|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2004-09-18 18:41 UTC] tony2001@php.net
[2010-12-20 11:45 UTC] jani@php.net
-Package: Tidy
+Package: Reproducible crash
|
|||||||||||||||||||||||||||
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Tue Apr 23 20:01:29 2024 UTC |
Description: ------------ I was investigating why Wordpress (www.wordpress.org) wp-login.php segfaults my apache child and stripped down the code as low as possible to reproduce segfault. [toni@shaolin:~]$ php-5.0.1/sapi/cli/php -v PHP 5.0.1 (cli) (built: Sep 18 2004 02:34:23) (DEBUG) Copyright (c) 1997-2004 The PHP Group Zend Engine v2.0.1, Copyright (c) 1998-2004 Zend Technologies [toni@shaolin:~]$ php-5.0.1/sapi/cli/php -e segfault.php Segmentation fault (core dumped) Compiled with: ./configure --enable-versioning --enable-memory-limit --enable-debug --with-layout=GNU --with-config-file-scan-dir=/tmp --disable-all --enable-libxml --enable-spl --with-regex=php --with-apxs2=/usr/local/sbin/apxs --disable-ipv6 --prefix=/tmp --with-bz2=/usr --enable-ctype --with-curl=/usr/local --enable-dba --enable-dom --enable-exif --enable-ftp --with-gd --with-freetype-dir=/usr/local --with-jpeg-dir=/usr/local --with-png-dir=/usr/local --with-gettext=/usr/local --with-iconv=/usr/local --with-imap=/usr/local --enable-mbstring --with-mcrypt=/usr/local --with-mhash=/usr/local --with-mysql=/usr/local --with-openssl=/usr --with-openssl-dir=/usr --with-pcre-regex=yes --with-pgsql=/usr/local --enable-posix --enable-session --enable-simplexml --with-snmp=/usr/local --enable-ucd-snmp-hack --enable-soap --with-libxml-dir=/usr/local --enable-sockets --with-sqlite --with-tidy=/usr/local --enable-tokenizer --enable-wddx --enable-xml --with-xmlrpc --with-expat-dir=/usr/local --with-iconv-dir=/usr/local --with-libxml-dir=/usr/local --with-xsl=/usr/local --with-zlib=/usr --with-zlib-dir=/usr Reproduce code: --------------- <?php $action = ''; switch ($action) { default: function this_will_segfault() { return true; } if ( (this_will_segfault()) ) { print "true\n"; } break; } ?> Expected result: ---------------- "true" printed. Actual result: -------------- (gdb) bt #0 0x08301b9c in _zval_ptr_dtor (zval_ptr=0xbfbfcef4, __zend_filename=0x84d5990 "/home/toni/php-5.0.1/Zend/zend_execute.c", __zend_lineno=208) at /home/toni/php-5.0.1/Zend/zend_execute_API.c:389 #1 0x0833b202 in zend_switch_free (opline=0x85b0908, Ts=0xbfbfcec0) at /home/toni/php-5.0.1/Zend/zend_execute.c:208 #2 0x0833b44f in zend_switch_free_handler (execute_data=0xbfbfcef0, opline=0x85b0908, op_array=0x865eb00) at /home/toni/php-5.0.1/Zend/zend_execute.c:3234 #3 0x08333ae1 in execute (op_array=0x865eb00) at /home/toni/php-5.0.1/Zend/zend_execute.c:1400 #4 0x083395e4 in zend_do_fcall_common_helper (execute_data=0xbfbfd060, opline=0x866644c, op_array=0x8658824) at /home/toni/php-5.0.1/Zend/zend_execute.c:2737 #5 0x08339c9c in zend_do_fcall_by_name_handler (execute_data=0xbfbfd060, opline=0x866644c, op_array=0x8658824) at /home/toni/php-5.0.1/Zend/zend_execute.c:2822 #6 0x08333ae1 in execute (op_array=0x8658824) at /home/toni/php-5.0.1/Zend/zend_execute.c:1400 #7 0x0830f5b0 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /home/toni/php-5.0.1/Zend/zend.c:1061 #8 0x082c8b27 in php_execute_script (primary_file=0xbfbfe794) at /home/toni/php-5.0.1/main/main.c:1627 #9 0x0834038c in main (argc=3, argv=0xbfbfe7f4) at /home/toni/php-5.0.1/sapi/cli/php_cli.c:943 (gdb) frame 0 #0 0x08301b9c in _zval_ptr_dtor (zval_ptr=0xbfbfcef4, __zend_filename=0x84d5990 "/home/toni/php-5.0.1/Zend/zend_execute.c", __zend_lineno=208) at /home/toni/php-5.0.1/Zend/zend_execute_API.c:389 389 (*zval_ptr)->refcount--; (gdb) print (char *)(executor_globals.function_state_ptr->function)->common.function_name $1 = 0x865dba4 "this_will_segfault" (gdb) print (char *)executor_globals.active_op_array->function_name $2 = 0x865dba4 "this_will_segfault" (gdb) print (char *)executor_globals.active_op_array->filename $3 = 0x865db64 "/home/toni/segfault.php"