|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
[2011-09-03 17:58 UTC] kontakt at beberlei dot de
Description:
------------
I found this issue running the Doctrine 2 testsuite with PHP 5.4.0 alpha 3 and could isolate the segfault behavior to a very simple php script.
I cant make anything out of the backtrace with regard to the nature of the failing. But it seems to have something to do with the __toString() that gets implicitly called.
Test script:
---------------
<?php
$options = array(
'pre' => '(',
'post' => ')',
'separator' => ' AND ',
);
class Foo
{
public function __toString()
{
return 'Foo';
}
}
function test($options, $queryPart)
{
return (isset($options['pre']) ? $options['pre'] : '')
. (is_array($queryPart) ? implode($options['separator'], $queryPart) : $queryPart)
. (isset($options['post']) ? $options['post'] : '');
}
#echo test($options, "test"); // comment this in and the line after works aswell
echo test($options, new Foo()); // this segfaults
Expected result:
----------------
(Foo)
Actual result:
--------------
Segfault, Backtrace is:
#0 gc_remove_zval_from_buffer (zv=0xb5f5b1b0) at /home/benny/downloads/php-5.4.0alpha3/Zend/zend_gc.c:265
#1 0x083723c8 in _zval_ptr_dtor (zval_ptr=0x8913da8) at /home/benny/downloads/php-5.4.0alpha3/Zend/zend_execute_API.c:437
#2 0x08374065 in zend_call_function (fci=0xbfffc8ac, fci_cache=0xbfffc8d0) at /home/benny/downloads/php-5.4.0alpha3/Zend/zend_execute_API.c:1018
#3 0x0839660b in zend_call_method (object_pp=0xbfffc9a0, obj_ce=<value optimized out>, fn_proxy=0xb5f76d38, function_name=0x8866e95 "__tostring", function_name_len=10,
retval_ptr_ptr=0xbfffc97c, param_count=0, arg1=0x0, arg2=0x0) at /home/benny/downloads/php-5.4.0alpha3/Zend/zend_interfaces.c:97
#4 0x083a0f11 in zend_std_cast_object_tostring (readobj=0xb5f5b1b0, writeobj=0xbfffca48, type=6)
at /home/benny/downloads/php-5.4.0alpha3/Zend/zend_object_handlers.c:1472
#5 0x0838152b in zend_make_printable_zval (expr=0xb5f5b1b0, expr_copy=0xbfffca48, use_copy=0xbfffca68) at /home/benny/downloads/php-5.4.0alpha3/Zend/zend.c:260
#6 0x0837c678 in concat_function (result=0xb5f5b1c0, op1=0xb5f5b170, op2=0xb5f5b1b0) at /home/benny/downloads/php-5.4.0alpha3/Zend/zend_operators.c:1243
#7 0x083d4d53 in ZEND_CONCAT_SPEC_TMP_TMP_HANDLER (execute_data=0xb5f5b0f8) at /home/benny/downloads/php-5.4.0alpha3/Zend/zend_vm_execute.h:8133
#8 0x083e52e6 in execute (op_array=0x8a5e7b0) at /home/benny/downloads/php-5.4.0alpha3/Zend/zend_vm_execute.h:410
#9 0x08381d82 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /home/benny/downloads/php-5.4.0alpha3/Zend/zend.c:1262
#10 0x083247a2 in php_execute_script (primary_file=0xbfffeebc) at /home/benny/downloads/php-5.4.0alpha3/main/main.c:2385
#11 0x0842005e in do_cli (argc=2, argv=0xbffff144) at /home/benny/downloads/php-5.4.0alpha3/sapi/cli/php_cli.c:983
#12 0x084208d7 in main (argc=2, argv=0xbffff144) at /home/benny/downloads/php-5.4.0alpha3/sapi/cli/php_cli.c:1356
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
|
|||||||||||||||||||||||||||
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Thu Apr 18 02:02:52 2024 UTC |
Minor test case: <?php $options = array(); class Foo { public function __toString() { return 'Foo'; } } function test($options, $queryPart) { return ''. (0 ? 1 : $queryPart); } test($options, new Foo()); ==3019== Conditional jump or move depends on uninitialised value(s) ==3019== at 0x83F00C8: zend_call_function (zend_execute_API.c:924) ==3019== by 0x8420106: zend_call_method (zend_interfaces.c:97) ==3019== by 0x8437226: zend_std_cast_object_tostring (zend_object_handlers.c:1472) ==3019== by 0x83FF743: zend_make_printable_zval (zend.c:260) ==3019== by 0x83FB1AD: concat_function (zend_operators.c:1243) ==3019== by 0x844D780: ZEND_CONCAT_SPEC_CONST_TMP_HANDLER (zend_vm_execute.h:3944) ==3019== by 0x843EDE8: execute (zend_vm_execute.h:410) ==3019== by 0x8402B71: zend_execute_scripts (zend.c:1262) ==3019== by 0x836AFF5: php_execute_script (main.c:2388) ==3019== by 0x854615F: do_cli (php_cli.c:983) ==3019== by 0x8547547: main (php_cli.c:1356) ==3019== ==3019== Conditional jump or move depends on uninitialised value(s) ==3019== at 0x83EDAFE: _zval_ptr_dtor (zend_execute_API.c:433) ==3019== by 0x83F0BEF: zend_call_function (zend_execute_API.c:1018) ==3019== by 0x8420106: zend_call_method (zend_interfaces.c:97) ==3019== by 0x8437226: zend_std_cast_object_tostring (zend_object_handlers.c:1472) ==3019== by 0x83FF743: zend_make_printable_zval (zend.c:260) ==3019== by 0x83FB1AD: concat_function (zend_operators.c:1243) ==3019== by 0x844D780: ZEND_CONCAT_SPEC_CONST_TMP_HANDLER (zend_vm_execute.h:3944) ==3019== by 0x843EDE8: execute (zend_vm_execute.h:410) ==3019== by 0x8402B71: zend_execute_scripts (zend.c:1262) ==3019== by 0x836AFF5: php_execute_script (main.c:2388) ==3019== by 0x854615F: do_cli (php_cli.c:983) ==3019== by 0x8547547: main (php_cli.c:1356) ==3019== ==3019== Conditional jump or move depends on uninitialised value(s) ==3019== at 0x83EDB4D: _zval_ptr_dtor (zend_execute_API.c:437) ==3019== by 0x83F0BEF: zend_call_function (zend_execute_API.c:1018) ==3019== by 0x8420106: zend_call_method (zend_interfaces.c:97) ==3019== by 0x8437226: zend_std_cast_object_tostring (zend_object_handlers.c:1472) ==3019== by 0x83FF743: zend_make_printable_zval (zend.c:260) ==3019== by 0x83FB1AD: concat_function (zend_operators.c:1243) ==3019== by 0x844D780: ZEND_CONCAT_SPEC_CONST_TMP_HANDLER (zend_vm_execute.h:3944) ==3019== by 0x843EDE8: execute (zend_vm_execute.h:410) ==3019== by 0x8402B71: zend_execute_scripts (zend.c:1262) ==3019== by 0x836AFF5: php_execute_script (main.c:2388) ==3019== by 0x854615F: do_cli (php_cli.c:983) ==3019== by 0x8547547: main (php_cli.c:1356) ==3019== ==3019== Invalid free() / delete / delete[] ==3019== at 0x402421C: free (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so) ==3019== by 0x83CAA1A: _efree (zend_alloc.c:2433) ==3019== by 0x83EDBC1: _zval_ptr_dtor (zend_execute_API.c:439) ==3019== by 0x83F0BEF: zend_call_function (zend_execute_API.c:1018) ==3019== by 0x8420106: zend_call_method (zend_interfaces.c:97) ==3019== by 0x8437226: zend_std_cast_object_tostring (zend_object_handlers.c:1472) ==3019== by 0x83FF743: zend_make_printable_zval (zend.c:260) ==3019== by 0x83FB1AD: concat_function (zend_operators.c:1243) ==3019== by 0x844D780: ZEND_CONCAT_SPEC_CONST_TMP_HANDLER (zend_vm_execute.h:3944) ==3019== by 0x843EDE8: execute (zend_vm_execute.h:410) ==3019== by 0x8402B71: zend_execute_scripts (zend.c:1262) ==3019== by 0x836AFF5: php_execute_script (main.c:2388) ==3019== by 0x854615F: do_cli (php_cli.c:983) ==3019== by 0x8547547: main (php_cli.c:1356) ==3019== Address 0x45d42e0 is 304 bytes inside a block of size 65,484 alloc'd ==3019== at 0x4025018: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so) ==3019== by 0x83CA970: _emalloc (zend_alloc.c:2423) ==3019== by 0x83EC78F: init_executor (zend_execute.h:184) ==3019== by 0x840155A: zend_activate (zend.c:900) ==3019== by 0x83688CD: php_request_startup (main.c:1452) ==3019== by 0x8545FAB: do_cli (php_cli.c:954) ==3019== by 0x8547547: main (php_cli.c:1356)