F1F7F: zend_execute_scripts (zend.c:1464) by 0x861326: php_execute_script (main.c:2533) by 0x9D1F82: do_cli (php_cli.c:990) by 0x9D2F4C: main (php_cli.c:1378) 1,052 (208 direct, 844 indirect) bytes in 1 blocks are definitely lost in loss record 29 of 30 at 0x4C29BBE: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) by 0x8BDB48: __zend_malloc (zend_alloc.c:2822) by 0x8BCDC3: _emalloc (zend_alloc.c:2402) by 0x8991A8: zend_compile (zend_language_scanner.l:590) by 0x899380: compile_file (zend_language_scanner.l:633) by 0x732A56: phar_compile_file (phar.c:3305) by 0x8F1F11: zend_execute_scripts (zend.c:1458) by 0x861326: php_execute_script (main.c:2533) by 0x9D1F82: do_cli (php_cli.c:990) by 0x9D2F4C: main (php_cli.c:1378) LEAK SUMMARY: definitely lost: 360 bytes in 2 blocks indirectly lost: 1,020 bytes in 7 blocks possibly lost: 0 bytes in 0 blocks still reachable: 73,670 bytes in 21 blocks suppressed: 0 bytes in 0 blocks