php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #51425 segfaults at method_exists()
Submitted: 2010-03-29 14:59 UTC Modified: 2011-11-16 13:56 UTC
Votes:3
Avg. Score:5.0 ± 0.0
Reproduced:3 of 3 (100.0%)
Same Version:2 (66.7%)
Same OS:3 (100.0%)
From: jimmyxx at gmail dot com Assigned:
Status: Not a bug Package: Class/Object related
PHP Version: 5.2.13 OS: Ubuntu 9.10
Private report: No CVE-ID:
 [2010-03-29 14:59 UTC] jimmyxx at gmail dot com
Description:
------------
Hi,

This bug has occurred on 3 separate projects all using the same in house PHP 
framework. All 3 changes that occurred just before the apps started sefgaulting 
are very different but on each occasion the segfault can be traced back to 
method_exists() which features in the frameworks URL parser. 

The method_exists() in all 3 cases was being called with valid arguments and 
should have returned true.

In one project PHP started segfaulting when an object that has been unseralized 
from memcache was accessed.

On another project (the one i've been fighting with all day) PHP started 
segfaulting when an extra class was added in to the OO extends daisy chain. (eg 
instead of: class a extends x {} it now reads class a extends y {} and class y 
extends x {} - class Y can be a blank class and it still causes the segfault..).

For the project mentioned immediately above I've tried taking the url parser, 
and all related files out so I could run a controlled test and when run 
independently it works absolutely fine which makes me think method_exists is a 
red-herring and something else is causing method_exists to segfault.

Also it's worth mentioning that the urlparser works fine and is used on many 
high-traffic websites. It's also called very near the top of the url parsers 
code and the couple of bits above are trivial and won't be related.

I've never managed to figure out why method_exists segfaults and I've always had 
to work around the bug - finding what change was made just before it started 
segfaulting and simply finding a different solution.

Can anyone help me in figuring out what's going on here? Or what method_exists 
does that could cause it segfault (ie: is PHP running out of file handles or 
something?)

Any help would be much appreciated.


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2010-03-29 15:36 UTC] felipe@php.net
-Status: Open +Status: Feedback
 [2010-03-29 15:36 UTC] felipe@php.net
Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read
http://bugs.php.net/bugs-generating-backtrace.php for *NIX and
http://bugs.php.net/bugs-generating-backtrace-win32.php for Win32

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.


 [2010-03-30 11:00 UTC] jimmyxx at gmail dot com
-Status: Feedback +Status: Open
 [2010-03-30 11:00 UTC] jimmyxx at gmail dot com
Hi, This was the first full backtrace from my core file:

#0  0x0125f642 in ?? () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#1  0x0127052b in execute_internal () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#2  0x001ec2af in xdebug_execute_internal (current_execute_data=0xbfd1ef2c, 
return_value_used=1)
    at /build/buildd/xdebug-2.0.4/build-php5/xdebug.c:1630
        edata = 0xbfd1ef2c
        fse = 0x21a576a0
        cur_opcode = 0xa
        do_return = 0
        function_nr = 5917
#3  0x0127920c in ?? () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#4  0x0127504b in execute () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#5  0x001ebf6b in xdebug_execute (op_array=0x21b565e4) at /build/buildd/xdebug-
2.0.4/build-php5/xdebug.c:1561
        dummy = 0xbfd1f3dc
        edata = 0xbfd1f3dc
        fse = 0x21a5a638
        xfse = 0xbfd1f018
        magic_cookie = 0x0
        do_return = 0
        function_nr = 5907
        le = 0x21b46354
        eval_id = 0
        return_val = 0x0
#6  0x01278df9 in ?? () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#7  0x0127504b in execute () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#8  0x001ebf6b in xdebug_execute (op_array=0x21a74fbc) at /build/buildd/xdebug-
2.0.4/build-php5/xdebug.c:1561
        dummy = 0x126ed50
        edata = 0xbfd1f65c
        fse = 0x21a5b560
        xfse = 0x21b24934
        magic_cookie = 0x0
        do_return = 0
        function_nr = 5902
        le = 0x21a70690
       eval_id = 0
        return_val = 0x0
#9  0x01278df9 in ?? () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#10 0x0127504b in execute () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#11 0x001ebf6b in xdebug_execute (op_array=0x21a7226c) at /build/buildd/xdebug-
2.0.4/build-php5/xdebug.c:1561
        dummy = 0x14cd8a4
        edata = 0xbfd1f89c
        fse = 0x21a59508
        xfse = 0xbf006f67
        magic_cookie = 0x0
        do_return = 0
        function_nr = 5900
        le = 0x21a10bec
        eval_id = 0
        return_val = 0x0
#12 0x01278df9 in ?? () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#13 0x0127504b in execute () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#14 0x001ebf6b in xdebug_execute (op_array=0x21a2321c) at /build/buildd/xdebug-
2.0.4/build-php5/xdebug.c:1561
        dummy = 0x126ed50
        edata = 0xbfd1fb0c
        fse = 0x21a5be08
        xfse = 0x125b8ae
        magic_cookie = 0x0
        do_return = 0
        function_nr = 5899
        le = 0x21a132a0
        eval_id = 0
        return_val = 0x0
#15 0x01278df9 in ?? () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#16 0x0127504b in execute () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#17 0x001ebf6b in xdebug_execute (op_array=0x21a22f20) at /build/buildd/xdebug-
2.0.4/build-php5/xdebug.c:1561
        dummy = 0x14a3ff4
        edata = 0xbfd200cc
        fse = 0x21a5b6d8
        xfse = 0x125b8ae
        magic_cookie = 0x0
        do_return = 0
        function_nr = 5896
        le = 0x52
        eval_id = 0
        return_val = 0x0
#18 0x01278df9 in ?? () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#19 0x0127504b in execute () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#20 0x001ebf6b in xdebug_execute (op_array=0x21a102fc) at /build/buildd/xdebug-
2.0.4/build-php5/xdebug.c:1561
        dummy = 0x14a3ff4
        edata = 0x0
        fse = 0x21a570a0
        xfse = 0x14cdbf4
        magic_cookie = 0x0
        do_return = 0
        function_nr = 0
        le = 0xbfd2242c
        eval_id = 0
        return_val = 0x0
#21 0x0124f4d4 in zend_execute_scripts () from 
/usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#22 0x01204246 in php_execute_script () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#23 0x012c5f13 in ?? () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#24 0x0096cf51 in ap_run_handler () from /usr/sbin/apache2
No symbol table info available.
#25 0x00970d2f in ap_invoke_handler () from /usr/sbin/apache2
No symbol table info available.
#26 0x009803f4 in ap_internal_redirect () from /usr/sbin/apache2
No symbol table info available.
#27 0x0018c80d in ?? () from /usr/lib/apache2/modules/mod_rewrite.so
No symbol table info available.
#28 0x0096cf51 in ap_run_handler () from /usr/sbin/apache2
No symbol table info available.
#29 0x00970d2f in ap_invoke_handler () from /usr/sbin/apache2
No symbol table info available.
#30 0x009805a8 in ap_process_request () from /usr/sbin/apache2
No symbol table info available.
#31 0x0097d118 in ?? () from /usr/sbin/apache2
No symbol table info available.
#32 0x009757c1 in ap_run_process_connection () from /usr/sbin/apache2
No symbol table info available.
#33 0x00985ac1 in ?? () from /usr/sbin/apache2
No symbol table info available.
#34 0x00985dee in ?? () from /usr/sbin/apache2
No symbol table info available.
#35 0x00986d9b in ap_mpm_run () from /usr/sbin/apache2
No symbol table info available.
#36 0x00957a92 in main () from /usr/sbin/apache2
No symbol table info available.


I then recompiled php with the -enable-debug flag and got the following:

#0  0x0133da5d in ?? () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#1  0x01355f52 in ?? () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#2  0x01359ca9 in ?? () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#3  0x01355a8b in execute () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#4  0x0135610d in ?? () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#5  0x01356687 in ?? () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#6  0x01355a8b in execute () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#7  0x0135610d in ?? () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#8  0x01356687 in ?? () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#9  0x01355a8b in execute () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#10 0x0135610d in ?? () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#11 0x01356687 in ?? () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#12 0x01355a8b in execute () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#13 0x0135610d in ?? () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#14 0x01356687 in ?? () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#15 0x01355a8b in execute () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#16 0x0135610d in ?? () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#17 0x01356687 in ?? () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#18 0x01355a8b in execute () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#19 0x0132addc in zend_execute_scripts () from 
/usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#20 0x012ce998 in php_execute_script () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#21 0x013ad5b4 in ?? () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#22 0x00c63f51 in ap_run_handler () from /usr/sbin/apache2
No symbol table info available.
#23 0x00c67d2f in ap_invoke_handler () from /usr/sbin/apache2
No symbol table info available.
#24 0x00c773f4 in ap_internal_redirect () from /usr/sbin/apache2
No symbol table info available.
#25 0x0039c80d in ?? () from /usr/lib/apache2/modules/mod_rewrite.so
No symbol table info available.
#26 0x00c63f51 in ap_run_handler () from /usr/sbin/apache2
No symbol table info available.
#27 0x00c67d2f in ap_invoke_handler () from /usr/sbin/apache2
No symbol table info available.
#28 0x00c775a8 in ap_process_request () from /usr/sbin/apache2
No symbol table info available.
#29 0x00c74118 in ?? () from /usr/sbin/apache2
No symbol table info available.
#30 0x00c6c7c1 in ap_run_process_connection () from /usr/sbin/apache2
No symbol table info available.
#31 0x00c7cac1 in ?? () from /usr/sbin/apache2
No symbol table info available.
#32 0x00c7cdee in ?? () from /usr/sbin/apache2
No symbol table info available.
#33 0x00c7d1c2 in ap_mpm_run () from /usr/sbin/apache2
No symbol table info available.
#34 0x00c4ea92 in main () from /usr/sbin/apache2
No symbol table info available.


Not sure if the bottom one has worked correctly.

Thanks
 [2010-03-30 11:38 UTC] jimmyxx at gmail dot com
I think this is a better backtrace - this is using the php5-dbg package.

Program terminated with signal 11, Segmentation fault.
#0  0x0119c642 in zif_method_exists (ht=2, return_value=0x20f76918, 
return_value_ptr=0x0, this_ptr=0x0, return_value_used=1)
    at /build/buildd/php5-5.2.10.dfsg.1/Zend/zend_builtin_functions.c:935
935	/build/buildd/php5-5.2.10.dfsg.1/Zend/zend_builtin_functions.c: No such 
file or directory.
	in /build/buildd/php5-5.2.10.dfsg.1/Zend/zend_builtin_functions.c
(gdb) bt full
#0  0x0119c642 in zif_method_exists (ht=2, return_value=0x20f76918, 
return_value_ptr=0x0, this_ptr=0x0, return_value_used=1)
    at /build/buildd/php5-5.2.10.dfsg.1/Zend/zend_builtin_functions.c:935
        klass = 0x20e5e53c
        method_name = 0x20e5e540
        lcname = 0x0
        ce = 0x20f59e6c
        pce = 0x20eb366c
        return_value = 0x20f76918
#1  0x011b6546 in zend_do_fcall_common_helper_SPEC (execute_data=0xbfcf66dc) at 
/build/buildd/php5-5.2.10.dfsg.1/Zend/zend_vm_execute.h:200
        return_reference = 0 '\000'
        opline = 0x20f62cc0
        original_return_value = 0x0
        current_scope = 0x0
        current_this = 0x0
        return_value_used = 1
        should_change_scope = 0 '\000'
#2  0x011b204b in execute (op_array=0x20f5adf4) at /build/buildd/php5-
5.2.10.dfsg.1/Zend/zend_vm_execute.h:92
        execute_data = {opline = 0x20f62cc0, function_state = 
{function_symbol_table = 0x20e6e4c0, function = 0x20d27070, reserved = {0xe, 
0xef154a66, 
              0xbfcf671c, 0x9}}, fbc = 0x0, op_array = 0x20f5adf4, object = 0x0, 
Ts = 0xbfcf4fc0, CVs = 0xbfcf4f90, original_in_execution = 1 '\001', 
          symbol_table = 0x20e86a0c, prev_execute_data = 0xbfcf6b0c, 
old_error_reporting = 0x0}
        op_array = 0x20f5adf4
#3  0x011b5df9 in zend_do_fcall_common_helper_SPEC (execute_data=0xbfcf6b0c) at 
/build/buildd/php5-5.2.10.dfsg.1/Zend/zend_vm_execute.h:234
        opline = 0x20ebd2e8
        original_return_value = 0xbfcf6ca0
        current_scope = 0x20e9a310
        current_this = 0x20f4b144
        return_value_used = 1
        should_change_scope = 1 '\001'
#4  0x011b204b in execute (op_array=0x20ebbe1c) at /build/buildd/php5-
5.2.10.dfsg.1/Zend/zend_vm_execute.h:92
        execute_data = {opline = 0x20ebd2e8, function_state = 
{function_symbol_table = 0x20e86a0c, function = 0x20f5adf4, reserved = 
{0xbfcf6b38, 0x11a947d, 
              0x11988ae, 0xc}}, fbc = 0x20f5adf4, op_array = 0x20ebbe1c, object 
= 0x20f53bf8, Ts = 0xbfcf6830, CVs = 0xbfcf6810, 
          original_in_execution = 1 '\001', symbol_table = 0x20e86994, 
prev_execute_data = 0xbfcf6d0c, old_error_reporting = 0x0}
        op_array = 0x20ebbe1c
#5  0x011b5df9 in zend_do_fcall_common_helper_SPEC (execute_data=0xbfcf6d0c) at 
/build/buildd/php5-5.2.10.dfsg.1/Zend/zend_vm_execute.h:234
        opline = 0x20ebae14
        original_return_value = 0xbfcf6e8c
        current_scope = 0x20e9a310
        current_this = 0x20f4b144
        return_value_used = 0
        should_change_scope = 1 '\001'
#6  0x011b204b in execute (op_array=0x20eb9f3c) at /build/buildd/php5-
5.2.10.dfsg.1/Zend/zend_vm_execute.h:92
        execute_data = {opline = 0x20ebae14, function_state = 
{function_symbol_table = 0x20e86994, function = 0x20ebbe1c, reserved = 
{0xb88775b, 0x13e0ff4, 
              0xbfcf6d50, 0x2}}, fbc = 0x20ebbe1c, op_array = 0x20eb9f3c, object 
= 0x20f4b144, Ts = 0xbfcf6c60, CVs = 0xbfcf6c40, 
          original_in_execution = 1 '\001', symbol_table = 0x20e6a790, 
prev_execute_data = 0xbfcf6ecc, old_error_reporting = 0x0}
        op_array = 0x20eb9f3c
#7  0x011b5df9 in zend_do_fcall_common_helper_SPEC (execute_data=0xbfcf6ecc) at 
/build/buildd/php5-5.2.10.dfsg.1/Zend/zend_vm_execute.h:234
        opline = 0x20e7895c
        original_return_value = 0xbfcf7074
        current_scope = 0x20e6ba9c
        current_this = 0x20e86e00
        return_value_used = 1
        should_change_scope = 1 '\001'
#8  0x011b204b in execute (op_array=0x20e7776c) at /build/buildd/php5-
5.2.10.dfsg.1/Zend/zend_vm_execute.h:92
        execute_data = {opline = 0x20e7895c, function_state = 
{function_symbol_table = 0x20e6a790, function = 0x20eb9f3c, reserved = 
{0xbfcf6ef8, 0x11a947d, 
              0x11988ae, 0x9}}, fbc = 0x20eb9f3c, op_array = 0x20e7776c, object 
= 0x20f4b144, Ts = 0xbfcf6e60, CVs = 0xbfcf6e40,           original_in_execution 
= 1 '\001', symbol_table = 0x20e691c4, prev_execute_data = 0xbfcf70bc, 
old_error_reporting = 0x0}
        op_array = 0x20e7776c
#9  0x011b5df9 in zend_do_fcall_common_helper_SPEC (execute_data=0xbfcf70bc) at 
/build/buildd/php5-5.2.10.dfsg.1/Zend/zend_vm_execute.h:234
        opline = 0x20e786e4
        original_return_value = 0xbfcf750c
        current_scope = 0x20e6ba9c
        current_this = 0x0
        return_value_used = 1
        should_change_scope = 1 '\001'
#10 0x011b204b in execute (op_array=0x20e77470) at /build/buildd/php5-
5.2.10.dfsg.1/Zend/zend_vm_execute.h:92
        execute_data = {opline = 0x20e786e4, function_state = 
{function_symbol_table = 0x20e691c4, function = 0x20e7776c, reserved = {0xd, 
0xbfcf7148, 
              0x20f4b2b0, 0x0}}, fbc = 0x20e7776c, op_array = 0x20e77470, object 
= 0x20e86e00, Ts = 0xbfcf7020, CVs = 0xbfcf7000, 
          original_in_execution = 1 '\001', symbol_table = 0x20e69334, 
prev_execute_data = 0xbfcf75fc, old_error_reporting = 0x0}
        op_array = 0x20e77470
#11 0x011b5df9 in zend_do_fcall_common_helper_SPEC (execute_data=0xbfcf75fc) at 
/build/buildd/php5-5.2.10.dfsg.1/Zend/zend_vm_execute.h:234
        opline = 0x20e6de24
        original_return_value = 0xbfcf76ac
        current_scope = 0x0
        current_this = 0x0
        return_value_used = 0
        should_change_scope = 1 '\001'
#12 0x011b204b in execute (op_array=0x20e68c04) at /build/buildd/php5-
5.2.10.dfsg.1/Zend/zend_vm_execute.h:92
        execute_data = {opline = 0x20e6de24, function_state = 
{function_symbol_table = 0x20e69334, function = 0x20e77470, reserved = {0x1e, 
0x119a272, 
              0x20e690ec, 0x20e68ca8}}, fbc = 0x20e77470, op_array = 0x20e68c04, 
object = 0x0, Ts = 0xbfcf7210, CVs = 0xbfcf71f0, 
          original_in_execution = 0 '\000', symbol_table = 0x140a970, 
prev_execute_data = 0x0, old_error_reporting = 0x0}
        op_array = 0x20e68c04
#13 0x0118c4d4 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at 
/build/buildd/php5-5.2.10.dfsg.1/Zend/zend.c:1215
        i = 1
        file_handle = 0x20e68c04
        orig_op_array = 0x0
        orig_retval_ptr_ptr = 0x0
        local_retval = 0x0
#14 0x01141246 in php_execute_script (primary_file=0xbfcf98dc) at 
/build/buildd/php5-5.2.10.dfsg.1/main/main.c:2046
        realfile = "P\233\301\000\001\000\000\000X\227\300 \340\207ϿH\230Ͽ
\024\231Ͽ\364\217\302\000P\233\301\000x\230Ͽ\001\000\000\000\350\305\300 
\000\210Ͽ,\000\000\000\364\217\302\000P\233\301\000x\230Ͽ
\222\216\301\000\001\000\000\000\260\203\327  \210Ͽ
\364\217\302\000\001\000\000\000\370\200\327 @\210ϿP\233\301\000H\230Ͽ
\364\217\302\000P\233\301\000\300W\302\000\270}\327 \370\200\327 \030#\301 
\260\203\327 \270\314\300 8\317\300 \370\273\300 x\276\300 \360\300\300 
x\265\206\267\000\000\000\000\002\000\000\000\000\000\000\000\b\000\000\200\070\
001\061\000\b\000\000\000P\000\000\000\b\000\000\000<\000\000\000\330\023\063\00
0\240\211Ͽ@\000\000\000\000\000\000\000\240\023\063\000\320\023\063\000\000\000
\000\000\364\377\062\000\240\023\063\000\a\000\000\000\024\231Ͽ
\364\217\302\000P\233\301\000x\230Ͽ\222\216\301\000P\233\301\000H\230Ͽ\024\231Ͽ
\364\217\302\000P\233\301\000x\230Ͽ\001\000\000\000\244\222\302\000P\210Ͽ
\034\000\000\000\274\211Ͽ\344\210Ͽɤ\301\000H\211Ͽ
\270\262\206\267\000\240\206\267\030\250\300 @\312\300 \030#\301 
x\265\206\267\000\000\000\000\374@\301\000M/\332\000\364\217\302\000H\230Ͽ
\000\000\000\000\214"...
        __orig_bailout = 0xbfcf9840
        __bailout = {{__jmpbuf = {20844532, 550252128, 21014688, -1076914152, -
1510018565, 322027654}, __mask_was_saved = 0, __saved_mask = {
              __val = 0xbfcf8730}}}
        prepend_file_p = 0x0
        append_file_p = 0x0
        prepend_file = {type = 0 '\000', filename = 0x0, opened_path = 0x0, 
handle = {fd = 0, fp = 0x0, stream = {handle = 0x0, reader = 0, closer = 0, 
              fteller = 0, interactive = 0}}, free_filename = 0 '\000'}
        append_file = {type = 0 '\000', filename = 0x0, opened_path = 0x0, 
handle = {fd = 0, fp = 0x0, stream = {handle = 0x0, reader = 0, closer = 0, 
              fteller = 0, interactive = 0}}, free_filename = 0 '\000'}
        retval = 0
        primary_file = 0xbfcf98dc
#15 0x01202f13 in php_handler (r=0x20ea9fa8) at /build/buildd/php5-
5.2.10.dfsg.1/sapi/apache2handler/sapi_apache2.c:651
        __bailout = {{__jmpbuf = {20844532, 550252128, 20766369, -1076913864, -
1541205509, 2067815046}, __mask_was_saved = 0, __saved_mask = {
              __val = 0xbfcf985c}}}
        ctx = 0x20eae120
        conf = 0x20ea9a88
        brigade = 0x20eae8c0
        bucket = 0x20e5e540
        rv = 551937344
        parent_req = 0x0
#16 0x0042df51 in ap_run_handler () from /usr/sbin/apache2
No symbol table info available.
#17 0x00431d2f in ap_invoke_handler () from /usr/sbin/apache2
No symbol table info available.
#18 0x004413f4 in ap_internal_redirect () from /usr/sbin/apache2
No symbol table info available.
#19 0x0086180d in ?? () from /usr/lib/apache2/modules/mod_rewrite.so
No symbol table info available.
#20 0x0042df51 in ap_run_handler () from /usr/sbin/apache2
No symbol table info available.
#21 0x00431d2f in ap_invoke_handler () from /usr/sbin/apache2
No symbol table info available.
#22 0x004415a8 in ap_process_request () from /usr/sbin/apache2
No symbol table info available.
#23 0x0043e118 in ?? () from /usr/sbin/apache2
No symbol table info available.
#24 0x004367c1 in ap_run_process_connection () from /usr/sbin/apache2
No symbol table info available.
#25 0x00446ac1 in ?? () from /usr/sbin/apache2
No symbol table info available.
#26 0x00446dee in ?? () from /usr/sbin/apache2
No symbol table info available.
#27 0x004471c2 in ap_mpm_run () from /usr/sbin/apache2
No symbol table info available.
#28 0x00418a92 in main () from /usr/sbin/apache2
No symbol table info available.
 [2010-03-30 11:43 UTC] pajoye@php.net
-Status: Open +Status: Feedback
 [2010-03-30 11:43 UTC] pajoye@php.net
Please use the same version of the dbg package than for php itself or compile php in debug mode. The backtrace you provide uses 5.2.10 dbg package.

We also need a small reproduce script.
 [2010-03-30 11:55 UTC] jimmyxx at gmail dot com
-Status: Feedback +Status: Open
 [2010-03-30 11:55 UTC] jimmyxx at gmail dot com
Hi pajoye, unfortunately I can't get php5-dbg-5.2.13 yet as it's not been 
packaged yet for my architecture.

I have tried recompiling php 5.2.13 with the --enable-debug flag and that gave 
me the second backtrace which didn't look very useful. 

I can confirm that this has happens on both php 5.2.10 and php 5.3.13.

I could probably recreate this problem so I could submit files to you but it 
would most likely be a couple of sample files and a copy of the PHP MVC 
framework as this is the only way I know how to reproduce it. My attempts to 
reproduce the problem in a single script file have failed (I think due to me not 
knowing what is causing the problem).

Thanks
 [2010-03-30 12:02 UTC] pajoye@php.net
-Status: Open +Status: Feedback
 [2010-03-30 12:02 UTC] pajoye@php.net
Please attach the not so useful backtrace
 [2010-03-30 12:12 UTC] jimmyxx at gmail dot com
-Status: Feedback +Status: Open
 [2010-03-30 12:12 UTC] jimmyxx at gmail dot com
Urgh I just installed the debs I compiled but realised this it's still 5.2.10 as 
I use package manager to get me the build-deps. 

here is the backtrace from the compiled version:

#0  0x012d8a5d in zif_method_exists (ht=2, return_value=0x20d06588, 
return_value_ptr=0x0, this_ptr=0x0, return_value_used=1) at /home/jimmy/php5-
5.2.10.dfsg.1/Zend/zend_builtin_functions.c:935
935		convert_to_string_ex(method_name);
(gdb) bt full
#0  0x012d8a5d in zif_method_exists (ht=2, return_value=0x20d06588, 
return_value_ptr=0x0, this_ptr=0x0, return_value_used=1) at /home/jimmy/php5-
5.2.10.dfsg.1/Zend/zend_builtin_functions.c:935
        klass = 0x20bb047c
        method_name = 0x20bb0480
        lcname = 0x0
        ce = 0x20d0f03c
        pce = 0x20b0c364
#1  0x012f0f52 in zend_do_fcall_common_helper_SPEC (execute_data=0xbfc4830c) at 
/home/jimmy/php5-5.2.10.dfsg.1/Zend/zend_vm_execute.h:200
        return_reference = 0 '\000'
        opline = 0x20d22008
        original_return_value = 0x20d0a4c8
        current_scope = 0x0
        current_this = 0x0
        return_value_used = 1
        should_change_scope = 0 '\000'
        ctor_opline = 0xbfc48314
#2  0x012f4ca9 in ZEND_DO_FCALL_SPEC_CONST_HANDLER (execute_data=0xbfc4830c) at 
/home/jimmy/php5-5.2.10.dfsg.1/Zend/zend_vm_execute.h:1739
        opline = 0x20d22008
        fname = 0x20d22024
#3  0x012f0a8b in execute (op_array=0x20d07aa8) at /home/jimmy/php5-
5.2.10.dfsg.1/Zend/zend_vm_execute.h:92
        execute_data = {opline = 0x20d22008, function_state = 
{function_symbol_table = 0x20bdf8e0, function = 0x20ac7080, reserved = {0x21, 
0x648855b6, 0xbfc48344, 0x20c18f24}}, fbc = 0x0, 
          op_array = 0x20d07aa8, object = 0x0, Ts = 0xbfc46bf0, CVs = 
0xbfc46bc0, original_in_execution = 1 '\001', symbol_table = 0x20bdf550, 
prev_execute_data = 0xbfc4872c, 
          old_error_reporting = 0x0}
        op_array = 0x20d07aa8
#4  0x012f110d in zend_do_fcall_common_helper_SPEC (execute_data=0xbfc4872c) at 
/home/jimmy/php5-5.2.10.dfsg.1/Zend/zend_vm_execute.h:234
        opline = 0x20c1e9f8
        original_return_value = 0xbfc488b0
        current_scope = 0x20c18f24
        current_this = 0x20cea3e0
        return_value_used = 1
        should_change_scope = 1 '\001'
        ctor_opline = 0xbfc485d0
#5  0x012f1687 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0xbfc4872c) 
at /home/jimmy/php5-5.2.10.dfsg.1/Zend/zend_vm_execute.h:322
No locals.
#6  0x012f0a8b in execute (op_array=0x20c1cc9c) at /home/jimmy/php5-
5.2.10.dfsg.1/Zend/zend_vm_execute.h:92
        execute_data = {opline = 0x20c1e9f8, function_state = 
{function_symbol_table = 0x20bdf550, function = 0x20d07aa8, reserved = 
{0xbfc487c8, 0x12ea192, 0x0, 0x20c18f24}}, fbc = 0x20d07aa8, 
          op_array = 0x20c1cc9c, object = 0x20d00620, Ts = 0xbfc48450, CVs = 
0xbfc48430, original_in_execution = 1 '\001', symbol_table = 0x20bdf48c, 
prev_execute_data = 0xbfc4891c, 
          old_error_reporting = 0x0}
        op_array = 0x20c1cc9c
#7  0x012f110d in zend_do_fcall_common_helper_SPEC (execute_data=0xbfc4891c) at 
/home/jimmy/php5-5.2.10.dfsg.1/Zend/zend_vm_execute.h:234
        opline = 0x20c1bd40
        original_return_value = 0xbfc48a8c
        current_scope = 0x20c18f24
        current_this = 0x20cea3e0
        return_value_used = 0
        should_change_scope = 1 '\001'
        ctor_opline = 0xbfc4a3bc
#8  0x012f1687 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0xbfc4891c) 
at /home/jimmy/php5-5.2.10.dfsg.1/Zend/zend_vm_execute.h:322
No locals.
#9  0x012f0a8b in execute (op_array=0x20c1a8d4) at /home/jimmy/php5-
5.2.10.dfsg.1/Zend/zend_vm_execute.h:92
        execute_data = {opline = 0x20c1bd40, function_state = 
{function_symbol_table = 0x20bdf48c, function = 0x20c1cc9c, reserved = 
{0xbfc489b8, 0x12ea192, 0x0, 0x20bc08e4}}, fbc = 0x20c1cc9c, 
          op_array = 0x20c1a8d4, object = 0x20cea3e0, Ts = 0xbfc48870, CVs = 
0xbfc48850, original_in_execution = 1 '\001', symbol_table = 0x20bdf018, 
prev_execute_data = 0xbfc48acc, 
          old_error_reporting = 0x0}
        op_array = 0x20c1a8d4
#10 0x012f110d in zend_do_fcall_common_helper_SPEC (execute_data=0xbfc48acc) at 
/home/jimmy/php5-5.2.10.dfsg.1/Zend/zend_vm_execute.h:234
        opline = 0x20bd0acc
        original_return_value = 0xbfc48c64
        current_scope = 0x20bc08e4
        current_this = 0x20bdec9c
        return_value_used = 1
        should_change_scope = 1 '\001'
        ctor_opline = 0xbfc4a3bc
#11 0x012f1687 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0xbfc48acc) 
at /home/jimmy/php5-5.2.10.dfsg.1/Zend/zend_vm_execute.h:322
No locals.
#12 0x012f0a8b in execute (op_array=0x20bcf88c) at /home/jimmy/php5-
5.2.10.dfsg.1/Zend/zend_vm_execute.h:92
        execute_data = {opline = 0x20bd0acc, function_state = 
{function_symbol_table = 0x20bdf018, function = 0x20c1a8d4, reserved = 
{0xbfc48b68, 0x12ea192, 0x0, 0x20bc08e4}}, fbc = 0x20c1a8d4, 
          op_array = 0x20bcf88c, object = 0x20cea3e0, Ts = 0xbfc48a60, CVs = 
0xbfc48a40, original_in_execution = 1 '\001', symbol_table = 0x20bbdf50, 
prev_execute_data = 0xbfc48cac, 
          old_error_reporting = 0x0}
        op_array = 0x20bcf88c
#13 0x012f110d in zend_do_fcall_common_helper_SPEC (execute_data=0xbfc48cac) at 
/home/jimmy/php5-5.2.10.dfsg.1/Zend/zend_vm_execute.h:234
        opline = 0x20bd0830
        original_return_value = 0xbfc490ec
        current_scope = 0x20bc08e4
        current_this = 0x0
        return_value_used = 1
        should_change_scope = 1 '\001'
        ctor_opline = 0xbfc4a3bc
#14 0x012f1687 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0xbfc48cac) 
at /home/jimmy/php5-5.2.10.dfsg.1/Zend/zend_vm_execute.h:322
No locals.
#15 0x012f0a8b in execute (op_array=0x20bcf3e0) at /home/jimmy/php5-
5.2.10.dfsg.1/Zend/zend_vm_execute.h:92
        execute_data = {opline = 0x20bd0830, function_state = 
{function_symbol_table = 0x20bbdf50, function = 0x20bcf88c, reserved = 
{0xbfc4a3bc, 0x20d00960, 0xcc27f7, 0xc}}, fbc = 0x20bcf88c, 
          op_array = 0x20bcf3e0, object = 0x20bdec9c, Ts = 0xbfc48c10, CVs = 
0xbfc48bf0, original_in_execution = 1 '\001', symbol_table = 0x20bbf7f0, 
prev_execute_data = 0xbfc491dc, 
          old_error_reporting = 0x0}
        op_array = 0x20bcf3e0
#16 0x012f110d in zend_do_fcall_common_helper_SPEC (execute_data=0xbfc491dc) at 
/home/jimmy/php5-5.2.10.dfsg.1/Zend/zend_vm_execute.h:234
        opline = 0x20bc2e58
        original_return_value = 0xbfc49278
        current_scope = 0x0
        current_this = 0x0
        return_value_used = 0
        should_change_scope = 1 '\001'
        ctor_opline = 0xbfc4a398
#17 0x012f1687 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0xbfc491dc) 
at /home/jimmy/php5-5.2.10.dfsg.1/Zend/zend_vm_execute.h:322
No locals.
#18 0x012f0a8b in execute (op_array=0x20bbd508) at /home/jimmy/php5-
5.2.10.dfsg.1/Zend/zend_vm_execute.h:92
        execute_data = {opline = 0x20bc2e58, function_state = 
{function_symbol_table = 0x20bbf7f0, function = 0x20bcf3e0, reserved = 
{0xbfc4a3bc, 0x12d149f, 0x20bbdcb0, 0xbfc4926c}}, 
          fbc = 0x20bcf3e0, op_array = 0x20bbd508, object = 0x0, Ts = 
0xbfc48df0, CVs = 0xbfc48dd0, original_in_execution = 0 '\000', symbol_table = 
0x1573cb0, prev_execute_data = 0x0, 
          old_error_reporting = 0x0}
        op_array = 0x20bbd508
#19 0x012c5ddc in zend_execute_scripts (type=8, retval=0x0, file_count=3) at 
/home/jimmy/php5-5.2.10.dfsg.1/Zend/zend.c:1215
        files = 0xbfc492b4 ""
        i = 1
        file_handle = 0xbfc4b4d4
        orig_op_array = 0x0
        orig_retval_ptr_ptr = 0x0
        local_retval = 0x0
#20 0x01269998 in php_execute_script (primary_file=0xbfc4b4d4) at 
/home/jimmy/php5-5.2.10.dfsg.1/main/main.c:2046
        realfile = 
"\000\000\000\000\000\000\377\377\200\061\347\000\200\062\347\000\200\063\347\00
0\300\064\347\000|\244Ŀ\000\065\254 `\243\247 r\243\247 |\244Ŀ\000\065\254 
\000\000\000\000\000\000\000\000\001\000\000\000\001", '\000' <repeats 15 
times>, 
"\001\000\000\000\000\002\000\000\000\000\000\000\000\000\000\000\001\000\000\00
0\n\027\000\000\000\000\000\000r\243\247 +5\254 
\000\000\000\000/\000\000\000/\000\000\000+\000\000\000^\000\000U\000\003U\000\0
03\033\003\000\005U\000\003U\000\v\al\246Ŀ", '\000' <repeats 12 times>, "?
\000\000\000\000\000\000\000\377\377\377\377\000\000\000\000\000\000\000\000\376
\377\377\377\377\377\377\377\000\000\000\000\223\271\232 
\376\377\377\377\377\377\377\377\223\271\232 
\000\000\000\000\000\000\000\000\004\246Ŀ", '\000' <repeats 12 times>"\267, 
\271\232 \256\263\313\000\364\317\"\000\000\000\000\000\220\271\232 
\270\251Ŀn\a\306\000\274\325\"\000$\245Ŀ
\000\362!\000n\a\306\000\336h\030\000\224"...
        __orig_bailout = 0xbfc4b438
        __bailout = {{__jmpbuf = {22274036, -1077632104, -1077632068, -
1077627880, 1252126738, -1901499537}, __mask_was_saved = 0, __saved_mask = 
{__val = 0xbfc4a318}}}
        prepend_file_p = 0x0
        append_file_p = 0x0
        prepend_file = {type = 0 '\000', filename = 0x0, opened_path = 0x0, 
handle = {fd = 0, fp = 0x0, stream = {handle = 0x0, reader = 0, closer = 0, 
fteller = 0, interactive = 0}}, 
          free_filename = 0 '\000'}
        append_file = {type = 0 '\000', filename = 0x0, opened_path = 0x0, 
handle = {fd = 0, fp = 0x0, stream = {handle = 0x0, reader = 0, closer = 0, 
fteller = 0, interactive = 0}}, 
          free_filename = 0 '\000'}
        old_cwd = 0xbfc492d0 "/"
        retval = 0
        primary_file = 0xbfc4b4d4
#21 0x013485b4 in php_handler (r=0x20bfbc58) at /home/jimmy/php5-
5.2.10.dfsg.1/sapi/apache2handler/sapi_apache2.c:651
        zfd = {type = 5 '\005', filename = 0x20bffdb8 
"/tink/dev/gts4/gts4/index.php", opened_path = 0x0, handle = {fd = 549181156, fp 
= 0x20bbd6e4, stream = {handle = 0x20bbd6e4, 
              reader = 0x128293c <_php_stream_read>, closer = 0x12679bb 
<stream_closer_for_zend>, fteller = 0x12679e6 <stream_fteller_for_zend>, 
interactive = 0}}, free_filename = 0 '\000'}
        __orig_bailout = <incomplete type>
        __bailout = {{__jmpbuf = {22274036, 547868316, 3, -1077627592, 
1257041938, -1434299537}, __mask_was_saved = 0, __saved_mask = {__val = 
0xbfc4b454}}}
        ctx = 0x20bffdd8
        conf = 0x20bfb730
        brigade = 0x20c00578
        bucket = 0x12
        rv = 476569600
        parent_req = 0x0
#22 0x0060df51 in ap_run_handler () from /usr/sbin/apache2
No symbol table info available.
#23 0x00611d2f in ap_invoke_handler () from /usr/sbin/apache2
No symbol table info available.
#24 0x006213f4 in ap_internal_redirect () from /usr/sbin/apache2
No symbol table info available.
#25 0x0065b80d in ?? () from /usr/lib/apache2/modules/mod_rewrite.so
No symbol table info available.
#26 0x0060df51 in ap_run_handler () from /usr/sbin/apache2
No symbol table info available.
#27 0x00611d2f in ap_invoke_handler () from /usr/sbin/apache2
No symbol table info available.
#28 0x006215a8 in ap_process_request () from /usr/sbin/apache2
No symbol table info available.
#29 0x0061e118 in ?? () from /usr/sbin/apache2
No symbol table info available.
#30 0x006167c1 in ap_run_process_connection () from /usr/sbin/apache2
No symbol table info available.
#31 0x00626ac1 in ?? () from /usr/sbin/apache2
No symbol table info available.
#32 0x00626dee in ?? () from /usr/sbin/apache2
No symbol table info available.
#33 0x006271c2 in ap_mpm_run () from /usr/sbin/apache2
No symbol table info available.
#34 0x005f8a92 in main () from /usr/sbin/apache2
No symbol table info available.
 [2010-07-20 16:37 UTC] adam dot zivner at gmail dot com
Experiencing the same problem on PHP 5.3.12. PHP 5.3.1 runs fine.
 [2010-07-20 16:38 UTC] adam dot zivner at gmail dot com
PHP 5.3.12 => PHP 5.2.13
 [2011-11-16 13:56 UTC] felipe@php.net
-Status: Open +Status: Bogus
 [2011-11-16 13:56 UTC] felipe@php.net
Thank you for taking the time to report a problem with PHP.
Unfortunately you are not using a current version of PHP -- 
the problem might already be fixed. Please download a new
PHP version from http://www.php.net/downloads.php

If you are able to reproduce the bug with one of the latest
versions of PHP, please change the PHP version on this bug report
to the version you tested and change the status back to "Open".
Again, thank you for your continued support of PHP.


 [2012-02-12 12:40 UTC] eduards at cervon dot net
This also happens with PHP 5.3.3-7+squeeze7 with Suhosin-Patch (latest stable for Debian production systems)

Code that causes crash:

class db_result extends mysqli_result
{
	public function fetch_all()
	{
		if (method_exists('parent', 'fetch_all'))
		{
			$result = parent::fetch_all(MYSQLI_ASSOC);

			$this->free();

			return (array)$result;
		}
		else
		{
			// [...] code that emulates mysqli_result::fetch_all functionality
		}
	}
}
 [2012-03-21 10:13 UTC] le4776 at gmail dot com
This is still a problem for me.

# php --version
PHP 5.3.10 (cli) (built: Mar  8 2012 13:40:08)
Copyright (c) 1997-2012 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2012 Zend Technologies
    with the ionCube PHP Loader v4.0.12, Copyright (c) 2002-2011, by ionCube Ltd., and
    with Zend Guard Loader v3.3, Copyright (c) 1998-2010, by Zend Technologies
#
#
#
# php -r "echo (method_exists('c', 'm') ? 'OK' : 'FAIL');"
Segmentation fault
#
 [2013-06-07 08:48 UTC] cronz at yandex dot ru
Hi Guys.
  As per zend forum : http://forums.zend.com/viewtopic.php?f=57&t=42383
  
  The issue was resolved by adding this line to config:

===========================================

  zend_loader.obfuscation_level_support=2

===========================================
 
PHP Copyright © 2001-2015 The PHP Group
All rights reserved.
Last updated: Wed Apr 01 13:02:15 2015 UTC