PHP :: Bug #54604 :: Segfault in ZEND_SWITCH_FREE_SPEC_VAR

[2011-04-26 04:23 UTC] bugs dot php dot net at zetafleet dot com

Description:
------------
I’m not able to safely create a reduced test case. The crash is occurring from inside a custom error handler when it calls Smarty::display on a Smarty 2.6.26 template. Reproduced using both dotdeb 5.3.6-6~dotdeb.1 and debian unstable 5.3.6-8.

Expected result:
----------------
No crash.

Actual result:
--------------
Program received signal SIGSEGV, Segmentation fault.
ZEND_SWITCH_FREE_SPEC_VAR_HANDLER (execute_data=0x7fb3ed373a30) at /tmp/buildd/php5-5.3.6/Zend/zend.h:385
385	/tmp/buildd/php5-5.3.6/Zend/zend.h: No such file or directory.
	in /tmp/buildd/php5-5.3.6/Zend/zend.h
(gdb) t a a bt

Thread 1 (Thread 0x7fb3f7bfd720 (LWP 9215)):
#0  ZEND_SWITCH_FREE_SPEC_VAR_HANDLER (execute_data=0x7fb3ed373a30) at /tmp/buildd/php5-5.3.6/Zend/zend.h:385
#1  0x00000000006abb34 in execute (op_array=0x2832d68) at /tmp/buildd/php5-5.3.6/Zend/zend_vm_execute.h:107
#2  0x000000000067862f in zend_call_function (fci=0x7fffa5018100, fci_cache=0x7fb3ed36b1f8) at /tmp/buildd/php5-5.3.6/Zend/zend_execute_API.c:964
#3  0x0000000000678a60 in call_user_function_ex (function_table=0x7fb3ed373af0, object_pp=0x0, function_name=0x0, retval_ptr_ptr=0x0, param_count=0, params=0x101010101010101, no_separation=6838809, symbol_table=0x1)
    at /tmp/buildd/php5-5.3.6/Zend/zend_execute_API.c:754
#4  0x0000000000685a19 in zend_error (type=8192, format=0xaaff40 "Assigning the return value of new by reference is deprecated") at /tmp/buildd/php5-5.3.6/Zend/zend.c:1173
#5  0x0000000000655ae7 in zendparse () at /tmp/buildd/php5-5.3.6/Zend/zend_language_parser.c:4247
#6  0x0000000000657b62 in compile_file (file_handle=<incomplete type>, type=0) at Zend/zend_language_scanner.l:364
#7  0x0000000000511d11 in phar_compile_file (file_handle=<incomplete type>, type=0) at /tmp/buildd/php5-5.3.6/ext/phar/phar.c:3393
#8  0x0000000000657d22 in compile_filename (type=2, filename=0x282bfd8) at Zend/zend_language_scanner.l:407
#9  0x00000000006cc4e8 in ZEND_INCLUDE_OR_EVAL_SPEC_CONST_HANDLER (execute_data=0x7fb3ed36b1f8) at /tmp/buildd/php5-5.3.6/Zend/zend_vm_execute.h:1925
#10 0x00000000006abb34 in execute (op_array=0x27ff180) at /tmp/buildd/php5-5.3.6/Zend/zend_vm_execute.h:107
#11 0x0000000000686796 in zend_execute_scripts (type=0, retval=0x7fffa501a590, file_count=3) at /tmp/buildd/php5-5.3.6/Zend/zend.c:1266
#12 0x0000000000632063 in php_execute_script (primary_file=0x29e0f60) at /tmp/buildd/php5-5.3.6/main/main.c:2296
#13 0x0000000000724306 in main (argc=41836840, argv=0xda8300) at /tmp/buildd/php5-5.3.6/sapi/fpm/fpm/fpm_main.c:1917

[2011-07-10 13:14 UTC] felipe@php.net

-Status: Open +Status: Feedback

[2011-07-10 13:14 UTC] felipe@php.net

Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves. 

A proper reproducing script starts with <?php and ends with ?>,
is max. 10-20 lines long and does not require any external 
resources such as databases, etc. If the script requires a 
database to demonstrate the issue, please make sure it creates 
all necessary tables, stored procedures etc.

Please avoid embedding huge scripts into the report.

[2013-02-18 00:34 UTC] php-bugs at lists dot php dot net

No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Open". Thank you.

Patches

Pull Requests

History

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Tue Apr 16 10:01:29 2024 UTC