PHP :: Bug #53748 :: Using traits lead to a segmentation fault

Bug #53748	Using traits lead to a segmentation fault
Submitted:	2011-01-14 16:55 UTC	Modified:	2011-01-28 22:19 UTC
From:	contact at chdemko dot com	Assigned:	felipe (profile)
Status:	Closed	Package:	Scripting Engine problem
PHP Version:	trunk-SVN-2011-01-14 (SVN)	OS:	Fedora core 11
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

Quick Fix:	(description)
	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	contact at chdemko dot com
New email:
PHP Version:		OS:

New/Additional Comment:

[2011-01-14 16:55 UTC] contact at chdemko dot com

Description:
------------
The test script (Singleton pattern) leads to a Segmentation error

$ php test-trait.php
int(1)
int(2)
array(1) {
  [1]=>
  int(2)
}
Segmentation error


Test script:
---------------
See http://www.pastie.org/1460398

Expected result:
----------------
int(1)
int(2)
array(1) {
  [1]=>
  int(2)
}


Actual result:
--------------
int(1)
int(2)
array(1) {
  [1]=>
  int(2)
}
Segmentation error

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2011-01-14 17:22 UTC] johannes@php.net

-Status: Open +Status: Feedback

[2011-01-14 17:22 UTC] johannes@php.net

Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read
http://bugs.php.net/bugs-generating-backtrace.php for *NIX and
http://bugs.php.net/bugs-generating-backtrace-win32.php for Win32

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.

what options are you using to compile PHP? - It works for me without segfault:

int(1)
int(2)
array(1) {
  [1]=>
  int(2)
}

[2011-01-21 13:56 UTC] contact at chdemko dot com

-Status: Feedback +Status: Open

[2011-01-21 13:56 UTC] contact at chdemko dot com

I've compiled php with --enable-debug

This is the trace:

bash-4.0$ gdb ./sapi/cli/php
GNU gdb (GDB) Fedora (6.8.50.20090302-40.fc11)
Copyright (C) 2009 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "i586-redhat-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
(gdb) r ~/trait.php
Starting program: /Utilisateurs/cdemko01/php/sapi/cli/php ~/trait.php
[Thread debugging using libthread_db enabled]
int(1)
int(2)
array(1) {
  [1]=>
  int(2)
}


Program received signal SIGSEGV, Segmentation fault.
zval_mark_grey (pz=0xb7fb144c) at /Utilisateurs/cdemko01/php/Zend/zend_gc.c:372
372				pz = *(zval**)p->pData;
Missing separate debuginfos, use: debuginfo-install glibc-2.10.2-1.i686 libxml2-2.7.6-1.fc11.i586 nss-softokn-freebl-3.12.6-1.2.fc11.i586 zlib-1.2.3-22.fc11.i586
(gdb) bt
#0  zval_mark_grey (pz=0xb7fb144c) at /Utilisateurs/cdemko01/php/Zend/zend_gc.c:372
#1  0x082d5995 in gc_mark_roots () at /Utilisateurs/cdemko01/php/Zend/zend_gc.c:435
#2  gc_collect_cycles () at /Utilisateurs/cdemko01/php/Zend/zend_gc.c:664
#3  0x082b9035 in zend_deactivate () at /Utilisateurs/cdemko01/php/Zend/zend.c:925
#4  0x082606eb in php_request_shutdown (dummy=0x0) at /Utilisateurs/cdemko01/php/main/main.c:1671
#5  0x0835160f in main (argc=2, argv=0xbffff754) at /Utilisateurs/cdemko01/php/sapi/cli/php_cli.c:1439

[2011-01-24 11:30 UTC] karolrybak at gmail dot com

I have the same problem. I don't have a test case, cause the bug happens randomly across application. I also get some corrupted variables filled with some random data.


Here's the backtrace:

#0  0x013795d8 in zval_mark_grey (pz=0x9c5c230) at /root/php-build/php-5.3.4/Zend/zend_gc.c:372
        p = 0x1850005
#1  0x01379ebd in gc_mark_roots () at /root/php-build/php-5.3.4/Zend/zend_gc.c:435
No locals.
#2  gc_collect_cycles () at /root/php-build/php-5.3.4/Zend/zend_gc.c:664
        p = <value optimized out>
        q = <value optimized out>
        orig_free_list = <value optimized out>
        orig_next_to_free = <value optimized out>
        count = <value optimized out>
#3  0x0135c115 in zend_deactivate () at /root/php-build/php-5.3.4/Zend/zend.c:900
No locals.
#4  0x01303a8a in php_request_shutdown (dummy=0x0) at /root/php-build/php-5.3.4/main/main.c:1633
        report_memleaks = 1 '\001'
#5  0x013e7eff in php_apache_request_dtor (r=0x94be720) at /root/php-build/php-5.3.4/sapi/apache2handler/sapi_apache2.c:509
No locals.
#6  php_handler (r=0x94be720) at /root/php-build/php-5.3.4/sapi/apache2handler/sapi_apache2.c:681
        ctx = 0x94c4168
        conf = 0x92b4e18
        brigade = 0x94c9968
        bucket = <value optimized out>
        rv = <value optimized out>
        parent_req = 0x0
---Type <return> to continue, or q <return> to quit---
#7  0x003d2a4d in ap_run_handler ()
No symbol table info available.
#8  0x003d63f8 in ap_invoke_handler ()
No symbol table info available.
#9  0x003e253e in ap_process_request ()
No symbol table info available.
#10 0x003df2df in ?? ()
No symbol table info available.
#11 0x003da92d in ap_run_process_connection ()
No symbol table info available.
#12 0x003daa2c in ap_process_connection ()
No symbol table info available.
#13 0x003e6e24 in ?? ()
No symbol table info available.
#14 0x003e7131 in ?? ()
No symbol table info available.
#15 0x003e720a in ?? ()
No symbol table info available.
#16 0x003e7d6b in ap_mpm_run ()
No symbol table info available.
#17 0x003be157 in main ()
No symbol table info available.
(gdb) 


Here's the configure script


./configure \
--build=i386-redhat-linux \
--host=i386-redhat-linux \
--target=i386-redhat-linux-gnu \
--program-prefix= \
--prefix=/usr \
--exec-prefix=/usr \
--bindir=/usr/bin \
--sbindir=/usr/sbin \
--sysconfdir=/etc \
--datadir=/usr/share \
--includedir=/usr/include \
--libdir=/usr/lib \
--libexecdir=/usr/libexec \
--localstatedir=/var \
--sharedstatedir=/usr/com \
--mandir=/usr/share/man \
--infodir=/usr/share/info \
--with-libdir=lib \
--with-config-file-path=/etc \
--with-config-file-scan-dir=/etc/php.d \
--disable-debug \
--with-pic \
--disable-rpath \
--with-pear \
--with-curl \
--with-exec-dir=/usr/bin \
--with-freetype-dir=/usr \
--without-gdbm \
--with-gettext \
--with-iconv \
--with-zlib \
--with-layout=GNU \
--enable-exif \
--enable-ftp \
--enable-magic-quotes \
--enable-sockets \
--enable-sysvsem \
--enable-sysvshm \
--enable-sysvmsg \
--enable-wddx \
--with-kerberos \
--enable-ucd-snmp-hack \
--without-unixODBC \
--enable-shmop \
--enable-calendar \
--with-apxs2=/usr/sbin/apxs \
--without-sqlite \
--enable-dom \
--disable-dba \
--enable-pdo \
--enable-xmlreader \
--enable-xmlwriter \
--with-xmlrpc \
--with-gd \
--with-openssl \
--with-libxml-dir=/usr \
--disable-cgi \
--enable-mbstring \
--enable-bcmath

[2011-01-28 22:19 UTC] felipe@php.net

Automatic comment from SVN on behalf of felipe
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=307832
Log: - Fixed bug #53748 (Using traits lead to a segmentation fault)

[2011-01-28 22:19 UTC] felipe@php.net

-Status: Open +Status: Closed -Assigned To: +Assigned To: felipe

[2011-01-28 22:19 UTC] felipe@php.net

This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Apr 25 12:01:31 2024 UTC