php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #42317 The JVM cores in at _zval_ptr_dtor()
Submitted: 2007-08-16 12:02 UTC Modified: 2007-08-31 01:00 UTC
From: jfclere at gmail dot com Assigned:
Status: No Feedback Package: Reproducible crash
PHP Version: 5.2.3 OS: RHEL 5 + JRockit
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2007-08-16 12:02 UTC] jfclere at gmail dot com
Description:
------------
When accessing to a php page via our php servlet on IA64 with JRockit 1.5.x we get a core.

Reproduce code:
---------------
That is an embbedded php in a JVM. Any php code causes the problem.

Expected result:
----------------
A page to be displayed.

Actual result:
--------------
+++
Thread Stack Trace:
    at _zval_ptr_dtor(zend_execute_API.c:412)@0x4a520e80
    at zend_do_fcall_common_helper_SPEC(zend_execute.h:155)@0x4a59f1a0
    at execute(zend_vm_execute.h:92)@0x4a59e4d0
    at zend_do_fcall_common_helper_SPEC(zend_vm_execute.h:234)@0x4a59ec80
    at execute(zend_vm_execute.h:92)@0x4a59e4d0
    at zend_execute_scripts(zend.c:1135)@0x4a54d560
    at php_execute_script(main.c:1794)@0x4a4984a0
    at Java_org_jboss_web_php_Handler_php()@0x45372770
+++

The problem is fixed by adding in _zval_ptr_dtor:
+++
        if (*zval_ptr == NULL)
                return;
+++

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2007-08-16 14:29 UTC] jfclere at gmail dot com
If *zval_ptr is NULL the actual code in php-5.2.3/Zend/zend_execute_API.c will core on some platforms

This is fixed by applying the following patch:
+++
--- php-5.2.3/Zend/zend_execute_API.c   2007-08-16 08:12:59.927931000 -0400
+++ php-5.2.3/Zend/zend_execute_API.c   2007-08-16 10:12:26.919010000 -0400
@@ -406,6 +406,8 @@

 ZEND_API void _zval_ptr_dtor(zval **zval_ptr ZEND_FILE_LINE_DC)
 {
+        if (*zval_ptr == NULL)
+                return;
 #if DEBUG_ZEND>=2
        printf("Reducing refcount for %x (%x):  %d->%d\n", *zval_ptr, zval_ptr, (*zval_ptr)->refcount, (*zval_ptr)->refcount-1);
 #endif
+++
 [2007-08-16 22:35 UTC] jani@php.net
I'm more interested on what platform and configuration you need this "fix" since it's not proper fix. 
 [2007-08-16 22:36 UTC] jani@php.net
Also, you should provide any patches against the latest sources:
http://snaps.php.net/php5.2-latest.tar.gz

Please try the snapshot first (without any patches!).
 [2007-08-23 01:31 UTC] stas@php.net
PHP engine intentionally doesn't check pointers for nulls where they can't be nulls so that these checks won't mask a real bug. The real bug seems to be in the code that passed null pointer to zval_ptr_dtor, so that's where the fix should be. 
 [2007-08-31 01:00 UTC] php-bugs at lists dot php dot net
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 
PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Tue Sep 27 08:05:51 2022 UTC