php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #30707 Segmentation fault
Submitted: 2004-11-07 00:08 UTC Modified: 2009-01-22 00:11 UTC
Votes:6
Avg. Score:5.0 ± 0.0
Reproduced:6 of 6 (100.0%)
Same Version:1 (16.7%)
Same OS:1 (16.7%)
From: guth at fiifo dot u-psud dot fr Assigned: dmitry
Status: Closed Package: Scripting Engine problem
PHP Version: 5.2.8 OS: Debian, 64bit
Private report: No CVE-ID:
 [2004-11-07 00:08 UTC] guth at fiifo dot u-psud dot fr
Description:
------------
I get another segmentation fault... 
You can look at the reproduce code. 

Reproduce code:
---------------
<?php

class B {

	public function plip() {

		try {
			$this->plap($this->plop());
		}
		catch(Exception $e) {
		}

	}
	
	public function plap($a) {
	}
	
	public function plop() {
		throw new Exception;
	}
	
}

class C {

	public function __construct() {

		$b = new B;
		$this->byePHP($b->plip());

	}

	public function byePHP($plop) {
		echo "www.haricow.org";
	}

}

new C;
?>

Expected result:
----------------
www.haricow.org 

Actual result:
--------------
Program received signal SIGSEGV, Segmentation fault. 
[Switching to Thread 1075737248 (LWP 3881)] 
0x403d2373 in zend_do_fcall_common_helper 
(execute_data=0xbfffccd0, opline=0x8170c64, 
op_array=0x816f784) 
    at /usr/src/php5/Zend/zend_execute.c:2656 
2656            if 
(EX(function_state).function->common.fn_flags & 
ZEND_ACC_ABSTRACT) { 
(gdb) bt 
#0  0x403d2373 in zend_do_fcall_common_helper 
(execute_data=0xbfffccd0, opline=0x8170c64, 
op_array=0x816f784) 
    at /usr/src/php5/Zend/zend_execute.c:2656 
#1  0x403d2c63 in zend_do_fcall_by_name_handler 
(execute_data=0xbfffccd0, opline=0x8170c64, 
op_array=0x816f784) 
    at /usr/src/php5/Zend/zend_execute.c:2825 
#2  0x403cebee in execute (op_array=0x816f784) at 
/usr/src/php5/Zend/zend_execute.c:1400 
#3  0x403d2791 in zend_do_fcall_common_helper 
(execute_data=0xbfffce20, opline=0x816b694, 
op_array=0x816706c) 
    at /usr/src/php5/Zend/zend_execute.c:2740 
#4  0x403d2c63 in zend_do_fcall_by_name_handler 
(execute_data=0xbfffce20, opline=0x816b694, 
op_array=0x816706c) 
    at /usr/src/php5/Zend/zend_execute.c:2825 
#5  0x403cebee in execute (op_array=0x816706c) at 
/usr/src/php5/Zend/zend_execute.c:1400 
#6  0x403a9f5d in zend_execute_scripts (type=8, 
retval=0x0, file_count=3) 
    at /usr/src/php5/Zend/zend.c:1060 
#7  0x40362a94 in php_execute_script 
(primary_file=0xbffff190) at 
/usr/src/php5/main/main.c:1628 
#8  0x403dab14 in apache_php_module_main (r=0x815c29c, 
display_source_mode=0) 
    at /usr/src/php5/sapi/apache/sapi_apache.c:54 
#9  0x403dba9f in send_php (r=0x815c29c, 
display_source_mode=0, filename=0x815cda4 "/www/test.php") 
    at /usr/src/php5/sapi/apache/mod_php5.c:622 
#10 0x403dbb18 in send_parsed_php (r=0x815c29c) at 
/usr/src/php5/sapi/apache/mod_php5.c:637 
#11 0x08071e77 in ap_invoke_handler () 
#12 0x08086ebd in process_request_internal () 
#13 0x08086f1c in ap_process_request () 
#14 0x0807df40 in child_main () 
#15 0x0807e0e8 in make_child () 
#16 0x0807e24e in startup_children () 
#17 0x0807e90e in standalone_main () 
#18 0x0807f12c in main () 

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-11-10 19:02 UTC] tony2001@php.net
This code is much simplier IMO and demonstrates the same behaviour (both with 5.0.x & 5.1.x):
<?
class C {

	public function __construct() {
		$this->byePHP($this->plip());
	}

	public function byePHP($plop) {
		echo "www.haricow.org";
	}

	public function plip() {
		try {
			$this->plap($this->plop());
		}
		catch(Exception $e) {
		}
	}

	public function plap($a) {
	
	}

	public function plop() {
		throw new Exception;
	}

}

new C;
?>
 [2004-12-18 10:38 UTC] guth at fiifo dot u-psud dot fr
Same bug, different code.
two hours lost :(

The constructor contains a return statement, but it is only 

<?php

class UserModuleTest  {
	
	public function __construct($obj) {

		try {
			new UserModuleTest($this->query());
		} catch(Exception $e) {
		}
		
	}

	public function query() {
		throw new Exception;
	}



}

$test = new UserModuleTest(new UserModuleTest());

?>
 [2005-04-29 10:23 UTC] sniper@php.net
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1208719680 (LWP 31723)]
0x0812c49f in zend_do_fcall_common_helper_SPEC (execute_data=0xbff2c160) at zend_vm_execute.h:120
120             if (EX(function_state).function->common.fn_flags & ZEND_ACC_ABSTRACT) {
(gdb) bt
#0  0x0812c49f in zend_do_fcall_common_helper_SPEC (execute_data=0xbff2c160) at zend_vm_execute.h:120
#1  0x0812c3c9 in execute (op_array=0x8bdd8e4) at zend_vm_execute.h:78
#2  0x0810ea63 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /usr/src/php/php5/Zend/zend.c:1059
#3  0x080dcd78 in php_execute_script (primary_file=0xbff2e600) at /usr/src/php/php5/main/main.c:1653
#4  0x08186a5f in main (argc=2, argv=0xbff2e6c4) at /usr/src/php/php5/sapi/cli/php_cli.c:954

 [2005-05-04 13:18 UTC] dmitry@php.net
Fixed in CVS HEAD and PHP_5_0
 [2009-01-21 22:59 UTC] preinheimer@php.net
I encounter this bug with builds of 5.2.8, built on debian.

Configure Line:
 Command 	'./configure' '--with-apxs2=/usr/local/apache2/bin/apxs' '--with-mysql' '--with-gd' '--enable-soap' '--with-libxml-dir=/usr/lib/' '--with-mysql-sock=/tmp' '--with-tidy' '--with-jpeg-dir=/usr/lib/' '--with-xsl' '--with-curl' '--with-snmp' '--with-freetype-dir=/usr/local/freetype2' '--with-zlib' '--enable-gd-native-ttf' '--with-openssl' '--with-mm=/usr/local/mm-1.4.2/' '--with-mcrypt' '--with-pdo-mysql' '--with-mysqli' '--enable-debug'

"memcheck" output is up at
http://example.preinheimer.com/30707.a.txt
(too long to paste to a form)

Please let me know if there's anything I can do to help diagnose the issue.
 [2009-01-21 23:09 UTC] pajoye@php.net
Dmitry, can you take a look at it please?
 [2009-01-22 00:11 UTC] preinheimer@php.net
Working with ScottMac on IRC, he had me clean out the directories and re-build. With that clean build the issue disapears, so he suggested that I close the bug.

While I am heeding his advice, I am somewhat troubled by it. I have built PHP on this box perhaps 10 times, of those 10 builds 2 or 3 of them failed this test. While I may have forgotten to 'make clean' between builds, I don't think that should have caused this issue.


so closed, with reservations. 
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Wed Apr 16 22:02:05 2014 UTC