php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #54585 track_errors causes segfault
Submitted: 2011-04-21 11:02 UTC Modified: 2011-04-25 09:50 UTC
Votes:2
Avg. Score:5.0 ± 0.0
Reproduced:2 of 2 (100.0%)
Same Version:2 (100.0%)
Same OS:1 (50.0%)
From: arekm at maven dot pl Assigned: dmitry
Status: Closed Package: Reproducible crash
PHP Version: 5.3SVN-2011-04-21 (snap) OS: Linux
Private report: No CVE-ID:
 [2011-04-21 11:02 UTC] arekm at maven dot pl
Description:
------------
When track_errors is On then simple code causes php segfault.

It was tested with 5.3.6 final and also with recent php5.3-201104201030 snap.

Test script:
---------------
[arekm@t400 ~/public_html]$ cat a.ini
[PHP]
track_errors = On
[arekm@t400 ~/public_html]$ cat a.php
<?php
function testing($source) {
                unset($source[$cos]);
}
testing($_GET);
?>

[arekm@t400 ~/public_html]$ php -n -c a.ini a.php

zsh: segmentation fault  php -n -c a.ini a.php

Expected result:
----------------
No segfault.

Actual result:
--------------
Starting program: /usr/bin/php -n -c php.ini a.php
[Thread debugging using libthread_db enabled]

Program received signal SIGSEGV, Segmentation fault.
zval_mark_grey (pz=<value optimized out>) at /usr/src/debug/php-5.3.6.1/Zend/zend_gc.c:372
372                             pz = *(zval**)p->pData;
(gdb) bt
#0  zval_mark_grey (pz=<value optimized out>) at /usr/src/debug/php-5.3.6.1/Zend/zend_gc.c:372
#1  0x00007ffff7cb7c35 in gc_mark_roots () at /usr/src/debug/php-5.3.6.1/Zend/zend_gc.c:435
#2  gc_collect_cycles () at /usr/src/debug/php-5.3.6.1/Zend/zend_gc.c:664
#3  0x00007ffff7c9b0ed in zend_deactivate () at /usr/src/debug/php-5.3.6.1/Zend/zend.c:900
#4  0x00007ffff7c48a20 in php_request_shutdown (dummy=<value optimized out>) at /usr/src/debug/php-5.3.6.1/main/main.c:1637
#5  0x0000000000403d0c in main (argc=5, argv=0x7fffffffeb68) at /usr/src/debug/php-5.3.6.1/sapi/cli/php_cli.c:1374
(gdb) print p
$1 = (Bucket *) 0x400000000
(gdb) print p->pData
Cannot access memory at address 0x400000010
(gdb)

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-04-21 16:50 UTC] felipe@php.net
-Status: Open +Status: Assigned -Assigned To: +Assigned To: dmitry
 [2011-04-25 09:50 UTC] dmitry@php.net
Automatic comment from SVN on behalf of dmitry
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=310465
Log: Fixed bug #54585 (track_errors causes segfault)
 [2011-04-25 09:50 UTC] dmitry@php.net
-Status: Assigned +Status: Closed
 [2011-04-25 09:50 UTC] dmitry@php.net
This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Wed Apr 16 10:02:09 2014 UTC