php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #33802 crash in error handler (works with PHP 5.1)
Submitted: 2005-07-21 13:14 UTC Modified: 2008-07-11 21:12 UTC
Votes:1
Avg. Score:1.0 ± 0.0
Reproduced:0 of 1 (0.0%)
From: isitoya at wakhok dot ac dot jp Assigned: derick
Status: Wont fix Package: Reproducible crash
PHP Version: 4CVS-2005-07-27 OS: Suse9.2
Private report: No CVE-ID:
Have you experienced this issue?
Rate the importance of this bug to you:

 [2005-07-21 13:14 UTC] isitoya at wakhok dot ac dot jp
Description:
------------
When I using Phing, My testcase with PEAR-SOAP and rdfapi-php had stopped with segmentation fault.

And I Found that throwing exception in error_handler causes Seg fault.



Reproduce code:
---------------
<?php
set_error_handler('errorHandler', E_USER_ERROR);
try{
    test();
}catch(Exception $e){
}
restore_error_handler();

function test(){
    trigger_error("error", E_USER_ERROR);
}

function errorHandler($errno, $errstr, $errfile, $errline) {
    throw new Exception();
}
?>
-----
no try and catch
<?php
set_error_handler('errorHandler', E_USER_ERROR);
test();
restore_error_handler();

function test(){
    trigger_error("error", E_USER_ERROR);
}

function errorHandler($errno, $errstr, $errfile, $errline) {
    throw new Exception();
}
?>


Expected result:
----------------
nothing

Actual result:
--------------
*** glibc detected *** double free or corruption: 0x0000000000af7970 ***
*** glibc detected *** double free or corruption: 0x0000000000af7a10 ***
*** glibc detected *** double free or corruption: 0x0000000000af07b0 ***
------
no try and catch

Fatal error: Uncaught exception 'Exception' in /usr/home/kent/tests/trigger_errorTest.php:11
Stack trace:
#0 [internal function]: errorHandler(256, 'error', '/usr/home/kent/...', 7, Array)
#1 /usr/home/kent/tests/trigger_errorTest.php(7): trigger_error('error', 256)
#2 /usr/home/kent/tests/trigger_errorTest.php(3): test()
#3 {main}
  thrown in /usr/home/kent/tests/trigger_errorTest.php on line 11
*** glibc detected *** double free or corruption: 0x0000000000af7870 ***
*** glibc detected *** double free or corruption: 0x0000000000af7910 ***
Segmentation fault


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-07-21 14:27 UTC] tony2001@php.net
Dmitry, I can see some valgrind errors appearing only with --disable-zend-memory-manager:

==7780== Invalid read of size 4
==7780==    at 0x823AF65: _zend_is_inconsistent (zend_hash.c:53)
==7780==    by 0x823C0F4: zend_hash_destroy (zend_hash.c:510)
==7780==    by 0x82285B5: shutdown_executor (zend_execute_API.c:268)
==7780==    by 0x8234722: zend_deactivate (zend.c:823)
==7780==    by 0x81F416F: php_request_shutdown (main.c:1331)
==7780==    by 0x829DB17: main (php_cli.c:1142)
==7780==  Address 0x1BD72CC0 is 40 bytes inside a block of size 44 free'd
==7780==    at 0x1B9057CD: free (in /usr/lib/valgrind/vgpreload_memcheck.so)
==7780==    by 0x82331EE: _zval_dtor_func (zend_variables.c:44)
==7780==    by 0x822B0D0: _zval_dtor (zend_variables.h:35)
==7780==    by 0x8228947: _zval_ptr_dtor (zend_execute_API.c:386)
==7780==    by 0x8233450: _zval_ptr_dtor_wrapper (zend_variables.c:175)
==7780==    by 0x823C13B: zend_hash_destroy (zend_hash.c:519)

 [2005-07-22 09:42 UTC] dmitry@php.net
Fixed in CVS HEAD and PHP_5_0.
 [2005-07-22 09:44 UTC] derick@php.net
I need to backport this to PHP 4.4.0, so I'm assigning it to myself - note, it has nothing really to do with exceptions only.

http://news.php.net/php.zend-engine.cvs/3931
 [2008-07-11 21:12 UTC] jani@php.net
We are sorry, but we can not support PHP 4 related problems anymore.
Momentum is gathering for PHP 6, and we think supporting PHP 4 will
lead to a waste of resources which we want to put into getting PHP 6
ready.


 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Thu Apr 17 03:01:55 2014 UTC