php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #30161 Segmentation fault with exceptions
Submitted: 2004-09-20 09:32 UTC Modified: 2005-03-08 15:46 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: guth at fiifo dot u-psud dot fr Assigned:
Status: Closed Package: Scripting Engine problem
PHP Version: 5.0.1 OS: Linux (mandrake 10)
Private report: No CVE-ID:
 [2004-09-20 09:32 UTC] guth at fiifo dot u-psud dot fr
Description:
------------
The following code segfaults.

Reproduce code:
---------------
<?php
class FIIFO {

	public function __construct() {
		throw new Exception;
	}

}

class hariCow extends FIIFO {

	public function __construct() {
		try {
			parent::__construct();
		} catch(Exception $e) {
		}
	}
	
	public function __toString() {
		return "Rusticus in asino sedet.";
	}

}


$db = new hariCow;

echo $db;
?>

Expected result:
----------------
No segfault but something like that:

Rusticus in asino sedet.

Actual result:
--------------
FATAL:  erealloc():  Unable to allocate 1515872257 bytes
[Sat Sep 18 21:18:11 2004] [notice] child pid 3512 exit signal Segmentation fault (11)

(gdb) bt
#0  0xffffe410 in ?? ()
#1  0xbfffcb78 in ?? ()
#2  0x404354a0 in __JCR_LIST__ () from /usr/local/apache/libexec/libphp5.so
#3  0x0000000b in ?? ()
#4  0x400c7a76 in kill () from /lib/tls/libc.so.6
#5  0x4038a6ad in _erealloc (ptr=0x81630ec, size=1515872257, allow_failure=0,
    __zend_filename=0x40402140 "/usr/src/php-5.0.1/main/output.c", __zend_lineno=392, __zend_orig_filename=0x0,
    __zend_orig_lineno=0) at /usr/src/php-5.0.1/Zend/zend_alloc.c:350
#6  0x4036e2d4 in php_ob_allocate (text_length=1515870810) at /usr/src/php-5.0.1/main/output.c:392
#7  0x4036e1d4 in php_ob_append (text=0x0, text_length=1515870810) at /usr/src/php-5.0.1/main/output.c:598
#8  0x4036d4b1 in php_b_body_write (str=0x0, str_length=1515870810) at /usr/src/php-5.0.1/main/output.c:670
#9  0x4036c149 in php_body_write (str=0x0, str_length=1515870810) at /usr/src/php-5.0.1/main/output.c:119
#10 0x4035da8c in php_body_write_wrapper (str=0x0, str_length=1515870810) at /usr/src/php-5.0.1/main/main.c:1242
#11 0x403a3d0c in zend_print_zval_ex (write_func=0x4035da6b <php_body_write_wrapper>, expr=0xbfffcc70, indent=0)
    at /usr/src/php-5.0.1/Zend/zend.c:289
#12 0x403a3c8a in zend_print_zval (expr=0x8164f5c, indent=0) at /usr/src/php-5.0.1/Zend/zend.c:270
#13 0x403a341c in zend_print_variable (var=0x8164f5c) at /usr/src/php-5.0.1/Zend/zend_variables.c:168
#14 0x403ca2bd in zend_echo_handler (execute_data=0xbfffce40, opline=0x8169610, op_array=0x8164e6c)
    at /usr/src/php-5.0.1/Zend/zend_execute.c:1986
#15 0x403c8c96 in execute (op_array=0x8164e6c) at /usr/src/php-5.0.1/Zend/zend_execute.c:1400
#16 0x403a54f5 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /usr/src/php-5.0.1/Zend/zend.c:1061
#17 0x4035e49e in php_execute_script (primary_file=0xbffff1b0) at /usr/src/php-5.0.1/main/main.c:1627
#18 0x403d4b94 in apache_php_module_main (r=0x815a09c, display_source_mode=0)
    at /usr/src/php-5.0.1/sapi/apache/sapi_apache.c:54
#19 0x403d5b1f in send_php (r=0x815a09c, display_source_mode=0, filename=0x815aba4 "/www/test.php")
    at /usr/src/php-5.0.1/sapi/apache/mod_php5.c:622
#20 0x403d5b98 in send_parsed_php (r=0x815a09c) at /usr/src/php-5.0.1/sapi/apache/mod_php5.c:637
#21 0x08071e77 in ap_invoke_handler ()
#22 0x08086ebd in process_request_internal ()
#23 0x08086f1c in ap_process_request ()
#24 0x0807df40 in child_main ()
#25 0x0807e0e8 in make_child ()
#26 0x0807e24e in startup_children ()
#27 0x0807e90e in standalone_main ()
#28 0x0807f12c in main ()

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-10-10 00:29 UTC] guth at fiifo dot u-psud dot fr
In fact, this code segfault if you add :

"var_dump($db);" before "echo $db;"

Without the var_dump, "echo $db;" prints nothing.
 [2004-10-11 07:57 UTC] derick@php.net
Please try using this CVS snapshot:

  http://snaps.php.net/php5-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5-win32-latest.zip
 [2004-10-12 10:30 UTC] guth at fiifo dot u-psud dot fr
Same behaviour with the latest cvs (php 5.1.0-dev)...
 [2004-11-28 14:48 UTC] tony2001@php.net
Please try using this CVS snapshot:

  http://snaps.php.net/php5-STABLE-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5.0-win32-latest.zip

Can't reproduce the segfault.
It doesn't output anything, but doesn't segfault too.

 [2004-12-03 22:51 UTC] guth at fiifo dot u-psud dot fr
It still segfaults here...
 [2005-01-13 02:26 UTC] tony2001@php.net
Seems to be fixed, as I can't reproduce it with both 5* CVS snapshots.
Please, try latest snapshot. 
 [2005-01-21 01:00 UTC] php-bugs at lists dot php dot net
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 [2005-03-08 15:46 UTC] guth at fiifo dot u-psud dot fr
It does not segfault any more.
Thanks.
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Sat Apr 19 09:02:28 2014 UTC